Windows
Analysis Report
ZtQY1K6aTi.exe
Overview
General Information
Sample name: | ZtQY1K6aTi.exerenamed because original name is a hash value |
Original sample name: | 7f991bd7699126d6cca12241de7e7c44.exe |
Analysis ID: | 1435778 |
MD5: | 7f991bd7699126d6cca12241de7e7c44 |
SHA1: | 63829ce5fcb6616b08d81fb456e92fcd1cac14c9 |
SHA256: | 441bfb5e8bc07201c4c44de203b37c3ee9ab8d50dcfe025d7757fb7097c61156 |
Tags: | 32exetrojan |
Infos: | |
Detection
Score: | 96 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- ZtQY1K6aTi.exe (PID: 6788 cmdline:
"C:\Users\ user\Deskt op\ZtQY1K6 aTi.exe" MD5: 7F991BD7699126D6CCA12241DE7E7C44)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_RiseProStealer | Yara detected RisePro Stealer | Joe Security |
Source: | Author: Christian Burkard (Nextron Systems): |
Click to jump to signature section
AV Detection |
---|
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Joe Sandbox ML: |
Source: | Code function: | 0_2_00263EB0 |
Source: | Static PE information: |
Change of critical system settings |
---|
Source: | Registry key created or modified: | Jump to behavior | ||
Source: | Registry key created or modified: | Jump to behavior |
Source: | Code function: | 0_2_001D2012 | |
Source: | Code function: | 0_2_0027D2B0 | |
Source: | Code function: | 0_2_002633B0 | |
Source: | Code function: | 0_2_002313F0 | |
Source: | Code function: | 0_2_00231A60 | |
Source: | Code function: | 0_2_00283B20 | |
Source: | Code function: | 0_2_001EFC1D | |
Source: | Code function: | 0_2_001D1F8C |
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | Code function: | 0_2_001B8DC0 |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 0_2_002833A0 |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Source: | Code function: | 0_2_002709B0 | |
Source: | Code function: | 0_2_001F9588 | |
Source: | Code function: | 0_2_001E001D | |
Source: | Code function: | 0_2_002E40A0 | |
Source: | Code function: | 0_2_00298080 | |
Source: | Code function: | 0_2_002D20C0 | |
Source: | Code function: | 0_2_0022E120 | |
Source: | Code function: | 0_2_00222100 | |
Source: | Code function: | 0_2_002D81A0 | |
Source: | Code function: | 0_2_002361D0 | |
Source: | Code function: | 0_2_002A4220 | |
Source: | Code function: | 0_2_002B4220 | |
Source: | Code function: | 0_2_00218200 | |
Source: | Code function: | 0_2_001AA2C0 | |
Source: | Code function: | 0_2_0028A2D0 | |
Source: | Code function: | 0_2_001E035F | |
Source: | Code function: | 0_2_00290350 | |
Source: | Code function: | 0_2_0027C3E0 | |
Source: | Code function: | 0_2_002463D0 | |
Source: | Code function: | 0_2_002A0520 | |
Source: | Code function: | 0_2_001F47AD | |
Source: | Code function: | 0_2_0026E800 | |
Source: | Code function: | 0_2_002DC8D0 | |
Source: | Code function: | 0_2_001DA918 | |
Source: | Code function: | 0_2_001DC950 | |
Source: | Code function: | 0_2_002509B0 | |
Source: | Code function: | 0_2_002749B0 | |
Source: | Code function: | 0_2_0024E9E0 | |
Source: | Code function: | 0_2_0026CAA0 | |
Source: | Code function: | 0_2_00294AA0 | |
Source: | Code function: | 0_2_00238A80 | |
Source: | Code function: | 0_2_002E4AE0 | |
Source: | Code function: | 0_2_002D6B30 | |
Source: | Code function: | 0_2_00230BA0 | |
Source: | Code function: | 0_2_00284B90 | |
Source: | Code function: | 0_2_001F8BA0 | |
Source: | Code function: | 0_2_0023CBF0 | |
Source: | Code function: | 0_2_00294CD0 | |
Source: | Code function: | 0_2_0028CD20 | |
Source: | Code function: | 0_2_001F8E20 | |
Source: | Code function: | 0_2_00268E70 | |
Source: | Code function: | 0_2_00246EA0 | |
Source: | Code function: | 0_2_0023AEC0 | |
Source: | Code function: | 0_2_0024AED0 | |
Source: | Code function: | 0_2_002BAF30 | |
Source: | Code function: | 0_2_00294F70 | |
Source: | Code function: | 0_2_0028CFC0 | |
Source: | Code function: | 0_2_00295070 | |
Source: | Code function: | 0_2_002A1040 | |
Source: | Code function: | 0_2_0022D0B0 | |
Source: | Code function: | 0_2_002970E0 | |
Source: | Code function: | 0_2_00241130 | |
Source: | Code function: | 0_2_002E3160 | |
Source: | Code function: | 0_2_001D7190 | |
Source: | Code function: | 0_2_002332B0 | |
Source: | Code function: | 0_2_002DF280 | |
Source: | Code function: | 0_2_0025F2D0 | |
