Windows
Analysis Report
payload.exe
Overview
General Information
Detection
Score: | 96 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- payload.exe (PID: 2424 cmdline:
"C:\Users\ user\Deskt op\payload .exe" MD5: CE50F943A26C5CB2BAF73D051CE6E8FC)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Lumma Stealer, LummaC2 Stealer | Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell. | No Attribution |
{"C2 url": ["boredimperissvieos.shop", "holicisticscrarws.shop", "sweetsquarediaslw.shop", "plaintediousidowsko.shop", "miniaturefinerninewjs.shop", "zippyfinickysofwps.shop", "obsceneclassyjuwks.shop", "acceptabledcooeprs.shop", "pearcyworkeronej.shop"], "Build id": "uYY3NI--"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_LummaCStealer_2 | Yara detected LummaC Stealer | Joe Security |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link |
Source: | Virustotal: | Perma Link |
Source: | Joe Sandbox ML: |
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Code function: | 0_2_0040C461 | |
Source: | Code function: | 0_2_0040C615 | |
Source: | Code function: | 0_2_0040E8D0 | |
Source: | Code function: | 0_2_003E3038 | |
Source: | Code function: | 0_2_003F7059 | |
Source: | Code function: | 0_2_0040E09F | |
Source: | Code function: | 0_2_004050A0 | |
Source: | Code function: | 0_2_003F213D | |
Source: | Code function: | 0_2_003F213D | |
Source: | Code function: | 0_2_0040D265 | |
Source: | Code function: | 0_2_003ED35E | |
Source: | Code function: | 0_2_003ED35E | |
Source: | Code function: | 0_2_003E1419 | |
Source: | Code function: | 0_2_003F8410 | |
Source: | Code function: | 0_2_003F4478 | |
Source: | Code function: | 0_2_003F4478 | |
Source: | Code function: | 0_2_003E5470 | |
Source: | Code function: | 0_2_0040C436 | |
Source: | Code function: | 0_2_0040D4E8 | |
Source: | Code function: | 0_2_0040D48A | |
Source: | Code function: | 0_2_0040C571 | |
Source: | Code function: | 0_2_0040C571 | |
Source: | Code function: | 0_2_003E6555 | |
Source: | Code function: | 0_2_003DD650 | |
Source: | Code function: | 0_2_003D2650 | |
Source: | Code function: | 0_2_003F26BD | |
Source: | Code function: | 0_2_003F2760 | |
Source: | Code function: | 0_2_003D97F0 | |
Source: | Code function: | 0_2_003F58B0 | |
Source: | Code function: | 0_2_003F6953 | |
Source: | Code function: | 0_2_0040A930 | |
Source: | Code function: | 0_2_003F6948 | |
Source: | Code function: | 0_2_003F4982 | |
Source: | Code function: | 0_2_003F79F5 | |
Source: | Code function: | 0_2_003F8A13 | |
Source: | Code function: | 0_2_00409A20 | |
Source: | Code function: | 0_2_003E7ABA | |
Source: | Code function: | 0_2_0040EAF0 | |
Source: | Code function: | 0_2_003EDB00 | |
Source: | Code function: | 0_2_003EDB00 | |
Source: | Code function: | 0_2_003E4D32 | |
Source: | Code function: | 0_2_003EDDC7 | |
Source: | Code function: | 0_2_003E1E13 | |
Source: | Code function: | 0_2_003DFE47 | |
Source: | Code function: | 0_2_0040DE9C | |
Source: | Code function: | 0_2_0040DEB1 | |
Source: | Code function: | 0_2_003EDF3A | |
Source: | Code function: | 0_2_0040DFE0 |
Networking |
---|
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: |
Source: | Code function: | 0_2_00400520 |
Source: | Code function: | 0_2_00400520 |
Source: | Code function: | 0_2_00401CAA |
Source: | Code function: | 0_2_003D80A0 | |
Source: | Code function: | 0_2_00407090 | |
Source: | Code function: | 0_2_003F213D | |
Source: | Code function: | 0_2_003F112E | |
Source: | Code function: | 0_2_003D4160 | |
Source: | Code function: | 0_2_0040F190 | |
Source: | Code function: | 0_2_003D3360 | |
Source: | Code function: | 0_2_003ED35E | |
Source: | Code function: | 0_2_003E0390 | |
Source: | Code function: | 0_2_003D6480 | |
Source: | Code function: | 0_2_0040F500 | |
Source: | Code function: | 0_2_003D5720 | |
Source: | Code function: | 0_2_003D17B0 | |
Source: | Code function: | 0_2_003FC85E | |
Source: | Code function: | 0_2_003F2840 | |
Source: | Code function: | 0_2_003F18A0 | |
Source: | Code function: | 0_2_003F8AC0 | |
Source: | Code function: | 0_2_003D4B30 | |
Source: | Code function: | 0_2_003F5B50 | |
Source: | Code function: | 0_2_003D2D10 | |
Source: | Code function: | 0_2_0040EE70 | |
Source: | Code function: | 0_2_00409E10 |
Source: | Code function: | ||
Source: | Code function: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 0_2_00400169 |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Virustotal: |
Source: | File read: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Code function: | 0_2_004037E7 |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Code function: | 0_2_0040B550 |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Stealing of Sensitive Information |
---|
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 PowerShell | 1 DLL Side-Loading | 1 DLL Side-Loading | 11 Deobfuscate/Decode Files or Information | OS Credential Dumping | 2 System Information Discovery | Remote Services | 1 Screen Capture | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | 1 Archive Collected Data | 1 Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 3 Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | 2 Clipboard Data | Steganography | Automated Exfiltration | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
47% | Virustotal | Browse | ||
100% | Avira | TR/Crypt.XPACK.Gen | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
1% | Virustotal | Browse | ||
11% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
1% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
1% | Virustotal | Browse |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1436577 |
Start date and time: | 2024-05-06 03:48:04 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 56s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 5 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | payload.exe |
Detection: | MAL |
Classification: | mal96.troj.evad.winEXE@1/0@0/0 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
File type: | |
Entropy (8bit): | 6.788830322420954 |
TrID: |
|
File name: | payload.exe |
File size: | 330'752 bytes |
MD5: | ce50f943a26c5cb2baf73d051ce6e8fc |
SHA1: | 8ddbd6b36ecb62ebe2925d212af13cbc786a6d35 |
SHA256: | a83a24e2219d14f4448a837d638b007c9404d893dd035bdf67fbde220e3c4ced |
SHA512: | 5a123d36cf927ce52dcc0f7c4e5aa2d310bcadf426d41dd220e70a4ee9b310cd1f8e98001c9f8c2171ea9ce1dd18e8f10bd762a2e6596bad8c2a5c183f857d25 |
SSDEEP: | 6144:yRA+/51VgJzIvSp0HML2Sc9vAetvbrge:yRXRkk6BLmvAAg |
TLSH: | 87646D65EB2364E1CC091A7574FB733E992C2A06933C4EC7C790EA9529937A3D437C29 |
File Content Preview: | MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....1f..........................................@.......................................@.................................`)..x.. |
Icon Hash: | 90cececece8e8eb0 |
Entrypoint: | 0x4091d0 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x66311A18 [Tue Apr 30 16:19:36 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | 22b4d38704f75fff43f3bb8928070c58 |
Instruction |
---|
push ebp |
mov ebp, esp |
push esi |
push eax |
push eax |
sub esp, 000000FCh |
mov esi, esp |
jmp 00007FB4CD3FEDC2h |
call 00007FB4CD430510h |
test al, 01h |
jne 00007FB4CD3FEDC4h |
jmp 00007FB4CD3FEE07h |
call 00007FB4CD42AD05h |
test al, 01h |
jne 00007FB4CD3FEDC4h |
jmp 00007FB4CD3FEDF5h |
call dword ptr [00442A70h] |
mov dword ptr [ebp-08h], eax |
lea eax, dword ptr [00442611h] |
sub esp, 08h |
mov dword ptr [esp], esi |
mov dword ptr [esp+04h], eax |
call 00007FB4CD3FEE01h |
add esp, 08h |
call 00007FB4CD400229h |
test al, 01h |
jne 00007FB4CD3FEDC4h |
jmp 00007FB4CD3FEDC7h |
call 00007FB4CD4060CEh |
jmp 00007FB4CD3FEDC2h |
call 00007FB4CD430EF7h |
jmp 00007FB4CD3FEDC2h |
xor eax, eax |
sub esp, 04h |
mov dword ptr [esp], 00000000h |
call dword ptr [00442A6Ch] |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
mov ecx, dword ptr [esp+08h] |
mov eax, dword ptr [esp+04h] |
movzx edx, byte ptr [ecx] |
test dl, dl |
je 00007FB4CD3FEDCEh |
inc ecx |
mov byte ptr [eax], dl |
inc eax |
movzx edx, byte ptr [ecx] |
inc ecx |
test dl, dl |
jne 00007FB4CD3FEDB7h |
mov byte ptr [eax], 00000000h |
ret |
int3 |
push ebx |
push edi |
push esi |
mov esi, ecx |
movzx edx, byte ptr [esp+10h] |
lea edi, dword ptr [ecx+04h] |
lea ebx, dword ptr [ecx+10h] |
xor eax, eax |
mov ecx, 00000018h |
rep stosd |
mov byte ptr [esi], dl |
mov dword ptr [esi+08h], 00000009h |
push 00000400h |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x42960 | 0x78 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x57000 | 0x516c | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x42a6c | 0x94 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x3eb9b | 0x3ec00 | 277810daafcfdff4acc70defa8e0c6ab | False | 0.5140103647908366 | data | 6.4809294077676665 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x40000 | 0x2cff | 0x2e00 | a356d1f423e018e074f7e385e99b4a83 | False | 0.45601222826086957 | data | 6.85535825716077 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x43000 | 0x1301c | 0x9c00 | 724fca454cc87b76a3cd2924df0c5f16 | False | 0.6958633814102564 | data | 7.107452094249996 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.reloc | 0x57000 | 0x516c | 0x5200 | 6d02f9965810bacfbd5a2168c330de11 | False | 0.5370141006097561 | data | 6.532827928916524 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
DLL | Import |
---|---|
KERNEL32.dll | ExitProcess, GetConsoleWindow, GetLastError, GlobalLock, GlobalUnlock |
ole32.dll | CoCreateInstance, CoInitializeEx, CoInitializeSecurity, CoSetProxyBlanket, CoUninitialize |
OLEAUT32.dll | SysAllocString, SysFreeString, SysStringLen, VariantClear, VariantInit |
USER32.dll | CloseClipboard, GetClipboardData, GetDC, GetSystemMetrics, GetWindowInfo, OpenClipboard, ReleaseDC |
GDI32.dll | BitBlt, CreateCompatibleBitmap, CreateCompatibleDC, DeleteDC, DeleteObject, GetCurrentObject, GetDIBits, GetObjectW, SelectObject, SelectPalette |
Target ID: | 0 |
Start time: | 03:48:48 |
Start date: | 06/05/2024 |
Path: | C:\Users\user\Desktop\payload.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x3d0000 |
File size: | 330'752 bytes |
MD5 hash: | CE50F943A26C5CB2BAF73D051CE6E8FC |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Execution Graph
Execution Coverage: | 1.2% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 22.4% |
Total number of Nodes: | 49 |
Total number of Limit Nodes: | 5 |
Graph
Function 0040B550 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 12libraryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E8D0 Relevance: 1.4, Strings: 1, Instructions: 168COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C461 Relevance: 1.3, Strings: 1, Instructions: 90COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C615 Relevance: 1.3, Strings: 1, Instructions: 65COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040AD26 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 67libraryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040AA87 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 18libraryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B22D Relevance: 1.6, APIs: 1, Instructions: 120COMMON
Control-flow Graph
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040AC2D Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004092D0 Relevance: 1.6, APIs: 1, Instructions: 52memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00400520 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 176clipboardCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003D17B0 Relevance: 18.0, Strings: 14, Instructions: 452COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003D97F0 Relevance: 9.1, Strings: 7, Instructions: 344COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003E6555 Relevance: 7.6, Strings: 6, Instructions: 92COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003D4B30 Relevance: 6.7, Strings: 5, Instructions: 474COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003E3038 Relevance: 5.2, Strings: 4, Instructions: 205COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040F500 Relevance: 4.1, Strings: 3, Instructions: 309COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003F8AC0 Relevance: 3.7, Strings: 2, Instructions: 1242COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003D5720 Relevance: 3.3, Strings: 2, Instructions: 834COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003F5B50 Relevance: 3.0, Strings: 2, Instructions: 511COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003F112E Relevance: 2.9, Strings: 2, Instructions: 369COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C571 Relevance: 2.6, Strings: 2, Instructions: 102COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409E10 Relevance: 1.9, Strings: 1, Instructions: 642COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003F79F5 Relevance: 1.7, Strings: 1, Instructions: 469COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003F18A0 Relevance: 1.6, Strings: 1, Instructions: 378COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003F213D Relevance: 1.6, Strings: 1, Instructions: 332COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003F6953 Relevance: 1.6, Strings: 1, Instructions: 309COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040F190 Relevance: 1.6, Strings: 1, Instructions: 308COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040EE70 Relevance: 1.5, Strings: 1, Instructions: 257COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003F2760 Relevance: 1.5, Strings: 1, Instructions: 235COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003D2D10 Relevance: 1.5, Strings: 1, Instructions: 227COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409A20 Relevance: 1.4, Strings: 1, Instructions: 176COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040EAF0 Relevance: 1.4, Strings: 1, Instructions: 165COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003F26BD Relevance: 1.4, Strings: 1, Instructions: 160COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003E1E13 Relevance: 1.4, Strings: 1, Instructions: 100COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003F8A13 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003EDDC7 Relevance: 1.3, Strings: 1, Instructions: 89COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003F4982 Relevance: 1.3, Strings: 1, Instructions: 83COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003EDF3A Relevance: 1.3, Strings: 1, Instructions: 79COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D4E8 Relevance: 1.3, Strings: 1, Instructions: 10COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003D80A0 Relevance: .8, Instructions: 824COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003F7059 Relevance: .7, Instructions: 742COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003F6948 Relevance: .7, Instructions: 676COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003D4160 Relevance: .6, Instructions: 609COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003ED35E Relevance: .6, Instructions: 577COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003D6480 Relevance: .5, Instructions: 512COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003F8410 Relevance: .4, Instructions: 387COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003E7ABA Relevance: .3, Instructions: 337COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003F4478 Relevance: .3, Instructions: 334COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003E1419 Relevance: .2, Instructions: 231COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003EDB00 Relevance: .2, Instructions: 216COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407090 Relevance: .2, Instructions: 179COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003E5470 Relevance: .1, Instructions: 146COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003E4D32 Relevance: .1, Instructions: 136COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003E0390 Relevance: .1, Instructions: 129COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003D3360 Relevance: .1, Instructions: 101COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003D2650 Relevance: .1, Instructions: 95COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003DFE47 Relevance: .1, Instructions: 70COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004050A0 Relevance: .1, Instructions: 64COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003F58B0 Relevance: .1, Instructions: 63COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A930 Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040DFE0 Relevance: .0, Instructions: 50COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D265 Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003DD650 Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00400169 Relevance: .0, Instructions: 20COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D48A Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E09F Relevance: .0, Instructions: 13COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C436 Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040DE9C Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040DEB1 Relevance: .0, Instructions: 9COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |