Windows
Analysis Report
73zGJqwgDy.exe
Overview
General Information
Sample name: | 73zGJqwgDy.exerenamed because original name is a hash value |
Original sample name: | 9f2385763546df324e9ba77aa2ba312c890ffdbc0e6e379281ba321c0242318d.exe |
Analysis ID: | 1436571 |
MD5: | 31c73b1faf2ac14c68e5ec56bfb6d3a6 |
SHA1: | 27b775e8543494a1d3bb3a5d11ebe9b7fb9a401b |
SHA256: | 9f2385763546df324e9ba77aa2ba312c890ffdbc0e6e379281ba321c0242318d |
Tags: | exemofongo-loader |
Infos: | |
Detection
Score: | 60 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- 73zGJqwgDy.exe (PID: 6708 cmdline:
"C:\Users\ user\Deskt op\73zGJqw gDy.exe" MD5: 31C73B1FAF2AC14C68E5EC56BFB6D3A6) - msedge.exe (PID: 4176 cmdline:
"C:\Progra m Files (x 86)\Micros oft\Edge\A pplication \msedge.ex e" MD5: BF154738460E4AB1D388970E1AB13FAB)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_MofongoLoader | Yara detected MofongoLoader | Joe Security | ||
JoeSecurity_MofongoLoader | Yara detected MofongoLoader | Joe Security | ||
JoeSecurity_MofongoLoader | Yara detected MofongoLoader | Joe Security | ||
JoeSecurity_MofongoLoader | Yara detected MofongoLoader | Joe Security | ||
JoeSecurity_MofongoLoader | Yara detected MofongoLoader | Joe Security | ||
Click to see the 4 entries |
Click to jump to signature section
AV Detection |
---|
Source: | Virustotal: | Perma Link |
Source: | Static PE information: |
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Code function: | 0_2_00007FF79B6B79F4 |
Source: | JA3 fingerprint: |
Source: | UDP traffic detected without corresponding DNS query: |
Source: | Code function: | 0_2_00007FF79B681530 |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: |
Source: | Code function: | 0_2_00007FF79B692160 |
Source: | Code function: | 0_2_00007FF79B6BDF20 | |
Source: | Code function: | 0_2_00007FF79B6AB4A0 | |
Source: | Code function: | 0_2_00007FF79B692160 | |
Source: | Code function: | 0_2_00007FF79B6A7CB0 | |
Source: | Code function: | 0_2_00007FF79B6BAB5C | |
Source: | Code function: | 0_2_00007FF79B6B1B2C | |
Source: | Code function: | 0_2_00007FF79B6BEA24 | |
Source: | Code function: | 0_2_00007FF79B6A7AC8 | |
Source: | Code function: | 0_2_00007FF79B6A89F4 | |
Source: | Code function: | 0_2_00007FF79B6B79F4 | |
Source: | Code function: | 0_2_00007FF79B6AB9AC | |
Source: | Code function: | 0_2_00007FF79B6A7E98 | |
Source: | Code function: | 0_2_00007FF79B6B0E0C | |
Source: | Code function: | 0_2_00007FF79B6AF448 | |
Source: | Code function: | 0_2_00007FF79B6A84E0 | |
Source: | Code function: | 0_2_00007FF79B6AC300 | |
Source: | Code function: | 0_2_00007FF79B6AE170 | |
Source: | Code function: | 0_2_00007FF79B6BC134 | |
Source: | Code function: | 0_2_00007FF79B6B21AC | |
Source: | Code function: | 0_2_00007FF79B6B167C | |
Source: | Code function: | 0_2_00007FF79B6B962C | |
Source: | Code function: | 0_2_00007FF79B6B6698 | |
Source: | Code function: | 0_2_00007FF79B6A9580 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Classification label: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Virustotal: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Data Obfuscation |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 0_2_00007FF79B690B50 |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Code function: | 0_2_00007FF79B681530 |
Source: | Registry key monitored for changes: | Jump to behavior | ||
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Check user administrative privileges: | graph_0-22591 |
Source: | Code function: | 0_2_00007FF79B6B79F4 |
Source: | Binary or memory string: |
Source: | Code function: | 0_2_00007FF79B6A6CD0 |
Source: | Code function: | 0_2_00007FF79B690B50 |
Source: | Code function: | 0_2_00007FF79B6BBE4C |
Source: | Code function: | 0_2_00007FF79B6A6CD0 | |
Source: | Code function: | 0_2_00007FF79B6A1060 | |
Source: | Code function: | 0_2_00007FF79B6A0EBC | |
Source: | Code function: | 0_2_00007FF79B6A02BC |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | NtCreateSection: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Code function: | 0_2_00007FF79B6C1040 |
Source: | Code function: | 0_2_00007FF79B6BBB34 | |
Source: | Code function: | 0_2_00007FF79B6BB958 | |
Source: | Code function: | 0_2_00007FF79B6BBA08 | |
Source: | Code function: | 0_2_00007FF79B6B39E8 | |
Source: | Code function: | 0_2_00007FF79B6BB100 | |
Source: | Code function: | 0_2_00007FF79B6BB44C | |
Source: | Code function: | 0_2_00007FF79B6BB800 | |
Source: | Code function: | 0_2_00007FF79B6BB51C | |
Source: | Code function: | 0_2_00007FF79B6BB5B4 | |
Source: | Code function: | 0_2_00007FF79B6B35A8 |
Source: | Code function: | 0_2_00007FF79B6A0DA0 |
Source: | Key value queried: | Jump to behavior |
Source: | Registry key created or modified: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Native API | 1 DLL Side-Loading | 11 Process Injection | 1 Disable or Modify Tools | OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | 11 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Abuse Elevation Control Mechanism | 11 Process Injection | LSASS Memory | 1 Query Registry | Remote Desktop Protocol | Data from Removable Media | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 DLL Side-Loading | 1 Abuse Elevation Control Mechanism | Security Account Manager | 21 Security Software Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 DLL Side-Loading | NTDS | 1 File and Directory Discovery | Distributed Component Object Model | Input Capture | 3 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | Software Packing | LSA Secrets | 23 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
14% | Virustotal | Browse | ||
11% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
checkcloudnet.com | 172.67.174.47 | true | false |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
172.67.174.47 | checkcloudnet.com | United States | 13335 | CLOUDFLARENETUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1436571 |
Start date and time: | 2024-05-06 02:34:04 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 9s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 8 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | 73zGJqwgDy.exerenamed because original name is a hash value |
Original Sample Name: | 9f2385763546df324e9ba77aa2ba312c890ffdbc0e6e379281ba321c0242318d.exe |
Detection: | MAL |
Classification: | mal60.troj.evad.winEXE@3/0@1/1 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
172.67.174.47 | Get hash | malicious | MofongoLoader | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
checkcloudnet.com | Get hash | malicious | MofongoLoader | Browse |
| |
Get hash | malicious | MofongoLoader | Browse |
| ||
Get hash | malicious | MofongoLoader | Browse |
| ||
Get hash | malicious | MofongoLoader | Browse |
| ||
Get hash | malicious | MofongoLoader | Browse |
| ||
Get hash | malicious | MofongoLoader | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | MofongoLoader | Browse |
| |
Get hash | malicious | MofongoLoader | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | TechSupportScam | Browse |
| ||
Get hash | malicious | Mirai, Gafgyt | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | MofongoLoader | Browse |
| |
Get hash | malicious | MofongoLoader | Browse |
| ||
Get hash | malicious | MofongoLoader | Browse |
| ||
Get hash | malicious | MofongoLoader | Browse |
| ||
Get hash | malicious | MofongoLoader | Browse |
| ||
Get hash | malicious | MofongoLoader | Browse |
| ||
Get hash | malicious | MofongoLoader | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
Get hash | malicious | XWorm | Browse |
|
File type: | |
Entropy (8bit): | 4.894351813667311 |
TrID: |
|
File name: | 73zGJqwgDy.exe |
File size: | 685'800 bytes |
MD5: | 31c73b1faf2ac14c68e5ec56bfb6d3a6 |
SHA1: | 27b775e8543494a1d3bb3a5d11ebe9b7fb9a401b |
SHA256: | 9f2385763546df324e9ba77aa2ba312c890ffdbc0e6e379281ba321c0242318d |
SHA512: | 41caca74f9b7d1702bf125824fac51a3ef375351d90a8a2794275f1e4838d6c79c44b0593ae5c975a89042e4d55017022f0d496457b0319a29b744114e3baede |
SSDEEP: | 6144:xwrGnfIRzRSPpwMHjH4ZGL3O0b83ii96AMaJB8udk4+xZRtiKzvzaOLVY9:xAGwtRSPuMHjH0GL3OB3x6Faa69 |
TLSH: | 05E47EC6E6640CECF57688388D73721AA9617CB9432056C726907676DB336E4F93B703 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........ZY...Y...Y......._...............I...Y...X..._X..I..._X..K..._X..........^...Y...1...6X..]...6X..X...6X..X...RichY.......... |
Icon Hash: | 0c961b1311919080 |
Entrypoint: | 0x14002097c |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x140000000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE |
DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x65D52C37 [Tue Feb 20 22:48:23 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | 9e618d3714c6ac086a06d7e977b5ceb1 |
Signature Valid: | true |
Signature Issuer: | CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB |
Signature Validation Error: | The operation completed successfully |
Error Number: | 0 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 47413D0F40F4C211F6527804E95DBB34 |
Thumbprint SHA-1: | 69B1966E16949B9C76A66C82EB077109F764EBA2 |
Thumbprint SHA-256: | A0D0C4ACBCCEBD5C03FF416E1AD2487E7A936F799A57D84EDE3CC9F8C0BCD819 |
Serial: | 6AB35C5785260695E9C012514DB0C299 |
Instruction |
---|
dec eax |
sub esp, 28h |
call 00007FC8F0D67680h |
dec eax |
add esp, 28h |
jmp 00007FC8F0D670D7h |
int3 |
int3 |
dec eax |
sub esp, 28h |
call 00007FC8F0D67A10h |
test eax, eax |
je 00007FC8F0D67283h |
dec eax |
mov eax, dword ptr [00000030h] |
dec eax |
mov ecx, dword ptr [eax+08h] |
jmp 00007FC8F0D67267h |
dec eax |
cmp ecx, eax |
je 00007FC8F0D67276h |
xor eax, eax |
dec eax |
cmpxchg dword ptr [0003899Ch], ecx |
jne 00007FC8F0D67250h |
xor al, al |
dec eax |
add esp, 28h |
ret |
mov al, 01h |
jmp 00007FC8F0D67259h |
int3 |
int3 |
int3 |
dec eax |
sub esp, 28h |
test ecx, ecx |
jne 00007FC8F0D67269h |
mov byte ptr [00038985h], 00000001h |
call 00007FC8F0D67459h |
call 00007FC8F0D68BB8h |
test al, al |
jne 00007FC8F0D67266h |
xor al, al |
jmp 00007FC8F0D67276h |
call 00007FC8F0D7617Bh |
test al, al |
jne 00007FC8F0D6726Bh |
xor ecx, ecx |
call 00007FC8F0D68BC8h |
jmp 00007FC8F0D6724Ch |
mov al, 01h |
dec eax |
add esp, 28h |
ret |
int3 |
int3 |
inc eax |
push ebx |
dec eax |
sub esp, 20h |
cmp byte ptr [0003894Ch], 00000000h |
mov ebx, ecx |
jne 00007FC8F0D672C9h |
cmp ecx, 01h |
jnbe 00007FC8F0D672CCh |
call 00007FC8F0D67986h |
test eax, eax |
je 00007FC8F0D6728Ah |
test ebx, ebx |
jne 00007FC8F0D67286h |
dec eax |
lea ecx, dword ptr [00038936h] |
call 00007FC8F0D75F9Ah |
test eax, eax |
jne 00007FC8F0D67272h |
dec eax |
lea ecx, dword ptr [0003893Eh] |
call 00007FC8F0D6728Ah |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x55ea4 | 0x50 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x62000 | 0x481ca | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x5b000 | 0x4758 | .pdata |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0xa4a00 | 0x2ce8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x61000 | 0xad8 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x503d0 | 0x1c | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x50290 | 0x140 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x44000 | 0x2f8 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x42b14 | 0x42c00 | 7537927333c051664949aefc61fd5a1a | False | 0.45422591877340823 | data | 6.130993027929059 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x44000 | 0x128b6 | 0x12a00 | db38c9bfabbf3462d8921fc81bba7ffb | False | 0.40687919463087246 | data | 4.88570170944556 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x57000 | 0x31a0 | 0x1800 | faaede84d1ee141a6e2b3f859f8aa999 | False | 0.15836588541666666 | data | 3.216862681128812 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.pdata | 0x5b000 | 0x4758 | 0x4800 | 111bb645f8306dbe2dcb9e0e4e7bb530 | False | 0.4660373263888889 | data | 5.517520409001171 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
_RDATA | 0x60000 | 0x1f4 | 0x200 | 43c0e7d2b7012672ebc0b5fead60d58c | False | 0.509765625 | data | 4.194331301484952 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x61000 | 0xad8 | 0xc00 | 0f6bcfae9a63d31ff4bf3727432f9489 | False | 0.47265625 | data | 5.258543532793456 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
.rsrc | 0x62000 | 0x481ca | 0x48200 | a5f727b7d39d4259faeb98440a981cb6 | False | 0.048090202556325824 | data | 2.052089933396767 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0x62280 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2835 x 2835 px/m | 0.24379432624113476 | ||
RT_ICON | 0x626e8 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2304, resolution 2835 x 2835 px/m | 0.16434426229508198 | ||
RT_ICON | 0x63070 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2835 x 2835 px/m | 0.13297373358348968 | ||
RT_ICON | 0x64118 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2835 x 2835 px/m | 0.08952282157676349 | ||
RT_ICON | 0x666c0 | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 2835 x 2835 px/m | 0.06914265470004724 | ||
RT_ICON | 0x6a8e8 | 0x94a8 | Device independent bitmap graphic, 96 x 192 x 32, image size 36864, resolution 2835 x 2835 px/m | 0.052843178473828044 | ||
RT_ICON | 0x73d90 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 2835 x 2835 px/m | 0.04186383532473678 | ||
RT_ICON | 0x845b8 | 0x25228 | Device independent bitmap graphic, 192 x 384 x 32, image size 147456, resolution 2835 x 2835 px/m | 0.031701993372955345 | ||
RT_GROUP_ICON | 0xa97e0 | 0x76 | data | 0.7372881355932204 | ||
RT_VERSION | 0xa9858 | 0x36c | data | 0.4189497716894977 | ||
RT_MANIFEST | 0xa9bc4 | 0x606 | XML 1.0 document, ASCII text | English | United States | 0.45395590142671854 |
DLL | Import |
---|---|
KERNEL32.dll | MultiByteToWideChar, GetStdHandle, ReadFile, CloseHandle, LoadLibraryA, CreatePipe, GetCurrentProcess, CreateProcessA, GetModuleHandleA, SetEndOfFile, SetHandleInformation, GetProcAddress, WriteConsoleW, HeapSize, WideCharToMultiByte, GetStringTypeW, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionEx, DeleteCriticalSection, EncodePointer, DecodePointer, LCMapStringEx, GetCPInfo, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, RtlPcToFileHeader, RaiseException, RtlUnwindEx, GetLastError, SetLastError, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, WriteFile, GetModuleFileNameW, ExitProcess, GetModuleHandleExW, GetCommandLineA, GetCommandLineW, HeapAlloc, HeapFree, GetFileType, HeapReAlloc, GetFileSizeEx, SetFilePointerEx, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, CompareStringW, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableW, SetStdHandle, GetProcessHeap, ReadConsoleW, CreateFileW, RtlUnwind |
ADVAPI32.dll | OpenProcessToken |
WININET.dll | InternetCloseHandle |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 6, 2024 02:34:47.810739994 CEST | 49702 | 443 | 192.168.2.6 | 172.67.174.47 |
May 6, 2024 02:34:47.810786009 CEST | 443 | 49702 | 172.67.174.47 | 192.168.2.6 |
May 6, 2024 02:34:47.810913086 CEST | 49702 | 443 | 192.168.2.6 | 172.67.174.47 |
May 6, 2024 02:34:47.819674969 CEST | 49702 | 443 | 192.168.2.6 | 172.67.174.47 |
May 6, 2024 02:34:47.819690943 CEST | 443 | 49702 | 172.67.174.47 | 192.168.2.6 |
May 6, 2024 02:34:48.056312084 CEST | 443 | 49702 | 172.67.174.47 | 192.168.2.6 |
May 6, 2024 02:34:48.056442022 CEST | 49702 | 443 | 192.168.2.6 | 172.67.174.47 |
May 6, 2024 02:34:48.077299118 CEST | 49702 | 443 | 192.168.2.6 | 172.67.174.47 |
May 6, 2024 02:34:48.077322006 CEST | 443 | 49702 | 172.67.174.47 | 192.168.2.6 |
May 6, 2024 02:34:48.077522039 CEST | 443 | 49702 | 172.67.174.47 | 192.168.2.6 |
May 6, 2024 02:34:48.077677965 CEST | 49702 | 443 | 192.168.2.6 | 172.67.174.47 |
May 6, 2024 02:34:48.079463005 CEST | 49702 | 443 | 192.168.2.6 | 172.67.174.47 |
May 6, 2024 02:34:48.124110937 CEST | 443 | 49702 | 172.67.174.47 | 192.168.2.6 |
May 6, 2024 02:34:48.568388939 CEST | 443 | 49702 | 172.67.174.47 | 192.168.2.6 |
May 6, 2024 02:34:48.568587065 CEST | 49702 | 443 | 192.168.2.6 | 172.67.174.47 |
May 6, 2024 02:34:48.568603039 CEST | 443 | 49702 | 172.67.174.47 | 192.168.2.6 |
May 6, 2024 02:34:48.568681955 CEST | 49702 | 443 | 192.168.2.6 | 172.67.174.47 |
May 6, 2024 02:34:48.626329899 CEST | 443 | 49702 | 172.67.174.47 | 192.168.2.6 |
May 6, 2024 02:34:48.626373053 CEST | 443 | 49702 | 172.67.174.47 | 192.168.2.6 |
May 6, 2024 02:34:48.626398087 CEST | 443 | 49702 | 172.67.174.47 | 192.168.2.6 |
May 6, 2024 02:34:48.626396894 CEST | 49702 | 443 | 192.168.2.6 | 172.67.174.47 |
May 6, 2024 02:34:48.626410007 CEST | 443 | 49702 | 172.67.174.47 | 192.168.2.6 |
May 6, 2024 02:34:48.626617908 CEST | 49702 | 443 | 192.168.2.6 | 172.67.174.47 |
May 6, 2024 02:34:48.626617908 CEST | 49702 | 443 | 192.168.2.6 | 172.67.174.47 |
May 6, 2024 02:34:48.626729012 CEST | 443 | 49702 | 172.67.174.47 | 192.168.2.6 |
May 6, 2024 02:34:48.626773119 CEST | 49702 | 443 | 192.168.2.6 | 172.67.174.47 |
May 6, 2024 02:34:48.626780033 CEST | 443 | 49702 | 172.67.174.47 | 192.168.2.6 |
May 6, 2024 02:34:48.626806021 CEST | 443 | 49702 | 172.67.174.47 | 192.168.2.6 |
May 6, 2024 02:34:48.626827955 CEST | 49702 | 443 | 192.168.2.6 | 172.67.174.47 |
May 6, 2024 02:34:48.626836061 CEST | 443 | 49702 | 172.67.174.47 | 192.168.2.6 |
May 6, 2024 02:34:48.626852989 CEST | 49702 | 443 | 192.168.2.6 | 172.67.174.47 |
May 6, 2024 02:34:48.626892090 CEST | 49702 | 443 | 192.168.2.6 | 172.67.174.47 |
May 6, 2024 02:34:48.627329111 CEST | 443 | 49702 | 172.67.174.47 | 192.168.2.6 |
May 6, 2024 02:34:48.627372026 CEST | 49702 | 443 | 192.168.2.6 | 172.67.174.47 |
May 6, 2024 02:34:48.627660990 CEST | 443 | 49702 | 172.67.174.47 | 192.168.2.6 |
May 6, 2024 02:34:48.627701044 CEST | 49702 | 443 | 192.168.2.6 | 172.67.174.47 |
May 6, 2024 02:34:48.627706051 CEST | 443 | 49702 | 172.67.174.47 | 192.168.2.6 |
May 6, 2024 02:34:48.627738953 CEST | 443 | 49702 | 172.67.174.47 | 192.168.2.6 |
May 6, 2024 02:34:48.627743006 CEST | 49702 | 443 | 192.168.2.6 | 172.67.174.47 |
May 6, 2024 02:34:48.627748966 CEST | 443 | 49702 | 172.67.174.47 | 192.168.2.6 |
May 6, 2024 02:34:48.627769947 CEST | 49702 | 443 | 192.168.2.6 | 172.67.174.47 |
May 6, 2024 02:34:48.627803087 CEST | 49702 | 443 | 192.168.2.6 | 172.67.174.47 |
May 6, 2024 02:34:48.627806902 CEST | 443 | 49702 | 172.67.174.47 | 192.168.2.6 |
May 6, 2024 02:34:48.627837896 CEST | 49702 | 443 | 192.168.2.6 | 172.67.174.47 |
May 6, 2024 02:34:48.628416061 CEST | 443 | 49702 | 172.67.174.47 | 192.168.2.6 |
May 6, 2024 02:34:48.628454924 CEST | 49702 | 443 | 192.168.2.6 | 172.67.174.47 |
May 6, 2024 02:34:48.628460884 CEST | 443 | 49702 | 172.67.174.47 | 192.168.2.6 |
May 6, 2024 02:34:48.628493071 CEST | 49702 | 443 | 192.168.2.6 | 172.67.174.47 |
May 6, 2024 02:34:48.628498077 CEST | 443 | 49702 | 172.67.174.47 | 192.168.2.6 |
May 6, 2024 02:34:48.628534079 CEST | 49702 | 443 | 192.168.2.6 | 172.67.174.47 |
May 6, 2024 02:34:48.628537893 CEST | 443 | 49702 | 172.67.174.47 | 192.168.2.6 |
May 6, 2024 02:34:48.628547907 CEST | 443 | 49702 | 172.67.174.47 | 192.168.2.6 |
May 6, 2024 02:34:48.628585100 CEST | 49702 | 443 | 192.168.2.6 | 172.67.174.47 |
May 6, 2024 02:34:48.628596067 CEST | 49702 | 443 | 192.168.2.6 | 172.67.174.47 |
May 6, 2024 02:34:48.808921099 CEST | 49702 | 443 | 192.168.2.6 | 172.67.174.47 |
May 6, 2024 02:34:48.808948040 CEST | 443 | 49702 | 172.67.174.47 | 192.168.2.6 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 6, 2024 02:34:47.653430939 CEST | 57005 | 53 | 192.168.2.6 | 1.1.1.1 |
May 6, 2024 02:34:47.805388927 CEST | 53 | 57005 | 1.1.1.1 | 192.168.2.6 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
May 6, 2024 02:34:47.653430939 CEST | 192.168.2.6 | 1.1.1.1 | 0x5cc2 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
May 6, 2024 02:34:47.805388927 CEST | 1.1.1.1 | 192.168.2.6 | 0x5cc2 | No error (0) | 172.67.174.47 | A (IP address) | IN (0x0001) | false | ||
May 6, 2024 02:34:47.805388927 CEST | 1.1.1.1 | 192.168.2.6 | 0x5cc2 | No error (0) | 104.21.30.238 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.6 | 49702 | 172.67.174.47 | 443 | 6708 | C:\Users\user\Desktop\73zGJqwgDy.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-06 00:34:48 UTC | 155 | OUT | |
2024-05-06 00:34:48 UTC | 99 | OUT | |
2024-05-06 00:34:48 UTC | 377 | IN | |
2024-05-06 00:34:48 UTC | 364 | IN | |
2024-05-06 00:34:48 UTC | 1369 | IN | |
2024-05-06 00:34:48 UTC | 1369 | IN | |
2024-05-06 00:34:48 UTC | 1369 | IN | |
2024-05-06 00:34:48 UTC | 1369 | IN | |
2024-05-06 00:34:48 UTC | 1369 | IN | |
2024-05-06 00:34:48 UTC | 1369 | IN | |
2024-05-06 00:34:48 UTC | 1369 | IN | |
2024-05-06 00:34:48 UTC | 1369 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 02:34:46 |
Start date: | 06/05/2024 |
Path: | C:\Users\user\Desktop\73zGJqwgDy.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff79b680000 |
File size: | 685'800 bytes |
MD5 hash: | 31C73B1FAF2AC14C68E5EC56BFB6D3A6 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 3 |
Start time: | 02:34:49 |
Start date: | 06/05/2024 |
Path: | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe |
Wow64 process (32bit): | |
Commandline: | |
Imagebase: | |
File size: | 4'210'216 bytes |
MD5 hash: | BF154738460E4AB1D388970E1AB13FAB |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | false |
Execution Graph
Execution Coverage: | 10.3% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 19.5% |
Total number of Nodes: | 794 |
Total number of Limit Nodes: | 11 |
Graph
Function 00007FF79B681530 Relevance: 142.3, APIs: 80, Strings: 1, Instructions: 533libraryloadernetworkCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B692160 Relevance: 98.4, APIs: 52, Strings: 4, Instructions: 448pipeCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B690B50 Relevance: 19.6, APIs: 13, Instructions: 88libraryloaderCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B691520 Relevance: 40.7, APIs: 27, Instructions: 192libraryloaderCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B6883B0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 51COMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B690E30 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 76libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B691060 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 217COMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B6B4244 Relevance: 3.1, APIs: 2, Instructions: 59COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B6829C0 Relevance: 3.0, APIs: 2, Instructions: 34COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B6A0268 Relevance: 3.0, APIs: 2, Instructions: 21COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B6B1508 Relevance: 3.0, APIs: 2, Instructions: 19COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B684CA0 Relevance: 1.5, APIs: 1, Instructions: 43COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B6AE658 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B6B1544 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B684790 Relevance: 1.5, APIs: 1, Instructions: 13COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B684750 Relevance: 1.5, APIs: 1, Instructions: 13COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B6840E0 Relevance: 1.5, APIs: 1, Instructions: 9COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B6828B0 Relevance: 1.5, APIs: 1, Instructions: 9COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B6BC134 Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1203COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B6BB100 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 222COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B6BBB34 Relevance: 10.7, APIs: 7, Instructions: 171COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B6A6CD0 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B6AC300 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 329COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B6A0DA0 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B6B39E8 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B6B0E0C Relevance: 3.2, APIs: 2, Instructions: 232COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B6B1B2C Relevance: 2.6, Strings: 2, Instructions: 144COMMONLIBRARYCODE
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B6BB44C Relevance: 1.6, APIs: 1, Instructions: 61COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B6BB51C Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B6B35A8 Relevance: 1.5, APIs: 1, Instructions: 32COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B6B167C Relevance: 1.5, Strings: 1, Instructions: 260COMMONLIBRARYCODE
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B6A84E0 Relevance: 1.5, Strings: 1, Instructions: 250COMMONLIBRARYCODE
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B6BAB5C Relevance: .3, Instructions: 272COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B6A9580 Relevance: .1, Instructions: 138COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B6AF448 Relevance: .1, Instructions: 126COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B6C1040 Relevance: .0, Instructions: 32COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B6A1060 Relevance: .0, Instructions: 2COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B6810E0 Relevance: 49.2, APIs: 26, Strings: 2, Instructions: 196libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B691AB0 Relevance: 16.6, APIs: 11, Instructions: 112libraryloaderCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B6AF9E0 Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 489COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B6A2E90 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 312COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B6B3624 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B6A57BC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B6B0654 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B6C05C4 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B69FEE8 Relevance: 9.2, APIs: 6, Instructions: 200COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B6A3360 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 320COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B6B07CC Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B6AD820 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B6B0AEC Relevance: 7.7, APIs: 5, Instructions: 196COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B6C0E3C Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B6B0894 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B686110 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 403COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B694400 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 403COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B6B6E1C Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B6A3AD4 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B6A2120 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B6A3864 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B6A4054 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B6B4594 Relevance: 6.3, APIs: 4, Instructions: 305fileCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B6B4F70 Relevance: 6.2, APIs: 4, Instructions: 219COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B699160 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 352COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B68B1D0 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 352COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B6A428C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 163COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B69CC70 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 162COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B68E6F0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 161COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B69C960 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 142COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B6A4924 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 117COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B6AD044 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B6B4C40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B6B114C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF79B6A1208 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |