Analysis Report module.8144.18ffc90c0.400000.dll
Overview
General Information |
---|
Joe Sandbox Version: | 26.0.0 |
Analysis ID: | 136638 |
Start date: | 29.05.2019 |
Start time: | 16:49:35 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 12m 37s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | module.8144.18ffc90c0.400000.dll (renamed file extension from dll to exe) |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113 |
Number of analysed new started processes analysed: | 11 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal80.rans.evad.winEXE@2/1@0/0 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Detection |
---|
Strategy | Score | Range | Reporting | Whitelisted | Detection | |
---|---|---|---|---|---|---|
Threshold | 80 | 0 - 100 | false |
Confidence |
---|
Strategy | Score | Range | Further Analysis Required? | Confidence | |
---|---|---|---|---|---|
Threshold | 5 | 0 - 5 | false |
Classification |
---|
Analysis Advice |
---|
Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--") |
Sample monitors Window changes (e.g. starting applications), analyze the sample with the 'Simulates keyboard and window changes' cookbook |
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control |
---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Remote Management | Winlogon Helper DLL | Access Token Manipulation1 | Disabling Security Tools1 | Credential Dumping | System Time Discovery1 | Application Deployment Software | Clipboard Data1 | Data Encrypted21 | Standard Cryptographic Protocol1 |
Replication Through Removable Media | Service Execution | Port Monitors | Process Injection1 | Software Packing1 | Network Sniffing | Query Registry1 | Remote Services | Data from Removable Media | Exfiltration Over Other Network Medium | Commonly Used Port1 |
Drive-by Compromise | Windows Management Instrumentation | Accessibility Features | Path Interception | Access Token Manipulation1 | Input Capture | Process Discovery2 | Windows Remote Management | Data from Network Shared Drive | Automated Exfiltration | Custom Cryptographic Protocol |
Exploit Public-Facing Application | Scheduled Task | System Firmware | DLL Search Order Hijacking | Process Injection1 | Credentials in Files | Application Window Discovery1 | Logon Scripts | Input Capture | Data Encrypted | Multiband Communication |
Spearphishing Link | Command-Line Interface | Shortcut Modification | File System Permissions Weakness | Deobfuscate/Decode Files or Information1 | Account Manipulation | Account Discovery1 | Shared Webroot | Data Staged | Scheduled Transfer | Standard Cryptographic Protocol |
Spearphishing Attachment | Graphical User Interface | Modify Existing Service | New Service | File Deletion1 | Brute Force | System Owner/User Discovery1 | Third-party Software | Screen Capture | Data Transfer Size Limits | Commonly Used Port |
Spearphishing via Service | Scripting | Path Interception | Scheduled Task | Obfuscated Files or Information2 | Two-Factor Authentication Interception | Security Software Discovery21 | Pass the Hash | Email Collection | Exfiltration Over Command and Control Channel | Uncommonly Used Port |
Supply Chain Compromise | Third-party Software | Logon Scripts | Process Injection | DLL Side-Loading1 | Bash History | File and Directory Discovery1 | Remote Desktop Protocol | Clipboard Data | Exfiltration Over Alternative Protocol | Standard Application Layer Protocol |
Trusted Relationship | Rundll32 | DLL Search Order Hijacking | Service Registry Permissions Weakness | Process Injection | Input Prompt | System Information Discovery13 | Windows Admin Shares | Automated Collection | Exfiltration Over Physical Medium | Multilayer Encryption |
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Antivirus or Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Antivirus or Machine Learning detection for unpacked file | Show sources |
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: |
Cryptography: |
---|
Uses Microsoft's Enhanced Cryptographic Provider | Show sources |
Source: | Code function: | 0_2_00401063 | |
Source: | Code function: | 0_2_00401000 | |
Source: | Code function: | 0_2_004017A2 | |
Source: | Code function: | 0_2_0040128D | |
Source: | Code function: | 0_2_0040191C | |
Source: | Code function: | 0_1_00401063 | |
Source: | Code function: | 0_1_00401000 | |
Source: | Code function: | 0_1_004017A2 | |
Source: | Code function: | 0_1_0040128D | |
Source: | Code function: | 0_1_0040191C |
Spreading: |
---|
Contains functionality to enumerate / list files inside a directory | Show sources |
Source: | Code function: | 0_2_004014CC | |
Source: | Code function: | 0_1_004014CC | |
Source: | Code function: | 9_2_00E9A394 | |
Source: | Code function: | 9_2_00E95DAE | |
Source: | Code function: | 9_1_00E9A394 | |
Source: | Code function: | 9_1_00E95DAE |
Key, Mouse, Clipboard, Microphone and Screen Capturing: |
---|
Contains functionality for read data from the clipboard | Show sources |
Source: | Code function: | 9_2_00E9765E |
Spam, unwanted Advertisements and Ransom Demands: |
---|
Detected LockCrypt Ransomware | Show sources |
Source: | Code function: | 0_1_004017A2 |
Contains functionality to clear event logs | Show sources |
Source: | Code function: | 0_1_004017A2 | |
Source: | Code function: | 0_1_0040191C |
Contains functionality to encrypt and move a file in one function | Show sources |
Source: | Code function: | 0_2_0040128D | |
Source: | Code function: | 0_1_0040128D |
Deletes shadow drive data (may be related to ransomware) | Show sources |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Detected suspicious e-Mail address in disassembly | Show sources |
Source: | Code function: | 0_1_004017A2 | |
Source: | Code function: | 0_1_0040191C |
Contains functionality to import cryptographic keys (often used in ransomware) | Show sources |
Source: | Code function: | 0_2_00401063 | |
Source: | Code function: | 0_2_004017A2 | |
Source: | Code function: | 0_2_0040191C | |
Source: | Code function: | 0_1_00401063 | |
Source: | Code function: | 0_1_004017A2 | |
Source: | Code function: | 0_1_0040191C |
System Summary: |
---|
Found potential string decryption / allocating functions | Show sources |
Sample file is different than original file name gathered from version info | Show sources |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Tries to load missing DLLs | Show sources |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Classification label | Show sources |
Source: | Classification label: |
Contains functionality to adjust token privileges (e.g. debug / backup) | Show sources |
Source: | Code function: | 0_2_00401DE7 | |
Source: | Code function: | 0_1_00401DE7 |
Contains functionality to check free disk space | Show sources |
Source: | Code function: | 9_2_00E97025 |
Contains functionality to enum processes or threads | Show sources |
Source: | Code function: | 0_2_00401D2D |
Contains functionality to instantiate COM classes | Show sources |
Source: | Code function: | 9_2_00E921A2 |
Creates files inside the user directory | Show sources |
Source: | File created: | Jump to behavior |
Might use command line arguments | Show sources |
Source: | Command line argument: | 9_2_00E92E4B | |
Source: | Command line argument: | 9_2_00E92E4B | |
Source: | Command line argument: | 9_2_00E92E4B | |
Source: | Command line argument: | 9_1_00E92E4B | |
Source: | Command line argument: | 9_1_00E92E4B | |
Source: | Command line argument: | 9_1_00E92E4B |
PE file has an executable .text section and no other executable section | Show sources |
Source: | Static PE information: |
Reads software policies | Show sources |
Source: | Key opened: | Jump to behavior |
Sample might require command line arguments (.Net) | Show sources |
Source: | String found in binary or memory: |
Spawns processes | Show sources |
Source: | Process created: | ||
Source: | Process created: |
Uses an in-process (OLE) Automation server | Show sources |
Source: | Key value queried: | Jump to behavior |
Binary contains paths to debug symbols | Show sources |
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation: |
---|
PE file contains an invalid checksum | Show sources |
Source: | Static PE information: |
Uses code obfuscation techniques (call, push, ret) | Show sources |
Source: | Code function: | 9_2_00EA3151 | |
Source: | Code function: | 9_2_00EA3278 | |
Source: | Code function: | 9_1_00EA3151 | |
Source: | Code function: | 9_1_00EA3278 |
Malware Analysis System Evasion: |
---|
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems) | Show sources |
Source: | Code function: | 0_2_00401D2D |
Found a high number of Window / User specific system calls (may be a loop to detect user behavior) | Show sources |
Source: | Window / User API: | Jump to behavior |
Found large amount of non-executed APIs | Show sources |
Source: | API coverage: |
May sleep (evasive loops) to hinder dynamic analysis | Show sources |
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Sample execution stops while process was sleeping (likely an evasion) | Show sources |
Source: | Last function: | ||
Source: | Last function: |
Contains functionality to enumerate / list files inside a directory | Show sources |
Source: | Code function: | 0_2_004014CC | |
Source: | Code function: | 0_1_004014CC | |
Source: | Code function: | 9_2_00E9A394 | |
Source: | Code function: | 9_2_00E95DAE | |
Source: | Code function: | 9_1_00E9A394 | |
Source: | Code function: | 9_1_00E95DAE |
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) | Show sources |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Anti Debugging: |
---|
Contains functionality to check if a debugger is running (IsDebuggerPresent) | Show sources |
Source: | Code function: | 9_2_00E9A7CF |
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems) | Show sources |
Source: | Code function: | 0_2_00401D2D |
Contains functionality to register its own exception handler | Show sources |
Source: | Code function: | 9_2_00EA32C6 | |
Source: | Code function: | 9_1_00EA32C6 |
HIPS / PFW / Operating System Protection Evasion: |
---|
May try to detect the Windows Explorer process (often used for injection) | Show sources |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Language, Device and Operating System Detection: |
---|
Contains functionality locales information (e.g. system language) | Show sources |
Source: | Code function: | 9_2_00E97325 | |
Source: | Code function: | 9_1_00E97325 |
Contains functionality to query local / system time | Show sources |
Source: | Code function: | 0_2_004017A2 |
Contains functionality to query the account / user name | Show sources |
Source: | Code function: | 9_2_00E969DE |
Contains functionality to query windows version | Show sources |
Source: | Code function: | 9_2_00EA1383 |
Queries the cryptographic machine GUID | Show sources |
Source: | Key value queried: | Jump to behavior |
Lowering of HIPS / PFW / Operating System Security Settings: |
---|
Contains functionality to modify Windows User Account Control (UAC) settings | Show sources |
Source: | Code function: | 0_1_004017A2 | |
Source: | Code function: | 0_1_0040191C |
Remote Access Functionality: |
---|
Contains functionality to open a port and listen for incoming connection (possibly a backdoor) | Show sources |
Source: | Code function: | 9_2_00E9ECC0 | |
Source: | Code function: | 9_1_00E9ECC0 |
Behavior Graph |
---|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
16:50:40 | API Interceptor |
Antivirus and Machine Learning Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Joe Sandbox ML |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Joe Sandbox ML | Download File | |||
100% | Joe Sandbox ML | Download File | |||
100% | Joe Sandbox ML | Download File |
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
No Antivirus matches |
---|
Yara Overview |
---|
Initial Sample |
---|
No yara matches |
---|
PCAP (Network Traffic) |
---|
No yara matches |
---|
Dropped Files |
---|
No yara matches |
---|
Memory Dumps |
---|
No yara matches |
---|
Unpacked PEs |
---|
No yara matches |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Startup |
---|
|
Created / dropped Files |
---|
Process: | C:\Users\user\AppData\Local\Microsoft\OneDrive\17.3.6816.0313_2\FileCoAuth.exe |
File Type: | |
Size (bytes): | 96 |
Entropy (8bit): | 3.4085043860359887 |
Encrypted: | false |
MD5: | C37C99E2664E88627C732AE5CC371962 |
SHA1: | CAE521AE688E99908DAE2873C4BFC403A3C63C16 |
SHA-256: | 473EA8B6E02226DD098163F890BCE408E3736BD0AEE5DA27F9797DC21CD0EFCF |
SHA-512: | BD480EBBE4231FC3D7FFFDC3E051D48E4A0E5CF2E5A88640CA6F0C89BDDF8A3569EB9C50911BEA69EBF172A91EC5FE0208A62B934522A27B373E9A115B75F8E2 |
Malicious: | false |
Reputation: | low |
Preview: |
Domains and IPs |
---|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 5.807309466271178 |
TrID: |
|
File name: | module.8144.18ffc90c0.400000.exe |
File size: | 11776 |
MD5: | 2d1ca86789091f84f0d4f6af9fd5d51d |
SHA1: | 060f86ddb170c4cc721b265a11dbae12533811f4 |
SHA256: | b8dcb1757bfc5d1f57a0927e269a06b5d284340921cc47dd4d7753bb98e04f9f |
SHA512: | 7f55f9205cb472ea07b6bba4971db51acdccb5cf472602a0738bef44b3b21b433dd7c14cc176ea20bd0d4710e810c989f9a1eaf8a616c0875afcde4c40f3b339 |
SSDEEP: | 192:GrfOVf1TFoTxFEx29bV29LTwmH+8Ihuz6uTCxWN1tvjywPqcwXYjwdqOKd+7o:GrfOnTFo0x2dm8s++CxW/5SIjwoO1o |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......]...................S...........Rich............PE..L......\..................... ............... ....@........................ |
File Icon |
---|
Icon Hash: | 00828e8e8686b000 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x401000 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | |
Time Stamp: | 0x5C91ECFE [Wed Mar 20 07:34:22 2019 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 0a98a06f576cfeebd2f91325d9ccac02 |
Entrypoint Preview |
---|
Instruction |
---|
push ebp |
mov ebp, esp |
add esp, FFFFFFF4h |
mov dword ptr [ebp-04h], 000010F0h |
push F0000000h |
push 00000018h |
push 00000000h |
push 00000000h |
lea eax, dword ptr [ebp-08h] |
push eax |
call 5CF932BCh |
lea eax, dword ptr [ebp-0Ch] |
push eax |
mov dword ptr [eax+10h], 004017A2h |
xor edi, edi |
push edi |
push edi |
push 0000002Ch |
call 5CF923A1h |
or byte ptr [edx], al |
add byte ptr [eax], al |
adc byte ptr [esi+00h], ah |
add byte ptr [eax], ah |
add byte ptr [eax], al |
add byte ptr [esi+2Fh], dl |
jle 5CF923D1h |
and eax, 950B6CCCh |
push 35682128h |
push esp |
push esp |
xor al, ECh |
enter AAF5h, 2Bh |
xor ch, 00000069h |
xchg eax, ecx |
out dx, al |
sub eax, E1813362h |
push dword ptr [ebp-08h] |
call 5CF93296h |
lea eax, dword ptr [ebp-04h] |
push eax |
push 00403000h |
push 00000000h |
push 00000000h |
push 00000000h |
push dword ptr [ebp-0Ch] |
call 5CF93261h |
push dword ptr [ebp-0Ch] |
call 5CF9325Fh |
push 00000000h |
push dword ptr [ebp-08h] |
call 5CF93273h |
leave |
ret |
push ebp |
mov ebp, esp |
add esp, FFFFFFF4h |
push 00008000h |
call 5CF92A50h |
mov dword ptr [ebp-08h], eax |
push dword ptr [ebp+08h] |
push dword ptr [ebp-08h] |
call 5CF93205h |
push dword ptr [ebp-08h] |
call 5CF93209h |
mov ebx, dword ptr [ebp-08h] |
mov byte ptr [ebx+eax*2-06h], 00000000h |
push 0040379Eh |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x2120 | 0x64 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x114 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0xfd4 | 0x1000 | False | 0.5673828125 | ump; data | 5.53282933147 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x2000 | 0x72c | 0x800 | False | 0.5458984375 | ump; data | 5.17939846828 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x3000 | 0x1730 | 0x1200 | False | 0.577039930556 | ump; data | 5.80284978838 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
Imports |
---|
DLL | Import |
---|---|
kernel32.dll | GetModuleFileNameA, GetSystemTimeAsFileTime, GlobalAlloc, GlobalFree, GlobalMemoryStatus, MapViewOfFile, MoveFileW, MultiByteToWideChar, OpenProcess, Process32FirstW, Process32NextW, RtlZeroMemory, SetErrorMode, GetLogicalDrives, SetFilePointerEx, Sleep, TerminateProcess, UnmapViewOfFile, WriteFile, lstrcatA, lstrcatW, lstrcmpW, lstrcmpiA, lstrcmpiW, lstrcpyW, lstrlenA, lstrlenW, GetLastError, GetFileAttributesW, GetEnvironmentVariableA, GetDateFormatA, GetCurrentProcessId, FindNextFileW, FindFirstFileW, FindClose, FileTimeToSystemTime, CreateToolhelp32Snapshot, CreateThread, CreateFileW, CreateFileMappingA, CreateFileA, CopyFileA, SetFileAttributesW, CloseHandle |
shell32.dll | SHChangeNotify, ShellExecuteA |
advapi32.dll | RegOpenKeyExA, RegCloseKey, OpenProcessToken, LookupPrivilegeValueA, CryptReleaseContext, CryptImportKey, CryptGenKey, CryptExportKey, CryptEncrypt, CryptDestroyKey, CryptDecrypt, CryptAcquireContextA, AdjustTokenPrivileges, RegQueryValueExA, RegSetValueExA, RegCreateKeyA |
mpr.dll | WNetOpenEnumA, WNetEnumResourceA, WNetCloseEnum |
Static AutoIT Info |
---|
General | |
---|---|
Code: |
Network Behavior |
---|
No network behavior found |
---|
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 16:50:39 |
Start date: | 29/05/2019 |
Path: | C:\Users\user\Desktop\module.8144.18ffc90c0.400000.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 11776 bytes |
MD5 hash: | 2D1CA86789091F84F0D4F6AF9FD5D51D |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
General |
---|
Start time: | 16:57:56 |
Start date: | 29/05/2019 |
Path: | C:\Users\user\AppData\Local\Microsoft\OneDrive\17.3.6816.0313_2\FileCoAuth.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xe90000 |
File size: | 214656 bytes |
MD5 hash: | 7BBCC04B54BA6CF2B28304F6F75D9512 |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | low |
Disassembly |
---|
Code Analysis |
---|
Execution Graph |
---|
Execution Coverage: | 37.8% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 77.6% |
Total number of Nodes: | 134 |
Total number of Limit Nodes: | 5 |
Graph
Callgraph |
---|
Executed Functions |
---|
Function 004017A2, Relevance: 157.9, APIs: 64, Strings: 26, Instructions: 415registryencryptionstringCOMMON
C-Code - Quality: 65% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
Function 0040191C, Relevance: 115.8, APIs: 46, Strings: 20, Instructions: 298encryptionregistrystringCOMMON
C-Code - Quality: 55% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
Function 004017A2, Relevance: 114.2, APIs: 64, Strings: 1, Instructions: 415registryencryptionstringCOMMON
Control-flow Graph |
---|
C-Code - Quality: 65% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
Function 0040191C, Relevance: 69.3, APIs: 46, Instructions: 298encryptionregistrystringCOMMON
Control-flow Graph |
---|
C-Code - Quality: 55% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
Function 004014CC, Relevance: 52.6, APIs: 24, Strings: 6, Instructions: 146stringfilesleepCOMMON
C-Code - Quality: 97% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
Function 004014CC, Relevance: 49.1, APIs: 24, Strings: 4, Instructions: 146stringfilesleepCOMMON
Control-flow Graph |
---|
C-Code - Quality: 97% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
Function 00401000, Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 77stringencryptionCOMMON
C-Code - Quality: 53% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
Function 00401000, Relevance: 15.1, APIs: 10, Instructions: 77stringencryptionCOMMON
Control-flow Graph |
---|
C-Code - Quality: 53% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
Function 00401DE7, Relevance: 6.0, APIs: 4, Instructions: 35COMMON
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
Control-flow Graph |
---|
C-Code - Quality: 58% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
Function 00401131, Relevance: 18.1, APIs: 12, Instructions: 107sharestringthreadCOMMON
C-Code - Quality: 97% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
Function 004016FF, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 46threadstringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
Non-executed Functions |
---|
Function 0040128D, Relevance: 45.7, APIs: 24, Strings: 2, Instructions: 191filesleepCOMMON
Control-flow Graph |
---|
C-Code - Quality: 63% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
Function 00401D2D, Relevance: 16.6, APIs: 11, Instructions: 57stringsleepprocessCOMMON
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
Function 00401D2D, Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 57stringsleepprocessCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
Function 00401096, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 25stringfileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
Execution Graph |
---|
Execution Coverage: | 4.6% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 3.2% |
Total number of Nodes: | 378 |
Total number of Limit Nodes: | 16 |
Graph
Executed Functions |
---|
Control-flow Graph |
---|
C-Code - Quality: 79% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
Control-flow Graph |
---|
C-Code - Quality: 37% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
C-Code - Quality: 53% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
Function 00E93A2E, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42threadCOMMON
Control-flow Graph |
---|
C-Code - Quality: 50% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
Function 00EA0BAE, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 29registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
Function 00E93A2E, Relevance: 4.5, APIs: 3, Instructions: 42threadCOMMON
C-Code - Quality: 50% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
Function 00E91FC9, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
Function 00EA2BBA, Relevance: 1.5, APIs: 1, Instructions: 11COMMON
C-Code - Quality: 37% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
Non-executed Functions |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
Function 00E9A394, Relevance: 10.6, APIs: 7, Instructions: 93fileCOMMON
C-Code - Quality: 85% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
C-Code - Quality: 89% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
Function 00E9ECC0, Relevance: 3.0, APIs: 2, Instructions: 36COMMON
C-Code - Quality: 75% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
Function 00E921A2, Relevance: 1.5, APIs: 1, Instructions: 36comCOMMON
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
Function 00EA1383, Relevance: .0, Instructions: 5COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
Function 00E97325, Relevance: .0, Instructions: 5COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
Function 00E9765E, Relevance: .0, Instructions: 5COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
Function 00E95DAE, Relevance: .0, Instructions: 5COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
Function 00E92546, Relevance: 31.8, APIs: 14, Strings: 4, Instructions: 264registrycomCOMMON
C-Code - Quality: 48% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
Function 00E92546, Relevance: 30.0, APIs: 14, Strings: 3, Instructions: 264registrycomCOMMON
C-Code - Quality: 48% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
C-Code - Quality: 99% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
C-Code - Quality: 57% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
C-Code - Quality: 57% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
C-Code - Quality: 51% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
C-Code - Quality: 24% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
Function 00E92965, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 114libraryloaderCOMMON
C-Code - Quality: 37% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
Function 00E9D143, Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 181registryCOMMON
C-Code - Quality: 91% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
C-Code - Quality: 29% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
C-Code - Quality: 79% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
C-Code - Quality: 29% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
Function 00EA188D, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 217registryCOMMON
C-Code - Quality: 91% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
C-Code - Quality: 65% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
Function 00E99D69, Relevance: 10.7, APIs: 7, Instructions: 175COMMON
C-Code - Quality: 30% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
C-Code - Quality: 60% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
Function 00E928A9, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 71libraryloaderCOMMON
C-Code - Quality: 72% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
C-Code - Quality: 48% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
Function 00E922DF, Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 41libraryloaderCOMMON
C-Code - Quality: 75% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
Function 00E92237, Relevance: 9.1, APIs: 6, Instructions: 76COMMON
C-Code - Quality: 91% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
Function 00E9F489, Relevance: 9.1, APIs: 6, Instructions: 57COMMON
C-Code - Quality: 34% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
C-Code - Quality: 82% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
C-Code - Quality: 27% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
C-Code - Quality: 81% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
C-Code - Quality: 60% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
C-Code - Quality: 72% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
C-Code - Quality: 71% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
Function 00E928A9, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 71libraryloaderCOMMON
C-Code - Quality: 72% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
C-Code - Quality: 36% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
Function 00E91F10, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42registrylibraryloaderCOMMON
C-Code - Quality: 68% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
Function 00E97EF0, Relevance: 7.6, APIs: 5, Instructions: 136COMMON
C-Code - Quality: 36% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
Function 00E99F8B, Relevance: 7.6, APIs: 5, Instructions: 117COMMON
C-Code - Quality: 34% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
C-Code - Quality: 83% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
Function 00EA12BB, Relevance: 7.6, APIs: 5, Instructions: 65COMMON
C-Code - Quality: 31% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
C-Code - Quality: 93% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
C-Code - Quality: 61% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
C-Code - Quality: 91% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
C-Code - Quality: 75% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
C-Code - Quality: 80% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
C-Code - Quality: 16% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
C-Code - Quality: 37% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
C-Code - Quality: 16% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
C-Code - Quality: 74% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
C-Code - Quality: 25% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
Function 00E91F75, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMON
C-Code - Quality: 18% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
C-Code - Quality: 16% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
Function 00E990D4, Relevance: 6.1, APIs: 4, Instructions: 89COMMON
C-Code - Quality: 44% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
C-Code - Quality: 93% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
C-Code - Quality: 93% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
C-Code - Quality: 37% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
C-Code - Quality: 81% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
C-Code - Quality: 60% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
C-Code - Quality: 82% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
C-Code - Quality: 87% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
C-Code - Quality: 58% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
C-Code - Quality: 75% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
C-Code - Quality: 75% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
C-Code - Quality: 37% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
Function 00E9235A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56registryCOMMON
C-Code - Quality: 74% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
Function 00E9823D, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51windowCOMMON
C-Code - Quality: 73% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
Function 00E92F7A, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50threadCOMMON
C-Code - Quality: 83% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
C-Code - Quality: 94% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
C-Code - Quality: 80% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
C-Code - Quality: 94% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
Function 00E97593, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28libraryloaderCOMMON
C-Code - Quality: 42% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
Function 00E97559, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 23libraryloaderCOMMON
C-Code - Quality: 42% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1,00% |