Source: | Code function: | 0_2_0029D320 | |
Source: | Code function: | 0_2_0029F360 | |
Source: | Code function: | 0_2_0025D450 | |
Source: | Code function: | 0_2_00293450 | |
Source: | Code function: | 0_2_002BF450 | |
Source: | Code function: | 0_2_002A54A0 | |
Source: | Code function: | 0_2_00219490 | |
Source: | Code function: | 0_2_0028B500 | |
Source: | Code function: | 0_2_001CF570 | |
Source: | Code function: | 0_2_002AF5E0 | |
Source: | Code function: | 0_2_002A7630 | |
Source: | Code function: | 0_2_0021F730 | |
Source: | Code function: | 0_2_0025B770 | |
Source: | Code function: | 0_2_0027B7E0 | |
Source: | Code function: | 0_2_002977F0 | |
Source: | Code function: | 0_2_0028D7D0 | |
Source: | Code function: | 0_2_00255880 | |
Source: | Code function: | 0_2_001AB8E0 | |
Source: | Code function: | 0_2_002B18D0 | |
Source: | Code function: | 0_2_00295960 | |
Source: | Code function: | 0_2_00231A60 | |
Source: | Code function: | 0_2_001EDA74 | |
Source: | Code function: | 0_2_002E5A40 | |
Source: | Code function: | 0_2_0027DA80 | |
Source: | Code function: | 0_2_0028FBA0 | |
Source: | Code function: | 0_2_00223C3D | |
Source: | Code function: | 0_2_00297CA0 | |
Source: | Code function: | 0_2_001A9C90 | |
Source: | Code function: | 0_2_002E3CF0 | |
Source: | Code function: | 0_2_00247D20 | |
Source: | Code function: | 0_2_00243D70 | |
Source: | Code function: | 0_2_00241E40 | |
Source: | Code function: | 0_2_00295EB0 | |
Source: | Code function: | 0_2_00233ED0 | |
Source: | Code function: | 0_2_0029DF20 | |
Source: | Code function: | 0_2_00281F80 | |
Source: | Code function: | 0_2_0028BFC0 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 0_2_002E23D0 |
Source: | Code function: | 0_2_002E2160 |
Source: | Code function: | 0_2_0022CB90 |
Source: | Code function: | 0_2_002709B0 |
Source: | Static PE information: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File read: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File written: | Jump to behavior |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_001F9588 |
Source: | Code function: | 0_2_001D3F5C |
Source: | Code function: | 0_2_0028A2D0 |
Malware Analysis System Evasion |
---|
Source: | Sandbox detection routine: | graph_0-90433 |
Source: | Evasive API call chain: | graph_0-90435 |
Source: | Stalling execution: | graph_0-90366 |
Source: | Code function: | 0_2_001FDA50 |
Source: | Window / User API: | Jump to behavior |
Source: | Decision node followed by non-executed suspicious API: | graph_0-90363 |
Source: | Evasive API call chain: | graph_0-90396 |
Source: | API coverage: |
Source: | Last function: |
Source: | Code function: | 0_2_002E1D30 |
Source: | Code function: | 0_2_001D2012 | |
Source: | Code function: | 0_2_0027D2B0 | |
Source: | Code function: | 0_2_002633B0 | |
Source: | Code function: | 0_2_002313F0 | |
Source: | Code function: | 0_2_00231A60 | |
Source: | Code function: | 0_2_00283B20 | |
Source: | Code function: | 0_2_001EFC1D | |
Source: | Code function: | 0_2_001D1F8C |
Source: | Code function: | 0_2_001F80C8 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 0_2_001D4174 |
Source: | Code function: | 0_2_001FA082 |
Source: | Code function: | 0_2_001F9588 |
Source: | Code function: | 0_2_001FA082 | |
Source: | Code function: | 0_2_001FA082 | |
Source: | Code function: | 0_2_002709B0 | |
Source: | Code function: | 0_2_002709B0 | |
Source: | Code function: | 0_2_002709B0 | |
Source: | Code function: | 0_2_002709B0 | |
Source: | Code function: | 0_2_002709B0 | |
Source: | Code function: | 0_2_002709B0 | |
Source: | Code function: | 0_2_002709B0 | |
Source: | Code function: | 0_2_002709B0 | |
Source: | Code function: | 0_2_002709B0 | |
Source: | Code function: | 0_2_002709B0 | |
Source: | Code function: | 0_2_002709B0 | |
Source: | Code function: | 0_2_002709B0 | |
Source: | Code function: | 0_2_001F9588 | |
Source: | Code function: | 0_2_001F9588 | |
Source: | Code function: | 0_2_001F9588 | |
Source: | Code function: | 0_2_001F9588 | |
Source: | Code function: | 0_2_001FDA50 | |
Source: | Code function: | 0_2_001FDA50 | |
Source: | Code function: | 0_2_00264130 | |
Source: | Code function: | 0_2_00270420 | |
Source: | Code function: | 0_2_001FA61F | |
Source: | Code function: | 0_2_001FA61F | |
