Analysis Report 4ifN8B061M
Overview
General Information |
---|
Joe Sandbox Version: | 28.0.0 Lapis Lazuli |
Analysis ID: | 1014791 |
Start date: | 09.12.2019 |
Start time: | 09:30:46 |
Joe Sandbox Product: | Cloud |
Overall analysis duration: | 0h 7m 31s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | 4ifN8B061M (renamed file extension from none to exe) |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 7 (Office 2010 SP2, Java 1.8.0_40 1.8.0_191, Flash 16.0.0.305, Acrobat Reader 11.0.08, Internet Explorer 11, Chrome 55, Firefox 43) |
Number of analysed new started processes analysed: | 5 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.phis.troj.spyw.evad.winEXE@4/2@0/1 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Detection |
---|
Strategy | Score | Range | Reporting | Whitelisted | Threat | Detection | |
---|---|---|---|---|---|---|---|
Threshold | 100 | 0 - 100 | Report FP / FN | false | AveMaria |
Confidence |
---|
Strategy | Score | Range | Further Analysis Required? | Confidence | |
---|---|---|---|---|---|
Threshold | 5 | 0 - 5 | false |
Classification |
---|
Analysis Advice |
---|
Contains functionality to modify the execution of threads in other processes |
Sample has functionality to log and monitor keystrokes, analyze it with the 'Simulates keyboard and window changes' cookbook |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Impact | Post-Adversary Device Access | Without Adversary Device Access |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Execution through API2 | Registry Run Keys / Startup Folder1 | Access Token Manipulation1 | Hidden Users1 | Credential Dumping2 | System Time Discovery1 | Remote File Copy21 | Input Capture21 | Data Encrypted1 | Commonly Used Port1 | Endpoint Denial of Service1 | ||
Replication Through Removable Media | Service Execution2 | Hidden Files and Directories1 | Process Injection112 | Software Packing1 | Credentials in Files1 | Security Software Discovery2 | Remote Services | Data from Removable Media | Exfiltration Over Other Network Medium | Uncommonly Used Port1 | Data Encrypted for Impact | ||
External Remote Services | Windows Management Instrumentation | Create Account1 | New Service1 | Deobfuscate/Decode Files or Information1 | Input Capture21 | System Service Discovery1 | Windows Remote Management | Data from Network Shared Drive | Automated Exfiltration | Remote File Copy21 | Disk Structure Wipe | ||
Drive-by Compromise | Scheduled Task | Modify Existing Service1 | DLL Search Order Hijacking | Obfuscated Files or Information2 | Credentials in Files | File and Directory Discovery2 | Logon Scripts | Input Capture | Data Encrypted | Standard Cryptographic Protocol2 | Disk Content Wipe | ||
Exploit Public-Facing Application | Command-Line Interface | New Service1 | File System Permissions Weakness | Masquerading3 | Account Manipulation | System Information Discovery12 | Shared Webroot | Data Staged | Scheduled Transfer | Standard Cryptographic Protocol | Service Stop | ||
Spearphishing Link | Graphical User Interface | Modify Existing Service | New Service | Hidden Files and Directories1 | Brute Force | Process Discovery2 | Third-party Software | Screen Capture | Data Transfer Size Limits | Commonly Used Port | Inhibit System Recovery | ||
Spearphishing Attachment | Scripting | Path Interception | Scheduled Task | Virtualization/Sandbox Evasion2 | Two-Factor Authentication Interception | Network Sniffing | Pass the Hash | Email Collection | Exfiltration Over Command and Control Channel | Uncommonly Used Port | Defacement | ||
Spearphishing via Service | Third-party Software | Logon Scripts | Process Injection | Access Token Manipulation1 | Bash History | Network Service Scanning | Remote Desktop Protocol | Clipboard Data | Exfiltration Over Alternative Protocol | Standard Application Layer Protocol | Stored Data Manipulation | ||
Supply Chain Compromise | Rundll32 | DLL Search Order Hijacking | Service Registry Permissions Weakness | Process Injection112 | Input Prompt | System Network Connections Discovery | Windows Admin Shares | Automated Collection | Exfiltration Over Physical Medium | Multilayer Encryption | Transmitted Data Manipulation |
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Antivirus detection for dropped file | Show sources |
Source: | Avira: |
Antivirus detection for sample | Show sources |
Source: | Avira: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link |
Yara detected AveMaria stealer | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Machine Learning detection for dropped file | Show sources |
Source: | Joe Sandbox ML: |
Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Antivirus or Machine Learning detection for unpacked file | Show sources |
Source: | Avira: | ||
Source: | Avira: |
Cryptography: |
---|
Uses Microsoft's Enhanced Cryptographic Provider | Show sources |
Source: | Code function: | 0_2_00259E04 | |
Source: | Code function: | 0_2_002592D8 | |
Source: | Code function: | 0_2_0025AFDF | |
Source: | Code function: | 3_2_00439E04 | |
Source: | Code function: | 3_2_004392D8 | |
Source: | Code function: | 3_2_0043AFDF |
Spreading: |
---|
Contains functionality to enumerate / list files inside a directory | Show sources |
Source: | Code function: | 0_2_012E879D | |
Source: | Code function: | 0_2_00258A9C | |
Source: | Code function: | 0_2_0025DEC5 | |
Source: | Code function: | 3_2_00CC879D | |
Source: | Code function: | 3_2_0043DEC5 | |
Source: | Code function: | 3_2_00438A9C |
Contains functionality to query local drives | Show sources |
Source: | Code function: | 0_2_0025DFC9 |
Networking: |
---|
Detected non-DNS traffic on DNS port | Show sources |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Contains functionality to download and execute PE files | Show sources |
Source: | Code function: | 0_2_00252675 |
Detected TCP or UDP traffic on non-standard ports | Show sources |
Source: | TCP traffic: |
Connects to IPs without corresponding DNS lookups | Show sources |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Contains functionality to download additional files from the internet | Show sources |
Source: | Code function: | 0_2_0025B424 |
Urls found in memory or binary data | Show sources |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Key, Mouse, Clipboard, Microphone and Screen Capturing: |
---|
Contains functionality to retrieve information about pressed keystrokes | Show sources |
Source: | Code function: | 0_2_0025765A |
Installs a raw input device (often for capturing keystrokes) | Show sources |
Source: | Code function: | 0_2_00257CB3 |
E-Banking Fraud: |
---|
Yara detected AveMaria stealer | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary: |
---|
Malicious sample detected (through community Yara rule) | Show sources |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Detected potential crypto function | Show sources |
Source: | Code function: | 0_2_012F7A20 | |
Source: | Code function: | 0_2_012F6AA6 | |
Source: | Code function: | 0_2_012F85EF | |
Source: | Code function: | 0_2_012E3DFC | |
Source: | Code function: | 0_2_012FD860 | |
Source: | Code function: | 0_2_012EB840 | |
Source: | Code function: | 0_2_012EBCE2 | |
Source: | Code function: | 0_2_012EE793 | |
Source: | Code function: | 0_2_012EFA19 | |
Source: | Code function: | 0_2_012EE666 | |
Source: | Code function: | 0_2_0025F9F3 | |
Source: | Code function: | 0_2_002492E7 | |
Source: | Code function: | 0_2_0023F332 | |
Source: | Code function: | 0_2_0024931C | |
Source: | Code function: | 3_2_00CD6AA6 | |
Source: | Code function: | 3_2_00CD7A20 | |
Source: | Code function: | 3_2_00CCBCE2 | |
Source: | Code function: | 3_2_00CCB840 | |
Source: | Code function: | 3_2_00CDD860 | |
Source: | Code function: | 3_2_00CD85EF | |
Source: | Code function: | 3_2_00CC3DFC | |
Source: | Code function: | 3_2_00CCE666 | |
Source: | Code function: | 3_2_00CCFA19 | |
Source: | Code function: | 3_2_00CCE793 | |
Source: | Code function: | 3_2_0043F9F3 | |
Source: | Code function: | 3_2_004292E7 | |
Source: | Code function: | 3_2_0042931C | |
Source: | Code function: | 3_2_0041F332 |
Found potential string decryption / allocating functions | Show sources |
Sample file is different than original file name gathered from version info | Show sources |
Source: | Binary or memory string: |
Yara signature match | Show sources |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Classification label | Show sources |
Source: | Classification label: |
Contains functionality to adjust token privileges (e.g. debug / backup) | Show sources |
Source: | Code function: | 0_2_0025D609 | |
Source: | Code function: | 3_2_0043D609 |
Contains functionality to enum processes or threads | Show sources |
Source: | Code function: | 0_2_0025EC17 |
Contains functionality to instantiate COM classes | Show sources |
Source: | Code function: | 0_2_002606D5 |
Contains functionality to load and extract PE file embedded resources | Show sources |
Source: | Code function: | 0_2_0025F843 |
Contains functionality to modify services (start/stop/modify) | Show sources |
Source: | Code function: | 0_2_0025B81D |
Creates files inside the program directory | Show sources |
Source: | File created: | Jump to behavior |
Creates files inside the user directory | Show sources |
Source: | File created: | Jump to behavior |
PE file has an executable .text section and no other executable section | Show sources |
Source: | Static PE information: |
Reads software policies | Show sources |
Source: | Key opened: | Jump to behavior |
Sample is known by Antivirus | Show sources |
Source: | Virustotal: |
Sample reads its own file content | Show sources |
Source: | File read: | Jump to behavior |
Spawns processes | Show sources |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Uses an in-process (OLE) Automation server | Show sources |
Source: | Key value queried: | Jump to behavior |
Creates a directory in C:\Program Files | Show sources |
Source: | Directory created: | Jump to behavior |
PE / OLE file has a valid certificate | Show sources |
Source: | Static PE information: |
PE file contains a mix of data directories often seen in goodware | Show sources |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Contains modern PE file flags such as dynamic base (ASLR) or NX | Show sources |
Source: | Static PE information: |
PE file contains a debug data directory | Show sources |
Source: | Static PE information: |
PE file contains a valid data directory to section mapping | Show sources |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Data Obfuscation: |
---|
Contains functionality to dynamically determine API calls | Show sources |
Source: | Code function: | 0_2_0025582B |
Uses code obfuscation techniques (call, push, ret) | Show sources |
Source: | Code function: | 0_2_012E1AB9 | |
Source: | Code function: | 0_2_00251144 | |
Source: | Code function: | 0_2_0025116C | |
Source: | Code function: | 0_2_0024311C | |
Source: | Code function: | 0_2_00241A63 | |
Source: | Code function: | 0_2_00230A83 | |
Source: | Code function: | 0_2_00230AAB | |
Source: | Code function: | 3_2_00CC1AB9 | |
Source: | Code function: | 3_2_00431144 | |
Source: | Code function: | 3_2_0043116C | |
Source: | Code function: | 3_2_0042311C | |
Source: | Code function: | 3_2_00421A63 | |
Source: | Code function: | 3_2_00410A83 | |
Source: | Code function: | 3_2_00410AAB |
Persistence and Installation Behavior: |
---|
Contains functionality to create new users | Show sources |
Source: | Code function: | 0_2_0025B799 |
Contains functionality to download and launch executables | Show sources |
Source: | Code function: | 0_2_00252675 |
Drops PE files | Show sources |
Source: | File created: | Jump to dropped file |
Drops PE files to the application program directory (C:\ProgramData) | Show sources |
Source: | File created: | Jump to dropped file |
Contains functionality to read ini properties file for application configuration | Show sources |
Source: | Code function: | 0_2_002598B0 | |
Source: | Code function: | 0_2_0025936E | |
Source: | Code function: | 3_2_004398B0 | |
Source: | Code function: | 3_2_0043936E |
Boot Survival: |
---|
Contains functionality to start windows services | Show sources |
Source: | Code function: | 0_2_0025B889 |
Creates an autostart registry key | Show sources |
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior |
Hooking and other Techniques for Hiding and Protection: |
---|
Contains functionality to hide user accounts | Show sources |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Hides that the sample has been downloaded from the Internet (zone.identifier) | Show sources |
Source: | File opened: | Jump to behavior |
Disables application error messsages (SetErrorMode) | Show sources |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Contains functionality to enumerate running services | Show sources |
Source: | Code function: | 0_2_0025BDDC | |
Source: | Code function: | 3_2_0043BDDC |
Contains long sleeps (>= 3 min) | Show sources |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Found evasive API chain checking for process token information | Show sources |
Source: | Check user administrative privileges: | graph_0-27633 | ||
Source: | Check user administrative privileges: | graph_3-27511 |
May sleep (evasive loops) to hinder dynamic analysis | Show sources |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Sample execution stops while process was sleeping (likely an evasion) | Show sources |
Source: | Last function: | ||
Source: | Last function: |
Contains functionality to enumerate / list files inside a directory | Show sources |
Source: | Code function: | 0_2_012E879D | |
Source: | Code function: | 0_2_00258A9C | |
Source: | Code function: | 0_2_0025DEC5 | |
Source: | Code function: | 3_2_00CC879D | |
Source: | Code function: | 3_2_0043DEC5 | |
Source: | Code function: | 3_2_00438A9C |
Contains functionality to query local drives | Show sources |
Source: | Code function: | 0_2_0025DFC9 |
Program exit points | Show sources |
Source: | API call chain: | graph_0-27859 | ||
Source: | API call chain: | graph_3-27672 |
Anti Debugging: |
---|
Contains functionality to check if a debugger is running (IsDebuggerPresent) | Show sources |
Source: | Code function: | 0_2_012E1817 |
Contains functionality to dynamically determine API calls | Show sources |
Source: | Code function: | 0_2_0025582B |
Contains functionality to read the PEB | Show sources |
Source: | Code function: | 0_2_012E943A | |
Source: | Code function: | 0_2_012E528C | |
Source: | Code function: | 0_2_0025E8EC | |
Source: | Code function: | 0_2_0025E5B7 | |
Source: | Code function: | 0_2_0025E5BE | |
Source: | Code function: | 0_2_00230467 | |
Source: | Code function: | 0_2_002454A9 | |
Source: | Code function: | 0_2_0023E22B | |
Source: | Code function: | 0_2_0023DEF6 | |
Source: | Code function: | 0_2_0023DEFD | |
Source: | Code function: | 3_2_00CC943A | |
Source: | Code function: | 3_2_00CC528C | |
Source: | Code function: | 3_2_0043E8EC | |
Source: | Code function: | 3_2_0043E5B7 | |
Source: | Code function: | 3_2_0043E5BE | |
Source: | Code function: | 3_2_00410467 | |
Source: | Code function: | 3_2_004254A9 | |
Source: | Code function: | 3_2_0041E22B | |
Source: | Code function: | 3_2_0041DEF6 | |
Source: | Code function: | 3_2_0041DEFD |
Contains functionality which may be used to detect a debugger (GetProcessHeap) | Show sources |
Source: | Code function: | 0_2_012E9EC7 |
Contains functionality to register its own exception handler | Show sources |
Source: | Code function: | 0_2_012E19AA | |
Source: | Code function: | 0_2_012E1817 | |
Source: | Code function: | 0_2_012E1C6F | |
Source: | Code function: | 0_2_012E5F98 | |
Source: | Code function: | 3_2_00CC19AA | |
Source: | Code function: | 3_2_00CC1C6F | |
Source: | Code function: | 3_2_00CC1817 | |
Source: | Code function: | 3_2_00CC5F98 |
HIPS / PFW / Operating System Protection Evasion: |
---|
Contains functionality to inject threads in other processes | Show sources |
Source: | Code function: | 0_2_0025FD9E | |
Source: | Code function: | 3_2_0043FD9E |
Contains functionality to enumerate process and check for explorer.exe or svchost.exe (often used for thread injection) | Show sources |
Source: | Code function: | 0_2_0025FE7E | |
Source: | Code function: | 3_2_0043FE7E |
Contains functionality to add an ACL to a security descriptor | Show sources |
Source: | Code function: | 0_2_0025F6C1 |
Contains functionality to create a new security descriptor | Show sources |
Source: | Code function: | 0_2_0025D508 |
May try to detect the Windows Explorer process (often used for injection) | Show sources |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Language, Device and Operating System Detection: |
---|
Contains functionality to query CPU information (cpuid) | Show sources |
Source: | Code function: | 0_2_012E1ABB |
Contains functionality to query local / system time | Show sources |
Source: | Code function: | 0_2_012E1706 |
Lowering of HIPS / PFW / Operating System Security Settings: |
---|
Increases the number of concurrent connection per server for Internet Explorer | Show sources |
Source: | Registry key created or modified: | Jump to behavior |
Stealing of Sensitive Information: |
---|
Yara detected AveMaria stealer | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Contains functionality to steal Chrome passwords or cookies | Show sources |
Source: | Code function: | 0_2_0025AFDF | |
Source: | Code function: | 3_2_0043AFDF |
Contains functionality to steal e-mail passwords | Show sources |
Source: | Code function: | 0_2_00258F40 | |
Source: | Code function: | 0_2_00258F40 | |
Source: | Code function: | 0_2_00258F40 | |
Source: | Code function: | 3_2_00438F40 | |
Source: | Code function: | 3_2_00438F40 | |
Source: | Code function: | 3_2_00438F40 |
Remote Access Functionality: |
---|
Yara detected AveMaria stealer | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Malware Configuration |
---|
No configs have been found |
---|
Signature Similarity |
---|
Samplename | Analysis ID | SHA256 | Similarity |
---|
Behavior Graph |
---|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
09:32:42 | API Interceptor | |
09:32:47 | Autostart | |
09:33:42 | API Interceptor |
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
48% | Virustotal | Browse | ||
100% | Avira | TR/Crypt.Agent.yyhho | ||
100% | Joe Sandbox ML |
Dropped Files |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | TR/Crypt.Agent.yyhho | ||
100% | Joe Sandbox ML |
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/RedCap.ghjpt | Download File | ||
100% | Avira | TR/RedCap.ghjpt | Download File |
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Virustotal | Browse | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Yara Overview |
---|
Initial Sample |
---|
No yara matches |
---|
PCAP (Network Traffic) |
---|
No yara matches |
---|
Dropped Files |
---|
No yara matches |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_AveMaria | Yara detected AveMaria stealer | Joe Security | ||
Codoso_Gh0st_1 | Detects Codoso APT Gh0st Malware | Florian Roth |
| |
Codoso_Gh0st_1_RID2C2D | Detects Codoso APT Gh0st Malware | Florian Roth |
| |
Codoso_Gh0st_1 | Detects Codoso APT Gh0st Malware | Florian Roth |
| |
Codoso_Gh0st_1_RID2C2D | Detects Codoso APT Gh0st Malware | Florian Roth |
| |
Codoso_Gh0st_1 | Detects Codoso APT Gh0st Malware | Florian Roth |
| |
Codoso_Gh0st_1_RID2C2D | Detects Codoso APT Gh0st Malware | Florian Roth |
| |
Codoso_Gh0st_1 | Detects Codoso APT Gh0st Malware | Florian Roth |
| |
Codoso_Gh0st_1_RID2C2D | Detects Codoso APT Gh0st Malware | Florian Roth |
| |
JoeSecurity_AveMaria | Yara detected AveMaria stealer | Joe Security | ||
JoeSecurity_AveMaria | Yara detected AveMaria stealer | Joe Security | ||
Codoso_Gh0st_1 | Detects Codoso APT Gh0st Malware | Florian Roth |
| |
Codoso_Gh0st_1_RID2C2D | Detects Codoso APT Gh0st Malware | Florian Roth |
| |
Codoso_Gh0st_1 | Detects Codoso APT Gh0st Malware | Florian Roth |
| |
Codoso_Gh0st_1_RID2C2D | Detects Codoso APT Gh0st Malware | Florian Roth |
| |
JoeSecurity_AveMaria | Yara detected AveMaria stealer | Joe Security | ||
Codoso_Gh0st_1 | Detects Codoso APT Gh0st Malware | Florian Roth |
| |
Codoso_Gh0st_1_RID2C2D | Detects Codoso APT Gh0st Malware | Florian Roth |
| |
JoeSecurity_AveMaria | Yara detected AveMaria stealer | Joe Security | ||
JoeSecurity_AveMaria | Yara detected AveMaria stealer | Joe Security | ||
Codoso_Gh0st_1 | Detects Codoso APT Gh0st Malware | Florian Roth |
| |
Codoso_Gh0st_1_RID2C2D | Detects Codoso APT Gh0st Malware | Florian Roth |
| |
JoeSecurity_AveMaria | Yara detected AveMaria stealer | Joe Security | ||
Codoso_Gh0st_1 | Detects Codoso APT Gh0st Malware | Florian Roth |
| |
Codoso_Gh0st_1_RID2C2D | Detects Codoso APT Gh0st Malware | Florian Roth |
| |
JoeSecurity_AveMaria | Yara detected AveMaria stealer | Joe Security | ||
JoeSecurity_AveMaria | Yara detected AveMaria stealer | Joe Security | ||
Codoso_Gh0st_1 | Detects Codoso APT Gh0st Malware | Florian Roth |
| |
Codoso_Gh0st_1_RID2C2D | Detects Codoso APT Gh0st Malware | Florian Roth |
| |
JoeSecurity_AveMaria | Yara detected AveMaria stealer | Joe Security | ||
JoeSecurity_AveMaria | Yara detected AveMaria stealer | Joe Security | ||
JoeSecurity_AveMaria | Yara detected AveMaria stealer | Joe Security |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Codoso_Gh0st_2 | Detects Codoso APT Gh0st Malware | Florian Roth |
| |
Codoso_Gh0st_1 | Detects Codoso APT Gh0st Malware | Florian Roth |
| |
Codoso_Gh0st_2_RID2C2E | Detects Codoso APT Gh0st Malware | Florian Roth |
| |
Codoso_Gh0st_2 | Detects Codoso APT Gh0st Malware | Florian Roth |
| |
Codoso_Gh0st_1 | Detects Codoso APT Gh0st Malware | Florian Roth |
| |
Codoso_Gh0st_1_RID2C2D | Detects Codoso APT Gh0st Malware | Florian Roth |
| |
Codoso_Gh0st_2_RID2C2E | Detects Codoso APT Gh0st Malware | Florian Roth |
| |
Codoso_Gh0st_1_RID2C2D | Detects Codoso APT Gh0st Malware | Florian Roth |
| |
JoeSecurity_AveMaria | Yara detected AveMaria stealer | Joe Security | ||
JoeSecurity_AveMaria | Yara detected AveMaria stealer | Joe Security | ||
AveMaria_WarZone | unknown | unknown |
| |
AveMaria_WarZone | unknown | unknown |
|
Sigma Overview |
---|
No Sigma rule has matched |
---|
Joe Sandbox View / Context |
---|
IPs |
---|
No context |
---|
Domains |
---|
No context |
---|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
unknown | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Startup |
---|
|
Created / dropped Files |
---|
Process: | C:\Users\user\Desktop\4ifN8B061M.exe |
File Type: | |
Size (bytes): | 874592 |
Entropy (8bit): | 4.285697737343411 |
Encrypted: | false |
MD5: | 94FF625253B3920FE5B6824BD8C30482 |
SHA1: | BD2DC8A13C592360AC1E091B397C62AC8574D10A |
SHA-256: | E78E25771A0E710D9CC8B0EF306197AA8BC061D1A1D0282E19A6F3597C7A4E14 |
SHA-512: | 9BDEAA585730E2CA31F1966D15329A23BBDD6A1560C01C58558B51A21ADDF568DB89D41F9E0F7040393A690E0ACD74EA1EBF97059AAFADE637B864D7C55DAEDA |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\4ifN8B061M.exe |
File Type: | |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | true |
Reputation: | high, very likely benign file |
Preview: |
|
Domains and IPs |
---|
Contacted Domains |
---|
No contacted domains info |
---|
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| low | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| low | ||
false |
| unknown | ||
false | high | |||
false |
| low |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|
45.133.183.138 | Romania | 9009 | unknown | false |
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 4.285697737343411 |
TrID: |
|
File name: | 4ifN8B061M.exe |
File size: | 874592 |
MD5: | 94ff625253b3920fe5b6824bd8c30482 |
SHA1: | bd2dc8a13c592360ac1e091b397c62ac8574d10a |
SHA256: | e78e25771a0e710d9cc8b0ef306197aa8bc061d1a1d0282e19a6f3597c7a4e14 |
SHA512: | 9bdeaa585730e2ca31f1966d15329a23bbdd6a1560c01c58558b51a21addf568db89d41f9e0f7040393a690e0acd74ea1ebf97059aafade637b864d7c55daeda |
SSDEEP: | 6144:yRhq8lbNztvIYqvNUKfW2Zb7xmuFKK2EikdRupxXqR4XFp:yRhq2vIYqvvW2lxRFKbuRupA4XFp |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Q..T............f.......f.......f.......G...1...G.......f...4...........G.................!.............Rich................... |
File Icon |
---|
Icon Hash: | aab2e3e39383aa00 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x401462 |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE |
DLL Characteristics: | TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x5DDA4E25 [Sun Nov 24 09:32:21 2019 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | 965b965b72f5b01661f49f8cafb546f0 |
Authenticode Signature |
---|
Signature Valid: | true |
Signature Issuer: | CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB |
Signature Validation Error: | The operation completed successfully |
Error Number: | 0 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | EFC8F3706CED61C8C3C0EF99A536ECD9 |
Thumbprint SHA-1: | E79EF654B3330B678FC3B4ADB6C2FB721455C4AD |
Thumbprint SHA-256: | 65D22885399551698B87F2DB1351A1A9B8214F6E80B6EF505A21993090D0AA26 |
Serial: | 6CB82AC5FF6DE912CF66D257F1BC16F6 |
Entrypoint Preview |
---|
Instruction |
---|
call 00007F76ACEDD091h |
jmp 00007F76ACEDCC1Fh |
push ebp |
mov ebp, esp |
mov eax, dword ptr [0042B018h] |
and eax, 1Fh |
push 00000020h |
pop ecx |
sub ecx, eax |
mov eax, dword ptr [ebp+08h] |
ror eax, cl |
xor eax, dword ptr [0042B018h] |
pop ebp |
ret |
push ebp |
mov ebp, esp |
mov eax, dword ptr [ebp+08h] |
push esi |
mov ecx, dword ptr [eax+3Ch] |
add ecx, eax |
movzx eax, word ptr [ecx+14h] |
lea edx, dword ptr [ecx+18h] |
add edx, eax |
movzx eax, word ptr [ecx+06h] |
imul esi, eax, 28h |
add esi, edx |
cmp edx, esi |
je 00007F76ACEDCDBBh |
mov ecx, dword ptr [ebp+0Ch] |
cmp ecx, dword ptr [edx+0Ch] |
jc 00007F76ACEDCDACh |
mov eax, dword ptr [edx+08h] |
add eax, dword ptr [edx+0Ch] |
cmp ecx, eax |
jc 00007F76ACEDCDAEh |
add edx, 28h |
cmp edx, esi |
jne 00007F76ACEDCD8Ch |
xor eax, eax |
pop esi |
pop ebp |
ret |
mov eax, edx |
jmp 00007F76ACEDCD9Bh |
push esi |
call 00007F76ACEDD524h |
test eax, eax |
je 00007F76ACEDCDC2h |
mov eax, dword ptr fs:[00000018h] |
mov esi, 004D18E4h |
mov edx, dword ptr [eax+04h] |
jmp 00007F76ACEDCDA6h |
cmp edx, eax |
je 00007F76ACEDCDB2h |
xor eax, eax |
mov ecx, edx |
lock cmpxchg dword ptr [esi], ecx |
test eax, eax |
jne 00007F76ACEDCD92h |
xor al, al |
pop esi |
ret |
mov al, 01h |
pop esi |
ret |
push ebp |
mov ebp, esp |
cmp dword ptr [ebp+08h], 00000000h |
jne 00007F76ACEDCDA9h |
mov byte ptr [004D18E8h], 00000001h |
call 00007F76ACEDD34Ch |
call 00007F76ACEDD7B3h |
test al, al |
jne 00007F76ACEDCDA6h |
xor al, al |
pop ebp |
ret |
call 00007F76ACEE12C8h |
test al, al |
jne 00007F76ACEDCDACh |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x29bdc | 0x154 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xd3000 | 0x1e0 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0xd3a00 | 0x1e60 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xd4000 | 0x3bc0 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x29480 | 0x38 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x294b8 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x22000 | 0x234 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x202a5 | 0x20400 | False | 0.483852652616 | data | 6.49296073097 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x22000 | 0x8942 | 0x8a00 | False | 0.446359827899 | data | 5.34613683148 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x2b000 | 0xa77f0 | 0xa6a00 | False | 0.181593738278 | DOS executable (block device driver \277DN) | 3.15265096008 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0xd3000 | 0x1e0 | 0x200 | False | 0.52734375 | data | 4.70189840452 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xd4000 | 0x3bc0 | 0x3c00 | False | 0.651692708333 | data | 6.57845878967 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_MANIFEST | 0xd3060 | 0x17d | XML 1.0 document text | English | United States |
Imports |
---|
DLL | Import |
---|---|
VERSION.dll | GetFileVersionInfoSizeW, GetFileVersionInfoW |
WS2_32.dll | htons, inet_addr, connect, socket, WSAStartup |
KERNEL32.dll | FindNextFileW, FlushFileBuffers, FlushViewOfFile, GetComputerNameExW, GetConsoleCP, GetConsoleMode, GetCurrentDirectoryW, HeapCreate, PeekNamedPipe, PostQueuedCompletionStatus, SetFileAttributesW, SetFilePointerEx, SetHandleInformation, SetInformationJobObject, Sleep, VirtualAlloc, VirtualAllocEx, FindFirstFileExW, VirtualFreeEx, VirtualProtect, VirtualProtectEx, VirtualQuery, VirtualQueryEx, GetPhysicallyInstalledSystemMemory, QueryPerformanceCounter, FindClose, GetFileType, DeleteFileW, CreateSemaphoreW, CreateEventW, CreateDirectoryW, ConnectNamedPipe, GetProcessHeap, HeapSize, HeapReAlloc, CloseHandle, CreateFileW, WriteConsoleW, FindFirstFileExA, LCMapStringW, VirtualFree, DecodePointer, GetStringTypeW, SetStdHandle, FindNextFileA, HeapFree, HeapAlloc, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, GetCommandLineA, GetACP, GetCPInfo, GetOEMCP, IsValidCodePage, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, IsProcessorFeaturePresent, GetModuleHandleW, GetCurrentProcess, TerminateProcess, RtlUnwind, GetLastError, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, GetProcAddress, LoadLibraryExW, RaiseException, GetStdHandle, WriteFile, GetModuleFileNameA, MultiByteToWideChar, WideCharToMultiByte, ExitProcess, GetModuleHandleExW |
USER32.dll | UnregisterClassW, CreateDesktopW, CloseWindowStation, CloseDesktop, DrawFrameControl |
ADVAPI32.dll | EventUnregister, ConvertSidToStringSidW, GetTokenInformation, GetKernelObjectSecurity, GetAce, FreeSid, EventWrite, AccessCheck, EventRegister, EqualSid, DuplicateTokenEx, DuplicateToken |
SHELL32.dll | SHGetKnownFolderPath, SHGetFolderPathW |
ADVPACK.dll | RebootCheckOnInstallW |
dhcpcsvc.DLL | McastApiStartup |
gdiplus.dll | GdipSetMatrixElements |
PROPSYS.dll | PropVariantToInt32 |
TAPI32.dll | lineGetAddressCapsA |
TRAFFIC.dll | TcQueryInterface |
VSSAPI.DLL | CreateVssBackupComponentsInternal |
wevtapi.dll | EvtGetPublisherMetadataProperty |
WINTRUST.dll | CryptCATPersistStore |
XmlLite.dll | CreateXmlWriterOutputWithEncodingCodePage |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 9, 2019 09:33:04.257024050 CET | 49169 | 53 | 192.168.1.16 | 8.8.8.8 |
Dec 9, 2019 09:33:04.280456066 CET | 53 | 49169 | 8.8.8.8 | 192.168.1.16 |
Dec 9, 2019 09:33:04.280795097 CET | 49169 | 53 | 192.168.1.16 | 8.8.8.8 |
Dec 9, 2019 09:33:06.305363894 CET | 53 | 49169 | 8.8.8.8 | 192.168.1.16 |
Dec 9, 2019 09:33:06.308520079 CET | 49169 | 53 | 192.168.1.16 | 8.8.8.8 |
Dec 9, 2019 09:33:07.911324024 CET | 49169 | 53 | 192.168.1.16 | 8.8.8.8 |
Dec 9, 2019 09:34:04.358297110 CET | 49170 | 53 | 192.168.1.16 | 8.8.8.8 |
Dec 9, 2019 09:34:04.381735086 CET | 53 | 49170 | 8.8.8.8 | 192.168.1.16 |
Dec 9, 2019 09:34:04.382009029 CET | 49170 | 53 | 192.168.1.16 | 8.8.8.8 |
Dec 9, 2019 09:34:06.405953884 CET | 53 | 49170 | 8.8.8.8 | 192.168.1.16 |
Dec 9, 2019 09:34:06.406146049 CET | 49170 | 53 | 192.168.1.16 | 8.8.8.8 |
Dec 9, 2019 09:34:08.325558901 CET | 49171 | 5200 | 192.168.1.16 | 45.133.183.138 |
Dec 9, 2019 09:34:11.324734926 CET | 49171 | 5200 | 192.168.1.16 | 45.133.183.138 |
Dec 9, 2019 09:34:15.368417978 CET | 49172 | 53 | 192.168.1.16 | 8.8.8.8 |
Dec 9, 2019 09:34:15.391953945 CET | 53 | 49172 | 8.8.8.8 | 192.168.1.16 |
Dec 9, 2019 09:34:15.392064095 CET | 49172 | 53 | 192.168.1.16 | 8.8.8.8 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 9, 2019 09:32:03.925107002 CET | 57034 | 53 | 192.168.1.16 | 8.8.8.8 |
Dec 9, 2019 09:32:03.966739893 CET | 53 | 57034 | 8.8.8.8 | 192.168.1.16 |
Dec 9, 2019 09:32:03.974251986 CET | 63068 | 53 | 192.168.1.16 | 8.8.8.8 |
Dec 9, 2019 09:32:04.007591009 CET | 53 | 63068 | 8.8.8.8 | 192.168.1.16 |
Dec 9, 2019 09:32:04.150613070 CET | 52162 | 53 | 192.168.1.16 | 8.8.8.8 |
Dec 9, 2019 09:32:04.174222946 CET | 53 | 52162 | 8.8.8.8 | 192.168.1.16 |
Dec 9, 2019 09:32:05.150875092 CET | 52162 | 53 | 192.168.1.16 | 8.8.8.8 |
Dec 9, 2019 09:32:05.176254034 CET | 53 | 52162 | 8.8.8.8 | 192.168.1.16 |
Dec 9, 2019 09:32:06.168806076 CET | 52162 | 53 | 192.168.1.16 | 8.8.8.8 |
Dec 9, 2019 09:32:06.192899942 CET | 53 | 52162 | 8.8.8.8 | 192.168.1.16 |
Dec 9, 2019 09:32:08.166450024 CET | 52162 | 53 | 192.168.1.16 | 8.8.8.8 |
Dec 9, 2019 09:32:08.189980984 CET | 53 | 52162 | 8.8.8.8 | 192.168.1.16 |
Dec 9, 2019 09:32:12.166918993 CET | 52162 | 53 | 192.168.1.16 | 8.8.8.8 |
Dec 9, 2019 09:32:12.190679073 CET | 53 | 52162 | 8.8.8.8 | 192.168.1.16 |
Dec 9, 2019 09:33:16.274024963 CET | 52137 | 53 | 192.168.1.16 | 8.8.8.8 |
Dec 9, 2019 09:33:16.297591925 CET | 53 | 52137 | 8.8.8.8 | 192.168.1.16 |
Dec 9, 2019 09:33:17.260957003 CET | 52137 | 53 | 192.168.1.16 | 8.8.8.8 |
Dec 9, 2019 09:33:17.284552097 CET | 53 | 52137 | 8.8.8.8 | 192.168.1.16 |
Dec 9, 2019 09:33:18.260999918 CET | 52137 | 53 | 192.168.1.16 | 8.8.8.8 |
Dec 9, 2019 09:33:18.284573078 CET | 53 | 52137 | 8.8.8.8 | 192.168.1.16 |
Dec 9, 2019 09:33:20.261075974 CET | 52137 | 53 | 192.168.1.16 | 8.8.8.8 |
Dec 9, 2019 09:33:20.288018942 CET | 53 | 52137 | 8.8.8.8 | 192.168.1.16 |
Dec 9, 2019 09:33:24.260509968 CET | 52137 | 53 | 192.168.1.16 | 8.8.8.8 |
Dec 9, 2019 09:33:24.284087896 CET | 53 | 52137 | 8.8.8.8 | 192.168.1.16 |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 09:31:45 |
Start date: | 09/12/2019 |
Path: | C:\Users\user\Desktop\4ifN8B061M.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x12e0000 |
File size: | 874592 bytes |
MD5 hash: | 94FF625253B3920FE5B6824BD8C30482 |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 09:32:44 |
Start date: | 09/12/2019 |
Path: | C:\ProgramData\images.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0xcc0000 |
File size: | 874592 bytes |
MD5 hash: | 94FF625253B3920FE5B6824BD8C30482 |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Antivirus matches: |
|
Reputation: | low |
General |
---|
Start time: | 09:32:55 |
Start date: | 09/12/2019 |
Path: | C:\ProgramData\images.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0xcc0000 |
File size: | 874592 bytes |
MD5 hash: | 94FF625253B3920FE5B6824BD8C30482 |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Disassembly |
---|
Code Analysis |
---|
Execution Graph |
---|
Execution Coverage: | 5.3% |
Dynamic/Decrypted Code Coverage: | 65.5% |
Signature Coverage: | 3.9% |
Total number of Nodes: | 1100 |
Total number of Limit Nodes: | 42 |
Graph
Executed Functions |
---|
Function 012F7A20, Relevance: 511.8, APIs: 2, Strings: 289, Instructions: 2543memoryUNIQUE
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 012F6AA6, Relevance: 155.8, APIs: 1, Strings: 102, Instructions: 1267sleepUNIQUE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 002606D5, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 138comCOMMON
Control-flow Graph |
---|
C-Code - Quality: 59% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 6.84% |
Function 012E19AA, Relevance: 1.5, APIs: 1, Instructions: 3COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.01% |
Function 002611D0, Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 137registrystringCOMMON
Control-flow Graph |
---|
C-Code - Quality: 93% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 6.84% |
Control-flow Graph |
---|
C-Code - Quality: 79% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 012E62F8, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE
Control-flow Graph |
---|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 3.32% |
Function 012F1106, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 38networkUNIQUE
Control-flow Graph |
---|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.04% |
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0025EBD4, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 21libraryloaderCOMMON
Control-flow Graph |
---|
C-Code - Quality: 40% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 2.28% |
Control-flow Graph |
---|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 2.84% |
Function 0025DB97, Relevance: 6.0, APIs: 4, Instructions: 37COMMON
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.13% |
Function 0025F0C8, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 164fileUNIQUE
Control-flow Graph |
---|
C-Code - Quality: 96% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 012E8FDB, Relevance: 4.7, APIs: 3, Instructions: 168COMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.59% |
C-Code - Quality: 91% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.05% |
Function 0025EB77, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42processCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.30% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.05% |
Function 012E6499, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.07% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.35% |
Function 002555A0, Relevance: 3.2, APIs: 1, Strings: 1, Instructions: 154sleepUNIQUE
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 012E8DD2, Relevance: 3.1, APIs: 2, Instructions: 100COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.03% |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.24% |
Function 012E4DFC, Relevance: 3.0, APIs: 2, Instructions: 31COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.03% |
Function 012E22B0, Relevance: 3.0, APIs: 2, Instructions: 19COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.34% |
Function 0025FB09, Relevance: 3.0, APIs: 2, Instructions: 14sleepCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 1.69% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 23.02% |
Function 00255A87, Relevance: 3.0, APIs: 2, Instructions: 6memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.01% |
Function 00255A76, Relevance: 2.5, APIs: 2, Instructions: 6memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.01% |
Function 012E946D, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.03% |
Function 00260A57, Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
C-Code - Quality: 87% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 8.94% |
Function 012E622D, Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
C-Code - Quality: 79% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.16% |
Function 0025D75B, Relevance: 1.5, APIs: 1, Instructions: 28COMMON
C-Code - Quality: 58% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.51% |
Function 0025D425, Relevance: 1.5, APIs: 1, Instructions: 27COMMON
C-Code - Quality: 87% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 00253001, Relevance: 1.5, APIs: 1, Instructions: 27COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.14% |
Function 00253162, Relevance: 1.5, APIs: 1, Instructions: 25stringCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 1.37% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.20% |
Function 0025DD40, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 1.31% |
Function 00260E1E, Relevance: 1.5, APIs: 1, Instructions: 16threadCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.06% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.03% |
C-Code - Quality: 75% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 1.47% |
Function 0025DBF3, Relevance: 1.5, APIs: 1, Instructions: 12COMMON
C-Code - Quality: 50% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.43% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.09% |
Function 0025D70F, Relevance: 1.5, APIs: 1, Instructions: 8COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 5.06% |
Function 002559AA, Relevance: 1.3, APIs: 1, Instructions: 17memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 00258C74, Relevance: 1.3, APIs: 1, Instructions: 9COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.02% |
Function 00255A3C, Relevance: 1.3, APIs: 1, Instructions: 6memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 00255A2D, Relevance: 1.3, APIs: 1, Instructions: 5COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.02% |
Non-executed Functions |
---|
Function 012F85EF, Relevance: 75.5, Strings: 60, Instructions: 527UNIQUE
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0025765A, Relevance: 56.3, APIs: 17, Strings: 15, Instructions: 286keyboardUNIQUE
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 00257CB3, Relevance: 40.5, APIs: 22, Strings: 1, Instructions: 277registrystringwindowUNIQUE
C-Code - Quality: 85% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 00258F40, Relevance: 31.8, APIs: 9, Strings: 9, Instructions: 296registryCOMMON
C-Code - Quality: 98% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 10.55% |
Function 002598B0, Relevance: 28.4, APIs: 5, Strings: 11, Instructions: 406filestringUNIQUE
C-Code - Quality: 95% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
C-Code - Quality: 94% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0025B889, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 55servicesleepUNIQUE
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0025BDDC, Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 167servicestringUNIQUE
C-Code - Quality: 89% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 00258A9C, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 61fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 10.55% |
Function 0025FD9E, Relevance: 13.6, APIs: 9, Instructions: 81injectionmemorythreadUNIQUE
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0025AFDF, Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 290fileencryptionCOMMON
C-Code - Quality: 96% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 10.55% |
Function 0025B81D, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 52serviceCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 4.31% |
C-Code - Quality: 88% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0025582B, Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 20libraryloaderCOMMON
C-Code - Quality: 68% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 10.55% |
Function 0025F6C1, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48registryUNIQUE
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 012EBCE2, Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1469COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.12% |
Function 0025FE7E, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 45processUNIQUE
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.68% |
Function 002592D8, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62memoryencryptionstringCOMMON
C-Code - Quality: 24% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 10.55% |
Function 0025D508, Relevance: 6.1, APIs: 4, Instructions: 63memoryUNIQUE
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 00252675, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82filenetworkUNIQUE
C-Code - Quality: 92% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 37.75% |
Function 0025DFC9, Relevance: 4.6, APIs: 3, Instructions: 90UNIQUE
C-Code - Quality: 85% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 37.75% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.02% |
Function 00259E04, Relevance: 4.6, APIs: 3, Instructions: 61stringencryptionCOMMON
C-Code - Quality: 92% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 10.55% |
Function 0025D609, Relevance: 4.6, APIs: 3, Instructions: 60COMMON
C-Code - Quality: 60% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 7.75% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.03% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.05% |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 0025DEC5, Relevance: 3.1, APIs: 2, Instructions: 82fileCOMMON
C-Code - Quality: 72% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.95% |
Function 0025B799, Relevance: 3.1, APIs: 2, Instructions: 57UNIQUE
C-Code - Quality: 50% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.03% |
C-Code - Quality: 64% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.03% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.04% |
Function 012E9EC7, Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.04% |
Function 012EE793, Relevance: .1, Instructions: 105COMMONLIBRARYCODE
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 002454A9, Relevance: .1, Instructions: 93COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 012EE666, Relevance: .1, Instructions: 86COMMONLIBRARYCODE
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 00230467, Relevance: .1, Instructions: 80COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 0025F9F3, Relevance: .1, Instructions: 63COMMONCrypto
C-Code - Quality: 83% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 0023F332, Relevance: .1, Instructions: 63COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 0024931C, Relevance: .0, Instructions: 44COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 002492E7, Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 012E943A, Relevance: .0, Instructions: 23COMMONLIBRARYCODE
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 0025E5BE, Relevance: .0, Instructions: 20COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 0023DEFD, Relevance: .0, Instructions: 20COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 0025E8EC, Relevance: .0, Instructions: 11COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 0023E22B, Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 0025E5B7, Relevance: .0, Instructions: 2COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 0023DEF6, Relevance: .0, Instructions: 2COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 0025A324, Relevance: 47.5, APIs: 10, Strings: 17, Instructions: 219libraryUNIQUE
C-Code - Quality: 98% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0025822F, Relevance: 33.5, APIs: 16, Strings: 3, Instructions: 229windowstringregistryUNIQUE
C-Code - Quality: 85% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 37.75% |
Function 00258D7E, Relevance: 33.4, APIs: 14, Strings: 5, Instructions: 160registrystringCOMMON
C-Code - Quality: 85% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 10.55% |
Function 00260E40, Relevance: 33.4, APIs: 13, Strings: 6, Instructions: 124filestringUNIQUE
C-Code - Quality: 85% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0025C67E, Relevance: 30.0, APIs: 9, Strings: 8, Instructions: 237registryUNIQUE
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0025F8C0, Relevance: 29.8, APIs: 11, Strings: 6, Instructions: 88sleepregistrystringUNIQUE
C-Code - Quality: 84% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 002574B4, Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 135windowstringfileUNIQUE
C-Code - Quality: 71% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0025CD2C, Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 135pipethreadUNIQUE
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 00257AEB, Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 147filestringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 8.94% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.25% |
Function 0025B90E, Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 71serviceUNIQUE
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
C-Code - Quality: 74% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0025C033, Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 111registryUNIQUE
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0025D7A9, Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 130comUNIQUE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 012E7699, Relevance: 15.1, APIs: 10, Instructions: 70COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.03% |
Function 0025878B, Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 226fileUNIQUE
C-Code - Quality: 97% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0025D0F5, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 134networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 10.55% |
Function 00252803, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 108processthreadUNIQUE
C-Code - Quality: 80% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0025FCD9, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 75sleepprocessmemoryUNIQUE
C-Code - Quality: 68% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0025ADBE, Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 56registrystringUNIQUE
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 00260500, Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 175comCOMMON
C-Code - Quality: 61% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 10.55% |
Function 0025A1FF, Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 54libraryUNIQUE
C-Code - Quality: 94% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0025F7D0, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 49registrystringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 10.55% |
Function 00255AF2, Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 14libraryloaderCOMMON
C-Code - Quality: 68% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 10.55% |
C-Code - Quality: 85% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 5.06% |
Function 00260AD0, Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 168comCOMMON
C-Code - Quality: 55% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 10.55% |
Function 012EAC39, Relevance: 10.7, APIs: 7, Instructions: 162fileCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.61% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 00252B29, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 107stringUNIQUE
C-Code - Quality: 95% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.03% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 00258654, Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 38libraryUNIQUE
C-Code - Quality: 79% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0025F65C, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 38registrystringUNIQUE
C-Code - Quality: 73% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0025538F, Relevance: 9.1, APIs: 6, Instructions: 75networksynchronizationCOMMON
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 8.94% |
Function 012E7ABD, Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 311UNIQUELIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.75% |
Function 002551E4, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 145networkUNIQUE
C-Code - Quality: 79% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0025DC53, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 65registryUNIQUE
C-Code - Quality: 32% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0025EAC8, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 61windowUNIQUE
C-Code - Quality: 74% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0025F73D, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55memorystringUNIQUE
C-Code - Quality: 73% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 012E5312, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderUNIQUELIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 00258A40, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 34registryCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 10.55% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.03% |
Function 012E9317, Relevance: 7.6, APIs: 5, Instructions: 68COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.55% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.32% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.32% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 10.55% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.03% |
Function 0025A64F, Relevance: 7.5, APIs: 5, Instructions: 25COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.03% |
Function 0025A2CD, Relevance: 7.5, APIs: 5, Instructions: 25COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.03% |
C-Code - Quality: 61% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 10.55% |
Function 0025D9DD, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 135libraryloaderUNIQUE
C-Code - Quality: 58% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 00260FE0, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 52stringCOMMON
C-Code - Quality: 85% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 5.06% |
Function 00260FEC, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 48stringCOMMON
C-Code - Quality: 84% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 5.06% |
Function 002613C8, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46stringCOMMON
C-Code - Quality: 66% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 6.84% |
Function 0025D469, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 28libraryloaderUNIQUE
C-Code - Quality: 58% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0025D4B8, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24libraryloaderUNIQUE
C-Code - Quality: 58% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
C-Code - Quality: 86% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0025B4FE, Relevance: 6.3, APIs: 5, Instructions: 92COMMON
C-Code - Quality: 94% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.14% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.03% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 10.55% |
C-Code - Quality: 25% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 7.75% |
Function 0025444A, Relevance: 6.0, APIs: 4, Instructions: 46UNIQUE
C-Code - Quality: 82% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0025FC79, Relevance: 6.0, APIs: 4, Instructions: 42fileCOMMON
C-Code - Quality: 87% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.18% |
Function 0025CCBA, Relevance: 6.0, APIs: 4, Instructions: 35threadsynchronizationCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 10.55% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.53% |
Function 012E59CB, Relevance: 6.0, APIs: 4, Instructions: 19COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.03% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0025C1A0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60registryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 5.06% |
Function 0025BD37, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 56registryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 5.06% |
Function 00260D9D, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53processUNIQUE
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 37.75% |
Function 0025515A, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52networkUNIQUE
C-Code - Quality: 86% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 00260164, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 30synchronizationUNIQUE
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0026012D, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 13synchronizationUNIQUE
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0025FBFC, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 13windowUNIQUE
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Execution Graph |
---|
Execution Coverage: | 5% |
Dynamic/Decrypted Code Coverage: | 61.6% |
Signature Coverage: | 3% |
Total number of Nodes: | 987 |
Total number of Limit Nodes: | 36 |
Graph
Executed Functions |
---|
Function 00CD7A20, Relevance: 511.8, APIs: 2, Strings: 289, Instructions: 2543memoryUNIQUE
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 00CD6AA6, Relevance: 155.8, APIs: 1, Strings: 102, Instructions: 1267sleepUNIQUE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 00CC19AA, Relevance: 1.5, APIs: 1, Instructions: 3COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.01% |
Function 004411D0, Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 137registrystringCOMMON
Control-flow Graph |
---|
C-Code - Quality: 93% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 6.84% |
Function 004406D5, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 138comCOMMON
Control-flow Graph |
---|
C-Code - Quality: 59% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 6.84% |
Control-flow Graph |
---|
C-Code - Quality: 79% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 00CC62F8, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE
Control-flow Graph |
---|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 3.32% |
Function 00CD1106, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 38networkUNIQUE
Control-flow Graph |
---|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.04% |
Function 0043538F, Relevance: 9.1, APIs: 6, Instructions: 75networksynchronizationCOMMON
Control-flow Graph |
---|
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 8.94% |
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0043EBD4, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 21libraryloaderCOMMON
Control-flow Graph |
---|
C-Code - Quality: 40% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 2.28% |
Control-flow Graph |
---|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 2.84% |
Function 0043DB97, Relevance: 6.0, APIs: 4, Instructions: 37COMMON
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.13% |
Function 00CC8FDB, Relevance: 4.7, APIs: 3, Instructions: 168COMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.59% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.05% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.05% |
Function 00CC6499, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.07% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.35% |
Function 004355A0, Relevance: 3.2, APIs: 1, Strings: 1, Instructions: 154sleepUNIQUE
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 00CC8DD2, Relevance: 3.1, APIs: 2, Instructions: 100COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.03% |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 00433381, Relevance: 3.1, APIs: 2, Instructions: 54COMMON
C-Code - Quality: 91% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.12% |
C-Code - Quality: 85% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.03% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.24% |
Function 00CC4DFC, Relevance: 3.0, APIs: 2, Instructions: 31COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.03% |
Function 00CC22B0, Relevance: 3.0, APIs: 2, Instructions: 19COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.34% |
Function 0043FB09, Relevance: 3.0, APIs: 2, Instructions: 14sleepCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 1.69% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 23.02% |
Function 00435A87, Relevance: 3.0, APIs: 2, Instructions: 6memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.01% |
Function 00435A76, Relevance: 2.5, APIs: 2, Instructions: 6memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.01% |
Function 00CC946D, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.03% |
Function 00CC622D, Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 00433001, Relevance: 1.5, APIs: 1, Instructions: 27COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.14% |
Function 0043D425, Relevance: 1.5, APIs: 1, Instructions: 27COMMON
C-Code - Quality: 87% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 00433162, Relevance: 1.5, APIs: 1, Instructions: 25stringCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 1.37% |
Function 0043DD40, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 1.31% |
Function 00440E1E, Relevance: 1.5, APIs: 1, Instructions: 16threadCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.06% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.03% |
Function 0043DBF3, Relevance: 1.5, APIs: 1, Instructions: 12COMMON
C-Code - Quality: 50% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.43% |
Function 0043D70F, Relevance: 1.5, APIs: 1, Instructions: 8COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 5.06% |
Function 00434A83, Relevance: 1.3, APIs: 1, Instructions: 46sleepCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 004359AA, Relevance: 1.3, APIs: 1, Instructions: 17memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 00438C74, Relevance: 1.3, APIs: 1, Instructions: 9COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.02% |
Function 00435A3C, Relevance: 1.3, APIs: 1, Instructions: 6memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 00435A2D, Relevance: 1.3, APIs: 1, Instructions: 5COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.02% |
Non-executed Functions |
---|
Function 00CD85EF, Relevance: 75.5, Strings: 60, Instructions: 527UNIQUE
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 00438F40, Relevance: 31.8, APIs: 9, Strings: 9, Instructions: 296registryCOMMON
C-Code - Quality: 98% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 10.55% |
Function 004398B0, Relevance: 28.4, APIs: 5, Strings: 11, Instructions: 406filestringUNIQUE
C-Code - Quality: 95% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
C-Code - Quality: 94% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0043BDDC, Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 167servicestringUNIQUE
C-Code - Quality: 89% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 00438A9C, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 61fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 10.55% |
Function 0043FD9E, Relevance: 13.6, APIs: 9, Instructions: 81injectionmemorythreadUNIQUE
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0043AFDF, Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 290fileencryptionCOMMON
C-Code - Quality: 96% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 10.55% |
Function 00CCBCE2, Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1469COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.12% |
Function 0043FE7E, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 45processUNIQUE
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 004392D8, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62memoryencryptionstringCOMMON
C-Code - Quality: 24% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 10.55% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.02% |
Function 00439E04, Relevance: 4.6, APIs: 3, Instructions: 61stringencryptionCOMMON
C-Code - Quality: 92% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 10.55% |
Function 0043D609, Relevance: 4.6, APIs: 3, Instructions: 60COMMON
C-Code - Quality: 60% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 7.75% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.03% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.05% |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 0043DEC5, Relevance: 3.1, APIs: 2, Instructions: 82fileCOMMON
C-Code - Quality: 72% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.95% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.03% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.04% |
Function 00CCE793, Relevance: .1, Instructions: 105COMMONLIBRARYCODE
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 004254A9, Relevance: .1, Instructions: 93COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 00CCE666, Relevance: .1, Instructions: 86COMMONLIBRARYCODE
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 00410467, Relevance: .1, Instructions: 80COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 0043F9F3, Relevance: .1, Instructions: 63COMMONCrypto
C-Code - Quality: 83% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 0041F332, Relevance: .1, Instructions: 63COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 0042931C, Relevance: .0, Instructions: 44COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 004292E7, Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 00CC943A, Relevance: .0, Instructions: 23COMMONLIBRARYCODE
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 0043E5BE, Relevance: .0, Instructions: 20COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 0041DEFD, Relevance: .0, Instructions: 20COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 0043E8EC, Relevance: .0, Instructions: 11COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 0041E22B, Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 0043E5B7, Relevance: .0, Instructions: 2COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 0041DEF6, Relevance: .0, Instructions: 2COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 0043765A, Relevance: 56.3, APIs: 17, Strings: 15, Instructions: 286keyboardUNIQUE
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0043A324, Relevance: 47.5, APIs: 10, Strings: 17, Instructions: 219libraryUNIQUE
C-Code - Quality: 98% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 00437CB3, Relevance: 40.5, APIs: 22, Strings: 1, Instructions: 277registrystringwindowUNIQUE
C-Code - Quality: 85% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0043822F, Relevance: 33.5, APIs: 16, Strings: 3, Instructions: 229windowstringregistryUNIQUE
C-Code - Quality: 85% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 37.75% |
Function 00438D7E, Relevance: 33.4, APIs: 14, Strings: 5, Instructions: 160registrystringCOMMON
C-Code - Quality: 85% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 10.55% |
Function 00440E40, Relevance: 33.4, APIs: 13, Strings: 6, Instructions: 124filestringUNIQUE
C-Code - Quality: 85% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0043C67E, Relevance: 30.0, APIs: 9, Strings: 8, Instructions: 237registryUNIQUE
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0043F8C0, Relevance: 29.8, APIs: 11, Strings: 6, Instructions: 88sleepregistrystringUNIQUE
C-Code - Quality: 84% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 004374B4, Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 135windowstringfileUNIQUE
C-Code - Quality: 71% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0043CD2C, Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 135pipethreadUNIQUE
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 00437AEB, Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 147filestringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 8.94% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.25% |
Function 0043B90E, Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 71serviceUNIQUE
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
C-Code - Quality: 74% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0043C033, Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 111registryUNIQUE
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0043B889, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 55servicesleepUNIQUE
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0043878B, Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 226fileUNIQUE
C-Code - Quality: 97% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0043D7A9, Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 130comUNIQUE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 00CC7699, Relevance: 15.1, APIs: 10, Instructions: 70COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.03% |
Function 0043D0F5, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 134networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 10.55% |
Function 00432803, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 108processthreadUNIQUE
C-Code - Quality: 80% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0043FCD9, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 75sleepprocessmemoryUNIQUE
C-Code - Quality: 68% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0043ADBE, Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 56registrystringUNIQUE
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 00440500, Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 175comCOMMON
C-Code - Quality: 61% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 10.55% |
Function 0043A1FF, Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 54libraryUNIQUE
C-Code - Quality: 94% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0043B81D, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 52serviceCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 4.31% |
Function 0043F7D0, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 49registrystringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 10.55% |
C-Code - Quality: 88% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0043582B, Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 20libraryloaderCOMMON
C-Code - Quality: 68% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 10.55% |
Function 00435AF2, Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 14libraryloaderCOMMON
C-Code - Quality: 68% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 10.55% |
C-Code - Quality: 85% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 5.06% |
Function 00440AD0, Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 168comCOMMON
C-Code - Quality: 55% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 10.55% |
Function 00CCAC39, Relevance: 10.7, APIs: 7, Instructions: 162fileCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.61% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 00432B29, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 107stringUNIQUE
C-Code - Quality: 95% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.03% |
Function 0043F6C1, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48registryUNIQUE
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 00438654, Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 38libraryUNIQUE
C-Code - Quality: 79% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0043F65C, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 38registrystringUNIQUE
C-Code - Quality: 73% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.75% |
Function 004351E4, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 145networkUNIQUE
C-Code - Quality: 79% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0043DC53, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 65registryUNIQUE
C-Code - Quality: 32% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0043EAC8, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 61windowUNIQUE
C-Code - Quality: 74% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0043F73D, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55memorystringUNIQUE
C-Code - Quality: 73% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0043FC79, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 42fileUNIQUE
C-Code - Quality: 87% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 00CC5312, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderUNIQUELIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 00438A40, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 34registryCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 10.55% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.03% |
Function 00CC9317, Relevance: 7.6, APIs: 5, Instructions: 68COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.55% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.32% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.32% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 10.55% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.68% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.03% |
Function 0043A64F, Relevance: 7.5, APIs: 5, Instructions: 25COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.03% |
Function 0043A2CD, Relevance: 7.5, APIs: 5, Instructions: 25COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.03% |
C-Code - Quality: 61% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 10.55% |
Function 0043D9DD, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 135libraryloaderUNIQUE
C-Code - Quality: 58% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 00440FE0, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 53stringCOMMON
C-Code - Quality: 83% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 5.06% |
Function 00440FEC, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 48stringCOMMON
C-Code - Quality: 84% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 5.06% |
Function 004413C8, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46stringCOMMON
C-Code - Quality: 66% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 6.84% |
Function 0043D469, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 28libraryloaderUNIQUE
C-Code - Quality: 58% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0043D4B8, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24libraryloaderUNIQUE
C-Code - Quality: 58% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
C-Code - Quality: 86% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0043B4FE, Relevance: 6.3, APIs: 5, Instructions: 92COMMON
C-Code - Quality: 94% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.14% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.38% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.03% |
Function 0043D508, Relevance: 6.1, APIs: 4, Instructions: 63memoryUNIQUE
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 10.55% |
C-Code - Quality: 25% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 7.75% |
Function 0043444A, Relevance: 6.0, APIs: 4, Instructions: 46UNIQUE
C-Code - Quality: 82% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0043CCBA, Relevance: 6.0, APIs: 4, Instructions: 35threadsynchronizationCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 10.55% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.53% |
Function 00CC59CB, Relevance: 6.0, APIs: 4, Instructions: 19COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.03% |
Function 0043F0C8, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 164fileUNIQUE
C-Code - Quality: 95% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 00432675, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82filenetworkUNIQUE
C-Code - Quality: 92% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 37.75% |
Function 0043C1A0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60registryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 5.06% |
Function 0043BD37, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 56registryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 5.06% |
Function 00440D9D, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53processUNIQUE
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 37.75% |
Function 0043515A, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52networkUNIQUE
C-Code - Quality: 86% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0043FBFC, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 13windowUNIQUE
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |