Windows
Analysis Report
je9t0bDEVN.exe
Overview
General Information
Sample name: | je9t0bDEVN.exe (renamed file extension from none to exe, renamed because original name is a hash value) |
Original sample name: | 4dc3d7a6e1bef7cabd6e5e6681f3640628887a6beea0e096416baff784df7a3b |
Analysis ID: | 1436381 |
MD5: | 0df8abbbbc63aa2e171466a6cf93b172 |
SHA1: | fb8e1da97308f5466ce438222a0ea1c28efaaf01 |
SHA256: | 4dc3d7a6e1bef7cabd6e5e6681f3640628887a6beea0e096416baff784df7a3b |
Infos: | |
Detection
Score: | 96 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- je9t0bDEVN.exe (PID: 5992 cmdline:
"C:\Users\ user\Deskt op\je9t0bD EVN.exe" MD5: 0DF8ABBBBC63AA2E171466A6CF93B172) - WerFault.exe (PID: 3808 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 5 992 -s 356 MD5: C31336C1EFC2CCB44B4326EA793040F2)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Lumma Stealer, LummaC2 Stealer | Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell. | No Attribution |
{"C2 url": ["barbecueappledos.pw", "killredls.pw", "keewoolas.pw", "moskhoods.pw", "dayzilons.pw", "revivalsecularas.pw", "steycools.pw", "bloockflad.pw", "bookgames.pw"], "Build id": "KjGtqi--Zinfandel"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_LummaCStealer_2 | Yara detected LummaC Stealer | Joe Security |
Click to jump to signature section
AV Detection |
---|
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: |
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Joe Sandbox ML: |
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: |
Source: | Static PE information: |
Networking |
---|
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: |
Source: | String found in binary or memory: |
Source: | Code function: | 0_2_0041C04D | |
Source: | Code function: | 0_2_00451804 | |
Source: | Code function: | 0_2_004188AD | |
Source: | Code function: | 0_2_00428172 | |
Source: | Code function: | 0_2_0041D97A | |
Source: | Code function: | 0_2_004272D8 | |
Source: | Code function: | 0_2_00409B60 | |
Source: | Code function: | 0_2_0040F3C4 | |
Source: | Code function: | 0_2_0041DB99 | |
Source: | Code function: | 0_2_00404BAE | |
Source: | Code function: | 0_2_0044A439 | |
Source: | Code function: | 0_2_0044DDD0 | |
Source: | Code function: | 0_2_0040C5DC | |
Source: | Code function: | 0_2_0041F5E4 | |
Source: | Code function: | 0_2_0040CF58 | |
Source: | Code function: | 0_2_0040DF6A | |
Source: | Code function: | 0_2_00413777 | |
Source: | Code function: | 0_2_0041BF07 | |
Source: | Code function: | 0_2_00418F19 |
Source: | Code function: |
Source: | Process created: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | Process created: | ||
Source: | Process created: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_00412B0D | |
Source: | Code function: | 0_2_0077657C | |
Source: | Code function: | 0_2_00401DD4 | |
Source: | Code function: | 0_2_004686C4 | |
Source: | Code function: | 0_2_00415F5E |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 0_2_00465ADF | |
Source: | Code function: | 0_2_0045BEE6 |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Stealing of Sensitive Information |
---|
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 PowerShell | 1 DLL Side-Loading | 1 Process Injection | 1 Software Packing | OS Credential Dumping | 11 Security Software Discovery | Remote Services | 1 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Process Injection | LSASS Memory | 1 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 11 Deobfuscate/Decode Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 DLL Side-Loading | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 3 Obfuscated Files or Information | LSA Secrets | Internet Connection Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
71% | ReversingLabs | Win32.Trojan.SpywareX | ||