Source: | Code function: | 0_2_001FA61F | |
Source: | Code function: | 0_2_002332B0 | |
Source: | Code function: | 0_2_00273630 | |
Source: | Code function: | 0_2_00265A70 |
Source: | Code function: | 0_2_00286E20 |
Source: | Code function: | 0_2_001D4174 | |
Source: | Code function: | 0_2_001D4301 | |
Source: | Code function: | 0_2_001D450D | |
Source: | Code function: | 0_2_001D8A54 |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Code function: | 0_2_0026C630 |
Source: | Registry value deleted: | Jump to behavior |
Source: | Code function: | 0_2_00273340 |
Source: | Code function: | 0_2_001F2B48 | |
Source: | Code function: | 0_2_001F2D4D | |
Source: | Code function: | 0_2_001F2DF4 | |
Source: | Code function: | 0_2_001F2E3F | |
Source: | Code function: | 0_2_001F2EDA | |
Source: | Code function: | 0_2_001F2F65 | |
Source: | Code function: | 0_2_001F31B8 | |
Source: | Code function: | 0_2_001EB1A3 | |
Source: | Code function: | 0_2_001F32E1 | |
Source: | Code function: | 0_2_001F33E7 | |
Source: | Code function: | 0_2_001F34BD | |
Source: | Code function: | 0_2_001EB726 | |
Source: | Code function: | 0_2_0027DA80 | |
Source: | Code function: | 0_2_001D1D84 |
Source: | Code function: | 0_2_001D43B5 |
Source: | Code function: | 0_2_0026E800 |
Source: | Code function: | 0_2_001ED11E |
Source: | Code function: | 0_2_002E2070 |
Lowering of HIPS / PFW / Operating System Security Settings |
---|
Source: | Registry value created: | Jump to behavior | ||
Source: | Registry value created: | Jump to behavior | ||
Source: | Registry value created: | Jump to behavior | ||
Source: | Registry value created: | Jump to behavior | ||
Source: | Registry value created: | Jump to behavior | ||
Source: | Registry value created: | Jump to behavior | ||
Source: | Registry value created: | Jump to behavior | ||
Source: | Registry value created: | Jump to behavior | ||
Source: | Registry value created: | Jump to behavior |
Source: | Registry value created: | Jump to behavior |
Source: | File written: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Command and Scripting Interpreter | 1 DLL Side-Loading | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 12 System Time Discovery | Remote Services | 1 Screen Capture | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 12 Native API | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Virtualization/Sandbox Evasion | LSASS Memory | 141 Security Software Discovery | Remote Desktop Protocol | 1 Archive Collected Data | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 Bypass User Account Control | 5 Disable or Modify Tools | Security Account Manager | 1 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Ingress Tool Transfer | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Process Injection | NTDS | 1 Process Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Deobfuscate/Decode Files or Information | LSA Secrets | 1 Application Window Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 2 Obfuscated Files or Information | Cached Domain Credentials | 1 Account Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 DLL Side-Loading | DCSync | 1 System Owner/User Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 Bypass User Account Control | Proc Filesystem | 3 File and Directory Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | HTML Smuggling | /etc/passwd and /etc/shadow | 25 System Information Discovery | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
61% | ReversingLabs | Win32.Spyware.Risepro | ||
67% | Virustotal | Browse | ||
100% | Joe Sandbox ML |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
87.120.84.5 | unknown | Bulgaria | 51189 | SHARCOM-ASBG | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1435778 |
Start date and time: | 2024-05-03 06:06:08 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 49s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 7 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | ZtQY1K6aTi.exerenamed because original name is a hash value |
Original Sample Name: | 7f991bd7699126d6cca12241de7e7c44.exe |
Detection: | MAL |
Classification: | mal96.troj.evad.winEXE@1/3@0/1 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtQueryValueKey calls found.
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
SHARCOM-ASBG | Get hash | malicious | PureLog Stealer, zgRAT | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | BitRAT, RHADAMANTHYS | Browse |
| ||
Get hash | malicious | RHADAMANTHYS | Browse |
| ||
Get hash | malicious | RHADAMANTHYS | Browse |
| ||
Get hash | malicious | Amadey, PureLog Stealer | Browse |
| ||
Get hash | malicious | Amadey, PureLog Stealer | Browse |
| ||
Get hash | malicious | RHADAMANTHYS | Browse |
| ||
Get hash | malicious | RHADAMANTHYS | Browse |
| ||
Get hash | malicious | RHADAMANTHYS | Browse |
|
Process: | C:\Users\user\Desktop\ZtQY1K6aTi.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 11 |
Entropy (8bit): | 3.2776134368191165 |
Encrypted: | false |
SSDEEP: | 3:1EX:10 |
MD5: | EC3584F3DB838942EC3669DB02DC908E |
SHA1: | 8DCEB96874D5C6425EBB81BFEE587244C89416DA |
SHA-256: | 77C7C10B4C860D5DDF4E057E713383E61E9F21BCF0EC4CFBBC16193F2E28F340 |
SHA-512: | 35253883BB627A49918E7415A6BA6B765C86B516504D03A1F4FD05F80902F352A7A40E2A67A6D1B99A14B9B79DAB82F3AC7A67C512CCF6701256C13D0096855E |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Users\user\Desktop\ZtQY1K6aTi.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 127 |
Entropy (8bit): | 5.080093624462795 |
Encrypted: | false |
SSDEEP: | 3:1ELGUAgKLMzY+eWgTckbnnvjiBIFVTjSUgf4orFLsUov:1WsMzYHxbnvEcvgqv |
MD5: | 8EF9853D1881C5FE4D681BFB31282A01 |
SHA1: | A05609065520E4B4E553784C566430AD9736F19F |
SHA-256: | 9228F13D82C3DC96B957769F6081E5BAC53CFFCA4FFDE0BA1E102D9968F184A2 |
SHA-512: | 5DDEE931A08CFEA5BB9D1C36355D47155A24D617C2A11D08364FFC54E593064011DEE4FEA8AC5B67029CAB515D3071F0BA0422BB76AF492A3115272BA8FEB005 |
Malicious: | true |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Users\user\Desktop\ZtQY1K6aTi.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1926 |
Entropy (8bit): | 3.310422749310586 |
Encrypted: | false |
SSDEEP: | 24:wSLevFeSLe5BeSwbv5qweSw4q7j/eScdepWDbVeScden2W8eScdemevtmeScdeRg:KFIBkbv5qwk4qfKV2QxVCZ |
MD5: | CDFD60E717A44C2349B553E011958B85 |
SHA1: | 431136102A6FB52A00E416964D4C27089155F73B |
SHA-256: | 0EE08DA4DA3E4133E1809099FC646468E7156644C9A772F704B80E338015211F |
SHA-512: | DFEA0D0B3779059E64088EA9A13CD6B076D76C64DB99FA82E6612386CAE5CDA94A790318207470045EF51F0A410B400726BA28CB6ECB6972F081C532E558D6A8 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
File type: | |
Entropy (8bit): | 6.490534915401225 |
TrID: |
|
File name: | ZtQY1K6aTi.exe |
File size: | 1'672'704 bytes |
MD5: | 7f991bd7699126d6cca12241de7e7c44 |
SHA1: | 63829ce5fcb6616b08d81fb456e92fcd1cac14c9 |
SHA256: | 441bfb5e8bc07201c4c44de203b37c3ee9ab8d50dcfe025d7757fb7097c61156 |
SHA512: | fea0a97960ab293751f8afdac85fe1b39fcac247ad0e8baad2287e1a6cf177806644960070bdec91b5e9875d677f6596b9c592cf2471eda2bcef40311702e499 |
SSDEEP: | 49152:TVTBGQcbvUDNbQ9jyA/gZd0x0Oj1o08pTdJG0K5:TVwQWvUDNbQ92AoZd0x0ORo |
TLSH: | E0756B32A745A462E4A301B031AEFBB994A53D342751C4C7FBC06E6B77F56C22174E2B |
File Content Preview: | MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......j.....s...s...s.e.p.%.s.e.v...s.e.t./.s..y..*.s..yw.=.s..yp.4.s..yv.u.s.e.w.6.s.e.u./.s.e.r.5.s...r...s..zz.2.s..z../.s...../.s |
Icon Hash: | 4c4d96ec0ce6c600 |
Entrypoint: | 0x433d5d |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x6625EF5E [Mon Apr 22 05:02:22 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | e2abfd7ba257adf7a15b19d55fcf4379 |
Instruction |
---|
call 00007F22BCE3D9A5h |
jmp 00007F22BCE3D17Fh |
cmp ecx, dword ptr [00582080h] |
jne 00007F22BCE3D303h |
ret |
jmp 00007F22BCE3DAC5h |
push ebp |
mov ebp, esp |
and dword ptr [00585560h], 00000000h |
sub esp, 24h |
or dword ptr [005820C4h], 01h |
push 0000000Ah |
call dword ptr [0055A0ECh] |
test eax, eax |
je 00007F22BCE3D4B2h |
and dword ptr [ebp-10h], 00000000h |
xor eax, eax |
push ebx |
push esi |
push edi |
xor ecx, ecx |
lea edi, dword ptr [ebp-24h] |
push ebx |
cpuid |
mov esi, ebx |
pop ebx |
nop |
mov dword ptr [edi], eax |
mov dword ptr [edi+04h], esi |
mov dword ptr [edi+08h], ecx |
xor ecx, ecx |
mov dword ptr [edi+0Ch], edx |
mov eax, dword ptr [ebp-24h] |
mov edi, dword ptr [ebp-20h] |
mov dword ptr [ebp-0Ch], eax |
xor edi, 756E6547h |
mov eax, dword ptr [ebp-18h] |
xor eax, 49656E69h |
mov dword ptr [ebp-04h], eax |
mov eax, dword ptr [ebp-1Ch] |
xor eax, 6C65746Eh |
mov dword ptr [ebp-08h], eax |
xor eax, eax |
inc eax |
push ebx |
cpuid |
mov esi, ebx |
pop ebx |
nop |
lea ebx, dword ptr [ebp-24h] |
mov dword ptr [ebx], eax |
mov eax, dword ptr [ebp-04h] |
or eax, dword ptr [ebp-08h] |
or eax, edi |
mov dword ptr [ebx+04h], esi |
mov dword ptr [ebx+08h], ecx |
mov dword ptr [ebx+0Ch], edx |
jne 00007F22BCE3D345h |
mov eax, dword ptr [ebp-24h] |
and eax, 0FFF3FF0h |
cmp eax, 000106C0h |
je 00007F22BCE3D325h |
cmp eax, 00020660h |
je 00007F22BCE3D31Eh |
cmp eax, 00020670h |
je 00007F22BCE3D317h |
cmp eax, 00030650h |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x180528 | 0x118 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x187000 | 0xafa0 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x192000 | 0x9700 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x16e4c0 | 0x38 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x16e500 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x162840 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x15a000 | 0x3dc | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x1803c4 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x158af8 | 0x158c00 | 096caf09bcd7657204f7281647f25f46 | False | 0.4725514412617839 | data | 6.524383214138694 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x15a000 | 0x27b5a | 0x27c00 | f3caaa0faa68d0534b45b9387853ac8c | False | 0.4351722189465409 | data | 5.301509174147987 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x182000 | 0x4930 | 0x3200 | 016c6e583737ed5ccbe444835264d87c | False | 0.153671875 | DOS executable (block device driver) | 3.9786896322347785 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x187000 | 0xafa0 | 0xb000 | 8b8b7c1ae6164c3ae21fb08cef101ac3 | False | 0.11325905539772728 | data | 2.153408950986256 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x192000 | 0x9700 | 0x9800 | fa628a228d550942b95c34c4f5e3caac | False | 0.5831620065789473 | data | 6.531418125993091 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0x1875e8 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1024 | Russian | Russia | 0.1320921985815603 |
RT_ICON | 0x187a50 | 0x6b8 | Device independent bitmap graphic, 20 x 40 x 32, image size 1600 | Russian | Russia | 0.10465116279069768 |
RT_ICON | 0x188108 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2304 | Russian | Russia | 0.08770491803278689 |
RT_ICON | 0x188a90 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4096 | Russian | Russia | 0.05722326454033771 |
RT_ICON | 0x189b38 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9216 | Russian | Russia | 0.03475103734439834 |
RT_ICON | 0x18c0e0 | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 16384 | Russian | Russia | 0.02509447331128956 |
RT_ICON | 0x190308 | 0x1aae | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | Russian | Russia | 0.39780380673499266 |
RT_GROUP_ICON | 0x191db8 | 0x68 | data | Russian | Russia | 0.7596153846153846 |
RT_VERSION | 0x187250 | 0x398 | OpenPGP Public Key | Russian | Russia | 0.42282608695652174 |
RT_MANIFEST | 0x191e20 | 0x17d | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.5931758530183727 |
DLL | Import |
---|---|
KERNEL32.dll | WaitForSingleObject, LocalAlloc, GetCurrentThreadId, GetModuleHandleA, GetLocaleInfoA, OpenProcess, CreateToolhelp32Snapshot, MultiByteToWideChar, Sleep, GetTempPathA, GetModuleHandleExA, GetTimeZoneInformation, GetTickCount64, CopyFileA, GetLastError, GetFileAttributesA, TzSpecificLocalTimeToSystemTime, CreateFileA, SetEvent, TerminateThread, LoadLibraryA, GetVersionExA, DeleteFileA, Process32Next, CloseHandle, GetSystemInfo, CreateThread, ResetEvent, GetWindowsDirectoryA, HeapAlloc, SetFileAttributesA, GetLocalTime, GetProcAddress, VirtualAllocEx, LocalFree, IsProcessorFeaturePresent, GetFileSize, RemoveDirectoryA, ReadProcessMemory, GetCurrentProcessId, GetProcessHeap, GlobalMemoryStatusEx, SetThreadExecutionState, FreeLibrary, WideCharToMultiByte, CreateRemoteThread, GetComputerNameExA, CreateDirectoryA, GetSystemTime, GetVolumeInformationA, CreateEventA, GetPrivateProfileStringA, IsWow64Process, IsDebuggerPresent, VirtualQueryEx, GetComputerNameA, SetUnhandledExceptionFilter, FindNextFileA, lstrcpynA, SetFilePointer, CreateFileW, AreFileApisANSI, EnterCriticalSection, GetFullPathNameW, GetDiskFreeSpaceW, LockFile, LeaveCriticalSection, InitializeCriticalSection, GetFullPathNameA, SetEndOfFile, GetTempPathW, GetFileAttributesW, FormatMessageW, GetDiskFreeSpaceA, DeleteFileW, UnlockFile, LockFileEx, DeleteCriticalSection, GetSystemTimeAsFileTime, FormatMessageA, QueryPerformanceCounter, GetTickCount, FlushFileBuffers, VirtualQuery, VirtualProtect, WriteConsoleW, HeapSize, SetEnvironmentVariableW, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, GetCommandLineA, GetOEMCP, GetACP, IsValidCodePage, CreateMutexA, FindClose, lstrlenA, InitializeCriticalSectionEx, GetProcessId, GetUserDefaultLocaleName, TerminateProcess, OutputDebugStringA, WriteFile, GetCurrentProcess, SetPriorityClass, SetLastError, ReadFile, HeapFree, FindFirstFileA, WriteProcessMemory, Process32First, GetPrivateProfileSectionNamesA, SetStdHandle, HeapReAlloc, EnumSystemLocalesW, GetUserDefaultLCID, IsValidLocale, GetLocaleInfoW, LCMapStringW, CompareStringW, GetTimeFormatW, GetDateFormatW, GetFileSizeEx, GetConsoleOutputCP, ReadConsoleW, GetConsoleMode, GetStdHandle, GetModuleFileNameW, GetModuleHandleExW, ExitProcess, GetFileType, GetModuleFileNameA, SetFilePointerEx, LoadLibraryExW, TlsFree, TlsSetValue, TlsGetValue, TlsAlloc, InitializeCriticalSectionAndSpinCount, RaiseException, RtlUnwind, InitializeSListHead, GetStartupInfoW, UnhandledExceptionFilter, SleepConditionVariableSRW, WakeAllConditionVariable, GetStringTypeW, GetLocaleInfoEx, FindFirstFileW, FindFirstFileExW, FindNextFileW, GetFileAttributesExW, GetModuleHandleW, GetFileInformationByHandleEx, ReleaseSRWLockExclusive, AcquireSRWLockExclusive, TryAcquireSRWLockExclusive, LCMapStringEx, EncodePointer, DecodePointer, CompareStringEx, GetCPInfo, LoadLibraryExA |
USER32.dll | wsprintfA, GetSystemMetrics, MessageBoxA, GetWindowRect, EnumDisplayDevicesA, GetDC, GetKeyboardLayoutList, CharNextA, GetCursorPos, GetDesktopWindow, ReleaseDC |
GDI32.dll | CreateCompatibleBitmap, SelectObject, CreateCompatibleDC, DeleteObject, BitBlt |
ADVAPI32.dll | RegQueryValueExA, LsaClose, LsaOpenPolicy, RegEnumKeyA, RegCloseKey, RegGetValueA, GetCurrentHwProfileA, LsaFreeMemory, CredEnumerateA, RegCreateKeyExA, GetUserNameA, RegSetValueExA, RegOpenKeyExA, LsaQueryInformationPolicy, RegEnumKeyExA |
SHELL32.dll | ShellExecuteA, SHGetFolderPathA |
ole32.dll | CoInitialize, CoCreateInstance, CoInitializeEx, CoUninitialize |
WS2_32.dll | WSAStartup, socket, connect, recv, freeaddrinfo, setsockopt, WSAGetLastError, shutdown, WSACleanup, closesocket, getaddrinfo |
CRYPT32.dll | CryptUnprotectData |
SHLWAPI.dll | PathFindExtensionA |
gdiplus.dll | GdipGetImageEncoders, GdipCloneImage, GdipAlloc, GdiplusShutdown, GdiplusStartup, GdipSaveImageToFile, GdipGetImageEncodersSize, GdipFree, GdipDisposeImage, GdipCreateBitmapFromHBITMAP |
SETUPAPI.dll | SetupDiEnumDeviceInfo, SetupDiGetDeviceInterfaceDetailA, SetupDiGetClassDevsA, SetupDiEnumDeviceInterfaces |
ntdll.dll | RtlUnicodeStringToAnsiString |
RstrtMgr.DLL | RmStartSession, RmGetList, RmRegisterResources, RmShutdown, RmEndSession |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
Russian | Russia | |
English | United States |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 3, 2024 06:07:02.238034010 CEST | 49705 | 50500 | 192.168.2.5 | 87.120.84.5 |
May 3, 2024 06:07:03.236388922 CEST | 49705 | 50500 | 192.168.2.5 | 87.120.84.5 |
May 3, 2024 06:07:05.252034903 CEST | 49705 | 50500 | 192.168.2.5 | 87.120.84.5 |
May 3, 2024 06:07:09.267770052 CEST | 49705 | 50500 | 192.168.2.5 | 87.120.84.5 |
May 3, 2024 06:07:17.267771959 CEST | 49705 | 50500 | 192.168.2.5 | 87.120.84.5 |
May 3, 2024 06:07:23.383326054 CEST | 49713 | 50500 | 192.168.2.5 | 87.120.84.5 |
May 3, 2024 06:07:24.392678976 CEST | 49713 | 50500 | 192.168.2.5 | 87.120.84.5 |
May 3, 2024 06:07:26.408281088 CEST | 49713 | 50500 | 192.168.2.5 | 87.120.84.5 |
May 3, 2024 06:07:30.423904896 CEST | 49713 | 50500 | 192.168.2.5 | 87.120.84.5 |
May 3, 2024 06:07:38.424065113 CEST | 49713 | 50500 | 192.168.2.5 | 87.120.84.5 |
May 3, 2024 06:07:44.554830074 CEST | 49714 | 50500 | 192.168.2.5 | 87.120.84.5 |
May 3, 2024 06:07:45.564652920 CEST | 49714 | 50500 | 192.168.2.5 | 87.120.84.5 |
May 3, 2024 06:07:47.564555883 CEST | 49714 | 50500 | 192.168.2.5 | 87.120.84.5 |
May 3, 2024 06:07:51.568836927 CEST | 49714 | 50500 | 192.168.2.5 | 87.120.84.5 |
May 3, 2024 06:07:59.564552069 CEST | 49714 | 50500 | 192.168.2.5 | 87.120.84.5 |
May 3, 2024 06:08:06.162511110 CEST | 49716 | 50500 | 192.168.2.5 | 87.120.84.5 |
May 3, 2024 06:08:07.173937082 CEST | 49716 | 50500 | 192.168.2.5 | 87.120.84.5 |
May 3, 2024 06:08:09.173957109 CEST | 49716 | 50500 | 192.168.2.5 | 87.120.84.5 |
May 3, 2024 06:08:13.173984051 CEST | 49716 | 50500 | 192.168.2.5 | 87.120.84.5 |
May 3, 2024 06:08:21.174048901 CEST | 49716 | 50500 | 192.168.2.5 | 87.120.84.5 |
May 3, 2024 06:08:27.351349115 CEST | 49718 | 50500 | 192.168.2.5 | 87.120.84.5 |
May 3, 2024 06:08:28.345860958 CEST | 49718 | 50500 | 192.168.2.5 | 87.120.84.5 |
May 3, 2024 06:08:30.345849037 CEST | 49718 | 50500 | 192.168.2.5 | 87.120.84.5 |
May 3, 2024 06:08:34.345841885 CEST | 49718 | 50500 | 192.168.2.5 | 87.120.84.5 |
May 3, 2024 06:08:42.361495018 CEST | 49718 | 50500 | 192.168.2.5 | 87.120.84.5 |
May 3, 2024 06:08:48.845076084 CEST | 49719 | 50500 | 192.168.2.5 | 87.120.84.5 |
May 3, 2024 06:08:49.845846891 CEST | 49719 | 50500 | 192.168.2.5 | 87.120.84.5 |
May 3, 2024 06:08:51.846060991 CEST | 49719 | 50500 | 192.168.2.5 | 87.120.84.5 |
May 3, 2024 06:08:55.845854044 CEST | 49719 | 50500 | 192.168.2.5 | 87.120.84.5 |
May 3, 2024 06:09:03.845877886 CEST | 49719 | 50500 | 192.168.2.5 | 87.120.84.5 |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Target ID: | 0 |
Start time: | 06:06:53 |
Start date: | 03/05/2024 |
Path: | C:\Users\user\Desktop\ZtQY1K6aTi.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1a0000 |
File size: | 1'672'704 bytes |
MD5 hash: | 7F991BD7699126D6CCA12241DE7E7C44 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Execution Graph
Execution Coverage: | 1.5% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 13.5% |
Total number of Nodes: | 769 |
Total number of Limit Nodes: | 19 |
Graph
Function 001FA082 Relevance: 56.5, APIs: 16, Strings: 16, Instructions: 502sleepthreadCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002709B0 Relevance: 38.7, APIs: 19, Strings: 2, Instructions: 1989registrycomCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001F9588 Relevance: 32.2, APIs: 9, Strings: 9, Instructions: 702librarythreadloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001FDA50 Relevance: 7.7, APIs: 5, Instructions: 156sleepCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001B8DC0 Relevance: .1, Instructions: 128COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00264CE0 Relevance: 23.1, APIs: 11, Strings: 2, Instructions: 351networkCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00264EB0 Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 279networksleepCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001E2CC3 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273COMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001E8900 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 292COMMONLIBRARYCODE
Control-flow Graph
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001D3C23 Relevance: 6.1, APIs: 4, Instructions: 86COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00273430 Relevance: 4.5, APIs: 3, Instructions: 28sleepCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001D8DF2 Relevance: 1.7, APIs: 1, Instructions: 157COMMON
Control-flow Graph
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001EAC71 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001D3BE1 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001EB086 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0023CBF0 Relevance: 172.9, APIs: 6, Strings: 91, Instructions: 3171stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002509B0 Relevance: 123.0, APIs: 2, Strings: 66, Instructions: 3964COMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001FA61F Relevance: 96.4, APIs: 19, Strings: 35, Instructions: 1929sleepsynchronizationthreadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0022E120 Relevance: 78.6, APIs: 13, Strings: 31, Instructions: 1609registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002361D0 Relevance: 75.6, APIs: 4, Strings: 38, Instructions: 2129stringCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002749B0 Relevance: 64.1, APIs: 31, Strings: 2, Instructions: 6337fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00238A80 Relevance: 59.6, APIs: 4, Strings: 29, Instructions: 1876stringCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00284B90 Relevance: 40.0, APIs: 5, Strings: 17, Instructions: 1467processCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001AA2C0 Relevance: 28.7, Strings: 22, Instructions: 1233COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0028A2D0 Relevance: 23.4, APIs: 11, Strings: 2, Instructions: 617libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0026C630 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 240injectionmemorysynchronizationCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00230BA0 Relevance: 19.8, APIs: 5, Strings: 6, Instructions: 533fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0026CAA0 Relevance: 19.2, APIs: 8, Strings: 2, Instructions: 1695registryfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0026E800 Relevance: 17.2, APIs: 7, Strings: 2, Instructions: 1469registryfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001D2012 Relevance: 15.2, APIs: 10, Instructions: 200fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00286E20 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 181memorylibraryloaderCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002E23D0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 86windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00298080 Relevance: 9.2, Strings: 7, Instructions: 484COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0022CB90 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 334processCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002B4220 Relevance: 8.9, Strings: 6, Instructions: 1371COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002E2160 Relevance: 7.7, APIs: 5, Instructions: 208fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001F2B48 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 254COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001DC950 Relevance: 6.5, APIs: 4, Instructions: 455COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002A4220 Relevance: 6.2, Strings: 4, Instructions: 1164COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001D4174 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00270420 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 202libraryloaderCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001F80C8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMONLIBRARYCODE
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00218200 Relevance: 3.6, Strings: 2, Instructions: 1092COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002DC8D0 Relevance: 3.5, APIs: 2, Instructions: 484COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002E40A0 Relevance: 3.5, APIs: 2, Instructions: 465COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002463D0 Relevance: 3.2, Strings: 2, Instructions: 701COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001F8E20 Relevance: 3.0, Strings: 2, Instructions: 463COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002D81A0 Relevance: 2.8, Strings: 2, Instructions: 284COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002A0520 Relevance: 2.1, Strings: 1, Instructions: 858COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002D20C0 Relevance: 2.0, Strings: 1, Instructions: 710COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002E4AE0 Relevance: 1.7, Strings: 1, Instructions: 429COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001E001D Relevance: 1.6, Strings: 1, Instructions: 318COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001F2D4D Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001D4301 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00294CD0 Relevance: 1.5, Strings: 1, Instructions: 219COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002D6B30 Relevance: 1.0, Instructions: 974COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00290350 Relevance: .7, Instructions: 735COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001E035F Relevance: .3, Instructions: 333COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001F8BA0 Relevance: .2, Instructions: 221COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00294AA0 Relevance: .2, Instructions: 199COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0028CD20 Relevance: .2, Instructions: 194COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001DA918 Relevance: .2, Instructions: 156COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00286470 Relevance: 37.2, APIs: 18, Strings: 3, Instructions: 423libraryloaderthreadCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00272D20 Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 372registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001F8013 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 45libraryloaderCOMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001BA060 Relevance: 9.1, APIs: 6, Instructions: 136COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00274140 Relevance: 9.1, APIs: 6, Instructions: 101COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00286B50 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 161libraryloaderCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001EA6A9 Relevance: 7.7, APIs: 5, Instructions: 197COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001BC430 Relevance: 7.6, APIs: 5, Instructions: 119COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001D2BB8 Relevance: 7.6, APIs: 5, Instructions: 116threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00264420 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 325fileCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002842D0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 111libraryloaderCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001D8577 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00282950 Relevance: 6.1, APIs: 4, Instructions: 121COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002E26B0 Relevance: 6.1, APIs: 4, Instructions: 81COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002E2CA0 Relevance: 6.1, APIs: 4, Instructions: 76fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00284050 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001F097B Relevance: 6.1, APIs: 4, Instructions: 74COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002E2D60 Relevance: 6.1, APIs: 4, Instructions: 66fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002E2AF0 Relevance: 6.1, APIs: 4, Instructions: 61fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001D2719 Relevance: 6.0, APIs: 4, Instructions: 44COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002E2C40 Relevance: 6.0, APIs: 4, Instructions: 35fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001D463B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |