Analysis Report Setup.exe
Overview
General Information |
---|
Joe Sandbox Version: | 25.0.0 Tiger's Eye |
Analysis ID: | 825331 |
Start date: | 26.03.2019 |
Start time: | 15:20:32 |
Joe Sandbox Product: | Cloud |
Overall analysis duration: | 0h 12m 5s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | Setup.exe |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Analysis system description: | Windows 7 x64 (Office 2003 SP3, Java 1.8.0_40, Flash 16.0.0.305, Acrobat Reader 11.0.08, Internet Explorer 11, Chrome 41, Firefox 36) |
Number of analysed new started processes analysed: | 19 |
Number of new started drivers analysed: | 1 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies |
|
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal68.evad.winEXE@13/20@7/2 |
EGA Information: |
|
HDC Information: |
|
HCA Information: | Failed |
Cookbook Comments: |
|
Warnings: | Show All
|
Detection |
---|
Strategy | Score | Range | Reporting | Whitelisted | Detection | |
---|---|---|---|---|---|---|
Threshold | 68 | 0 - 100 | Report FP / FN | false |
Confidence |
---|
Strategy | Score | Range | Further Analysis Required? | Confidence | |
---|---|---|---|---|---|
Threshold | 5 | 0 - 5 | false |
Classification |
---|
Analysis Advice |
---|
Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox |
Sample has a GUI, but Joe Sandbox has not found any clickable buttons, likely more UI automation may extend behavior |
Sample has functionality to log and monitor keystrokes, analyze it with the 'Simulates keyboard and window changes' cookbook |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control |
---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Command-Line Interface1 | Bootkit1 | Process Injection1 | Disabling Security Tools21 | Input Capture11 | Account Discovery1 | Application Deployment Software | Input Capture11 | Data Compressed | Standard Cryptographic Protocol1 |
Replication Through Removable Media | Service Execution | Modify Existing Service2 | New Service1 | Process Injection1 | Network Sniffing | Security Software Discovery21 | Remote Services | Clipboard Data1 | Exfiltration Over Other Network Medium | Standard Non-Application Layer Protocol1 |
Drive-by Compromise | Windows Management Instrumentation | New Service1 | Path Interception | Obfuscated Files or Information2 | Input Capture | Remote System Discovery1 | Windows Remote Management | Data from Network Shared Drive | Automated Exfiltration | Standard Application Layer Protocol1 |
Exploit Public-Facing Application | Scheduled Task | System Firmware | DLL Search Order Hijacking | Obfuscated Files or Information | Credentials in Files | System Information Discovery23 | Logon Scripts | Input Capture | Data Encrypted | Multiband Communication |
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Multi AV Scanner detection for domain / URL | Show sources |
Source: | virustotal: | Perma Link |
Multi AV Scanner detection for submitted file | Show sources |
Source: | virustotal: | Perma Link |
Spreading: |
---|
Contains functionality to enumerate / list files inside a directory | Show sources |
Source: | Code function: | 16_2_01272650 | |
Source: | Code function: | 16_2_01272B00 |
Networking: |
---|
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) | Show sources |
Source: | Snort IDS: |
Found strings which match to known social media urls | Show sources |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Performs DNS lookups | Show sources |
Source: | DNS traffic detected: |
Urls found in memory or binary data | Show sources |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Key, Mouse, Clipboard, Microphone and Screen Capturing: |
---|
Contains functionality for read data from the clipboard | Show sources |
Source: | Code function: | 16_2_012E4052 |
Contains functionality to retrieve information about pressed keystrokes | Show sources |
Source: | Code function: | 16_2_012DC0F5 |
E-Banking Fraud: |
---|
Drops certificate files (DER) | Show sources |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
System Summary: |
---|
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc) | Show sources |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Creates driver files | Show sources |
Source: | File created: | Jump to behavior |
Creates files inside the driver directory | Show sources |
Source: | File created: | Jump to behavior |
Creates files inside the system directory | Show sources |
Source: | File created: | Jump to behavior |
Creates mutexes | Show sources |
Source: | Mutant created: |
Deletes files inside the Windows folder | Show sources |
Source: | File deleted: | Jump to behavior |
Detected potential crypto function | Show sources |
Source: | Code function: | 16_2_01273800 | |
Source: | Code function: | 16_2_0136C3B9 | |
Source: | Code function: | 16_2_012D674A | |
Source: | Code function: | 16_2_012A29FD | |
Source: | Code function: | 16_2_012D4B8A | |
Source: | Code function: | 16_2_012FCEB8 |
Enables driver privileges | Show sources |
Source: | Process token adjusted: | Jump to behavior |
Found potential string decryption / allocating functions | Show sources |
PE file contains strange resources | Show sources |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
PE file does not import any functions | Show sources |
Source: | Static PE information: |
Reads the hosts file | Show sources |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Sample file is different than original file name gathered from version info | Show sources |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Spawns drivers | Show sources |
Source: | Driver loaded: |
Binary contains device paths (device paths are often used for kernel mode <-> user mode communication) | Show sources |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Classification label | Show sources |
Source: | Classification label: |
Contains functionality to adjust token privileges (e.g. debug / backup) | Show sources |
Source: | Code function: | 16_2_01274480 |
Contains functionality to instantiate COM classes | Show sources |
Source: | Code function: | 16_2_0127E37E |
Contains functionality to load and extract PE file embedded resources | Show sources |
Source: | Code function: | 16_2_012865DC |
Creates files inside the user directory | Show sources |
Source: | File created: | Jump to behavior |
Creates temporary files | Show sources |
Source: | File created: | Jump to behavior |
Found command line output | Show sources |
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior |
PE file has an executable .text section and no other executable section | Show sources |
Source: | Static PE information: |
Parts of this applications are using the .NET runtime (Probably coded in C#) | Show sources |
Source: | Section loaded: | Jump to behavior |
Reads ini files | Show sources |
Source: | File read: | Jump to behavior |
Reads software policies | Show sources |
Source: | Key opened: | Jump to behavior |
Runs a DLL by calling functions | Show sources |
Source: | Process created: |
Sample is known by Antivirus | Show sources |
Source: | virustotal: |
Spawns processes | Show sources |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Uses an in-process (OLE) Automation server | Show sources |
Source: | Key value queried: | Jump to behavior |
Found graphical window changes (likely an installer) | Show sources |
Source: | Window detected: |
PE file has a big code size | Show sources |
Source: | Static PE information: |
Submission file is bigger than most known malware samples | Show sources |
Source: | Static file information: |
PE file has a big raw section | Show sources |
Source: | Static PE information: | ||
Source: | Static PE information: |
PE file imports many functions | Show sources |
Source: | Static PE information: |
Contains modern PE file flags such as dynamic base (ASLR) or NX | Show sources |
Source: | Static PE information: |
Binary contains paths to debug symbols | Show sources |
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation: |
---|
Uses code obfuscation techniques (call, push, ret) | Show sources |
Source: | Code function: | 16_2_012DE29B |
Persistence and Installation Behavior: |
---|
Uses ipconfig to lookup or modify the Windows network settings | Show sources |
Source: | Process created: |
Drops PE files | Show sources |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Drops PE files to the windows directory (C:\Windows) | Show sources |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
May use bcdedit to modify the Windows boot settings | Show sources |
Source: | Binary or memory string: |
Contains functionality to read ini properties file for application configuration | Show sources |
Source: | Code function: | 16_2_01273800 |
Boot Survival: |
---|
Creates or modifies windows services | Show sources |
Source: | Registry key created: | Jump to behavior |
Modifies existing windows services | Show sources |
Source: | Registry key value modified: | Jump to behavior |
Hooking and other Techniques for Hiding and Protection: |
---|
Contains functionality to check if a window is minimized (may be used to check if an application is visible) | Show sources |
Source: | Code function: | 16_2_012AE06E | |
Source: | Code function: | 16_2_012C831C | |
Source: | Code function: | 16_2_012B2290 | |
Source: | Code function: | 16_2_012C240F | |
Source: | Code function: | 16_2_012C04F4 | |
Source: | Code function: | 16_2_01298DD7 | |
Source: | Code function: | 16_2_012C0F83 | |
Source: | Code function: | 16_2_012C0F83 | |
Source: | Code function: | 16_2_012C0F83 |
Extensive use of GetProcAddress (often used to hide API calls) | Show sources |
Source: | Code function: | 16_2_0127F4B4 |
Stores large binary data to the registry | Show sources |
Source: | Key value created or modified: | Jump to behavior |
Disables application error messsages (SetErrorMode) | Show sources |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Checks the free space of harddrives | Show sources |
Source: | File Volume queried: | Jump to behavior |
Contains long sleeps (>= 3 min) | Show sources |
Source: | Thread delayed: | Jump to behavior |
Found dropped PE file which has not been started or loaded | Show sources |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Found evasive API chain (may stop execution after checking a module file name) | Show sources |
Source: | Evasive API call chain: | graph_16-31877 |
Found large amount of non-executed APIs | Show sources |
Source: | API coverage: |
May sleep (evasive loops) to hinder dynamic analysis | Show sources |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Contains functionality to enumerate / list files inside a directory | Show sources |
Source: | Code function: | 16_2_01272650 | |
Source: | Code function: | 16_2_01272B00 |
Contains functionality to query system information | Show sources |
Source: | Code function: | 16_2_0136CB07 |
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) | Show sources |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Program exit points | Show sources |
Source: | API call chain: | graph_16-31876 |
Anti Debugging: |
---|
Checks for kernel debuggers (NtQuerySystemInformation(SystemKernelDebuggerInformation)) | Show sources |
Source: | System information queried: | Jump to behavior |
Contains functionality to check if a debugger is running (IsDebuggerPresent) | Show sources |
Source: | Code function: | 16_2_0136EA27 |
Contains functionality to create guard pages, often used to hinder reverse engineering and debugging | Show sources |
Source: | Code function: | 16_2_0136CB07 |
Contains functionality to register its own exception handler | Show sources |
Source: | Code function: | 16_2_0136EA27 |
Creates guard pages, often used to prevent reverse engineering and debugging | Show sources |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion: |
---|
Creates a process in suspended mode (likely to inject code) | Show sources |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Very long cmdline option found, this is very uncommon (may be encrypted or packed) | Show sources |
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Contains functionality to add an ACL to a security descriptor | Show sources |
Source: | Code function: | 16_2_012745E0 |
Language, Device and Operating System Detection: |
---|
Contains functionality locales information (e.g. system language) | Show sources |
Source: | Code function: | 16_2_01274D46 |
Queries the volume information (name, serial number etc) of a device | Show sources |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Contains functionality to query local / system time | Show sources |
Source: | Code function: | 16_2_0136C70D |
Contains functionality to query the account / user name | Show sources |
Source: | Code function: | 16_2_012745E0 |
Contains functionality to query windows version | Show sources |
Source: | Code function: | 16_2_0127F4B4 |
Queries the cryptographic machine GUID | Show sources |
Source: | Key value queried: | Jump to behavior |
Lowering of HIPS / PFW / Operating System Security Settings: |
---|
Adds / modifies Windows certificates | Show sources |
Source: | Registry key created or modified: | Jump to behavior |
Samplename | Analysis ID | SHA256 | Similarity |
---|
Behavior Graph |
---|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
15:22:34 | API Interceptor | |
15:23:07 | API Interceptor | |
15:23:08 | API Interceptor | |
15:23:09 | API Interceptor | |
15:24:38 | API Interceptor | |
15:25:03 | API Interceptor |
Antivirus Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
41% | virustotal | Browse |
Dropped Files |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | virustotal | Browse | ||
0% | metadefender | Browse | ||
0% | metadefender | Browse | ||
0% | metadefender | Browse | ||
0% | metadefender | Browse |
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
13% | virustotal | Browse |
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Yara Overview |
---|
Initial Sample |
---|
No yara matches |
---|
PCAP (Network Traffic) |
---|
No yara matches |
---|
Dropped Files |
---|
No yara matches |
---|
Memory Dumps |
---|
No yara matches |
---|
Unpacked PEs |
---|
No yara matches |
---|
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
1.0.0.0 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
dns.msftncsi.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
unknown | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
unknown | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Startup |
---|
|
Created / dropped Files |
---|
Process: | C:\Windows\System32\drvinst.exe |
File Type: | |
Size (bytes): | 1680 |
Entropy (8bit): | 3.794130244868423 |
Encrypted: | false |
MD5: | 27447620A1E276F8DB727001513913D7 |
SHA1: | 1CD0A52CE2726D5C4146F84BC1FF342E02D1789A |
SHA-256: | 1B2F32656AC3183033F76631C4DA8BF3EAD0C69BC1F8CAE8D8535AC6D1131703 |
SHA-512: | 4C0C8CB8BF4B34670C6ED7FB35ABBC862D183185D796B5F9DFA3748F42D046942D5CC7250C2061FECEB2CF5EC32462AFDB719968309233D7507ED564681A800F |
Malicious: | false |
Reputation: | low |
Process: | C:\Windows\System32\drvinst.exe |
File Type: | |
Size (bytes): | 8697024 |
Entropy (8bit): | 3.671807434960589 |
Encrypted: | false |
MD5: | 3B435A9265689328BC2CDC1AD52F6D52 |
SHA1: | FAFEFBDB18B1EC565D6FBAF695D99A8F8B75913B |
SHA-256: | F414D8732194F66C7F8B5B179CC4450754BE0C15D043C5B9F88E63D49C545A8B |
SHA-512: | 3D7403D80364292088E180733F5F1709E6FB677EE7E9E5F0675F10033BE08CF004FC242756BFCE0747BF45577DA4F48C145D72C6B4C3BBB26BE122A3BB8C8895 |
Malicious: | false |
Reputation: | low |
Process: | C:\Windows\System32\drvinst.exe |
File Type: | |
Size (bytes): | 1680 |
Entropy (8bit): | 3.794130244868423 |
Encrypted: | false |
MD5: | 27447620A1E276F8DB727001513913D7 |
SHA1: | 1CD0A52CE2726D5C4146F84BC1FF342E02D1789A |
SHA-256: | 1B2F32656AC3183033F76631C4DA8BF3EAD0C69BC1F8CAE8D8535AC6D1131703 |
SHA-512: | 4C0C8CB8BF4B34670C6ED7FB35ABBC862D183185D796B5F9DFA3748F42D046942D5CC7250C2061FECEB2CF5EC32462AFDB719968309233D7507ED564681A800F |
Malicious: | false |
Reputation: | low |
Process: | C:\Users\user\Downloads\net\infinstaller.exe |
File Type: | |
Size (bytes): | 7848 |
Entropy (8bit): | 7.13275648209528 |
Encrypted: | false |
MD5: | 8A078A581344830B36985CC662371CC6 |
SHA1: | F82D726BBE112A963C19196BE416B68DE90BFFDA |
SHA-256: | 4A402DFE7398904CF0936423B643EB6C3500AE6A03C64BCC97CF9B0DBB913666 |
SHA-512: | 15179178F30D931BD95E201831DC596F5549FCE145CB8C67C0BDFBE2F771D4AF0204A61489F905ED0F0D9ED4ADBEC2D3A19F78E6003BCA3C9C83DA043B321992 |
Malicious: | false |
Reputation: | low |
Process: | C:\Users\user\Downloads\net\infinstaller.exe |
File Type: | |
Size (bytes): | 13408 |
Entropy (8bit): | 5.89147713460407 |
Encrypted: | false |
MD5: | 03971EBE3A44C376775B9B8379596D37 |
SHA1: | B837C4093DCFF47E9DA496D938A17C554E7B1876 |
SHA-256: | 887FB361C639DFE437210C45EDABA55055E036C70659FD137F078B102BE9E13C |
SHA-512: | B26EA8189094677255D9D1064CD074D872588D4240994EA5BD5F0BBE028A5A74902EDE9C879A662CE328C0491896D69D823FADA2EEC744097DBEB98E1009D3F1 |
Malicious: | false |
Antivirus: | |
Reputation: | low |
Process: | C:\Users\user\Downloads\net\infinstaller.exe |
File Type: | |
Size (bytes): | 4814 |
Entropy (8bit): | 5.1374201276410565 |
Encrypted: | false |
MD5: | 189769D5A8EFEBBCB7C75C1F85AC6C0B |
SHA1: | ABA8DCBA523A9C71AABEAF8D319B11273C627013 |
SHA-256: | 5694AA37047A39850952C4FE785A2C9BDA12B8E4E07A19DAF9B0B8D903C06D4E |
SHA-512: | 7EBBF7C1996BE49413656C7FDD46CC065BC504E3E193A0ED32A4CE9C0FF9B0376DA4861C589292BADD6E7406C122727CD7044820492A86A4E169597432B01BAE |
Malicious: | false |
Reputation: | low |
Process: | C:\Windows\System32\7za.exe |
File Type: | |
Size (bytes): | 16384 |
Entropy (8bit): | 2.2914319886794576 |
Encrypted: | false |
MD5: | D3807948AF7572C58FFBF532DEA4E6C4 |
SHA1: | 0FAC58243C9A8283867BD27EA68CD9B5AE7DEDC9 |
SHA-256: | E9BDBD1DB863C0ABF4C9204C4BA179BE211C542139830CD2FD2E1518D11859E1 |
SHA-512: | 59A76D4FF1757A247516A9DC9396100E46533E1A984ACC87AB6C950FC1FA950B2EB1DF3CF8BADDA6FECF7B383A5C0A8DC414A5C3413745CA54AE94E91BC22361 |
Malicious: | false |
Reputation: | low |
Process: | C:\Windows\System32\7za.exe |
File Type: | |
Size (bytes): | 4814 |
Entropy (8bit): | 5.1374201276410565 |
Encrypted: | false |
MD5: | 189769D5A8EFEBBCB7C75C1F85AC6C0B |
SHA1: | ABA8DCBA523A9C71AABEAF8D319B11273C627013 |
SHA-256: | 5694AA37047A39850952C4FE785A2C9BDA12B8E4E07A19DAF9B0B8D903C06D4E |
SHA-512: | 7EBBF7C1996BE49413656C7FDD46CC065BC504E3E193A0ED32A4CE9C0FF9B0376DA4861C589292BADD6E7406C122727CD7044820492A86A4E169597432B01BAE |
Malicious: | false |
Reputation: | low |
Process: | C:\Windows\System32\7za.exe |
File Type: | |
Size (bytes): | 7848 |
Entropy (8bit): | 7.13275648209528 |
Encrypted: | false |
MD5: | 8A078A581344830B36985CC662371CC6 |
SHA1: | F82D726BBE112A963C19196BE416B68DE90BFFDA |
SHA-256: | 4A402DFE7398904CF0936423B643EB6C3500AE6A03C64BCC97CF9B0DBB913666 |
SHA-512: | 15179178F30D931BD95E201831DC596F5549FCE145CB8C67C0BDFBE2F771D4AF0204A61489F905ED0F0D9ED4ADBEC2D3A19F78E6003BCA3C9C83DA043B321992 |
Malicious: | false |
Reputation: | low |
Process: | C:\Windows\System32\7za.exe |
File Type: | |
Size (bytes): | 13408 |
Entropy (8bit): | 5.89147713460407 |
Encrypted: | false |
MD5: | 03971EBE3A44C376775B9B8379596D37 |
SHA1: | B837C4093DCFF47E9DA496D938A17C554E7B1876 |
SHA-256: | 887FB361C639DFE437210C45EDABA55055E036C70659FD137F078B102BE9E13C |
SHA-512: | B26EA8189094677255D9D1064CD074D872588D4240994EA5BD5F0BBE028A5A74902EDE9C879A662CE328C0491896D69D823FADA2EEC744097DBEB98E1009D3F1 |
Malicious: | false |
Antivirus: |
|
Reputation: | low |
Process: | C:\Windows\System32\drvinst.exe |
File Type: | |
Size (bytes): | 11032 |
Entropy (8bit): | 3.585488421436561 |
Encrypted: | false |
MD5: | B943D813E8A0A27D314710BAC9D16792 |
SHA1: | 298D74B1ECB05342ACD7DC1659A48B4541A7C910 |
SHA-256: | 01EB5782CB4201CE82758BEB6B06C6897ED97BD2CBB03BF9B4159F181C4B9289 |
SHA-512: | 0EAB484725DA42A98C4EB05F6BB7CD1EF0A93C08F258C557D2CA45DE619CF8822DA1CFBDDFE312D818B2BA617CD199D546A046B00AA6F3E2DCAFDBB544869EF4 |
Malicious: | false |
Reputation: | low |
Process: | C:\Windows\System32\drvinst.exe |
File Type: | |
Size (bytes): | 1475584 |
Entropy (8bit): | 4.355889521389985 |
Encrypted: | false |
MD5: | 8B36704D29A029D5D699C0ABCC7A2591 |
SHA1: | 5376D928F841B6219DB0C0160802E93A8E7DE94B |
SHA-256: | 082598809BE3606CBF351AC77D541C7D2EAB0DBD376A3C4C836864EB8F4D9E5B |
SHA-512: | 49D203732181E2F87A3555F4E8C38CE63BF5E02805B136285EE43DA379E9F2FF760C15438CD62E8466F704633EAFD6133AD2098383317F7E4DBCBBC2E18248CB |
Malicious: | false |
Reputation: | low |
Process: | C:\Windows\System32\drvinst.exe |
File Type: | |
Size (bytes): | 7848 |
Entropy (8bit): | 7.13275648209528 |
Encrypted: | false |
MD5: | 8A078A581344830B36985CC662371CC6 |
SHA1: | F82D726BBE112A963C19196BE416B68DE90BFFDA |
SHA-256: | 4A402DFE7398904CF0936423B643EB6C3500AE6A03C64BCC97CF9B0DBB913666 |
SHA-512: | 15179178F30D931BD95E201831DC596F5549FCE145CB8C67C0BDFBE2F771D4AF0204A61489F905ED0F0D9ED4ADBEC2D3A19F78E6003BCA3C9C83DA043B321992 |
Malicious: | false |
Reputation: | low |
Process: | C:\Windows\System32\drvinst.exe |
File Type: | |
Size (bytes): | 13408 |
Entropy (8bit): | 5.89147713460407 |
Encrypted: | false |
MD5: | 03971EBE3A44C376775B9B8379596D37 |
SHA1: | B837C4093DCFF47E9DA496D938A17C554E7B1876 |
SHA-256: | 887FB361C639DFE437210C45EDABA55055E036C70659FD137F078B102BE9E13C |
SHA-512: | B26EA8189094677255D9D1064CD074D872588D4240994EA5BD5F0BBE028A5A74902EDE9C879A662CE328C0491896D69D823FADA2EEC744097DBEB98E1009D3F1 |
Malicious: | false |
Antivirus: |
|
Reputation: | low |
Process: | C:\Windows\System32\drvinst.exe |
File Type: | |
Size (bytes): | 4814 |
Entropy (8bit): | 5.1374201276410565 |
Encrypted: | false |
MD5: | 189769D5A8EFEBBCB7C75C1F85AC6C0B |
SHA1: | ABA8DCBA523A9C71AABEAF8D319B11273C627013 |
SHA-256: | 5694AA37047A39850952C4FE785A2C9BDA12B8E4E07A19DAF9B0B8D903C06D4E |
SHA-512: | 7EBBF7C1996BE49413656C7FDD46CC065BC504E3E193A0ED32A4CE9C0FF9B0376DA4861C589292BADD6E7406C122727CD7044820492A86A4E169597432B01BAE |
Malicious: | false |
Reputation: | low |
Process: | C:\Users\user\Downloads\net\infinstaller.exe |
File Type: | |
Size (bytes): | 135 |
Entropy (8bit): | 4.787853287614332 |
Encrypted: | false |
MD5: | 12A16E641F7E0667AAF2966DD7077625 |
SHA1: | 1E8BACCBF6400B3607DFC695BE210B659E653BF3 |
SHA-256: | A3D12D1847636A90735CD9FFF451D57FE1F8CCA6B2C4396B092D950C0C780464 |
SHA-512: | B45BBFBBD93B28026E77915BC29F001679A791EF2CDFAA7CAA93220850120D1F923F2B552F993A028563DF414864AA178E6053C92583EA07BA4DE4F2C1592F97 |
Malicious: | false |
Reputation: | low |
Process: | C:\Windows\System32\drvinst.exe |
File Type: | |
Size (bytes): | 13408 |
Entropy (8bit): | 5.89147713460407 |
Encrypted: | false |
MD5: | 03971EBE3A44C376775B9B8379596D37 |
SHA1: | B837C4093DCFF47E9DA496D938A17C554E7B1876 |
SHA-256: | 887FB361C639DFE437210C45EDABA55055E036C70659FD137F078B102BE9E13C |
SHA-512: | B26EA8189094677255D9D1064CD074D872588D4240994EA5BD5F0BBE028A5A74902EDE9C879A662CE328C0491896D69D823FADA2EEC744097DBEB98E1009D3F1 |
Malicious: | false |
Antivirus: |
|
Reputation: | low |
Process: | C:\Windows\System32\drvinst.exe |
File Type: | |
Size (bytes): | 11032 |
Entropy (8bit): | 3.584824680499446 |
Encrypted: | false |
MD5: | 32CD30FD68F2FF1B3635481FF7039108 |
SHA1: | C75AA2EF007625FBD0E7FE8D2CE5B038C17DA1AE |
SHA-256: | 97F933D2E5C3ABFE7C6E6DB2019ABBB66C0F8FE4A0E282C5DC65969C4CC3E3CC |
SHA-512: | 6692C9BC3EC632EE5D65F154152E4579B9B74B1734DF8BD5C7168ED2F3DAE0A449DCBB2C3841037696263385EAC50B6ADB3B83C1EAC96239C687C3D323EC58ED |
Malicious: | false |
Reputation: | low |
Process: | C:\Windows\System32\drvinst.exe |
File Type: | |
Size (bytes): | 4814 |
Entropy (8bit): | 5.1374201276410565 |
Encrypted: | false |
MD5: | 189769D5A8EFEBBCB7C75C1F85AC6C0B |
SHA1: | ABA8DCBA523A9C71AABEAF8D319B11273C627013 |
SHA-256: | 5694AA37047A39850952C4FE785A2C9BDA12B8E4E07A19DAF9B0B8D903C06D4E |
SHA-512: | 7EBBF7C1996BE49413656C7FDD46CC065BC504E3E193A0ED32A4CE9C0FF9B0376DA4861C589292BADD6E7406C122727CD7044820492A86A4E169597432B01BAE |
Malicious: | false |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
dns.msftncsi.com | 131.107.255.255 | true | false | high | |
ipv6.msftncsi.com | unknown | unknown | false | high | |
asushotfix.com | unknown | unknown | true | 13%, virustotal, Browse | unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
true |
| unknown | ||
false | high | |||
true |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|
169.254.255.255 | Reserved | 6966 | unknown | false | |
1.0.0.0 | Australia | 13335 | unknown | false |
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 6.418347806415894 |
TrID: |
|
File name: | Setup.exe |
File size: | 3333936 |
MD5: | 55a7aa5f0e52ba4d78c145811c830107 |
SHA1: | e005c58331eb7db04782fdf9089111979ce1406f |
SHA256: | 9a72f971944fcb7a143017bc5c6c2db913bbb59f923110198ebd5a78809ea5fc |
SHA512: | 9fec51b649374095fa6cd26bdec02cf8fbbd1381f1895f478ebc8c339c08609c50261a7d9f09e2242ce7e911d8e4b7e09b221065e63fb6e3e0065c5c6bf1796d |
SSDEEP: | 98304:QzVRcdYETHvs4d9VeL2TKvrYhBjXrToaFmWMyDnV1K+e1Fw6qtnLD7UEnBgbAZJb:HdjsmUexXrToaFmS+bFYD7UIfwyiJiKO |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........|.SO...O...O.......N...Fe'.B...Fe7.j...O...Q... k:.d... k...... k..0... k>.N... k9.N...RichO...................PE..L...X..U... |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x4f7a01 |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE |
DLL Characteristics: | TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x5510B658 [Tue Mar 24 00:56:56 2015 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 1 |
File Version Major: | 5 |
File Version Minor: | 1 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 1 |
Import Hash: | a22d038fcd8e82d4cc8f31fa49212724 |
Authenticode Signature |
---|
Signature Valid: | |
Signature Issuer: | |
Signature Validation Error: | |
Error Number: | |
Not Before, Not After | |
Subject Chain | |
Version: | |
Thumbprint: | |
Serial: |
Entrypoint Preview |
---|
Instruction |
---|
call 00007F3430CE2F47h |
jmp 00007F3430CDC04Eh |
mov edi, edi |
push ebp |
mov ebp, esp |
cmp dword ptr [ebp+08h], 00000000h |
je 00007F3430CDC1EFh |
push dword ptr [ebp+08h] |
push 00000000h |
push dword ptr [0056BFBCh] |
call dword ptr [0051C2ACh] |
test eax, eax |
jne 00007F3430CDC1DAh |
push esi |
call 00007F3430CDE2AFh |
mov esi, eax |
call dword ptr [0051C40Ch] |
push eax |
call 00007F3430CDE25Fh |
pop ecx |
mov dword ptr [esi], eax |
pop esi |
pop ebp |
ret |
mov edi, edi |
push ebp |
mov ebp, esp |
push ecx |
push ecx |
mov eax, dword ptr [ebp+0Ch] |
push edi |
mov edi, dword ptr [ebp+08h] |
test eax, eax |
je 00007F3430CDC1C4h |
mov dword ptr [eax], edi |
test edi, edi |
jne 00007F3430CDC1D9h |
call 00007F3430CDE27Eh |
mov dword ptr [eax], 00000016h |
call 00007F3430CE32FAh |
xor eax, eax |
jmp 00007F3430CDC355h |
cmp dword ptr [ebp+10h], 00000000h |
je 00007F3430CDC1CEh |
cmp dword ptr [ebp+10h], 02h |
jl 00007F3430CDC19Fh |
cmp dword ptr [ebp+10h], 24h |
jnle 00007F3430CDC199h |
and dword ptr [ebp-04h], 00000000h |
push ebx |
push esi |
push 00000008h |
pop ebx |
movzx esi, word ptr [edi] |
push ebx |
push esi |
add edi, 02h |
call 00007F3430CE30ECh |
pop ecx |
pop ecx |
test eax, eax |
jne 00007F3430CDC1AFh |
cmp si, 002Dh |
jne 00007F3430CDC1C8h |
or dword ptr [ebp+14h], 02h |
jmp 00007F3430CDC1C8h |
cmp si, 002Bh |
jne 00007F3430CDC1C8h |
movzx esi, word ptr [edi] |
add edi, 02h |
cmp dword ptr [ebp+10h], 00000000h |
jne 00007F3430CDC1EFh |
Rich Headers |
---|
Programming Language: |
|
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x15b0c0 | 0x168 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x16e000 | 0x1a0404 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x32d200 | 0xd30 | .reloc |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x30f000 | 0x19aa0 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x11c000 | 0x974 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x11a801 | 0x11aa00 | False | 0.562455944549 | data | 6.51869111979 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x11c000 | 0x4245e | 0x42600 | False | 0.26286634887 | data | 4.96681481395 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x15f000 | 0xe79c | 0x6000 | False | 0.279663085938 | data | 4.65659126249 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x16e000 | 0x1a0404 | 0x1a0600 | False | 0.491047639598 | data | 6.44912683193 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x30f000 | 0x29684 | 0x29800 | False | 0.260265672063 | data | 4.88242030139 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
EXE | 0x16ec78 | 0x195e00 | data | English | United States |
RT_CURSOR | 0x304a78 | 0x134 | data | English | United States |
RT_CURSOR | 0x304bac | 0xb4 | data | English | United States |
RT_CURSOR | 0x304c60 | 0x134 | AmigaOS bitmap font | English | United States |
RT_CURSOR | 0x304d94 | 0x134 | data | English | United States |
RT_CURSOR | 0x304ec8 | 0x134 | data | English | United States |
RT_CURSOR | 0x304ffc | 0x134 | data | English | United States |
RT_CURSOR | 0x305130 | 0x134 | data | English | United States |
RT_CURSOR | 0x305264 | 0x134 | data | English | United States |
RT_CURSOR | 0x305398 | 0x134 | data | English | United States |
RT_CURSOR | 0x3054cc | 0x134 | data | English | United States |
RT_CURSOR | 0x305600 | 0x134 | data | English | United States |
RT_CURSOR | 0x305734 | 0x134 | data | English | United States |
RT_CURSOR | 0x305868 | 0x134 | AmigaOS bitmap font | English | United States |
RT_CURSOR | 0x30599c | 0x134 | data | English | United States |
RT_CURSOR | 0x305ad0 | 0x134 | data | English | United States |
RT_CURSOR | 0x305c04 | 0x134 | data | English | United States |
RT_BITMAP | 0x305d38 | 0xb8 | data | English | United States |
RT_BITMAP | 0x305df0 | 0x144 | data | English | United States |
RT_ICON | 0x305f34 | 0x668 | data | Chinese | Taiwan |
RT_ICON | 0x30659c | 0x2e8 | data | Chinese | Taiwan |
RT_ICON | 0x306884 | 0x128 | GLS_BINARY_LSB_FIRST | Chinese | Taiwan |
RT_ICON | 0x3069ac | 0xea8 | data | Chinese | Taiwan |
RT_ICON | 0x307854 | 0x8a8 | data | Chinese | Taiwan |
RT_ICON | 0x3080fc | 0x568 | GLS_BINARY_LSB_FIRST | Chinese | Taiwan |
RT_ICON | 0x308664 | 0x25a8 | data | Chinese | Taiwan |
RT_ICON | 0x30ac0c | 0x10a8 | data | Chinese | Taiwan |
RT_ICON | 0x30bcb4 | 0x468 | GLS_BINARY_LSB_FIRST | Chinese | Taiwan |
RT_DIALOG | 0x30c11c | 0xe8 | data | English | United States |
RT_DIALOG | 0x30c204 | 0x34 | data | English | United States |
RT_STRING | 0x30c238 | 0x82 | data | English | United States |
RT_STRING | 0x30c2bc | 0x2a | data | English | United States |
RT_STRING | 0x30c2e8 | 0x184 | data | English | United States |
RT_STRING | 0x30c46c | 0x4e6 | data | English | United States |
RT_STRING | 0x30c954 | 0x264 | data | English | United States |
RT_STRING | 0x30cbb8 | 0x2da | data | English | United States |
RT_STRING | 0x30ce94 | 0x8a | data | English | United States |
RT_STRING | 0x30cf20 | 0xac | data | English | United States |
RT_STRING | 0x30cfcc | 0xde | data | English | United States |
RT_STRING | 0x30d0ac | 0x4a8 | data | English | United States |
RT_STRING | 0x30d554 | 0x228 | data | English | United States |
RT_STRING | 0x30d77c | 0x2c | data | English | United States |
RT_STRING | 0x30d7a8 | 0x53c | data | English | United States |
RT_GROUP_CURSOR | 0x30dce4 | 0x22 | Lotus unknown worksheet or configuration, revision 0x2 | English | United States |
RT_GROUP_CURSOR | 0x30dd08 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
RT_GROUP_CURSOR | 0x30dd1c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
RT_GROUP_CURSOR | 0x30dd30 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
RT_GROUP_CURSOR | 0x30dd44 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
RT_GROUP_CURSOR | 0x30dd58 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
RT_GROUP_CURSOR | 0x30dd6c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
RT_GROUP_CURSOR | 0x30dd80 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
RT_GROUP_CURSOR | 0x30dd94 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
RT_GROUP_CURSOR | 0x30dda8 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
RT_GROUP_CURSOR | 0x30ddbc | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
RT_GROUP_CURSOR | 0x30ddd0 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
RT_GROUP_CURSOR | 0x30dde4 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
RT_GROUP_CURSOR | 0x30ddf8 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
RT_GROUP_CURSOR | 0x30de0c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
RT_GROUP_ICON | 0x30de20 | 0x84 | data | Chinese | Taiwan |
RT_VERSION | 0x30dea4 | 0x2f4 | data | English | United States |
RT_MANIFEST | 0x30e198 | 0x26a | ASCII text, with very long lines, with no line terminators | Chinese | Taiwan |
Imports |
---|
DLL | Import |
---|---|
KERNEL32.dll | SetEnvironmentVariableA, WriteConsoleW, GetTimeZoneInformation, LCMapStringW, IsValidCodePage, GetOEMCP, GetACP, GetCPInfo, GetConsoleMode, GetConsoleCP, IsProcessorFeaturePresent, IsDebuggerPresent, CloseHandle, UnhandledExceptionFilter, GetStringTypeW, QueryPerformanceCounter, HeapCreate, SetHandleCount, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetStdHandle, SetUnhandledExceptionFilter, GetFileType, SetStdHandle, VirtualQuery, GetSystemInfo, VirtualAlloc, HeapSize, HeapQueryInformation, HeapReAlloc, RaiseException, ExitThread, ExitProcess, HeapAlloc, GetSystemTimeAsFileTime, DecodePointer, EncodePointer, RtlUnwind, HeapFree, GetStartupInfoW, HeapSetInformation, GetCommandLineW, FindResourceExW, VirtualProtect, GetNumberFormatW, SearchPathW, GetProfileIntW, GetTickCount, InitializeCriticalSectionAndSpinCount, GetTempFileNameW, GetFileTime, GetFileSizeEx, GetFileAttributesW, FileTimeToLocalFileTime, GetFileAttributesExW, SetErrorMode, FileTimeToSystemTime, lstrlenA, GlobalGetAtomNameW, GetFullPathNameW, GetVolumeInformationW, DuplicateHandle, SetEndOfFile, UnlockFile, LockFile, GlobalFindAtomW, InterlockedIncrement, TlsFree, DeleteCriticalSection, GetExitCodeThread, TlsSetValue, TlsAlloc, InitializeCriticalSection, GlobalHandle, GlobalReAlloc, EnterCriticalSection, TlsGetValue, LeaveCriticalSection, LocalAlloc, CompareStringW, GlobalFlags, InterlockedDecrement, ReleaseActCtx, CreateActCtxW, GetCurrentDirectoryW, GlobalFree, CopyFileW, GlobalSize, GlobalUnlock, FormatMessageW, LocalFree, MulDiv, GlobalAddAtomW, WritePrivateProfileStringW, GetPrivateProfileIntW, ResumeThread, SetThreadPriority, lstrcmpA, GlobalDeleteAtom, GetCurrentThread, GetCurrentThreadId, GetUserDefaultUILanguage, ConvertDefaultLocale, GetSystemDefaultUILanguage, GetLocaleInfoW, ActivateActCtx, DeactivateActCtx, SetLastError, WideCharToMultiByte, GlobalLock, GlobalAlloc, InterlockedExchange, ReadFile, GetVersionExW, GetCurrentProcess, MultiByteToWideChar, CreateThread, LoadLibraryW, FreeLibrary, GetProcAddress, SetFilePointer, FlushFileBuffers, SetFileAttributesW, FindNextFileW, GetModuleHandleW, GetFileSize, GetLastError, GetPrivateProfileStringW, GetWindowsDirectoryW, lstrcatW, GetVersion, GetTempPathW, Sleep, GetModuleFileNameW, lstrcpyW, lstrcmpW, lstrcpynW, GetCurrentProcessId, DeleteFileW, RemoveDirectoryW, FindFirstFileW, FindClose, lstrlenW, CreateFileW, WriteFile, FreeResource, lstrcmpiW, OpenProcess, OutputDebugStringW, FindResourceW, LoadResource, LockResource, SizeofResource, WaitForSingleObject, TerminateProcess, LocalReAlloc |
USER32.dll | IsClipboardFormatAvailable, SetMenuDefaultItem, PostThreadMessageW, CreateMenu, IsMenu, UpdateLayeredWindow, EnableScrollBar, UnionRect, MonitorFromPoint, TranslateMDISysAccel, DrawMenuBar, DefMDIChildProcW, DefFrameProcW, CreateDialogIndirectParamW, GetNextDlgTabItem, EndDialog, UnpackDDElParam, ReuseDDElParam, LoadImageW, InsertMenuItemW, TranslateAcceleratorW, LockWindowUpdate, BringWindowToTop, SetCursorPos, SetRect, CreateAcceleratorTableW, LoadAcceleratorsW, GetKeyboardState, GetKeyboardLayout, MapVirtualKeyW, ToUnicodeEx, CopyAcceleratorTableW, DrawFocusRect, DrawFrameControl, DrawEdge, DrawIconEx, DrawStateW, MessageBeep, GetSystemMenu, LoadMenuW, SetClassLongW, GetAsyncKeyState, NotifyWinEvent, CreatePopupMenu, DestroyAcceleratorTable, SetParent, RedrawWindow, SetWindowRgn, IsZoomed, OffsetRect, IsRectEmpty, IntersectRect, UnregisterClassW, DestroyMenu, GetMenuItemInfoW, InflateRect, CharUpperW, DestroyIcon, IsIconic, ShowWindow, MoveWindow, IsDialogMessageW, CheckDlgButton, RegisterWindowMessageW, LoadIconW, SendDlgItemMessageW, SendDlgItemMessageA, WinHelpW, IsChild, GetClassLongW, SetPropW, GetPropW, CopyIcon, IsWindow, SetFocus, GetWindowTextLengthW, SetActiveWindow, BeginDeferWindowPos, EndDeferWindowPos, GetDlgItem, GetTopWindow, DestroyWindow, GetMessageTime, GetMessagePos, MonitorFromWindow, ScrollWindow, TrackPopupMenu, SetMenu, SetScrollRange, GetScrollRange, SetScrollPos, TranslateMessage, DispatchMessageW, PeekMessageW, PostMessageW, GetWindowThreadProcessId, GetScrollPos, SetForegroundWindow, ShowScrollBar, CreateWindowExW, GetClassInfoExW, RegisterClassW, AdjustWindowRectEx, EqualRect, DeferWindowPos, GetScrollInfo, SetScrollInfo, SetWindowPlacement, GetWindowPlacement, CallWindowProcW, GetMenu, SetWindowLongW, SetWindowPos, WaitMessage, ReleaseCapture, GetCapture, WindowFromPoint, SetCapture, GetSysColorBrush, GetClassInfoW, DefWindowProcW, MapWindowPoints, GetClientRect, LoadCursorW, SetLayeredWindowAttributes, GetSystemMetrics, EnumDisplayMonitors, SystemParametersInfoW, GetMonitorInfoW, SetRectEmpty, CopyRect, KillTimer, SetTimer, InvalidateRect, UpdateWindow, CharUpperBuffW, GetDoubleClickTime, GetIconInfo, IsCharLowerW, GetKeyNameTextW, MapVirtualKeyExW, SubtractRect, HideCaret, GetNextDlgGroupItem, MapDialogRect, DrawIcon, DestroyCursor, GetWindowRgn, GetDesktopWindow, RealChildWindowFromPoint, GetWindow, GetDlgCtrlID, GetWindowRect, GetClassNameW, PtInRect, SetWindowTextW, GetSysColor, EndPaint, FrameRect, GetUpdateRect, GetMenuDefaultItem, OpenClipboard, CopyImage, SetClipboardData, CloseClipboard, EmptyClipboard, GetForegroundWindow, RegisterClipboardFormatW, GetWindowTextW, EnumWindows, wsprintfW, PostQuitMessage, CheckMenuItem, EnableMenuItem, GetMenuState, RemovePropW, ModifyMenuW, SendMessageW, GetParent, GetFocus, LoadBitmapW, GetMenuCheckMarkDimensions, SetMenuItemBitmaps, ValidateRect, GetCursorPos, GetKeyState, IsWindowVisible, GetActiveWindow, GetMessageW, CallNextHookEx, SetWindowsHookExW, SetCursor, ShowOwnedPopups, MessageBoxW, EnableWindow, IsWindowEnabled, GetLastActivePopup, GetWindowLongW, RemoveMenu, GetSubMenu, GetMenuItemCount, InsertMenuW, GetMenuItemID, AppendMenuW, GetMenuStringW, DeleteMenu, UnhookWindowsHookEx, FillRect, TabbedTextOutW, DrawTextW, DrawTextExW, GrayStringW, ScreenToClient, ClientToScreen, GetDC, ReleaseDC, GetWindowDC, BeginPaint, InvertRect |
GDI32.dll | SetDIBColorTable, RealizePalette, StretchBlt, SetPixel, Rectangle, CreatePalette, GetPaletteEntries, GetNearestPaletteIndex, GetSystemPaletteEntries, LPtoDP, GetWindowOrgEx, GetViewportOrgEx, PtInRegion, FillRgn, FrameRgn, GetBoundsRect, ExtFloodFill, SetPaletteEntries, EnumFontFamiliesExW, GetTextFaceW, SetPixelV, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, GetRgnBox, OffsetRgn, Polygon, Ellipse, Polyline, CreateEllipticRgn, GetTextColor, GetBkColor, CreatePolygonRgn, CreateRoundRectRgn, CreateDIBSection, DPtoLP, PatBlt, CombineRgn, SetRectRgn, GetTextExtentPoint32W, GetTextCharsetInfo, EnumFontFamiliesW, GetTextMetricsW, CreateRectRgnIndirect, CreateCompatibleBitmap, CreateFontIndirectW, CreateDIBitmap, CreateHatchBrush, CreateSolidBrush, CreatePen, GetObjectType, SelectPalette, GetStockObject, CreateCompatibleDC, CreatePatternBrush, DeleteDC, ExtSelectClipRgn, ScaleWindowExtEx, SetWindowExtEx, OffsetWindowOrgEx, SetViewportOrgEx, SelectObject, Escape, ExtTextOutW, TextOutW, RectVisible, PtVisible, GetPixel, BitBlt, GetWindowExtEx, GetViewportExtEx, GetObjectW, CreateRectRgn, SelectClipRgn, DeleteObject, SetLayout, GetLayout, SetTextAlign, MoveToEx, LineTo, IntersectClipRect, ExcludeClipRect, GetClipBox, SetMapMode, CreateBitmap, GetDeviceCaps, CopyMetaFileW, CreateDCW, SaveDC, RestoreDC, SetBkColor, SetTextColor, SetBkMode, SetPolyFillMode, SetROP2, SetWindowOrgEx |
MSIMG32.dll | TransparentBlt, AlphaBlend |
COMDLG32.dll | GetFileTitleW |
WINSPOOL.DRV | DocumentPropertiesW, ClosePrinter, OpenPrinterW |
ADVAPI32.dll | RegSetValueExW, RegQueryValueExW, RegFlushKey, RegOpenKeyExW, RegCreateKeyExW, RegEnumKeyExW, RegEnumValueW, RegQueryValueW, RegEnumKeyW, RegDeleteKeyW, RegDeleteValueW, LookupAccountNameW, GetLengthSid, InitializeAcl, AddAccessAllowedAce, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, OpenProcessToken, GetTokenInformation, SetSecurityDescriptorOwner, SetFileSecurityW, LookupPrivilegeValueW, AdjustTokenPrivileges, AllocateAndInitializeSid, LookupAccountSidW, FreeSid, RegCloseKey |
SHELL32.dll | SHGetSpecialFolderLocation, SHGetPathFromIDListW, SHGetDesktopFolder, SHAppBarMessage, DragQueryFileW, DragFinish, SHGetFileInfoW, ShellExecuteW, SHGetSpecialFolderPathW, ShellExecuteExW, SHBrowseForFolderW |
COMCTL32.dll | ImageList_GetIconSize |
SHLWAPI.dll | PathIsUNCW, PathStripToRootW, PathFindFileNameW, PathFindExtensionW, PathFileExistsW, SHDeleteValueW, SHDeleteKeyW, PathRemoveFileSpecW |
ole32.dll | DoDragDrop, CreateStreamOnHGlobal, OleLockRunning, IsAccelerator, OleTranslateAccelerator, OleDestroyMenuDescriptor, OleCreateMenuDescriptor, RegisterDragDrop, OleDuplicateData, CoTaskMemAlloc, ReleaseStgMedium, OleGetClipboard, RevokeDragDrop, CoLockObjectExternal, CoTaskMemFree, CoCreateGuid, CoInitializeEx, CoInitialize, CoCreateInstance, CoUninitialize, CoInitializeSecurity |
OLEAUT32.dll | SysStringLen, SysAllocStringLen, VariantChangeType, SysAllocString, VariantTimeToSystemTime, SystemTimeToVariantTime, VarBstrFromDate, SysFreeString, VariantInit, VariantClear, GetErrorInfo |
PSAPI.DLL | EnumProcessModules, EnumProcesses, GetModuleBaseNameW |
gdiplus.dll | GdipGetImageGraphicsContext, GdipBitmapUnlockBits, GdipBitmapLockBits, GdipCreateBitmapFromScan0, GdipCreateBitmapFromStream, GdipGetImagePalette, GdipGetImagePaletteSize, GdipGetImagePixelFormat, GdipGetImageHeight, GdipGetImageWidth, GdipCloneImage, GdipDrawImageRectI, GdipSetInterpolationMode, GdipCreateFromHDC, GdiplusShutdown, GdiplusStartup, GdipCreateBitmapFromHBITMAP, GdipDisposeImage, GdipDeleteGraphics, GdipAlloc, GdipFree, GdipDrawImageI |
OLEACC.dll | LresultFromObject, AccessibleObjectFromWindow, CreateStdAccessibleObject |
IMM32.dll | ImmReleaseContext, ImmGetContext, ImmGetOpenStatus |
WINMM.dll | PlaySoundW |
Version Infos |
---|
Description | Data |
---|---|
LegalCopyright | ASUSTek Computer Inc. |
InternalName | Setup |
FileVersion | 1, 0, 0, 10 |
CompanyName | ASUSTek Computer Inc. |
ProductName | Installer Application |
ProductVersion | 1, 0, 0, 10 |
FileDescription | Installer Application |
OriginalFilename | Setup.exe |
Translation | 0x0409 0x04b0 |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States | |
Chinese | Taiwan |
Network Behavior |
---|
Snort IDS Alerts |
---|
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
03/26/19-15:25:07.514580 | UDP | 2027109 | ET TROJAN ShadowHammer DNS Lookup | 61365 | 53 | 192.168.1.13 | 8.8.8.8 |
Network Port Distribution |
---|
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 26, 2019 15:21:52.257849932 CET | 53386 | 53 | 192.168.1.13 | 8.8.8.8 |
Mar 26, 2019 15:21:52.268517017 CET | 53 | 53386 | 8.8.8.8 | 192.168.1.13 |
Mar 26, 2019 15:21:52.275887966 CET | 63725 | 53 | 192.168.1.13 | 8.8.8.8 |
Mar 26, 2019 15:21:52.286128998 CET | 53 | 63725 | 8.8.8.8 | 192.168.1.13 |
Mar 26, 2019 15:22:33.422046900 CET | 59340 | 53 | 192.168.1.13 | 8.8.8.8 |
Mar 26, 2019 15:22:33.432804108 CET | 53 | 59340 | 8.8.8.8 | 192.168.1.13 |
Mar 26, 2019 15:22:33.435288906 CET | 58292 | 53 | 192.168.1.13 | 8.8.8.8 |
Mar 26, 2019 15:22:33.445652008 CET | 53 | 58292 | 8.8.8.8 | 192.168.1.13 |
Mar 26, 2019 15:22:38.758208990 CET | 52543 | 53 | 192.168.1.13 | 8.8.8.8 |
Mar 26, 2019 15:22:38.770014048 CET | 53 | 52543 | 8.8.8.8 | 192.168.1.13 |
Mar 26, 2019 15:22:38.772763014 CET | 62096 | 53 | 192.168.1.13 | 8.8.8.8 |
Mar 26, 2019 15:22:38.815845013 CET | 53 | 62096 | 8.8.8.8 | 192.168.1.13 |
Mar 26, 2019 15:24:25.205219984 CET | 62242 | 53 | 192.168.1.13 | 8.8.8.8 |
Mar 26, 2019 15:24:25.215670109 CET | 53 | 62242 | 8.8.8.8 | 192.168.1.13 |
Mar 26, 2019 15:24:25.302186966 CET | 55321 | 53 | 192.168.1.13 | 8.8.8.8 |
Mar 26, 2019 15:24:25.320440054 CET | 53 | 55321 | 8.8.8.8 | 192.168.1.13 |
Mar 26, 2019 15:25:07.514580011 CET | 61365 | 53 | 192.168.1.13 | 8.8.8.8 |
Mar 26, 2019 15:25:07.548046112 CET | 53 | 61365 | 8.8.8.8 | 192.168.1.13 |
Mar 26, 2019 15:25:20.957607031 CET | 54978 | 53 | 192.168.1.13 | 8.8.8.8 |
Mar 26, 2019 15:25:20.968616962 CET | 53 | 54978 | 8.8.8.8 | 192.168.1.13 |
Mar 26, 2019 15:25:20.973297119 CET | 57189 | 53 | 192.168.1.13 | 8.8.8.8 |
Mar 26, 2019 15:25:20.985099077 CET | 53 | 57189 | 8.8.8.8 | 192.168.1.13 |
Mar 26, 2019 15:26:22.070965052 CET | 51402 | 53 | 192.168.1.13 | 8.8.8.8 |
Mar 26, 2019 15:26:22.089310884 CET | 53 | 51402 | 8.8.8.8 | 192.168.1.13 |
Mar 26, 2019 15:26:22.094293118 CET | 52135 | 53 | 192.168.1.13 | 8.8.8.8 |
Mar 26, 2019 15:26:22.104480982 CET | 53 | 52135 | 8.8.8.8 | 192.168.1.13 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Mar 26, 2019 15:24:25.205219984 CET | 192.168.1.13 | 8.8.8.8 | 0x1133 | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 26, 2019 15:24:25.302186966 CET | 192.168.1.13 | 8.8.8.8 | 0xada9 | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 26, 2019 15:25:07.514580011 CET | 192.168.1.13 | 8.8.8.8 | 0xbd61 | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 26, 2019 15:25:20.957607031 CET | 192.168.1.13 | 8.8.8.8 | 0x439b | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 26, 2019 15:25:20.973297119 CET | 192.168.1.13 | 8.8.8.8 | 0x3407 | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 26, 2019 15:26:22.070965052 CET | 192.168.1.13 | 8.8.8.8 | 0x34a8 | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 26, 2019 15:26:22.094293118 CET | 192.168.1.13 | 8.8.8.8 | 0xc56 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Mar 26, 2019 15:24:25.215670109 CET | 8.8.8.8 | 192.168.1.13 | 0x1133 | No error (0) | 131.107.255.255 | A (IP address) | IN (0x0001) | ||
Mar 26, 2019 15:24:25.320440054 CET | 8.8.8.8 | 192.168.1.13 | 0xada9 | No error (0) | ipv6.msftncsi.com.edgesuite.net | CNAME (Canonical name) | IN (0x0001) | ||
Mar 26, 2019 15:25:07.548046112 CET | 8.8.8.8 | 192.168.1.13 | 0xbd61 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Mar 26, 2019 15:25:20.968616962 CET | 8.8.8.8 | 192.168.1.13 | 0x439b | No error (0) | 131.107.255.255 | A (IP address) | IN (0x0001) | ||
Mar 26, 2019 15:25:20.985099077 CET | 8.8.8.8 | 192.168.1.13 | 0x3407 | No error (0) | ipv6.msftncsi.com.edgesuite.net | CNAME (Canonical name) | IN (0x0001) | ||
Mar 26, 2019 15:26:22.089310884 CET | 8.8.8.8 | 192.168.1.13 | 0x34a8 | No error (0) | 131.107.255.255 | A (IP address) | IN (0x0001) | ||
Mar 26, 2019 15:26:22.104480982 CET | 8.8.8.8 | 192.168.1.13 | 0xc56 | No error (0) | ipv6.msftncsi.com.edgesuite.net | CNAME (Canonical name) | IN (0x0001) |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 15:22:15 |
Start date: | 26/03/2019 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x4a3c0000 |
File size: | 345088 bytes |
MD5 hash: | 5746BD7E255DD6A8AFA06F7C42C1BA41 |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
General |
---|
Start time: | 15:22:34 |
Start date: | 26/03/2019 |
Path: | C:\Windows\System32\7za.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xb50000 |
File size: | 289792 bytes |
MD5 hash: | 77E556CDFDC5C592F5C46DB4127C6F4C |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
General |
---|
Start time: | 15:23:06 |
Start date: | 26/03/2019 |
Path: | C:\Users\user\Downloads\net\infinstaller.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x1090000 |
File size: | 16384 bytes |
MD5 hash: | D3807948AF7572C58FFBF532DEA4E6C4 |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Reputation: | low |
General |
---|
Start time: | 15:23:08 |
Start date: | 26/03/2019 |
Path: | C:\Windows\System32\drvinst.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0xffbe0000 |
File size: | 102912 bytes |
MD5 hash: | 2DBA1472BDF847EAE358A4B9FA9AB0C1 |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
General |
---|
Start time: | 15:23:09 |
Start date: | 26/03/2019 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0xff640000 |
File size: | 45568 bytes |
MD5 hash: | DD81D91FF3B0763C392422865C9AC12E |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
General |
---|
Start time: | 15:24:07 |
Start date: | 26/03/2019 |
Path: | C:\Windows\System32\drvinst.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0xffb10000 |
File size: | 102912 bytes |
MD5 hash: | 2DBA1472BDF847EAE358A4B9FA9AB0C1 |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
General |
---|
Start time: | 15:24:12 |
Start date: | 26/03/2019 |
Path: | C:\Windows\system32\DRIVERS\virtnet.sys |
Wow64 process (32bit): | |
Commandline: | |
Imagebase: | |
File size: | 13408 bytes |
MD5 hash: | 03971EBE3A44C376775B9B8379596D37 |
Has administrator privileges: | |
Programmed in: | C, C++ or other language |
Reputation: | low |
General |
---|
Start time: | 15:24:38 |
Start date: | 26/03/2019 |
Path: | C:\Windows\System32\ipconfig.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0xffa30000 |
File size: | 58368 bytes |
MD5 hash: | CF45949CDBB39C953331CDCB9CEC20F8 |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
General |
---|
Start time: | 15:25:02 |
Start date: | 26/03/2019 |
Path: | C:\Users\user\Downloads\Setup.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1270000 |
File size: | 3333936 bytes |
MD5 hash: | 55A7AA5F0E52BA4D78C145811C830107 |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Disassembly |
---|
Code Analysis |
---|
Execution Graph |
---|
Execution Coverage: | 2.8% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 11.8% |
Total number of Nodes: | 431 |
Total number of Limit Nodes: | 11 |
Graph
Executed Functions |
---|
Function 0127F4B4, Relevance: 103.8, APIs: 48, Strings: 11, Instructions: 557stringUNIQUE
Control-flow Graph |
---|
C-Code - Quality: 92% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 01273800, Relevance: 65.2, APIs: 18, Strings: 19, Instructions: 489filestringUNIQUECrypto
Control-flow Graph |
---|
C-Code - Quality: 58% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 012732A0, Relevance: 84.3, APIs: 24, Strings: 24, Instructions: 308registrystringsleepUNIQUE
Control-flow Graph |
---|
C-Code - Quality: 67% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 01272F00, Relevance: 52.8, APIs: 22, Strings: 8, Instructions: 257registrystringUNIQUE
Control-flow Graph |
---|
C-Code - Quality: 95% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 23.02% |
Function 0127AF7B, Relevance: 16.6, APIs: 11, Instructions: 106memoryCOMMONLIBRARYCODE
Control-flow Graph |
---|
C-Code - Quality: 88% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.38% |
Control-flow Graph |
---|
C-Code - Quality: 18% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.84% |
Control-flow Graph |
---|
C-Code - Quality: 95% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 1.34% |
Control-flow Graph |
---|
C-Code - Quality: 62% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 12.89% |
Function 0127B425, Relevance: 7.5, APIs: 5, Instructions: 36COMMON
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.31% |
Function 0138B908, Relevance: 6.1, APIs: 4, Instructions: 76memoryUNIQUELIBRARYCODE
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 37.75% |
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.05% |
Function 01272810, Relevance: 3.1, APIs: 2, Instructions: 73COMMON
Control-flow Graph |
---|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 10.55% |
Function 01288E58, Relevance: 3.0, APIs: 2, Instructions: 36COMMON
Control-flow Graph |
---|
C-Code - Quality: 94% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.02% |
Function 01276674, Relevance: 3.0, APIs: 2, Instructions: 15threadCOMMON
Control-flow Graph |
---|
C-Code - Quality: 86% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.15% |
Function 01279154, Relevance: 1.6, APIs: 1, Instructions: 85COMMON
Control-flow Graph |
---|
C-Code - Quality: 94% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.04% |
C-Code - Quality: 16% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 3.53% |
Function 01376E77, Relevance: 1.6, APIs: 1, Instructions: 52memoryCOMMONLIBRARYCODE
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.01% |
C-Code - Quality: 89% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.02% |
Function 0127F46B, Relevance: 1.5, APIs: 1, Instructions: 29COMMON
C-Code - Quality: 83% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 3.32% |
Function 012785A0, Relevance: 1.5, APIs: 1, Instructions: 27COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.89% |
C-Code - Quality: 88% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.04% |
Function 012792B4, Relevance: 1.5, APIs: 1, Instructions: 18COMMON
C-Code - Quality: 89% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.02% |
Function 013689A2, Relevance: 1.5, APIs: 1, Instructions: 14COMMON
C-Code - Quality: 75% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.31% |
Function 01274C1A, Relevance: 1.5, APIs: 1, Instructions: 14COMMON
C-Code - Quality: 87% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.02% |
C-Code - Quality: 58% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.01% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.04% |
Function 0127ADEA, Relevance: 1.3, APIs: 1, Instructions: 11memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.06% |
Non-executed Functions |
---|
Function 01272B00, Relevance: 49.3, APIs: 21, Strings: 7, Instructions: 282filecomUNIQUE
C-Code - Quality: 42% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 37.75% |
Function 012FCEB8, Relevance: 24.8, APIs: 13, Strings: 1, Instructions: 340windowCOMMONCrypto
C-Code - Quality: 87% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.48% |
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 1.79% |
C-Code - Quality: 84% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 16.53% |
C-Code - Quality: 89% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 8.94% |
C-Code - Quality: 66% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 7.75% |
C-Code - Quality: 76% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 6.84% |
Function 012C04F4, Relevance: 16.7, APIs: 11, Instructions: 220windowkeyboardCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 3.15% |
C-Code - Quality: 94% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.71% |
Function 012E4052, Relevance: 13.6, APIs: 9, Instructions: 141clipboardwindowCOMMON
C-Code - Quality: 66% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 3.53% |
Function 012745E0, Relevance: 13.6, APIs: 9, Instructions: 110COMMON
C-Code - Quality: 81% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 12.89% |
Function 01274D46, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73libraryCOMMON
C-Code - Quality: 69% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 1.51% |
C-Code - Quality: 88% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 23.02% |
Function 012865DC, Relevance: 6.0, APIs: 4, Instructions: 45COMMON
C-Code - Quality: 90% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.09% |
Function 012C831C, Relevance: 4.5, APIs: 3, Instructions: 43windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 1.55% |
Function 012C240F, Relevance: 3.1, APIs: 2, Instructions: 57windowCOMMON
C-Code - Quality: 91% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 1.11% |
Function 01272650, Relevance: 3.0, APIs: 2, Instructions: 41fileCOMMON
C-Code - Quality: 79% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.03% |
Function 012B2290, Relevance: 3.0, APIs: 2, Instructions: 37windowCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.46% |
Function 0127E37E, Relevance: 3.0, APIs: 2, Instructions: 34comCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 1.23% |
C-Code - Quality: 97% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.95% |
Function 012720E0, Relevance: 70.2, APIs: 20, Strings: 20, Instructions: 201registrystringUNIQUE
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0127EF34, Relevance: 64.8, APIs: 43, Instructions: 304COMMON
C-Code - Quality: 95% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 1.64% |
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 10.55% |
Function 012BCF18, Relevance: 40.8, APIs: 27, Instructions: 344COMMON
C-Code - Quality: 41% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.38% |
C-Code - Quality: 87% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 1.25% |
Function 012825CD, Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 191windowCOMMON
C-Code - Quality: 78% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 1.59% |
C-Code - Quality: 74% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 012E09E4, Relevance: 30.0, APIs: 15, Strings: 2, Instructions: 263windowCOMMON
C-Code - Quality: 77% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.98% |
C-Code - Quality: 93% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 6.84% |
Function 0127E4FF, Relevance: 28.1, APIs: 7, Strings: 9, Instructions: 72libraryloaderUNIQUE
C-Code - Quality: 85% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 012E0761, Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 207windowCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 16.53% |
Function 01274E12, Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 132libraryloaderUNIQUE
C-Code - Quality: 73% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 23.02% |
Function 01322019, Relevance: 24.4, APIs: 16, Instructions: 368COMMON
C-Code - Quality: 84% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.38% |
C-Code - Quality: 88% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 23.02% |
C-Code - Quality: 98% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.12% |
C-Code - Quality: 98% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.71% |
C-Code - Quality: 76% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 1.74% |
Function 012BC4E2, Relevance: 23.1, APIs: 12, Strings: 1, Instructions: 335windowCOMMON
C-Code - Quality: 99% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 16.53% |
Function 012C4871, Relevance: 22.8, APIs: 15, Instructions: 328COMMON
C-Code - Quality: 87% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 3.32% |
Function 012C44B9, Relevance: 22.8, APIs: 15, Instructions: 259COMMON
C-Code - Quality: 73% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 12.89% |
C-Code - Quality: 74% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 5.06% |
Function 01292766, Relevance: 21.3, APIs: 14, Instructions: 280keyboardwindowCOMMON
C-Code - Quality: 85% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.12% |
Function 0129088B, Relevance: 21.3, APIs: 14, Instructions: 268keyboardwindowCOMMON
C-Code - Quality: 85% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.12% |
C-Code - Quality: 96% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 8.94% |
C-Code - Quality: 94% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.98% |
C-Code - Quality: 63% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 23.02% |
C-Code - Quality: 68% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
C-Code - Quality: 45% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 5.54% |
Function 012B615D, Relevance: 18.3, APIs: 12, Instructions: 345COMMON
C-Code - Quality: 85% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 8.94% |
C-Code - Quality: 91% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 1.74% |
C-Code - Quality: 88% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 12.89% |
Function 012CEB44, Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 199windowUNIQUE
C-Code - Quality: 97% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 37.75% |
C-Code - Quality: 55% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 10.55% |
C-Code - Quality: 72% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 5.06% |
C-Code - Quality: 82% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 10.55% |
Function 012B49D0, Relevance: 16.6, APIs: 11, Instructions: 139COMMON
C-Code - Quality: 94% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.35% |
Function 012B8720, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 172keyboardtimeCOMMON
C-Code - Quality: 83% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 12.89% |
C-Code - Quality: 82% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 4.01% |
C-Code - Quality: 96% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 1.64% |
Function 012947FA, Relevance: 15.2, APIs: 10, Instructions: 216COMMON
C-Code - Quality: 80% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 3.53% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 3.53% |
C-Code - Quality: 80% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 7.75% |
Function 012848FD, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 69windowCOMMON
C-Code - Quality: 93% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 1.18% |
C-Code - Quality: 94% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.25% |
C-Code - Quality: 94% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 1.85% |
C-Code - Quality: 95% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 12.89% |
Function 0128E4B0, Relevance: 13.7, APIs: 9, Instructions: 242COMMON
C-Code - Quality: 80% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 1.55% |
C-Code - Quality: 91% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.84% |
Function 012F43E4, Relevance: 13.7, APIs: 9, Instructions: 207COMMON
C-Code - Quality: 94% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 4.31% |
C-Code - Quality: 98% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 4.31% |
C-Code - Quality: 90% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 4.31% |
Function 012CEE4A, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 130windowUNIQUE
C-Code - Quality: 97% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
C-Code - Quality: 89% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 12.89% |
Function 012D889B, Relevance: 12.3, APIs: 8, Instructions: 313COMMON
C-Code - Quality: 84% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 8.94% |
C-Code - Quality: 93% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 7.75% |
C-Code - Quality: 90% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.28% |
Function 012DAD80, Relevance: 12.3, APIs: 8, Instructions: 295windowkeyboardCOMMON
C-Code - Quality: 98% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 16.53% |
C-Code - Quality: 75% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 1.40% |
Function 012D8CDF, Relevance: 12.1, APIs: 8, Instructions: 143COMMON
C-Code - Quality: 88% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 16.53% |
C-Code - Quality: 97% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 8.94% |
C-Code - Quality: 96% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 10.55% |
Function 01300232, Relevance: 12.1, APIs: 8, Instructions: 100COMMON
C-Code - Quality: 85% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 1.15% |
C-Code - Quality: 97% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 5.54% |
C-Code - Quality: 78% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 8.94% |
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 01286BE3, Relevance: 12.0, APIs: 8, Instructions: 39COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.25% |
Function 012BE722, Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 367stringwindowCOMMON
C-Code - Quality: 97% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 16.53% |
C-Code - Quality: 71% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 7.75% |
Function 0128EB25, Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 175libraryloaderCOMMON
C-Code - Quality: 80% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 7.75% |
C-Code - Quality: 72% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 1.23% |
C-Code - Quality: 75% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 1.23% |
C-Code - Quality: 73% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 4.65% |
Function 012D2FA8, Relevance: 10.6, APIs: 7, Instructions: 120COMMON
C-Code - Quality: 98% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 1.97% |
C-Code - Quality: 72% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 1.91% |
C-Code - Quality: 92% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.24% |
Function 0128E025, Relevance: 10.6, APIs: 7, Instructions: 111COMMON
C-Code - Quality: 89% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 8.94% |
C-Code - Quality: 88% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.84% |
Function 01282E59, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 110windowCOMMON
C-Code - Quality: 96% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.71% |
C-Code - Quality: 97% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 1.37% |
Function 0128E840, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 90libraryloaderCOMMON
C-Code - Quality: 82% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 4.31% |
C-Code - Quality: 95% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.89% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.59% |
Function 012F8597, Relevance: 10.6, APIs: 7, Instructions: 78COMMON
C-Code - Quality: 85% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 1.09% |
Function 01276892, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 78registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.25% |
Function 01280D20, Relevance: 10.6, APIs: 7, Instructions: 73COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.51% |
C-Code - Quality: 80% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 4.65% |
Function 0127ACAC, Relevance: 10.6, APIs: 7, Instructions: 73COMMON
C-Code - Quality: 63% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 1.69% |
C-Code - Quality: 84% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 4.31% |
Function 0127C63E, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 60libraryloadertimeCOMMON
C-Code - Quality: 55% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 6.84% |
Function 0137E640, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 57threadsynchronizationCOMMON
C-Code - Quality: 82% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 12.89% |
Function 012EA943, Relevance: 10.6, APIs: 7, Instructions: 56COMMON
C-Code - Quality: 96% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 8.94% |
Function 012820B5, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 53libraryloaderUNIQUE
C-Code - Quality: 58% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 012749F7, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 53libraryloaderCOMMON
C-Code - Quality: 55% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 4.31% |
Function 0127498B, Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 45libraryloaderCOMMON
C-Code - Quality: 58% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 3.53% |
Function 01286B9D, Relevance: 10.5, APIs: 7, Instructions: 30COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.17% |
Function 012AC2D4, Relevance: 9.2, APIs: 6, Instructions: 221COMMON
C-Code - Quality: 92% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.98% |
C-Code - Quality: 78% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 8.94% |
Function 012960E4, Relevance: 9.2, APIs: 6, Instructions: 173COMMON
C-Code - Quality: 92% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.98% |
Function 012B480C, Relevance: 9.1, APIs: 6, Instructions: 139COMMON
C-Code - Quality: 91% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.80% |
Function 012DA981, Relevance: 9.1, APIs: 6, Instructions: 132COMMON
C-Code - Quality: 81% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 12.89% |
C-Code - Quality: 45% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 16.53% |
C-Code - Quality: 97% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 5.06% |
Function 012BAAFE, Relevance: 9.1, APIs: 6, Instructions: 95windowCOMMON
C-Code - Quality: 97% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.38% |
Function 012D074C, Relevance: 9.1, APIs: 6, Instructions: 76windowCOMMON
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 8.94% |
Function 012E0F27, Relevance: 9.1, APIs: 6, Instructions: 74UNIQUE
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 23.02% |
Function 012B2F39, Relevance: 9.1, APIs: 6, Instructions: 67windowCOMMON
C-Code - Quality: 67% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 1.47% |
Function 012B07E7, Relevance: 9.1, APIs: 6, Instructions: 65COMMON
C-Code - Quality: 92% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.59% |
C-Code - Quality: 71% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 1.23% |
Function 0127AC14, Relevance: 9.1, APIs: 6, Instructions: 56COMMON
C-Code - Quality: 71% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.20% |
Function 0127AD6E, Relevance: 9.1, APIs: 6, Instructions: 52windowCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.49% |
Function 012BE36D, Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 294keyboardwindowCOMMON
C-Code - Quality: 92% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 1.97% |
C-Code - Quality: 94% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 16.53% |
Function 0133E8D3, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 110stringCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 7.75% |
C-Code - Quality: 92% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 7.75% |
C-Code - Quality: 95% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.71% |
Function 012B43B4, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 61windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.24% |
Function 0128E7B8, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 54libraryloaderCOMMON
C-Code - Quality: 73% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 3.53% |
Function 012EE409, Relevance: 7.9, APIs: 5, Instructions: 362COMMON
C-Code - Quality: 74% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 1.07% |
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 23.02% |
Function 01296406, Relevance: 7.8, APIs: 5, Instructions: 338COMMON
C-Code - Quality: 71% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.20% |
C-Code - Quality: 89% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 10.55% |
Function 012A4522, Relevance: 7.7, APIs: 5, Instructions: 241COMMON
C-Code - Quality: 87% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 5.54% |
C-Code - Quality: 98% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 1.97% |
C-Code - Quality: 97% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 4.31% |
Function 012EE23B, Relevance: 7.7, APIs: 5, Instructions: 168COMMON
C-Code - Quality: 56% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 1.40% |
C-Code - Quality: 91% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 12.89% |
C-Code - Quality: 62% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 16.53% |
Function 0134CE3D, Relevance: 7.7, APIs: 5, Instructions: 154COMMON
C-Code - Quality: 59% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.04% |
C-Code - Quality: 87% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 23.02% |
Function 012BCC05, Relevance: 7.6, APIs: 5, Instructions: 123COMMON
C-Code - Quality: 60% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 1.28% |
C-Code - Quality: 89% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 1.55% |
C-Code - Quality: 94% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 12.89% |
Function 012AEBC8, Relevance: 7.6, APIs: 5, Instructions: 106COMMON
C-Code - Quality: 98% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 1.97% |
Function 012DA24F, Relevance: 7.6, APIs: 5, Instructions: 105COMMON
C-Code - Quality: 80% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 6.84% |
C-Code - Quality: 87% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 10.55% |
Function 0129CB7A, Relevance: 7.6, APIs: 5, Instructions: 102COMMON
C-Code - Quality: 95% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 3.15% |
Function 01296A53, Relevance: 7.6, APIs: 5, Instructions: 99COMMON
C-Code - Quality: 84% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 1.97% |
Function 0129E1BF, Relevance: 7.6, APIs: 5, Instructions: 97COMMON
C-Code - Quality: 62% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 1.20% |
Function 012AA53B, Relevance: 7.6, APIs: 5, Instructions: 96windowCOMMON
C-Code - Quality: 88% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.98% |
Function 012C0787, Relevance: 7.6, APIs: 5, Instructions: 87COMMON
C-Code - Quality: 89% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.28% |
Function 01282447, Relevance: 7.6, APIs: 5, Instructions: 81windowCOMMON
C-Code - Quality: 67% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.71% |
Function 012B0EB2, Relevance: 7.6, APIs: 5, Instructions: 70windowCOMMON
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.69% |
Function 012A06FE, Relevance: 7.6, APIs: 5, Instructions: 66COMMON
C-Code - Quality: 66% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.59% |
Function 0129CA6C, Relevance: 7.6, APIs: 5, Instructions: 58COMMON
C-Code - Quality: 95% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 1.55% |
Function 012A6A84, Relevance: 7.6, APIs: 5, Instructions: 56COMMON
C-Code - Quality: 95% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.84% |
Function 0127A9F7, Relevance: 7.6, APIs: 5, Instructions: 55stringCOMMON
C-Code - Quality: 75% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 3.15% |
Function 012F88B5, Relevance: 7.6, APIs: 5, Instructions: 53threadCOMMON
C-Code - Quality: 92% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 5.54% |
Function 012B0D18, Relevance: 7.5, APIs: 5, Instructions: 48windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.63% |
C-Code - Quality: 94% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 8.94% |
C-Code - Quality: 86% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 3.53% |
C-Code - Quality: 73% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.38% |
C-Code - Quality: 70% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.38% |
Function 0128CC49, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 72libraryloaderCOMMON
C-Code - Quality: 46% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 4.31% |
C-Code - Quality: 83% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
C-Code - Quality: 81% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.71% |
C-Code - Quality: 95% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 8.94% |
C-Code - Quality: 62% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 1.47% |
Function 012846F0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43libraryloaderCOMMON
C-Code - Quality: 89% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.57% |
C-Code - Quality: 83% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.71% |
Function 012CCF65, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 40timewindowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.12% |
Function 01276810, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39libraryloaderUNIQUE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 01276F23, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderUNIQUE
C-Code - Quality: 18% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 012767B7, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 35libraryloaderUNIQUE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0127E603, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30libraryloaderUNIQUE
C-Code - Quality: 60% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0128A99E, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
C-Code - Quality: 71% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 6.84% |
Function 012C64DE, Relevance: 6.5, APIs: 4, Instructions: 476COMMON
C-Code - Quality: 96% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 4.65% |
C-Code - Quality: 91% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.12% |
Function 0128ABAF, Relevance: 6.3, APIs: 4, Instructions: 253COMMON
C-Code - Quality: 92% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 4.01% |
Function 012A81B6, Relevance: 6.2, APIs: 4, Instructions: 208COMMON
C-Code - Quality: 92% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 1.69% |
C-Code - Quality: 95% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.04% |
Function 0127E841, Relevance: 6.1, APIs: 4, Instructions: 149COMMON
C-Code - Quality: 95% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.09% |
Function 012A2547, Relevance: 6.1, APIs: 4, Instructions: 148COMMON
C-Code - Quality: 69% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 3.53% |
Function 012DC55D, Relevance: 6.1, APIs: 4, Instructions: 138COMMON
C-Code - Quality: 95% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 16.53% |
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 1.25% |
Function 012C25C3, Relevance: 6.1, APIs: 4, Instructions: 129COMMON
C-Code - Quality: 81% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.48% |
C-Code - Quality: 49% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 10.55% |
Function 012BA3BE, Relevance: 6.1, APIs: 4, Instructions: 120COMMON
C-Code - Quality: 98% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.80% |
Function 012D4272, Relevance: 6.1, APIs: 4, Instructions: 101COMMON
C-Code - Quality: 87% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 10.55% |
Function 012B2927, Relevance: 6.1, APIs: 4, Instructions: 95COMMON
C-Code - Quality: 90% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.71% |
Function 012D2A7B, Relevance: 6.1, APIs: 4, Instructions: 87COMMON
C-Code - Quality: 60% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 10.55% |
C-Code - Quality: 83% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 1.64% |
Function 012A8CA3, Relevance: 6.1, APIs: 4, Instructions: 66windowCOMMON
C-Code - Quality: 80% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 1.97% |
Function 0128CF42, Relevance: 6.1, APIs: 4, Instructions: 61windowCOMMON
C-Code - Quality: 89% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 3.15% |
Function 012B4723, Relevance: 6.1, APIs: 4, Instructions: 59COMMON
C-Code - Quality: 90% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.09% |
Function 012B6B38, Relevance: 6.1, APIs: 4, Instructions: 59windowCOMMON
C-Code - Quality: 78% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 1.15% |
C-Code - Quality: 94% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.49% |
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 12.89% |
Function 012A62BA, Relevance: 6.0, APIs: 4, Instructions: 50COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 1.23% |
Function 012B8FED, Relevance: 6.0, APIs: 4, Instructions: 50windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 1.34% |
Function 012A0D6F, Relevance: 6.0, APIs: 4, Instructions: 49COMMON
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 3.53% |
Function 01286A6F, Relevance: 6.0, APIs: 4, Instructions: 39windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 1.23% |
Function 012B4BCF, Relevance: 6.0, APIs: 4, Instructions: 38COMMON
C-Code - Quality: 73% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.09% |
Function 012B4B3B, Relevance: 6.0, APIs: 4, Instructions: 32COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.36% |
C-Code - Quality: 59% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 6.84% |
C-Code - Quality: 79% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 4.31% |
C-Code - Quality: 65% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.59% |
C-Code - Quality: 57% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 012E61E9, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34registrywindowCOMMON
C-Code - Quality: 88% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 5.06% |
Function 0133EFA3, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24libraryloaderUNIQUE
C-Code - Quality: 82% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.25% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.23% |