48% | Virustotal | Browse | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
15% | Virustotal | Browse | ||
14% | Virustotal | Browse | ||
12% | Virustotal | Browse | ||
15% | Virustotal | Browse | ||
15% | Virustotal | Browse | ||
15% | Virustotal | Browse | ||
16% | Virustotal | Browse | ||
14% | Virustotal | Browse | ||
13% | Virustotal | Browse |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1436381 |
Start date and time: | 2024-05-05 00:01:04 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 22s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 21 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | je9t0bDEVN.exe (renamed file extension from none to exe, renamed because original name is a hash value) |
Original Sample Name: | 4dc3d7a6e1bef7cabd6e5e6681f3640628887a6beea0e096416baff784df7a3b |
Detection: | MAL |
Classification: | mal96.troj.evad.winEXE@2/5@0/0 |
EGA Information: | Failed |
HCA Information: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 20.42.65.92
- Excluded domains from analysis (whitelisted): onedsblobprdeus17.eastus.cloudapp.azure.com, ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target je9t0bDEVN.exe, PID 5992 because there are no executed function
- Not all processes where analyzed, report is missing behavior information
Time | Type | Description |
---|---|---|
00:02:03 | API Interceptor |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_je9t0bDEVN.exe_648ca4123cddb9edd345697083aaa0e61a1f192b_cdffa1af_d84b65e4-ae86-4cb4-b099-e9f07225f6bb\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.7636333072448882 |
Encrypted: | false |
SSDEEP: | 192:UN3HCOVHyqtlli054EPJ2JYj+qzuiFqZ24IO87SJ0Y:iyOV5tZ54ELjrzuiFqY4IO87H |
MD5: | 05D5C8CEF43CB932CC5ED4B848FB836E |
SHA1: | 44F21C588EF341B2BB67E93BFF3C567B78F5A390 |
SHA-256: | D4359C3A21DA46521306438E2C8B02022B1C5CA1577B9C61B9A607101ED73B66 |
SHA-512: | 362860C0AB92743280BFD4D1945240E26D5253536F2E4CA98795507521A49102CF32F4F502F41B529FAC00F0AA7989F56F8C9DA564909FFF20F4C0BC440CAB09 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1073042 |
Entropy (8bit): | 0.9056013693006205 |
Encrypted: | false |
SSDEEP: | 1536:+FhhfLnTfqEHzfLnTfrH+GXKPefv0Gk1r8keeqzFsrEVJ33g:DYKPefyQkeLn33g |
MD5: | 23B7FBD390F1E2A4ED0AA00027BA54AE |
SHA1: | 0D2E3B3F477B5AD96992F23080DD19B20EB5B0B1 |
SHA-256: | 2DBAE63C1DA21F7B0AA1ED8F074FAE31FE936366373DFE0AF9B956D95EC53B14 |
SHA-512: | 66E6E21079A4B3BAAF01854FFCF123C0AD3D4EF0022E990BAF6A3E61B53D90A91F4857ABAD8A59E74A613E63D2BD05BBABB778057FAF7EEAF795750CAA706AF0 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8332 |
Entropy (8bit): | 3.700139085902334 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJp5Xk6Wm86YNISUmJ9gmfbBYmpDM89bwasfS3Bwm:R6lXJpa686YSSUO9gmfeCw5fST |
MD5: | 20CC278C32BC50BDEF18FFBD7F26D3D9 |
SHA1: | F08D51AC9095716B628B9F42BF4D494807BE8495 |
SHA-256: | 9E6218AF948FC949027BD9ACEF9AE870307308649418040638CE78E93F2571B3 |
SHA-512: | 28B0FA064AA89EE6DCF972BFBEF9E258738B17D1612CBCAD844A2105C925A498DFA870D59BA896616F2CB126E5A62F33CEE509B8DD5FC25E33E34EB8B5DB5666 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4674 |
Entropy (8bit): | 4.492190833546438 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsuRMiJg77aI9orWpW8VYxYm8M4JUiumM6F3+q8qbFoM7hughQNd:uIjfu+wI72a7VdJCYN7hughQNd |
MD5: | 97B151E0B756D738B5E00DB2358583EF |
SHA1: | 86CAAA71F35E64C42C5B62B003669A4331A2AC48 |
SHA-256: | 15F1CEEF5201269D6EE0975ECADECCD87A3C54C0978EB6B748A40160B0B3C2E0 |
SHA-512: | E6D41F0448A5BC19FE300170BC070640F50D390F3FA94F607BD5C86F76EDA9C6EB3BC2AC8E49D80F0B371E4EF4215DCE1EDEB29A125864CCCDDA8918DD0066FC |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1835008 |
Entropy (8bit): | 4.4172338628001535 |
Encrypted: | false |
SSDEEP: | 6144:Dcifpi6ceLPL9skLmb0mDSWSPtaJG8nAgex285i2MMhA20X4WABlGuNs5+:4i58DSWIZBk2MM6AFBqo |
MD5: | 5469CCC6628BA00A624F970F05166FF2 |
SHA1: | 9937C9A36CB228960B6A9D7B091B5892A6E56C0D |
SHA-256: | 1FB4999B66C9510BAF0E6700BF758DDB6A3043284E1274EF164BDB889D5256A1 |
SHA-512: | A817E586523B632D0D4D89B30E2E9457EF26D9149B17846DA644A43F8DAE4E4ED2F2BD3831E7238AE41165A54FB1CF736BBF057588EA2418C04F27A166311D3E |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 7.821181029934212 |
TrID: |
|
File name: | je9t0bDEVN.exe |
File size: | 4'132'864 bytes |
MD5: | 0df8abbbbc63aa2e171466a6cf93b172 |
SHA1: | fb8e1da97308f5466ce438222a0ea1c28efaaf01 |
SHA256: | 4dc3d7a6e1bef7cabd6e5e6681f3640628887a6beea0e096416baff784df7a3b |
SHA512: | ea42a729b56ba8063a29d97bcbcc0cbbc8428e939aae3fa483e605551525dbf66a8c8ca1e8ea3f0ddde68d561c8babe8168d376acbe43b22f37d80d18e8309e1 |
SSDEEP: | 98304:D3dhinxWxbC7HKMKI1gnwXrPljNaliok+PPxJ2U18b/Db1esOD:D2ou7KFnwbljNalioBOU18b/Ne3 |
TLSH: | A71612113DC120F8D8A635B002A3EE3E75B47E3685358CCBB7D4BE6BD932650763526A |
File Content Preview: | MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....Oe.................(..........~T*...........@...........................?......N(.....................................|-<.... |
Icon Hash: | 01931b3979490c1d |
Entrypoint: | 0x6a547e |
Entrypoint Section: | ./PING/2 |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | TERMINAL_SERVER_AWARE |
Time Stamp: | 0x654F9392 [Sat Nov 11 14:45:38 2023 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | 575ffd2062645b048aa6c5e951bbd11d |
Instruction |
---|
push 2D0C8E14h |
pushfd |
or byte ptr [esp+04h], 0000003Fh |
neg dword ptr [esp+04h] |
cmp dword ptr [esp+04h], 062D8635h |
mov dword ptr [esp+04h], 8B0A1BD6h |
push dword ptr [esp+00h] |
popfd |
lea esp, dword ptr [esp+04h] |
call 00007F490CC10EFCh |
sbb dword ptr [ecx], edx |
pop ss |
call far 7039h : D09C4902h |
daa |
jmp 00007F48F85D76E7h |
shr eax, FFFFFF87h |
imul ecx, edx, 0181EC63h |
or cl, bh |
loop 00007F490CB92D74h |
sbb dword ptr [ecx+ecx*4+41h], eax |
test eax, C34A9BB7h |
mov al, byte ptr [BA6634C8h] |
jp 00007F490CB92DCBh |
js 00007F490CB92D5Dh |
daa |
push ebp |
add ah, byte ptr [edi] |
test al, 42h |
inc esi |
push esi |
sbb esi, ecx |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x3c2d7c | 0xdc | ./PING/2 |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x3d7000 | 0x1980c | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x3d6300 | 0xc0 | ./PING/2 |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x174000 | 0x274 | ./PING/1 |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x73000 | 0x73000 | 4acee1c5db002bc1f5779666023290ea | False | 0.5895316745923913 | data | 6.8060853503210135 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x74000 | 0xd000 | 0xd000 | cf7feb91e82e5723749347eb2a641226 | False | 0.55859375 | data | 5.748204833083643 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x81000 | 0x5000 | 0x5000 | 8ce4a8c6d4df0cdc15c2df928098fd41 | False | 0.22451171875 | data | 4.081107640210269 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
./PING/0 | 0x86000 | 0xee000 | 0xee000 | 832ec266376e658d4cc6625e16acddc6 | False | 0.9460551798844538 | data | 7.837674875091487 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
./PING/1 | 0x174000 | 0x1000 | 0x1000 | bef779488f50c62a09b12ae4eba2b7b9 | False | 0.13671875 | data | 1.4245860605440923 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
./PING/2 | 0x175000 | 0x262000 | 0x262000 | 2e10a4226f453827bdd77de0a9e484fe | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rsrc | 0x3d7000 | 0x1a000 | 0x1a000 | f53d22ac46de32c3980d569206467cb0 | False | 0.6795560396634616 | data | 6.5508447870931015 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_CURSOR | 0x3ed3b8 | 0x134 | Targa image data - RGB 64 x 65536 x 1 +32 "\001" | English | United States | 0.4805194805194805 |
RT_CURSOR | 0x3ed4ec | 0xb4 | Targa image data - Map 32 x 65536 x 1 +16 "\001" | English | United States | 0.7 |
RT_CURSOR | 0x3ed5a0 | 0x134 | Targa image data 64 x 65536 x 1 +32 "\001" | English | United States | 0.37662337662337664 |
RT_CURSOR | 0x3ed6d4 | 0x134 | AmigaOS bitmap font "(", fc_YSize 4294967264, 5120 elements, 2nd "\377\360?\377\377\370\177\377\377\374\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rd | English | United States | 0.36363636363636365 |
RT_CURSOR | 0x3ed808 | 0x134 | Targa image data 64 x 65536 x 1 +32 "\001" | English | United States | 0.36688311688311687 |
RT_CURSOR | 0x3ed93c | 0x134 | data | English | United States | 0.37662337662337664 |
RT_CURSOR | 0x3eda70 | 0x134 | AmigaOS bitmap font "(", fc_YSize 4294966847, 3840 elements, 2nd "\377?\374\377\377\300\003\377\377\300\003\377\377\340\007\377\377\360\017\377\377\370\037\377\377\374?\377\377\376\177\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rd | English | United States | 0.5422077922077922 |
RT_CURSOR | 0x3edba4 | 0x134 | data | English | United States | 0.37337662337662336 |
RT_CURSOR | 0x3edcd8 | 0x134 | Targa image data - RGB - RLE 64 x 65536 x 1 +32 "\001" | English | United States | 0.38636363636363635 |
RT_CURSOR | 0x3ede0c | 0x134 | Targa image data - RLE 64 x 65536 x 1 +32 "\001" | English | United States | 0.35714285714285715 |
RT_CURSOR | 0x3edf40 | 0x134 | Targa image data - Mono - RLE 64 x 65536 x 1 +32 "\001" | English | United States | 0.36688311688311687 |
RT_CURSOR | 0x3ee074 | 0x134 | data | English | United States | 0.44155844155844154 |
RT_CURSOR | 0x3ee1a8 | 0x134 | data | English | United States | 0.4155844155844156 |
RT_CURSOR | 0x3ee2dc | 0x134 | data | English | United States | 0.2662337662337662 |
RT_CURSOR | 0x3ee410 | 0x134 | data | English | United States | 0.2824675324675325 |
RT_CURSOR | 0x3ee544 | 0x134 | data | English | United States | 0.3246753246753247 |
RT_BITMAP | 0x3ee678 | 0xb8 | Device independent bitmap graphic, 12 x 10 x 4, image size 80 | English | United States | 0.44565217391304346 |
RT_BITMAP | 0x3ee730 | 0x144 | Device independent bitmap graphic, 33 x 11 x 4, image size 220 | English | United States | 0.37962962962962965 |
RT_ICON | 0x3d7bf8 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1024 | English | United States | 0.8209219858156028 |
RT_ICON | 0x3d8060 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4096 | English | United States | 0.5229831144465291 |
RT_ICON | 0x3d9108 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9216 | English | United States | 0.42489626556016596 |
RT_ICON | 0x3db6b0 | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 16384 | English | United States | 0.3771846953235711 |
RT_ICON | 0x3df8d8 | 0xd20b | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States | 0.9955366275501665 |
RT_DIALOG | 0x3ee874 | 0x138 | data | English | United States | 0.5833333333333334 |
RT_DIALOG | 0x3ee9ac | 0x106 | data | English | United States | 0.648854961832061 |
RT_DIALOG | 0x3eeab4 | 0xe8 | data | English | United States | 0.6336206896551724 |
RT_DIALOG | 0x3eeb9c | 0x34 | data | English | United States | 0.9038461538461539 |
RT_STRING | 0x3eebd0 | 0x46 | data | English | United States | 0.6571428571428571 |
RT_STRING | 0x3eec18 | 0x82 | StarOffice Gallery theme p, 536899072 objects, 1st n | English | United States | 0.7153846153846154 |
RT_STRING | 0x3eec9c | 0x2a | data | English | United States | 0.5476190476190477 |
RT_STRING | 0x3eecc8 | 0x184 | data | English | United States | 0.48711340206185566 |
RT_STRING | 0x3eee4c | 0x4ee | data | English | United States | 0.375594294770206 |
RT_STRING | 0x3ef33c | 0x264 | data | English | United States | 0.3333333333333333 |
RT_STRING | 0x3ef5a0 | 0x2da | data | English | United States | 0.3698630136986301 |
RT_STRING | 0x3ef87c | 0x8a | data | English | United States | 0.6594202898550725 |
RT_STRING | 0x3ef908 | 0xac | data | English | United States | 0.45348837209302323 |
RT_STRING | 0x3ef9b4 | 0xde | data | English | United States | 0.536036036036036 |
RT_STRING | 0x3efa94 | 0x4a8 | data | English | United States | 0.3221476510067114 |
RT_STRING | 0x3eff3c | 0x228 | data | English | United States | 0.4003623188405797 |
RT_STRING | 0x3f0164 | 0x2c | data | English | United States | 0.5227272727272727 |
RT_STRING | 0x3f0190 | 0x53e | data | English | United States | 0.2965722801788376 |
RT_GROUP_CURSOR | 0x3f06d0 | 0x22 | Lotus unknown worksheet or configuration, revision 0x2 | English | United States | 0.9705882352941176 |
RT_GROUP_CURSOR | 0x3f06f4 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x3f0708 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x3f071c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x3f0730 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x3f0744 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x3f0758 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x3f076c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x3f0780 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x3f0794 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x3f07a8 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x3f07bc | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x3f07d0 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x3f07e4 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x3f07f8 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_ICON | 0x3ecae4 | 0x4c | data | English | United States | 0.7631578947368421 |
RT_VERSION | 0x3ecb30 | 0x56c | data | English | United States | 0.3854466858789625 |
RT_MANIFEST | 0x3ed09c | 0x31c | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (736), with CRLF line terminators | English | United States | 0.5238693467336684 |
DLL | Import |
---|---|
KERNEL32.dll | CloseHandle, CompareStringW, CreateFileA, CreateFileW, CreateProcessW, CreateToolhelp32Snapshot, DecodePointer, DeleteCriticalSection, DeleteFileW, EncodePointer, EnterCriticalSection, ExitProcess, ExpandEnvironmentStringsW, FileTimeToSystemTime, FindClose, FindFirstFileExW, FindNextFileW, FlushFileBuffers, FreeEnvironmentStringsW, FreeLibrary, GetACP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetComputerNameExA, GetComputerNameW, GetConsoleMode, GetConsoleOutputCP, GetCurrentDirectoryW, GetCurrentProcess, GetCurrentProcessId, GetCurrentThreadId, GetDriveTypeW, GetEnvironmentStringsW, GetFileInformationByHandle, GetFileSizeEx, GetFileType, GetFullPathNameW, GetLastError, GetLogicalDrives, GetModuleFileNameA, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleExW, GetModuleHandleW, GetOEMCP, GetProcAddress, GetProcessHeap, GetStartupInfoW, GetStdHandle, GetStringTypeW, GetSystemDefaultLangID, GetSystemDefaultUILanguage, GetSystemTimeAsFileTime, GetTimeZoneInformation, GetUserDefaultLangID, GetUserDefaultUILanguage, GetVolumeInformationW, HeapAlloc, HeapFree, HeapReAlloc, HeapSize, InitializeCriticalSectionAndSpinCount, InitializeSListHead, IsDebuggerPresent, IsProcessorFeaturePresent, IsValidCodePage, LCMapStringW, LeaveCriticalSection, LoadLibraryA, LoadLibraryExW, LoadLibraryW, MultiByteToWideChar, PeekNamedPipe, Process32FirstW, Process32NextW, QueryPerformanceCounter, RaiseException, ReadConsoleW, ReadFile, RtlUnwind, SetEndOfFile, SetEnvironmentVariableW, SetFilePointerEx, SetFileTime, SetLastError, SetStdHandle, SetUnhandledExceptionFilter, SystemTimeToFileTime, SystemTimeToTzSpecificLocalTime, TerminateProcess, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, TzSpecificLocalTimeToSystemTime, UnhandledExceptionFilter, WideCharToMultiByte, WinExec, WriteConsoleW, WriteFile, lstrcatW, lstrcmpW, lstrcmpiW, lstrlenW |
USER32.dll | EnumDisplayDevicesA, GetDC, GetDesktopWindow, GetSystemMetrics, ReleaseDC, SystemParametersInfoW, wsprintfW |
ADVAPI32.dll | GetCurrentHwProfileW, RegCloseKey, RegEnumKeyExW, RegOpenKeyExW, RegQueryValueExW |
GDI32.dll | BitBlt, CreateCompatibleBitmap, CreateCompatibleDC, CreateDCW, DeleteDC, DeleteObject, GetDIBits, GetObjectW, SelectObject |
SHLWAPI.dll | PathFileExistsW |
WINHTTP.dll | WinHttpCloseHandle, WinHttpConnect, WinHttpCrackUrl, WinHttpOpen, WinHttpOpenRequest, WinHttpQueryDataAvailable, WinHttpReadData, WinHttpReceiveResponse, WinHttpSendRequest |
IPHLPAPI.DLL | GetAdaptersInfo |
WININET.dll | HttpAddRequestHeadersA, InternetQueryDataAvailable, InternetReadFile |
CRYPT32.dll | CryptStringToBinaryA |
KERNEL32.dll | HeapAlloc, HeapFree, ExitProcess, LoadLibraryA, GetModuleHandleA, GetProcAddress |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 00:01:50 |
Start date: | 05/05/2024 |
Path: | C:\Users\user\Desktop\je9t0bDEVN.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 4'132'864 bytes |
MD5 hash: | 0DF8ABBBBC63AA2E171466A6CF93B172 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 4 |
Start time: | 00:01:50 |
Start date: | 05/05/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x550000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409B60 Relevance: 16.1, Strings: 11, Instructions: 2333COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C5DC Relevance: 11.8, Strings: 9, Instructions: 567COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044A439 Relevance: 10.6, Strings: 8, Instructions: 632COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040DF6A Relevance: 9.5, Strings: 6, Instructions: 1975COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00413777 Relevance: 9.4, Strings: 6, Instructions: 1917COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040F3C4 Relevance: 8.3, Strings: 6, Instructions: 821COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040CF58 Relevance: 5.7, Strings: 4, Instructions: 747COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041D97A Relevance: 4.4, Strings: 3, Instructions: 654COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041DB99 Relevance: 2.8, Strings: 2, Instructions: 315COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418F19 Relevance: .8, Instructions: 751COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004272D8 Relevance: .5, Instructions: 492COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004188AD Relevance: .5, Instructions: 486COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00428172 Relevance: .4, Instructions: 379COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00451804 Relevance: .3, Instructions: 344COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041F5E4 Relevance: .3, Instructions: 279COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041BF07 Relevance: .2, Instructions: 150COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044DDD0 Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041C04D Relevance: .1, Instructions: 66COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00465ADF Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0045BEE6 Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408DB5 Relevance: 37.7, Strings: 30, Instructions: 243COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408F9C Relevance: 37.7, Strings: 30, Instructions: 163COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00412FD8 Relevance: 5.4, Strings: 4, Instructions: 442COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401000 Relevance: 5.2, Strings: 4, Instructions: 250COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |