Analysis Report 2019-10-21-Trickbot-gtag-mor27-retreived-by-Emotet-infected-host.exe
Overview
General Information |
---|
Joe Sandbox Version: | 26.0.0 |
Analysis ID: | 982876 |
Start date: | 23.10.2019 |
Start time: | 11:33:05 |
Joe Sandbox Product: | Cloud |
Overall analysis duration: | 0h 10m 34s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | 2019-10-21-Trickbot-gtag-mor27-retreived-by-Emotet-infected-host.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 7 (Office 2010 SP2, Java 1.8.0_40 1.8.0_191, Flash 16.0.0.305, Acrobat Reader 11.0.08, Internet Explorer 11, Chrome 55, Firefox 43) |
Number of analysed new started processes analysed: | 5 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal68.bank.troj.evad.winEXE@4/5@2/3 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Detection |
---|
Strategy | Score | Range | Reporting | Whitelisted | Threat | Detection | |
---|---|---|---|---|---|---|---|
Threshold | 68 | 0 - 100 | Report FP / FN | false | Trickbot |
Confidence |
---|
Strategy | Score | Range | Further Analysis Required? | Confidence | |
---|---|---|---|---|---|
Threshold | 5 | 0 - 5 | false |
Classification |
---|
Analysis Advice |
---|
Contains functionality to modify the execution of threads in other processes |
Sample has functionality to log and monitor keystrokes, analyze it with the 'Simulates keyboard and window changes' cookbook |
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control |
---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts1 | Scheduled Task1 | Valid Accounts1 | Valid Accounts1 | Valid Accounts1 | Input Capture11 | System Time Discovery2 | Application Deployment Software | Input Capture11 | Data Encrypted12 | Uncommonly Used Port1 |
Replication Through Removable Media | Execution through API1 | Scheduled Task1 | Access Token Manipulation11 | Access Token Manipulation11 | Network Sniffing | Query Registry1 | Remote Services | Data from Removable Media | Exfiltration Over Other Network Medium | Standard Cryptographic Protocol22 |
Drive-by Compromise | Windows Management Instrumentation | Accessibility Features | Scheduled Task1 | Deobfuscate/Decode Files or Information1 | Input Capture | Process Discovery1 | Windows Remote Management | Data from Network Shared Drive | Automated Exfiltration | Standard Non-Application Layer Protocol2 |
Exploit Public-Facing Application | Scheduled Task | System Firmware | DLL Search Order Hijacking | Obfuscated Files or Information2 | Credentials in Files | Application Window Discovery1 | Logon Scripts | Input Capture | Data Encrypted | Standard Application Layer Protocol2 |
Spearphishing Link | Command-Line Interface | Shortcut Modification | File System Permissions Weakness | Masquerading | Account Manipulation | Account Discovery1 | Shared Webroot | Data Staged | Scheduled Transfer | Standard Cryptographic Protocol |
Spearphishing Attachment | Graphical User Interface | Modify Existing Service | New Service | DLL Search Order Hijacking | Brute Force | System Owner/User Discovery1 | Third-party Software | Screen Capture | Data Transfer Size Limits | Commonly Used Port |
Spearphishing via Service | Scripting | Path Interception | Scheduled Task | Software Packing | Two-Factor Authentication Interception | Security Software Discovery3 | Pass the Hash | Email Collection | Exfiltration Over Command and Control Channel | Uncommonly Used Port |
Supply Chain Compromise | Third-party Software | Logon Scripts | Process Injection | Indicator Blocking | Bash History | Remote System Discovery1 | Remote Desktop Protocol | Clipboard Data | Exfiltration Over Alternative Protocol | Standard Application Layer Protocol |
Trusted Relationship | Rundll32 | DLL Search Order Hijacking | Service Registry Permissions Weakness | Process Injection | Input Prompt | System Network Configuration Discovery11 | Windows Admin Shares | Automated Collection | Exfiltration Over Physical Medium | Multilayer Encryption |
Hardware Additions | PowerShell | Change Default File Association | Exploitation for Privilege Escalation | Scripting | Keychain | File and Directory Discovery2 | Taint Shared Content | Audio Capture | Connection Proxy | |
Execution through API | File System Permissions Weakness | Valid Accounts | Indicator Removal from Tools | Private Keys | System Information Discovery14 | Replication Through Removable Media | Video Capture | Communication Through Removable Media |
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Yara detected Trickbot | Show sources |
Source: | File source: | ||
Source: | File source: |
Cryptography: |
---|
Uses Microsoft's Enhanced Cryptographic Provider | Show sources |
Source: | Code function: | 2_2_005CF800 | |
Source: | Code function: | 2_2_005D08A0 | |
Source: | Code function: | 2_2_005D7190 | |
Source: | Code function: | 2_2_005D5AB0 | |
Source: | Code function: | 3_2_006EF800 | |
Source: | Code function: | 3_2_006F5AB0 | |
Source: | Code function: | 3_2_006F08A0 | |
Source: | Code function: | 3_2_006F7190 |
Spreading: |
---|
Creates COM task schedule object (often to register a task for autostart) | Show sources |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Contains functionality to enumerate / list files inside a directory | Show sources |
Source: | Code function: | 0_2_0041E050 | |
Source: | Code function: | 0_2_0041D790 | |
Source: | Code function: | 2_2_005CD4B0 | |
Source: | Code function: | 2_2_005D5710 | |
Source: | Code function: | 2_2_005CC7C0 | |
Source: | Code function: | 3_2_006ED4B0 | |
Source: | Code function: | 3_2_006F5710 | |
Source: | Code function: | 3_2_006EC7C0 |
Networking: |
---|
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) | Show sources |
Source: | Snort IDS: |
May check the online IP address of the machine | Show sources |
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: |
Detected TCP or UDP traffic on non-standard ports | Show sources |
Source: | TCP traffic: |
Connects to IPs without corresponding DNS lookups | Show sources |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Found strings which match to known social media urls | Show sources |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Performs DNS lookups | Show sources |
Source: | DNS traffic detected: |
Urls found in memory or binary data | Show sources |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Uses HTTPS | Show sources |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Key, Mouse, Clipboard, Microphone and Screen Capturing: |
---|
Contains functionality to retrieve information about pressed keystrokes | Show sources |
Source: | Code function: | 0_2_0042BF21 |
E-Banking Fraud: |
---|
Detected Trickbot e-Banking trojan config | Show sources |
Source: | String found in binary or memory: |
Yara detected Trickbot | Show sources |
Source: | File source: | ||
Source: | File source: |
Spam, unwanted Advertisements and Ransom Demands: |
---|
Contains functionality to import cryptographic keys (often used in ransomware) | Show sources |
Source: | Code function: | 2_2_005D5AB0 | |
Source: | Code function: | 3_2_006F5AB0 |
System Summary: |
---|
Contains functionality to call native functions | Show sources |
Source: | Code function: | 2_2_005D1800 | |
Source: | Code function: | 3_2_006F1800 |
Contains functionality to launch a process as a different user | Show sources |
Source: | Code function: | 2_2_005C5470 |
Creates mutexes | Show sources |
Source: | Mutant created: | ||
Source: | Mutant created: |
Detected potential crypto function | Show sources |
Source: | Code function: | 0_2_0040C442 | |
Source: | Code function: | 0_2_004196D8 | |
Source: | Code function: | 0_2_004089E4 | |
Source: | Code function: | 0_2_00413B90 | |
Source: | Code function: | 2_2_005C5470 | |
Source: | Code function: | 2_2_005D3430 | |
Source: | Code function: | 2_2_005CA4D0 | |
Source: | Code function: | 2_2_005CF0E0 | |
Source: | Code function: | 2_2_005D0920 | |
Source: | Code function: | 2_2_005D05C0 | |
Source: | Code function: | 2_2_005C4DE0 | |
Source: | Code function: | 2_2_005D35E0 | |
Source: | Code function: | 2_2_005D41A0 | |
Source: | Code function: | 2_2_005D1A70 | |
Source: | Code function: | 2_2_005C2E60 | |
Source: | Code function: | 2_2_005C8230 | |
Source: | Code function: | 2_2_005C3EC0 | |
Source: | Code function: | 2_2_005C36E0 | |
Source: | Code function: | 2_2_005D5EB0 | |
Source: | Code function: | 2_2_005D5710 | |
Source: | Code function: | 2_2_005CC7C0 | |
Source: | Code function: | 3_2_006EA4D0 | |
Source: | Code function: | 3_2_006F5710 | |
Source: | Code function: | 3_2_006EC7C0 | |
Source: | Code function: | 3_2_006E5470 | |
Source: | Code function: | 3_2_006F3430 | |
Source: | Code function: | 3_2_006EF0E0 | |
Source: | Code function: | 3_2_006F0920 | |
Source: | Code function: | 3_2_006E4DE0 | |
Source: | Code function: | 3_2_006F35E0 | |
Source: | Code function: | 3_2_006F05C0 | |
Source: | Code function: | 3_2_006F41A0 | |
Source: | Code function: | 3_2_006E2E60 | |
Source: | Code function: | 3_2_006F1A70 | |
Source: | Code function: | 3_2_006E8230 | |
Source: | Code function: | 3_2_006E36E0 | |
Source: | Code function: | 3_2_006E3EC0 | |
Source: | Code function: | 3_2_006F5EB0 |
Found potential string decryption / allocating functions | Show sources |
PE file contains strange resources | Show sources |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Reads the hosts file | Show sources |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Sample file is different than original file name gathered from version info | Show sources |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Sample reads its own file content | Show sources |
Source: | File read: | Jump to behavior |
Classification label | Show sources |
Source: | Classification label: |
Contains functionality to adjust token privileges (e.g. debug / backup) | Show sources |
Source: | Code function: | 2_2_005C5470 | |
Source: | Code function: | 2_2_005C8CD0 | |
Source: | Code function: | 2_2_005D2F10 | |
Source: | Code function: | 3_2_006E5470 | |
Source: | Code function: | 3_2_006E8CD0 | |
Source: | Code function: | 3_2_006F2F10 |
Contains functionality to check free disk space | Show sources |
Source: | Code function: | 0_2_0041F155 |
Contains functionality to enum processes or threads | Show sources |
Source: | Code function: | 2_2_005CC440 |
Contains functionality to instantiate COM classes | Show sources |
Source: | Code function: | 2_2_005C2DA0 |
Contains functionality to load and extract PE file embedded resources | Show sources |
Source: | Code function: | 0_2_004233B8 |
Creates files inside the user directory | Show sources |
Source: | File created: | Jump to behavior |
PE file has an executable .text section and no other executable section | Show sources |
Source: | Static PE information: |
Reads ini files | Show sources |
Source: | File read: | Jump to behavior |
Reads software policies | Show sources |
Source: | Key opened: | Jump to behavior |
Spawns processes | Show sources |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Uses an in-process (OLE) Automation server | Show sources |
Source: | Key value queried: | Jump to behavior |
Writes ini files | Show sources |
Source: | File written: | Jump to behavior |
Data Obfuscation: |
---|
Contains functionality to dynamically determine API calls | Show sources |
Source: | Code function: | 0_2_0041B1EF |
Uses code obfuscation techniques (call, push, ret) | Show sources |
Source: | Code function: | 0_2_0040535E | |
Source: | Code function: | 0_2_00405BAE | |
Source: | Code function: | 2_2_005C88E5 | |
Source: | Code function: | 2_2_005C1F52 | |
Source: | Code function: | 3_2_006E88E5 | |
Source: | Code function: | 3_2_006E1F52 |
Persistence and Installation Behavior: |
---|
Drops PE files | Show sources |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Drops PE files to the application program directory (C:\ProgramData) | Show sources |
Source: | File created: | Jump to dropped file |
Hooking and other Techniques for Hiding and Protection: |
---|
Contains functionality to check if a window is minimized (may be used to check if an application is visible) | Show sources |
Source: | Code function: | 0_2_004042FB | |
Source: | Code function: | 0_2_00411340 | |
Source: | Code function: | 0_2_00420A57 | |
Source: | Code function: | 0_2_00411AF0 | |
Source: | Code function: | 0_2_00425C28 | |
Source: | Code function: | 0_2_0042ED76 | |
Source: | Code function: | 0_2_0042AFA7 |
Disables application error messsages (SetErrorMode) | Show sources |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Tries to detect virtualization through RDTSC time measurements | Show sources |
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: |
Contains functionality for execution timing, often used to detect debuggers | Show sources |
Source: | Code function: | 2_2_005C8160 |
Contains functionality to query network adapater information | Show sources |
Source: | Code function: | 2_2_005D6780 | |
Source: | Code function: | 3_2_006F6780 |
Found evasive API chain checking for process token information | Show sources |
Source: | Check user administrative privileges: | graph_2-9757 |
Found large amount of non-executed APIs | Show sources |
Source: | API coverage: | ||
Source: | API coverage: |
May sleep (evasive loops) to hinder dynamic analysis | Show sources |
Source: | Thread sleep time: | Jump to behavior |
Sample execution stops while process was sleeping (likely an evasion) | Show sources |
Source: | Last function: |
Contains functionality to enumerate / list files inside a directory | Show sources |
Source: | Code function: | 0_2_0041E050 | |
Source: | Code function: | 0_2_0041D790 | |
Source: | Code function: | 2_2_005CD4B0 | |
Source: | Code function: | 2_2_005D5710 | |
Source: | Code function: | 2_2_005CC7C0 | |
Source: | Code function: | 3_2_006ED4B0 | |
Source: | Code function: | 3_2_006F5710 | |
Source: | Code function: | 3_2_006EC7C0 |
Contains functionality to query system information | Show sources |
Source: | Code function: | 2_2_005C1FB0 |
Program exit points | Show sources |
Source: | API call chain: | graph_3-9659 |
Anti Debugging: |
---|
Checks for kernel debuggers (NtQuerySystemInformation(SystemKernelDebuggerInformation)) | Show sources |
Source: | System information queried: | Jump to behavior |
Contains functionality for execution timing, often used to detect debuggers | Show sources |
Source: | Code function: | 2_2_005C8160 |
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress) | Show sources |
Source: | Code function: | 2_2_005CC6D0 |
Contains functionality to dynamically determine API calls | Show sources |
Source: | Code function: | 0_2_0041B1EF |
Contains functionality to read the PEB | Show sources |
Source: | Code function: | 0_2_00402D50 | |
Source: | Code function: | 2_2_005C35D0 | |
Source: | Code function: | 3_2_006E35D0 |
Contains functionality which may be used to detect a debugger (GetProcessHeap) | Show sources |
Source: | Code function: | 2_2_005C3180 |
Contains functionality to register its own exception handler | Show sources |
Source: | Code function: | 0_2_00409A06 | |
Source: | Code function: | 0_2_00409A18 | |
Source: | Code function: | 2_2_005D2370 | |
Source: | Code function: | 3_2_006F2370 |
HIPS / PFW / Operating System Protection Evasion: |
---|
Contains functionality to create a new security descriptor | Show sources |
Source: | Code function: | 2_2_005C3A80 |
Language, Device and Operating System Detection: |
---|
Contains functionality to inject threads in other processes | Show sources |
Source: | Code function: | 2_2_005C1250 | |
Source: | Code function: | 3_2_006E1250 |
Queries the volume information (name, serial number etc) of a device | Show sources |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Contains functionality to query local / system time | Show sources |
Source: | Code function: | 2_2_005D4E70 |
Contains functionality to query the account / user name | Show sources |
Source: | Code function: | 2_2_005D1960 |
Contains functionality to query time zone information | Show sources |
Source: | Code function: | 0_2_0040A95E |
Contains functionality to query windows version | Show sources |
Source: | Code function: | 0_2_00432740 |
Queries the cryptographic machine GUID | Show sources |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information: |
---|
Yara detected Trickbot | Show sources |
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected Trickbot | Show sources |
Source: | File source: | ||
Source: | File source: |
Behavior Graph |
---|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
11:33:31 | API Interceptor | |
11:33:37 | API Interceptor | |
11:33:38 | Task Scheduler |
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
No Antivirus matches |
---|
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Yara Overview |
---|
Initial Sample |
---|
No yara matches |
---|
PCAP (Network Traffic) |
---|
No yara matches |
---|
Dropped Files |
---|
No yara matches |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Trickbot_1 | Yara detected Trickbot | Joe Security | ||
JoeSecurity_Trickbot_1 | Yara detected Trickbot | Joe Security |
Unpacked PEs |
---|
No yara matches |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Startup |
---|
|
Created / dropped Files |
---|
Process: | C:\Users\user\Desktop\2019-10-21-Trickbot-gtag-mor27-retreived-by-Emotet-infected-host.exe |
File Type: | |
Size (bytes): | 512000 |
Entropy (8bit): | 7.047998801157124 |
Encrypted: | false |
MD5: | 0A8D5A301D1EA44D5721045EEA07FDCD |
SHA1: | CD30CF4625BDAF04E90D6D287797066EB12B2A53 |
SHA-256: | 3AFA27A900E73560FA108DF536A4FCE830AA1BA31EB9DD1D7D06402A1CAE0752 |
SHA-512: | 29071FCB145BEEB4A7C7BFDB0775617438983E64AFD923887F308D7FFDCF1DFA1F88CB8333D3C5E3C522AB576ECD6BDE5EB69495DFA2CB3AC6829CAC847D04E4 |
Malicious: | true |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\2019-10-21-Trickbot-gtag-mor27-retreived-by-Emotet-infected-host.exe |
File Type: | |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | true |
Reputation: | low |
Preview: |
Process: | C:\ProgramData\??????.exe |
File Type: | |
Size (bytes): | 512000 |
Entropy (8bit): | 7.047998801157124 |
Encrypted: | false |
MD5: | 0A8D5A301D1EA44D5721045EEA07FDCD |
SHA1: | CD30CF4625BDAF04E90D6D287797066EB12B2A53 |
SHA-256: | 3AFA27A900E73560FA108DF536A4FCE830AA1BA31EB9DD1D7D06402A1CAE0752 |
SHA-512: | 29071FCB145BEEB4A7C7BFDB0775617438983E64AFD923887F308D7FFDCF1DFA1F88CB8333D3C5E3C522AB576ECD6BDE5EB69495DFA2CB3AC6829CAC847D04E4 |
Malicious: | true |
Reputation: | low |
Preview: |
Process: | C:\ProgramData\??????.exe |
File Type: | |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | true |
Reputation: | low |
Preview: |
Process: | C:\Users\user\AppData\Roaming\HomeLan\??????.exe |
File Type: | |
Size (bytes): | 45069 |
Entropy (8bit): | 4.896615401585464 |
Encrypted: | false |
MD5: | 8F5980828FC058DF62EC74EEFB16FCD3 |
SHA1: | 9DABA14D5F2799D03F2B70B1DB7CC8702553E16E |
SHA-256: | 6D372133555B39FCE05CE422101C46D236505E903E897AFF30173FDDDF1A647B |
SHA-512: | EAE2348D613C193D03D42DE70104E0E116515DF97BFB1F7BBF86A3EDE2C0B2783213ECB96B385C88826FA57ED6F694E140D0B79628345AE24DACA804A09EF174 |
Malicious: | false |
Reputation: | low |
Preview: |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
elb097307-934924932.us-east-1.elb.amazonaws.com | 23.23.229.94 | true | false | high | |
api.ipify.org | unknown | unknown | false | high |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | unknown |
Contacted IPs |
---|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.047998801157124 |
TrID: |
|
File name: | 2019-10-21-Trickbot-gtag-mor27-retreived-by-Emotet-infected-host.exe |
File size: | 512000 |
MD5: | 0a8d5a301d1ea44d5721045eea07fdcd |
SHA1: | cd30cf4625bdaf04e90d6d287797066eb12b2a53 |
SHA256: | 3afa27a900e73560fa108df536a4fce830aa1ba31eb9dd1d7d06402a1cae0752 |
SHA512: | 29071fcb145beeb4a7c7bfdb0775617438983e64afd923887f308d7ffdcf1dfa1f88cb8333d3c5e3c522ab576ecd6bde5eb69495dfa2cb3ac6829cac847d04e4 |
SSDEEP: | 12288:65BLOSxTUAZU7hm1l0NZKOxo1u9sy0I2rM4HVO:65dOSxTUAZ+hOqPG1umyug4 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ez/...|...|...|...|...|...|...|...|2..|y..|...|...|q..|...|...|B..|...|...|...|Rich...|........PE..L......]................... |
File Icon |
---|
Icon Hash: | 60dad2d2a8d8e204 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x4051a7 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | |
Time Stamp: | 0x5DADEEBE [Mon Oct 21 17:45:34 2019 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | aec3fdbfe02c9ecb515e718ffdb039f8 |
Entrypoint Preview |
---|
Instruction |
---|
push ebp |
mov ebp, esp |
push FFFFFFFFh |
push 0043E4C0h |
push 004070ACh |
mov eax, dword ptr fs:[00000000h] |
push eax |
mov dword ptr fs:[00000000h], esp |
sub esp, 58h |
push ebx |
push esi |
push edi |
mov dword ptr [ebp-18h], esp |
call dword ptr [0043932Ch] |
xor edx, edx |
mov dl, ah |
mov dword ptr [0044B760h], edx |
mov ecx, eax |
and ecx, 000000FFh |
mov dword ptr [0044B75Ch], ecx |
shl ecx, 08h |
add ecx, edx |
mov dword ptr [0044B758h], ecx |
shr eax, 10h |
mov dword ptr [0044B754h], eax |
push 00000001h |
call 1FAA2B4Fh |
pop ecx |
test eax, eax |
jne 1FA9FE1Ah |
push 0000001Ch |
call 1FA9FED8h |
pop ecx |
call 1FAA26AAh |
test eax, eax |
jne 1FA9FBBAh |
push 00000010h |
call 1FA9FD87h |
pop ecx |
xor esi, esi |
mov dword ptr [ebp-04h], esi |
call 1FAA3E4Ah |
call dword ptr [0043921Ch] |
mov dword ptr [0044D2F8h], eax |
call 1FAA3CE8h |
mov dword ptr [0044B744h], eax |
call 1FAA3AD1h |
call 1FAA3A73h |
call 1FAA0C41h |
mov dword ptr [ebp-30h], esi |
lea eax, dword ptr [ebp-5Ch] |
push eax |
call dword ptr [00439220h] |
call 1FAA3964h |
mov dword ptr [ebp-64h], eax |
test byte ptr [ebp-30h], 00000001h |
je 1FA9FBB8h |
movzx eax, word ptr [ebp+00h] |
Rich Headers |
---|
Programming Language: |
|
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x464c0 | 0x42 | .rdata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x44320 | 0xb4 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x4e000 | 0x32a32 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x39000 | 0x660 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x37f26 | 0x38000 | False | 0.58506992885 | ump; DOS executable (COM) | 6.58986693465 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x39000 | 0xd502 | 0xe000 | False | 0.297328404018 | ump; data | 4.42519384363 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x47000 | 0x6e48 | 0x3000 | False | 0.252197265625 | ump; data | 3.49242682374 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x4e000 | 0x32a32 | 0x33000 | False | 0.889969171262 | ump; data | 7.74912149626 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_CURSOR | 0x4ed78 | 0x134 | ump; data | English | United States |
RT_CURSOR | 0x4eeac | 0xb4 | ump; data | English | United States |
RT_CURSOR | 0x4ef60 | 0x134 | ump; data | English | United States |
RT_CURSOR | 0x4f094 | 0xb4 | ump; data | English | United States |
RT_BITMAP | 0x4f148 | 0xbaa | ump; data | English | United States |
RT_BITMAP | 0x4fcf4 | 0xa1a | ump; data | English | United States |
RT_BITMAP | 0x50710 | 0x5e4 | ump; data | English | United States |
RT_BITMAP | 0x50cf4 | 0xb8 | ump; data | English | United States |
RT_BITMAP | 0x50dac | 0x16c | ump; data | English | United States |
RT_BITMAP | 0x50f18 | 0x144 | ump; data | English | United States |
RT_ICON | 0x5105c | 0x2e8 | ump; data | English | United States |
RT_ICON | 0x51344 | 0x2e8 | ump; data | English | United States |
RT_ICON | 0x5162c | 0x128 | ump; GLS_BINARY_LSB_FIRST | English | United States |
RT_MENU | 0x51754 | 0x40e | ump; data | English | United States |
RT_DIALOG | 0x51b64 | 0x12a | ump; data | English | United States |
RT_DIALOG | 0x51c90 | 0xda | ump; data | English | United States |
RT_DIALOG | 0x51d6c | 0x120 | ump; data | English | United States |
RT_DIALOG | 0x51e8c | 0x130 | ump; data | English | United States |
RT_DIALOG | 0x51fbc | 0xe8 | ump; data | English | United States |
RT_DIALOG | 0x520a4 | 0x11e | ump; data | English | United States |
RT_DIALOG | 0x521c4 | 0x15a | ump; data | English | United States |
RT_STRING | 0x52320 | 0x28 | ump; data | English | United States |
RT_STRING | 0x52348 | 0x2c | ump; data | English | United States |
RT_STRING | 0x52374 | 0x38 | ump; data | English | United States |
RT_STRING | 0x523ac | 0x48 | ump; data | English | United States |
RT_STRING | 0x523f4 | 0x48 | ump; data | English | United States |
RT_STRING | 0x5243c | 0x58 | ump; data | English | United States |
RT_STRING | 0x52494 | 0x44 | ump; data | English | United States |
RT_STRING | 0x524d8 | 0x34 | ump; data | English | United States |
RT_STRING | 0x5250c | 0x38 | ump; data | English | United States |
RT_STRING | 0x52544 | 0x3c | ump; data | English | United States |
RT_STRING | 0x52580 | 0x54 | ump; data | English | United States |
RT_STRING | 0x525d4 | 0x3c | ump; data | English | United States |
RT_STRING | 0x52610 | 0x38 | ump; data | English | United States |
RT_STRING | 0x52648 | 0x3c | ump; data | English | United States |
RT_STRING | 0x52684 | 0x38 | ump; data | English | United States |
RT_STRING | 0x526bc | 0x12a | ump; data | English | United States |
RT_STRING | 0x527e8 | 0x112 | ump; data | English | United States |
RT_STRING | 0x528fc | 0x288 | ump; data | English | United States |
RT_STRING | 0x52b84 | 0x36 | ump; DBase 3 index file | English | United States |
RT_STRING | 0x52bbc | 0x296 | ump; data | English | United States |
RT_STRING | 0x52e54 | 0x260 | ump; data | English | United States |
RT_STRING | 0x530b4 | 0x328 | ump; data | English | United States |
RT_STRING | 0x533dc | 0x70 | ump; data | English | United States |
RT_STRING | 0x5344c | 0x106 | ump; data | English | United States |
RT_STRING | 0x53554 | 0xda | ump; data | English | United States |
RT_STRING | 0x53630 | 0x46 | ump; DBase 3 data file (5505112 records) | English | United States |
RT_STRING | 0x53678 | 0xc6 | ump; data | English | United States |
RT_STRING | 0x53740 | 0x1f8 | ump; data | English | United States |
RT_STRING | 0x53938 | 0x86 | ump; data | English | United States |
RT_STRING | 0x539c0 | 0xd0 | ump; data | English | United States |
RT_STRING | 0x53a90 | 0x2a | ump; data | English | United States |
RT_STRING | 0x53abc | 0x14a | ump; data | English | United States |
RT_STRING | 0x53c08 | 0x124 | ump; Hitachi SH big-endian COFF object, not stripped | English | United States |
RT_STRING | 0x53d2c | 0x4e2 | ump; data | English | United States |
RT_STRING | 0x54210 | 0x2a2 | ump; data | English | United States |
RT_STRING | 0x544b4 | 0x2dc | ump; data | English | United States |
RT_STRING | 0x54790 | 0xac | ump; data | English | United States |
RT_STRING | 0x5483c | 0xde | ump; data | English | United States |
RT_STRING | 0x5491c | 0x4c4 | ump; data | English | United States |
RT_STRING | 0x54de0 | 0x264 | ump; data | English | United States |
RT_STRING | 0x55044 | 0x2c | ump; DBase 3 index file | English | United States |
RT_RCDATA | 0x55070 | 0x2b944 | ump; data | ||
RT_GROUP_CURSOR | 0x809b4 | 0x22 | ump; Lotus 1-2-3 | English | United States |
RT_GROUP_CURSOR | 0x809d8 | 0x22 | ump; Lotus 1-2-3 | English | United States |
RT_GROUP_ICON | 0x809fc | 0x14 | ump; MS Windows icon resource - 1 icon | English | United States |
RT_GROUP_ICON | 0x80a10 | 0x22 | ump; MS Windows icon resource - 2 icons, 32x32, 16-colors | English | United States |
Imports |
---|
DLL | Import |
---|---|
KERNEL32.dll | SetStdHandle, CompareStringW, SetEnvironmentVariableA, IsBadCodePtr, GetProfileStringA, InterlockedExchange, IsBadReadPtr, Sleep, GetStringTypeW, GetStringTypeA, SetUnhandledExceptionFilter, LCMapStringW, LCMapStringA, GetFileType, GetStdHandle, SetHandleCount, GetEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsW, FreeEnvironmentStringsA, UnhandledExceptionFilter, IsBadWritePtr, VirtualAlloc, VirtualFree, HeapCreate, HeapDestroy, GetTimeZoneInformation, GetACP, HeapSize, HeapReAlloc, TerminateProcess, RaiseException, HeapFree, ExitProcess, GetCommandLineA, GetStartupInfoA, HeapAlloc, RtlUnwind, FileTimeToLocalFileTime, FileTimeToSystemTime, SetErrorMode, GetCurrentDirectoryA, SystemTimeToFileTime, LocalFileTimeToFileTime, GetFileSize, GetShortPathNameA, GetThreadLocale, GetStringTypeExA, GetVolumeInformationA, FindFirstFileA, FindClose, DeleteFileA, MoveFileA, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, SetFilePointer, WriteFile, ReadFile, CreateFileA, GetCurrentProcess, DuplicateHandle, GetOEMCP, GetCPInfo, TlsGetValue, LocalReAlloc, TlsSetValue, GlobalReAlloc, TlsFree, GlobalHandle, TlsAlloc, LocalAlloc, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSection, GlobalFlags, GetProcessVersion, SizeofResource, WritePrivateProfileStringA, GetPrivateProfileStringA, GetPrivateProfileIntA, CloseHandle, GlobalFree, GetModuleFileNameA, GlobalAlloc, GetCurrentThread, lstrcmpA, LocalFree, SetLastError, MulDiv, GetLastError, GetDiskFreeSpaceA, GetFileTime, SetFileTime, GetFullPathNameA, GetTempFileNameA, lstrcpynA, GetFileAttributesA, LoadLibraryA, FreeLibrary, GetVersion, lstrcatA, GetCurrentThreadId, GlobalGetAtomNameA, lstrcmpiA, GlobalAddAtomA, GlobalFindAtomA, GlobalDeleteAtom, lstrcpyA, GetModuleHandleA, GetProcAddress, MultiByteToWideChar, WideCharToMultiByte, lstrlenA, InterlockedDecrement, InterlockedIncrement, GlobalLock, GlobalUnlock, FindResourceA, LoadResource, LockResource, CompareStringA |
USER32.dll | RedrawWindow, SetCursorPos, SetParent, AppendMenuA, DeleteMenu, GetSystemMenu, PostQuitMessage, ShowOwnedPopups, ValidateRect, TranslateMessage, GetMessageA, LoadStringA, GetSysColorBrush, GetClassNameA, CharUpperA, GetTabbedTextExtentA, SetTimer, KillTimer, WindowFromPoint, InvertRect, GetDCEx, LockWindowUpdate, InsertMenuA, GetMenuStringA, DestroyIcon, GetDesktopWindow, TranslateAcceleratorA, LoadAcceleratorsA, SetRectEmpty, GrayStringA, DrawTextA, TabbedTextOutA, EndPaint, BeginPaint, GetWindowDC, ClientToScreen, IsRectEmpty, FindWindowA, GetCursorPos, InvalidateRect, FillRect, LoadCursorA, SetCursor, DestroyCursor, GetDC, ReleaseDC, wvsprintfA, GetMenuCheckMarkDimensions, LoadBitmapA, GetMenuState, ModifyMenuA, SetMenuItemBitmaps, CheckMenuItem, EnableMenuItem, SetWindowTextA, IsDialogMessageA, SetDlgItemTextA, LoadIconA, MapWindowPoints, GetSysColor, PeekMessageA, DispatchMessageA, AdjustWindowRectEx, ScreenToClient, EqualRect, DeferWindowPos, GetClientRect, BeginDeferWindowPos, IsZoomed, EndDeferWindowPos, IsWindowVisible, ScrollWindow, GetScrollInfo, SetScrollInfo, ShowScrollBar, GetScrollRange, SetScrollRange, GetScrollPos, SetScrollPos, GetTopWindow, MessageBoxA, IsChild, WinHelpA, wsprintfA, GetClassInfoA, RegisterClassA, GetMenu, GetMenuItemCount, GetSubMenu, GetMenuItemID, GetWindowTextLengthA, GetWindowTextA, GetDlgCtrlID, GetKeyState, DefWindowProcA, CreateWindowExA, SetWindowsHookExA, CallNextHookEx, GetClassLongA, SetPropA, UnhookWindowsHookEx, GetPropA, CallWindowProcA, RemovePropA, GetMessageTime, GetMessagePos, GetLastActivePopup, GetForegroundWindow, SetForegroundWindow, GetWindow, SetWindowLongA, RegisterWindowMessageA, IntersectRect, SystemParametersInfoA, IsIconic, GetWindowPlacement, SendMessageA, UnregisterClassA, HideCaret, ShowCaret, ExcludeUpdateRgn, DrawFocusRect, DefDlgProcA, CharNextA, IsWindowUnicode, EnableWindow, SetCapture, ReleaseCapture, GetNextDlgTabItem, EndDialog, IsWindow, CreateDialogIndirectParamA, DestroyWindow, GetWindowRect, MapDialogRect, SetWindowPos, ShowWindow, PostMessageA, GetCapture, GetActiveWindow, SetActiveWindow, GetAsyncKeyState, GetWindowLongA, BringWindowToTop, UnpackDDElParam, ReuseDDElParam, SetMenu, LoadMenuA, CopyRect, DestroyMenu, GetFocus, SetFocus, GetDlgItem, IsWindowEnabled, GetParent, GetSystemMetrics, InflateRect, OffsetRect, SetRect, UpdateWindow, LoadStringW, PtInRect, SendDlgItemMessageA |
GDI32.dll | SetBkMode, SetPolyFillMode, SetROP2, SetStretchBltMode, SetMapMode, SetViewportOrgEx, OffsetViewportOrgEx, SetViewportExtEx, ScaleViewportExtEx, SetWindowOrgEx, SetWindowExtEx, ScaleWindowExtEx, SelectClipRgn, ExcludeClipRect, IntersectClipRect, MoveToEx, LineTo, SetTextAlign, GetCurrentPositionEx, DeleteObject, CreateRectRgn, GetViewportExtEx, GetWindowExtEx, CreateSolidBrush, CreatePatternBrush, PtVisible, RectVisible, TextOutA, ExtTextOutA, Escape, SetRectRgn, CombineRgn, CreateFontIndirectA, StretchDIBits, CreateCompatibleDC, CreateCompatibleBitmap, GetCharWidthA, CreateFontA, GetTextExtentPoint32A, GetBkColor, GetNearestColor, GetTextColor, GetStretchBltMode, GetPolyFillMode, GetTextAlign, GetBkMode, GetROP2, GetTextFaceA, GetWindowOrgEx, BitBlt, SelectObject, RestoreDC, SaveDC, LPtoDP, DeleteDC, CreateDCA, SetAbortProc, StartDocA, StartPage, EndPage, EndDoc, AbortDoc, GetViewportOrgEx, GetStockObject, CreateRectRgnIndirect, PatBlt, CreateBitmap, GetObjectA, SetBkColor, SetTextColor, GetClipBox, Ellipse, Rectangle, GetTextMetricsA, CreatePen, DPtoLP, CreateDIBitmap, GetTextExtentPointA, GetDeviceCaps |
comdlg32.dll | PrintDlgA, GetFileTitleA, CommDlgExtendedError, ChooseColorA, GetSaveFileNameA, GetOpenFileNameA |
WINSPOOL.DRV | OpenPrinterA, DocumentPropertiesA, ClosePrinter |
ADVAPI32.dll | RegCreateKeyA, SetFileSecurityA, GetFileSecurityA, RegCloseKey, RegQueryValueExA, RegOpenKeyExA, RegQueryValueA, RegEnumKeyA, RegOpenKeyA, RegDeleteKeyA, RegCreateKeyExA, RegSetValueExA, RegSetValueA, SetFileSecurityW, RegDeleteValueA |
SHELL32.dll | SHGetFileInfoA, DragQueryFileA, DragFinish, DragAcceptFiles, CommandLineToArgvW, ExtractIconA |
COMCTL32.dll | PropertySheetA, DestroyPropertySheetPage, CreatePropertySheetPageA |
Exports |
---|
Name | Ordinal | Address |
---|---|---|
Func | 1 | 0x403000 |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
Snort IDS Alerts |
---|
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
10/23/19-11:34:31.368386 | TCP | 2404342 | ET CNC Feodo Tracker Reported CnC Server TCP group 22 | 49163 | 449 | 192.168.1.16 | 81.190.160.139 |
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 23, 2019 11:34:31.368386030 CEST | 49163 | 449 | 192.168.1.16 | 81.190.160.139 |
Oct 23, 2019 11:34:31.581300974 CEST | 449 | 49163 | 81.190.160.139 | 192.168.1.16 |
Oct 23, 2019 11:34:31.581525087 CEST | 49163 | 449 | 192.168.1.16 | 81.190.160.139 |
Oct 23, 2019 11:34:31.586631060 CEST | 49163 | 449 | 192.168.1.16 | 81.190.160.139 |
Oct 23, 2019 11:34:31.801567078 CEST | 449 | 49163 | 81.190.160.139 | 192.168.1.16 |
Oct 23, 2019 11:34:31.808969021 CEST | 449 | 49163 | 81.190.160.139 | 192.168.1.16 |
Oct 23, 2019 11:34:31.809015036 CEST | 449 | 49163 | 81.190.160.139 | 192.168.1.16 |
Oct 23, 2019 11:34:31.809250116 CEST | 49163 | 449 | 192.168.1.16 | 81.190.160.139 |
Oct 23, 2019 11:34:31.836720943 CEST | 49163 | 449 | 192.168.1.16 | 81.190.160.139 |
Oct 23, 2019 11:34:32.048755884 CEST | 449 | 49163 | 81.190.160.139 | 192.168.1.16 |
Oct 23, 2019 11:34:32.256390095 CEST | 49163 | 449 | 192.168.1.16 | 81.190.160.139 |
Oct 23, 2019 11:34:45.497617006 CEST | 49163 | 449 | 192.168.1.16 | 81.190.160.139 |
Oct 23, 2019 11:34:45.750281096 CEST | 449 | 49163 | 81.190.160.139 | 192.168.1.16 |
Oct 23, 2019 11:34:50.605427027 CEST | 449 | 49163 | 81.190.160.139 | 192.168.1.16 |
Oct 23, 2019 11:34:50.815824032 CEST | 49163 | 449 | 192.168.1.16 | 81.190.160.139 |
Oct 23, 2019 11:35:16.906105042 CEST | 49164 | 443 | 192.168.1.16 | 23.23.229.94 |
Oct 23, 2019 11:35:17.002166986 CEST | 443 | 49164 | 23.23.229.94 | 192.168.1.16 |
Oct 23, 2019 11:35:17.002470016 CEST | 49164 | 443 | 192.168.1.16 | 23.23.229.94 |
Oct 23, 2019 11:35:17.004559040 CEST | 49164 | 443 | 192.168.1.16 | 23.23.229.94 |
Oct 23, 2019 11:35:17.100501060 CEST | 443 | 49164 | 23.23.229.94 | 192.168.1.16 |
Oct 23, 2019 11:35:17.100855112 CEST | 443 | 49164 | 23.23.229.94 | 192.168.1.16 |
Oct 23, 2019 11:35:17.100868940 CEST | 443 | 49164 | 23.23.229.94 | 192.168.1.16 |
Oct 23, 2019 11:35:17.100879908 CEST | 443 | 49164 | 23.23.229.94 | 192.168.1.16 |
Oct 23, 2019 11:35:17.100928068 CEST | 443 | 49164 | 23.23.229.94 | 192.168.1.16 |
Oct 23, 2019 11:35:17.100940943 CEST | 443 | 49164 | 23.23.229.94 | 192.168.1.16 |
Oct 23, 2019 11:35:17.100958109 CEST | 443 | 49164 | 23.23.229.94 | 192.168.1.16 |
Oct 23, 2019 11:35:17.100970030 CEST | 443 | 49164 | 23.23.229.94 | 192.168.1.16 |
Oct 23, 2019 11:35:17.100981951 CEST | 443 | 49164 | 23.23.229.94 | 192.168.1.16 |
Oct 23, 2019 11:35:17.101032972 CEST | 49164 | 443 | 192.168.1.16 | 23.23.229.94 |
Oct 23, 2019 11:35:17.101198912 CEST | 49164 | 443 | 192.168.1.16 | 23.23.229.94 |
Oct 23, 2019 11:35:17.102089882 CEST | 443 | 49164 | 23.23.229.94 | 192.168.1.16 |
Oct 23, 2019 11:35:17.102103949 CEST | 443 | 49164 | 23.23.229.94 | 192.168.1.16 |
Oct 23, 2019 11:35:17.102327108 CEST | 49164 | 443 | 192.168.1.16 | 23.23.229.94 |
Oct 23, 2019 11:35:17.197134018 CEST | 443 | 49164 | 23.23.229.94 | 192.168.1.16 |
Oct 23, 2019 11:35:17.197175026 CEST | 443 | 49164 | 23.23.229.94 | 192.168.1.16 |
Oct 23, 2019 11:35:17.197396994 CEST | 49164 | 443 | 192.168.1.16 | 23.23.229.94 |
Oct 23, 2019 11:35:17.220766068 CEST | 49164 | 443 | 192.168.1.16 | 23.23.229.94 |
Oct 23, 2019 11:35:17.317312002 CEST | 443 | 49164 | 23.23.229.94 | 192.168.1.16 |
Oct 23, 2019 11:35:17.378602028 CEST | 49164 | 443 | 192.168.1.16 | 23.23.229.94 |
Oct 23, 2019 11:35:17.486155987 CEST | 443 | 49164 | 23.23.229.94 | 192.168.1.16 |
Oct 23, 2019 11:35:17.487457991 CEST | 49163 | 449 | 192.168.1.16 | 81.190.160.139 |
Oct 23, 2019 11:35:17.690907001 CEST | 49164 | 443 | 192.168.1.16 | 23.23.229.94 |
Oct 23, 2019 11:35:17.697981119 CEST | 449 | 49163 | 81.190.160.139 | 192.168.1.16 |
Oct 23, 2019 11:35:32.525871038 CEST | 449 | 49163 | 81.190.160.139 | 192.168.1.16 |
Oct 23, 2019 11:35:32.738328934 CEST | 49163 | 449 | 192.168.1.16 | 81.190.160.139 |
Oct 23, 2019 11:35:34.112720013 CEST | 49163 | 449 | 192.168.1.16 | 81.190.160.139 |
Oct 23, 2019 11:35:34.324527979 CEST | 449 | 49163 | 81.190.160.139 | 192.168.1.16 |
Oct 23, 2019 11:35:52.529810905 CEST | 449 | 49163 | 81.190.160.139 | 192.168.1.16 |
Oct 23, 2019 11:35:52.533471107 CEST | 49163 | 449 | 192.168.1.16 | 81.190.160.139 |
Oct 23, 2019 11:35:52.744446993 CEST | 449 | 49163 | 81.190.160.139 | 192.168.1.16 |
Oct 23, 2019 11:35:58.578116894 CEST | 449 | 49163 | 81.190.160.139 | 192.168.1.16 |
Oct 23, 2019 11:35:58.670531034 CEST | 49163 | 449 | 192.168.1.16 | 81.190.160.139 |
Oct 23, 2019 11:35:58.881418943 CEST | 449 | 49163 | 81.190.160.139 | 192.168.1.16 |
Oct 23, 2019 11:36:07.779083014 CEST | 449 | 49163 | 81.190.160.139 | 192.168.1.16 |
Oct 23, 2019 11:36:07.786429882 CEST | 49163 | 449 | 192.168.1.16 | 81.190.160.139 |
Oct 23, 2019 11:36:07.998950958 CEST | 449 | 49163 | 81.190.160.139 | 192.168.1.16 |
Oct 23, 2019 11:36:14.846693039 CEST | 449 | 49163 | 81.190.160.139 | 192.168.1.16 |
Oct 23, 2019 11:36:14.846764088 CEST | 449 | 49163 | 81.190.160.139 | 192.168.1.16 |
Oct 23, 2019 11:36:14.847223043 CEST | 49163 | 449 | 192.168.1.16 | 81.190.160.139 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 23, 2019 11:34:33.497194052 CEST | 53666 | 53 | 192.168.1.16 | 8.8.8.8 |
Oct 23, 2019 11:34:33.520772934 CEST | 53 | 53666 | 8.8.8.8 | 192.168.1.16 |
Oct 23, 2019 11:34:34.488578081 CEST | 53666 | 53 | 192.168.1.16 | 8.8.8.8 |
Oct 23, 2019 11:34:34.512100935 CEST | 53 | 53666 | 8.8.8.8 | 192.168.1.16 |
Oct 23, 2019 11:34:35.488744974 CEST | 53666 | 53 | 192.168.1.16 | 8.8.8.8 |
Oct 23, 2019 11:34:35.512242079 CEST | 53 | 53666 | 8.8.8.8 | 192.168.1.16 |
Oct 23, 2019 11:34:37.488519907 CEST | 53666 | 53 | 192.168.1.16 | 8.8.8.8 |
Oct 23, 2019 11:34:37.512154102 CEST | 53 | 53666 | 8.8.8.8 | 192.168.1.16 |
Oct 23, 2019 11:34:41.488066912 CEST | 53666 | 53 | 192.168.1.16 | 8.8.8.8 |
Oct 23, 2019 11:34:41.511527061 CEST | 53 | 53666 | 8.8.8.8 | 192.168.1.16 |
Oct 23, 2019 11:35:16.820647001 CEST | 63322 | 53 | 192.168.1.16 | 8.8.8.8 |
Oct 23, 2019 11:35:16.852674007 CEST | 53 | 63322 | 8.8.8.8 | 192.168.1.16 |
Oct 23, 2019 11:35:16.879141092 CEST | 63801 | 53 | 192.168.1.16 | 8.8.8.8 |
Oct 23, 2019 11:35:16.902837992 CEST | 53 | 63801 | 8.8.8.8 | 192.168.1.16 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Oct 23, 2019 11:35:16.820647001 CEST | 192.168.1.16 | 8.8.8.8 | 0x894d | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 23, 2019 11:35:16.879141092 CEST | 192.168.1.16 | 8.8.8.8 | 0xd359 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Oct 23, 2019 11:35:16.852674007 CEST | 8.8.8.8 | 192.168.1.16 | 0x894d | No error (0) | nagano-19599.herokussl.com | CNAME (Canonical name) | IN (0x0001) | ||
Oct 23, 2019 11:35:16.852674007 CEST | 8.8.8.8 | 192.168.1.16 | 0x894d | No error (0) | elb097307-934924932.us-east-1.elb.amazonaws.com | CNAME (Canonical name) | IN (0x0001) | ||
Oct 23, 2019 11:35:16.852674007 CEST | 8.8.8.8 | 192.168.1.16 | 0x894d | No error (0) | 23.23.229.94 | A (IP address) | IN (0x0001) | ||
Oct 23, 2019 11:35:16.852674007 CEST | 8.8.8.8 | 192.168.1.16 | 0x894d | No error (0) | 23.23.83.153 | A (IP address) | IN (0x0001) | ||
Oct 23, 2019 11:35:16.852674007 CEST | 8.8.8.8 | 192.168.1.16 | 0x894d | No error (0) | 23.23.243.154 | A (IP address) | IN (0x0001) | ||
Oct 23, 2019 11:35:16.852674007 CEST | 8.8.8.8 | 192.168.1.16 | 0x894d | No error (0) | 23.23.73.124 | A (IP address) | IN (0x0001) | ||
Oct 23, 2019 11:35:16.852674007 CEST | 8.8.8.8 | 192.168.1.16 | 0x894d | No error (0) | 174.129.199.232 | A (IP address) | IN (0x0001) | ||
Oct 23, 2019 11:35:16.852674007 CEST | 8.8.8.8 | 192.168.1.16 | 0x894d | No error (0) | 54.225.92.64 | A (IP address) | IN (0x0001) | ||
Oct 23, 2019 11:35:16.852674007 CEST | 8.8.8.8 | 192.168.1.16 | 0x894d | No error (0) | 54.235.187.248 | A (IP address) | IN (0x0001) | ||
Oct 23, 2019 11:35:16.852674007 CEST | 8.8.8.8 | 192.168.1.16 | 0x894d | No error (0) | 54.243.147.226 | A (IP address) | IN (0x0001) | ||
Oct 23, 2019 11:35:16.902837992 CEST | 8.8.8.8 | 192.168.1.16 | 0xd359 | No error (0) | nagano-19599.herokussl.com | CNAME (Canonical name) | IN (0x0001) | ||
Oct 23, 2019 11:35:16.902837992 CEST | 8.8.8.8 | 192.168.1.16 | 0xd359 | No error (0) | elb097307-934924932.us-east-1.elb.amazonaws.com | CNAME (Canonical name) | IN (0x0001) | ||
Oct 23, 2019 11:35:16.902837992 CEST | 8.8.8.8 | 192.168.1.16 | 0xd359 | No error (0) | 23.23.73.124 | A (IP address) | IN (0x0001) | ||
Oct 23, 2019 11:35:16.902837992 CEST | 8.8.8.8 | 192.168.1.16 | 0xd359 | No error (0) | 23.23.243.154 | A (IP address) | IN (0x0001) | ||
Oct 23, 2019 11:35:16.902837992 CEST | 8.8.8.8 | 192.168.1.16 | 0xd359 | No error (0) | 50.19.218.16 | A (IP address) | IN (0x0001) | ||
Oct 23, 2019 11:35:16.902837992 CEST | 8.8.8.8 | 192.168.1.16 | 0xd359 | No error (0) | 23.23.83.153 | A (IP address) | IN (0x0001) | ||
Oct 23, 2019 11:35:16.902837992 CEST | 8.8.8.8 | 192.168.1.16 | 0xd359 | No error (0) | 23.23.229.94 | A (IP address) | IN (0x0001) | ||
Oct 23, 2019 11:35:16.902837992 CEST | 8.8.8.8 | 192.168.1.16 | 0xd359 | No error (0) | 54.225.92.64 | A (IP address) | IN (0x0001) | ||
Oct 23, 2019 11:35:16.902837992 CEST | 8.8.8.8 | 192.168.1.16 | 0xd359 | No error (0) | 54.235.187.248 | A (IP address) | IN (0x0001) | ||
Oct 23, 2019 11:35:16.902837992 CEST | 8.8.8.8 | 192.168.1.16 | 0xd359 | No error (0) | 54.243.147.226 | A (IP address) | IN (0x0001) |
HTTPS Packets |
---|
Timestamp | Source IP | Source Port | Dest IP | Dest Port | Subject | Issuer | Not Before | Not After | JA3 SSL Client Fingerprint | JA3 SSL Client Digest |
---|---|---|---|---|---|---|---|---|---|---|
Oct 23, 2019 11:35:17.197134018 CEST | 23.23.229.94 | 443 | 192.168.1.16 | 49164 | CN=*.ipify.org, OU=PositiveSSL Wildcard, OU=Domain Control Validated CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE | CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE | Wed Jan 24 01:00:00 CET 2018 Wed Feb 12 01:00:00 CET 2014 Tue May 30 12:48:38 CEST 2000 Tue May 30 12:48:38 CEST 2000 | Sun Jan 24 00:59:59 CET 2021 Mon Feb 12 00:59:59 CET 2029 Sat May 30 12:48:38 CEST 2020 Sat May 30 12:48:38 CEST 2020 | ||
CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB | CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB | Wed Feb 12 01:00:00 CET 2014 | Mon Feb 12 00:59:59 CET 2029 | |||||||
CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB | CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE | Tue May 30 12:48:38 CEST 2000 | Sat May 30 12:48:38 CEST 2020 | |||||||
CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE | CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE | Tue May 30 12:48:38 CEST 2000 | Sat May 30 12:48:38 CEST 2020 |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 11:33:30 |
Start date: | 23/10/2019 |
Path: | C:\Users\user\Desktop\2019-10-21-Trickbot-gtag-mor27-retreived-by-Emotet-infected-host.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 512000 bytes |
MD5 hash: | 0A8D5A301D1EA44D5721045EEA07FDCD |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
General |
---|
Start time: | 11:33:31 |
Start date: | 23/10/2019 |
Path: | C:\ProgramData\??????.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 512000 bytes |
MD5 hash: | 0A8D5A301D1EA44D5721045EEA07FDCD |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
General |
---|
Start time: | 11:34:08 |
Start date: | 23/10/2019 |
Path: | C:\Users\user\AppData\Roaming\HomeLan\??????.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 512000 bytes |
MD5 hash: | 0A8D5A301D1EA44D5721045EEA07FDCD |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Disassembly |
---|
Code Analysis |
---|
Execution Graph |
---|
Execution Coverage: | 2.6% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 3.3% |
Total number of Nodes: | 633 |
Total number of Limit Nodes: | 23 |
Graph
Executed Functions |
---|
Function 00432740, Relevance: 6.1, APIs: 4, Instructions: 63COMMON
Control-flow Graph |
---|
C-Code - Quality: 90% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409A06, Relevance: 1.5, APIs: 1, Instructions: 4COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00433712, Relevance: 35.3, APIs: 4, Strings: 16, Instructions: 341windowregistryCOMMON
Control-flow Graph |
---|
C-Code - Quality: 87% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 81% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004329E7, Relevance: 15.1, APIs: 10, Instructions: 99memoryCOMMONLIBRARYCODE
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00431F87, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65registryCOMMON
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041CBB0, Relevance: 9.0, APIs: 6, Instructions: 35COMMON
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 65% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408838, Relevance: 6.1, APIs: 4, Instructions: 53memoryCOMMONLIBRARYCODE
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 84% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 83% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405159, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30memoryCOMMONLIBRARYCODE
Control-flow Graph |
---|
C-Code - Quality: 56% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042D65F, Relevance: 3.1, APIs: 2, Instructions: 71windowCOMMON
Control-flow Graph |
---|
C-Code - Quality: 90% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042D44C, Relevance: 3.1, APIs: 2, Instructions: 64windowCOMMON
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041E873, Relevance: 3.1, APIs: 2, Instructions: 56COMMON
C-Code - Quality: 94% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 77% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00433B55, Relevance: 3.0, APIs: 2, Instructions: 32COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041DA3F, Relevance: 3.0, APIs: 2, Instructions: 30COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041C021, Relevance: 3.0, APIs: 2, Instructions: 27threadCOMMON
C-Code - Quality: 88% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004190CA, Relevance: 3.0, APIs: 2, Instructions: 27COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418D00, Relevance: 3.0, APIs: 2, Instructions: 25threadCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040815F, Relevance: 3.0, APIs: 2, Instructions: 20memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042192F, Relevance: 1.7, APIs: 1, Instructions: 155COMMON
C-Code - Quality: 93% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041868C, Relevance: 1.6, APIs: 1, Instructions: 73COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418D8E, Relevance: 1.6, APIs: 1, Instructions: 72COMMON
C-Code - Quality: 94% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042B58B, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
C-Code - Quality: 88% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041C702, Relevance: 1.5, APIs: 1, Instructions: 14COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004088E9, Relevance: 1.3, APIs: 1, Instructions: 85memoryCOMMONLIBRARYCODE
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406991, Relevance: 1.3, APIs: 1, Instructions: 56memoryCOMMONLIBRARYCODE
C-Code - Quality: 73% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043291C, Relevance: 1.3, APIs: 1, Instructions: 11memoryCOMMONLIBRARYCODE
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
C-Code - Quality: 92% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 70% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004233B8, Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 132windowCOMMON
C-Code - Quality: 83% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 82% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042AFA7, Relevance: 16.2, APIs: 5, Strings: 4, Instructions: 485windowCOMMON
C-Code - Quality: 78% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041B1EF, Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 42libraryloaderCOMMON
C-Code - Quality: 40% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 85% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041F155, Relevance: 10.6, APIs: 7, Instructions: 148timeCOMMON
C-Code - Quality: 88% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A95E, Relevance: 4.7, APIs: 3, Instructions: 207timeCOMMON
C-Code - Quality: 91% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004042FB, Relevance: 4.5, APIs: 3, Instructions: 37COMMON
C-Code - Quality: 79% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00420A57, Relevance: 4.5, APIs: 3, Instructions: 36windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 46% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041E050, Relevance: 3.1, APIs: 2, Instructions: 64fileCOMMON
C-Code - Quality: 90% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042ED76, Relevance: 3.0, APIs: 2, Instructions: 32windowCOMMON
C-Code - Quality: 75% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00425C28, Relevance: 3.0, APIs: 2, Instructions: 15windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409A18, Relevance: 1.5, APIs: 1, Instructions: 3COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402D50, Relevance: .0, Instructions: 9COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 84% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00412F80, Relevance: 51.0, APIs: 28, Strings: 1, Instructions: 263windowstringCOMMON
C-Code - Quality: 88% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042FBCD, Relevance: 42.5, APIs: 28, Instructions: 479COMMON
C-Code - Quality: 88% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 88% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00416422, Relevance: 37.1, APIs: 18, Strings: 3, Instructions: 343windowkeyboardCOMMON
C-Code - Quality: 96% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00412CA0, Relevance: 30.2, APIs: 20, Instructions: 246COMMON
C-Code - Quality: 98% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418B0A, Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 170stringCOMMON
C-Code - Quality: 90% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 90% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 97% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041AC18, Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 174windowCOMMON
C-Code - Quality: 90% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 85% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 95% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004041CD, Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 68libraryloaderCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00415683, Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 114windowregistryCOMMON
C-Code - Quality: 94% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004115F0, Relevance: 22.8, APIs: 6, Strings: 7, Instructions: 44stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043547D, Relevance: 21.5, APIs: 14, Instructions: 480COMMON
C-Code - Quality: 92% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00427857, Relevance: 21.4, APIs: 14, Instructions: 390COMMON
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041F315, Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 168stringlibraryloaderCOMMON
C-Code - Quality: 78% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042F264, Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 111stringwindowCOMMON
C-Code - Quality: 86% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00410660, Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 83stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041FABD, Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 80registrywindowCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042E799, Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 73stringCOMMON
C-Code - Quality: 89% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00436460, Relevance: 19.6, APIs: 13, Instructions: 134COMMON
C-Code - Quality: 97% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00413AC0, Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 52libraryloaderCOMMON
C-Code - Quality: 87% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 83% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004317EC, Relevance: 18.1, APIs: 7, Strings: 5, Instructions: 66stringCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041E5B4, Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 194windowstringCOMMON
C-Code - Quality: 87% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 94% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00413440, Relevance: 16.7, APIs: 11, Instructions: 199COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 82% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00410F41, Relevance: 16.6, APIs: 11, Instructions: 107COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402E40, Relevance: 16.6, APIs: 11, Instructions: 75COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00431F3B, Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 199registryCOMMON
C-Code - Quality: 90% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041D5C2, Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 67registryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403D70, Relevance: 15.2, APIs: 10, Instructions: 227COMMON
C-Code - Quality: 96% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043682F, Relevance: 15.2, APIs: 10, Instructions: 225COMMON
C-Code - Quality: 97% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 75% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 71% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004292DF, Relevance: 15.1, APIs: 10, Instructions: 96COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004094D7, Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 100fileCOMMONLIBRARYCODE
C-Code - Quality: 96% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041A495, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 68windowCOMMON
C-Code - Quality: 85% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B897, Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 50libraryloaderCOMMONLIBRARYCODE
C-Code - Quality: 46% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D42D, Relevance: 13.7, APIs: 9, Instructions: 221COMMON
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040973A, Relevance: 13.7, APIs: 9, Instructions: 177COMMON
C-Code - Quality: 61% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 97% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 98% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041784E, Relevance: 13.6, APIs: 9, Instructions: 113COMMON
C-Code - Quality: 97% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 51% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411880, Relevance: 13.6, APIs: 9, Instructions: 54COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004272D6, Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 209windowCOMMON
C-Code - Quality: 64% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 38% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042FA78, Relevance: 12.1, APIs: 8, Instructions: 57COMMON
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00428FDD, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 160keyboardtimeCOMMON
C-Code - Quality: 78% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00413961, Relevance: 10.6, APIs: 7, Instructions: 140COMMON
C-Code - Quality: 95% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 97% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00410920, Relevance: 10.6, APIs: 7, Instructions: 109COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00431CEE, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 102registryCOMMON
C-Code - Quality: 80% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00436DCB, Relevance: 10.6, APIs: 7, Instructions: 90COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041E1B5, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 84stringCOMMON
C-Code - Quality: 83% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004122E0, Relevance: 10.6, APIs: 7, Instructions: 69COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041A3D0, Relevance: 10.6, APIs: 7, Instructions: 69COMMON
C-Code - Quality: 83% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 63% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043263D, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 63memorystringCOMMON
C-Code - Quality: 87% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404366, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 61stringCOMMON
C-Code - Quality: 56% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004123A0, Relevance: 10.5, APIs: 7, Instructions: 42COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041CB6C, Relevance: 10.5, APIs: 7, Instructions: 29COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042CC04, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 25registrywindowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00434101, Relevance: 9.2, APIs: 6, Instructions: 182COMMON
C-Code - Quality: 91% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00425911, Relevance: 9.2, APIs: 6, Instructions: 168COMMON
C-Code - Quality: 78% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A6E8, Relevance: 9.1, APIs: 6, Instructions: 117COMMON
C-Code - Quality: 78% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 90% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 80% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00432B56, Relevance: 9.1, APIs: 6, Instructions: 85memoryCOMMONLIBRARYCODE
C-Code - Quality: 97% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004136F0, Relevance: 9.1, APIs: 6, Instructions: 83windowCOMMON
C-Code - Quality: 94% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041956C, Relevance: 9.1, APIs: 6, Instructions: 82windowCOMMON
C-Code - Quality: 81% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042FB10, Relevance: 9.1, APIs: 6, Instructions: 79COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00423FD8, Relevance: 9.1, APIs: 6, Instructions: 76windowCOMMON
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004243B4, Relevance: 9.1, APIs: 6, Instructions: 73windowCOMMON
C-Code - Quality: 94% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00422BA1, Relevance: 9.1, APIs: 6, Instructions: 69windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004286DC, Relevance: 9.1, APIs: 6, Instructions: 67COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042D210, Relevance: 9.1, APIs: 6, Instructions: 62COMMON
C-Code - Quality: 94% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 82% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00436F50, Relevance: 9.1, APIs: 6, Instructions: 54COMMON
C-Code - Quality: 77% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 40% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 89% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00422719, Relevance: 9.0, APIs: 6, Instructions: 48windowCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00422633, Relevance: 9.0, APIs: 6, Instructions: 46COMMON
C-Code - Quality: 42% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418F5A, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00433BB8, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 88stringCOMMON
C-Code - Quality: 85% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 83% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042E226, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 94% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004172E4, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00421438, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 25libraryloaderCOMMON
C-Code - Quality: 68% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00421402, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON
C-Code - Quality: 68% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00429D0F, Relevance: 7.8, APIs: 5, Instructions: 339COMMON
C-Code - Quality: 35% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00425EDA, Relevance: 7.8, APIs: 5, Instructions: 258COMMON
C-Code - Quality: 97% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 91% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004092E2, Relevance: 7.6, APIs: 5, Instructions: 150COMMON
C-Code - Quality: 99% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004345A6, Relevance: 7.6, APIs: 5, Instructions: 127COMMON
C-Code - Quality: 82% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041FDB2, Relevance: 7.6, APIs: 5, Instructions: 118COMMON
C-Code - Quality: 89% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 91% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00425D3C, Relevance: 7.6, APIs: 5, Instructions: 102COMMON
C-Code - Quality: 83% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00424D26, Relevance: 7.6, APIs: 5, Instructions: 97COMMON
C-Code - Quality: 82% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041AEEF, Relevance: 7.6, APIs: 5, Instructions: 91windowCOMMON
C-Code - Quality: 95% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00415D5B, Relevance: 7.6, APIs: 5, Instructions: 88windowCOMMON
C-Code - Quality: 92% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00410D00, Relevance: 7.6, APIs: 5, Instructions: 78COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00426599, Relevance: 7.6, APIs: 5, Instructions: 71windowCOMMON
C-Code - Quality: 96% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041A1F0, Relevance: 7.6, APIs: 5, Instructions: 69windowCOMMON
C-Code - Quality: 63% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 29% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042D2A8, Relevance: 7.6, APIs: 5, Instructions: 68windowCOMMON
C-Code - Quality: 90% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042D35E, Relevance: 7.6, APIs: 5, Instructions: 65windowCOMMON
C-Code - Quality: 65% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 62% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00423173, Relevance: 7.6, APIs: 5, Instructions: 61windowCOMMON
C-Code - Quality: 80% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042DD87, Relevance: 7.6, APIs: 5, Instructions: 57windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 89% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 58% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00435271, Relevance: 7.5, APIs: 5, Instructions: 47COMMON
C-Code - Quality: 59% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00425ABF, Relevance: 7.5, APIs: 5, Instructions: 45windowCOMMON
C-Code - Quality: 91% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00415AB7, Relevance: 7.5, APIs: 5, Instructions: 44COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042CEEB, Relevance: 7.5, APIs: 5, Instructions: 44windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407B13, Relevance: 7.5, APIs: 5, Instructions: 38threadCOMMONLIBRARYCODE
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004301F7, Relevance: 7.5, APIs: 5, Instructions: 37COMMON
C-Code - Quality: 47% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00432990, Relevance: 7.5, APIs: 5, Instructions: 35COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00436282, Relevance: 7.5, APIs: 5, Instructions: 32COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 60% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 40% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 96% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004121F0, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 97stringCOMMON
C-Code - Quality: 92% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 96% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043059B, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 81windowCOMMON
C-Code - Quality: 96% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 94% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041D4B6, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 50libraryloaderCOMMON
C-Code - Quality: 84% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004309F8, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39libraryloaderCOMMON
C-Code - Quality: 59% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041C7D0, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004225BE, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27stringCOMMON
C-Code - Quality: 79% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407BCA, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 13libraryloaderCOMMON
C-Code - Quality: 67% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041E4AE, Relevance: 6.3, APIs: 5, Instructions: 96stringCOMMON
C-Code - Quality: 96% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408204, Relevance: 6.3, APIs: 3, Strings: 1, Instructions: 264memoryCOMMONLIBRARYCODE
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00414DD2, Relevance: 6.2, APIs: 4, Instructions: 170fileCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004252CC, Relevance: 6.1, APIs: 4, Instructions: 147COMMON
C-Code - Quality: 86% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042A36A, Relevance: 6.1, APIs: 4, Instructions: 138COMMON
C-Code - Quality: 92% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040BB5B, Relevance: 6.1, APIs: 4, Instructions: 135fileCOMMONLIBRARYCODE
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004132C0, Relevance: 6.1, APIs: 4, Instructions: 131COMMON
C-Code - Quality: 42% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00426D4A, Relevance: 6.1, APIs: 4, Instructions: 130COMMON
C-Code - Quality: 80% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00426EA1, Relevance: 6.1, APIs: 4, Instructions: 124COMMON
C-Code - Quality: 80% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00434E7C, Relevance: 6.1, APIs: 4, Instructions: 117COMMON
C-Code - Quality: 84% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00428953, Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 114stringCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042A6F8, Relevance: 6.1, APIs: 4, Instructions: 112COMMON
C-Code - Quality: 72% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00436ABA, Relevance: 6.1, APIs: 4, Instructions: 95COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00428564, Relevance: 6.1, APIs: 4, Instructions: 87windowCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042E5EE, Relevance: 6.1, APIs: 4, Instructions: 74stringCOMMON
C-Code - Quality: 48% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D5E8, Relevance: 6.1, APIs: 4, Instructions: 67COMMON
C-Code - Quality: 95% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041E102, Relevance: 6.1, APIs: 4, Instructions: 66timeCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004110E0, Relevance: 6.1, APIs: 4, Instructions: 65windowCOMMON
C-Code - Quality: 64% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043507D, Relevance: 6.1, APIs: 4, Instructions: 64windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042A062, Relevance: 6.1, APIs: 4, Instructions: 55COMMON
C-Code - Quality: 86% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042F48D, Relevance: 6.1, APIs: 4, Instructions: 55windowCOMMON
C-Code - Quality: 73% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411191, Relevance: 6.1, APIs: 4, Instructions: 54COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411281, Relevance: 6.1, APIs: 4, Instructions: 53COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00410750, Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00426C1E, Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
C-Code - Quality: 92% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00426CB4, Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
C-Code - Quality: 92% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041D093, Relevance: 6.1, APIs: 4, Instructions: 52COMMON
C-Code - Quality: 83% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00410C30, Relevance: 6.1, APIs: 4, Instructions: 52threadCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00434034, Relevance: 6.0, APIs: 4, Instructions: 50windowCOMMONLIBRARYCODE
C-Code - Quality: 95% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041626C, Relevance: 6.0, APIs: 4, Instructions: 50COMMON
C-Code - Quality: 94% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042B9AB, Relevance: 6.0, APIs: 4, Instructions: 50COMMON
C-Code - Quality: 90% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00419F1B, Relevance: 6.0, APIs: 4, Instructions: 49COMMON
C-Code - Quality: 95% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00419F94, Relevance: 6.0, APIs: 4, Instructions: 49windowCOMMON
C-Code - Quality: 64% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041BBD1, Relevance: 6.0, APIs: 4, Instructions: 48windowCOMMON
C-Code - Quality: 94% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004363F0, Relevance: 6.0, APIs: 4, Instructions: 46COMMON
C-Code - Quality: 83% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00430C9B, Relevance: 6.0, APIs: 4, Instructions: 45windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00410E70, Relevance: 6.0, APIs: 4, Instructions: 45threadCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004312E3, Relevance: 6.0, APIs: 4, Instructions: 44COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004302BA, Relevance: 6.0, APIs: 4, Instructions: 43windowCOMMON
C-Code - Quality: 84% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 74% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041AAE3, Relevance: 6.0, APIs: 4, Instructions: 43COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042DCB8, Relevance: 6.0, APIs: 4, Instructions: 43fileCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00436ED0, Relevance: 6.0, APIs: 4, Instructions: 39COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00430191, Relevance: 6.0, APIs: 4, Instructions: 37COMMON
C-Code - Quality: 43% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004218DE, Relevance: 6.0, APIs: 4, Instructions: 37windowCOMMONLIBRARYCODE
C-Code - Quality: 93% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042F5E7, Relevance: 6.0, APIs: 4, Instructions: 36COMMON
C-Code - Quality: 37% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401EF0, Relevance: 6.0, APIs: 4, Instructions: 30COMMON
C-Code - Quality: 79% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004226A8, Relevance: 6.0, APIs: 4, Instructions: 29stringCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042A6AF, Relevance: 6.0, APIs: 4, Instructions: 23COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 92% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 90% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 67% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 90% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 93% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 93% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 85% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 85% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004100D8, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28COMMONLIBRARYCODE
C-Code - Quality: 81% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00412040, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23stringCOMMON
C-Code - Quality: 88% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00432C5C, Relevance: 5.1, APIs: 4, Instructions: 62COMMON
C-Code - Quality: 60% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408019, Relevance: 5.0, APIs: 4, Instructions: 12COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph |
---|
Execution Coverage: | 3.3% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 24.8% |
Total number of Nodes: | 2000 |
Total number of Limit Nodes: | 6 |
Graph
Executed Functions |
---|
Control-flow Graph |
---|
C-Code - Quality: 74% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 70% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005C2DA0, Relevance: 3.1, APIs: 2, Instructions: 56comCOMMON
Control-flow Graph |
---|
C-Code - Quality: 34% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005C3200, Relevance: 29.1, APIs: 19, Instructions: 566COMMON
Control-flow Graph |
---|
C-Code - Quality: 25% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 64% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005D5D00, Relevance: 6.1, APIs: 4, Instructions: 143sleepCOMMON
Control-flow Graph |
---|
C-Code - Quality: 97% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 92% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005CD8B0, Relevance: 4.6, APIs: 3, Instructions: 51COMMON
Control-flow Graph |
---|
C-Code - Quality: 16% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005D2D90, Relevance: 3.0, APIs: 2, Instructions: 24COMMON
Control-flow Graph |
---|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005C91E0, Relevance: 1.5, APIs: 1, Instructions: 8memoryCOMMON
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00201317, Relevance: 1.4, Strings: 1, Instructions: 200COMMON
Control-flow Graph |
---|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00201345, Relevance: .1, Instructions: 116COMMON
Control-flow Graph |
---|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 005C1250, Relevance: 70.4, APIs: 38, Strings: 2, Instructions: 363libraryloaderinjectionCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005C5470, Relevance: 42.4, APIs: 23, Strings: 1, Instructions: 350processmemoryCOMMONCrypto
C-Code - Quality: 72% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005D0920, Relevance: 24.6, APIs: 16, Instructions: 640injectionmemorystringCOMMONCrypto
C-Code - Quality: 85% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005D05C0, Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 246sleepfileCOMMONCrypto
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005D3FA0, Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 159injectionmemoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005CD4B0, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 135fileCOMMON
C-Code - Quality: 98% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005C3EC0, Relevance: 15.3, APIs: 10, Instructions: 343filestringCOMMONCrypto
C-Code - Quality: 77% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005D1A70, Relevance: 14.4, APIs: 7, Strings: 1, Instructions: 416stringthreadCOMMONCrypto
C-Code - Quality: 97% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005C8CD0, Relevance: 13.6, APIs: 9, Instructions: 131COMMON
C-Code - Quality: 54% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 40% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005D1800, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 64nativeCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005D5710, Relevance: 7.8, APIs: 5, Instructions: 256filesleepstringCOMMONCrypto
C-Code - Quality: 86% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005C4DE0, Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 271COMMONCrypto
C-Code - Quality: 96% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005D2F10, Relevance: 6.1, APIs: 4, Instructions: 75COMMON
C-Code - Quality: 92% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005CA4D0, Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 413fileCOMMONCrypto
C-Code - Quality: 79% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 98% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005C1FB0, Relevance: 4.7, APIs: 3, Instructions: 155COMMON
C-Code - Quality: 33% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005C3180, Relevance: 4.5, APIs: 3, Instructions: 28memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 87% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005D4E70, Relevance: 3.0, APIs: 2, Instructions: 17timeCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 94% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 98% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005D1960, Relevance: 1.5, APIs: 1, Instructions: 31COMMON
C-Code - Quality: 82% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005C8160, Relevance: 1.5, APIs: 1, Instructions: 25COMMON
C-Code - Quality: 91% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005D35E0, Relevance: .4, Instructions: 423COMMONCrypto
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005C2E60, Relevance: .3, Instructions: 298COMMONCrypto
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005C36E0, Relevance: .2, Instructions: 179COMMONCrypto
C-Code - Quality: 97% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005D41A0, Relevance: .2, Instructions: 179COMMONCrypto
C-Code - Quality: 92% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005C8230, Relevance: .2, Instructions: 150COMMONCrypto
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005C35D0, Relevance: .1, Instructions: 80COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005D3DF0, Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 102synchronizationinjectionCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 69% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005D13A0, Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 229sleepstringCOMMON
C-Code - Quality: 67% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 71% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005CAB60, Relevance: 15.2, APIs: 5, Strings: 5, Instructions: 225sleepCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 75% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 76% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005CCE40, Relevance: 12.1, APIs: 8, Instructions: 91COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005CB3F0, Relevance: 10.8, APIs: 7, Instructions: 254synchronizationCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 77% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005C43E0, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 185processCOMMON
C-Code - Quality: 97% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 89% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005D5020, Relevance: 9.2, APIs: 6, Instructions: 233sleepCOMMON
C-Code - Quality: 89% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005CD6B0, Relevance: 9.2, APIs: 6, Instructions: 161fileCOMMON
C-Code - Quality: 83% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005D7410, Relevance: 9.1, APIs: 6, Instructions: 108fileCOMMON
C-Code - Quality: 94% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005CFA90, Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 329fileCOMMON
C-Code - Quality: 96% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005CC510, Relevance: 9.1, APIs: 6, Instructions: 77fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 46% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 89% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005D5320, Relevance: 7.6, APIs: 5, Instructions: 111COMMON
C-Code - Quality: 84% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005D5630, Relevance: 7.6, APIs: 5, Instructions: 82fileCOMMON
C-Code - Quality: 91% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005D7BE0, Relevance: 7.6, APIs: 5, Instructions: 77fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 95% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005D5C10, Relevance: 6.3, APIs: 5, Instructions: 43COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005C7C50, Relevance: 6.2, APIs: 4, Instructions: 219sleepstringthreadCOMMON
C-Code - Quality: 97% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005D0300, Relevance: 6.1, APIs: 4, Instructions: 76COMMON
C-Code - Quality: 57% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005C6740, Relevance: 6.1, APIs: 4, Instructions: 71librarystringloaderCOMMON
C-Code - Quality: 79% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005D3100, Relevance: 6.1, APIs: 4, Instructions: 62librarystringloaderCOMMON
C-Code - Quality: 43% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005C7440, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121processCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph |
---|
Execution Coverage: | 7.8% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 21.4% |
Total number of Nodes: | 2000 |
Total number of Limit Nodes: | 18 |
Graph
Executed Functions |
---|
Control-flow Graph |
---|
C-Code - Quality: 74% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006ED4B0, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 135fileCOMMON
Control-flow Graph |
---|
C-Code - Quality: 98% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 48% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006F5710, Relevance: 7.8, APIs: 5, Instructions: 256filesleepstringCOMMONCrypto
Control-flow Graph |
---|
C-Code - Quality: 86% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006EA4D0, Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 413fileCOMMONCrypto
Control-flow Graph |
---|
C-Code - Quality: 79% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 98% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006F6780, Relevance: 3.1, APIs: 2, Instructions: 116COMMON
C-Code - Quality: 70% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006E3200, Relevance: 29.1, APIs: 19, Instructions: 566COMMON
Control-flow Graph |
---|
C-Code - Quality: 25% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 77% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 64% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006E7C50, Relevance: 6.2, APIs: 4, Instructions: 219sleepstringthreadCOMMON
Control-flow Graph |
---|
C-Code - Quality: 97% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006F5D00, Relevance: 6.1, APIs: 4, Instructions: 143sleepCOMMON
Control-flow Graph |
---|
C-Code - Quality: 97% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 92% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006ED8B0, Relevance: 4.6, APIs: 3, Instructions: 51COMMON
C-Code - Quality: 16% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006E3180, Relevance: 4.5, APIs: 3, Instructions: 28memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006EAB10, Relevance: 4.5, APIs: 3, Instructions: 23fileCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006F3F50, Relevance: 4.5, APIs: 3, Instructions: 20sleepCOMMON
C-Code - Quality: 37% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006E2DA0, Relevance: 3.1, APIs: 2, Instructions: 56comCOMMON
C-Code - Quality: 34% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006F2E00, Relevance: 3.0, APIs: 2, Instructions: 46fileCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006F2D90, Relevance: 3.0, APIs: 2, Instructions: 24COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006EB250, Relevance: 1.6, APIs: 1, Instructions: 129COMMON
C-Code - Quality: 26% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00671317, Relevance: 1.4, Strings: 1, Instructions: 200COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006E5A50, Relevance: 1.4, APIs: 1, Instructions: 102sleepCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00671345, Relevance: .1, Instructions: 116COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 006E1250, Relevance: 70.4, APIs: 38, Strings: 2, Instructions: 363libraryloaderinjectionCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006E5470, Relevance: 42.4, APIs: 23, Strings: 1, Instructions: 350processmemoryCOMMONCrypto
C-Code - Quality: 72% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006F0920, Relevance: 24.6, APIs: 16, Instructions: 640injectionmemorystringCOMMONCrypto
C-Code - Quality: 85% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006E3EC0, Relevance: 15.3, APIs: 10, Instructions: 343filestringCOMMONCrypto
C-Code - Quality: 77% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006F1A70, Relevance: 14.4, APIs: 7, Strings: 1, Instructions: 416stringthreadCOMMONCrypto
C-Code - Quality: 97% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006E8CD0, Relevance: 13.6, APIs: 9, Instructions: 131COMMON
C-Code - Quality: 54% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006F1800, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 64nativeCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006E4DE0, Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 271COMMONCrypto
C-Code - Quality: 96% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006F2F10, Relevance: 6.1, APIs: 4, Instructions: 75COMMON
C-Code - Quality: 93% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 87% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 94% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 98% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006F35E0, Relevance: .4, Instructions: 423COMMONCrypto
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006E2E60, Relevance: .3, Instructions: 298COMMONCrypto
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006E36E0, Relevance: .2, Instructions: 179COMMONCrypto
C-Code - Quality: 97% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006E8230, Relevance: .2, Instructions: 150COMMONCrypto
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 71% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006EAB60, Relevance: 15.2, APIs: 5, Strings: 5, Instructions: 225sleepCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006E43E0, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 185processCOMMON
C-Code - Quality: 97% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 75% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 78% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006ECE40, Relevance: 12.1, APIs: 8, Instructions: 91COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 89% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006F5020, Relevance: 9.2, APIs: 6, Instructions: 233sleepCOMMON
C-Code - Quality: 89% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006ED6B0, Relevance: 9.2, APIs: 6, Instructions: 161fileCOMMON
C-Code - Quality: 83% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006F7410, Relevance: 9.1, APIs: 6, Instructions: 108fileCOMMON
C-Code - Quality: 94% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006EFA90, Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 329fileCOMMON
C-Code - Quality: 96% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006EC510, Relevance: 9.1, APIs: 6, Instructions: 77fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 46% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 89% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006F5320, Relevance: 7.6, APIs: 5, Instructions: 111COMMON
C-Code - Quality: 84% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006F5630, Relevance: 7.6, APIs: 5, Instructions: 82fileCOMMON
C-Code - Quality: 91% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006F7BE0, Relevance: 7.6, APIs: 5, Instructions: 77fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006F5C10, Relevance: 6.3, APIs: 5, Instructions: 43COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006F0300, Relevance: 6.1, APIs: 4, Instructions: 76COMMON
C-Code - Quality: 57% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006E6740, Relevance: 6.1, APIs: 4, Instructions: 71librarystringloaderCOMMON
C-Code - Quality: 79% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006F3100, Relevance: 6.1, APIs: 4, Instructions: 62librarystringloaderCOMMON
C-Code - Quality: 43% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006E7440, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121processCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |