Analysis Report zhAQkCQvME
Overview
General Information |
---|
Joe Sandbox Version: | 28.0.0 Lapis Lazuli |
Analysis ID: | 997215 |
Start date: | 13.11.2019 |
Start time: | 19:26:48 |
Joe Sandbox Product: | Cloud |
Overall analysis duration: | 0h 15m 0s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | zhAQkCQvME (renamed file extension from none to exe) |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 7 (Office 2010 SP2, Java 1.8.0_40 1.8.0_191, Flash 16.0.0.305, Acrobat Reader 11.0.08, Internet Explorer 11, Chrome 55, Firefox 43) |
Number of analysed new started processes analysed: | 21 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 6 |
Technologies: |
|
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.bank.troj.spyw.evad.winEXE@25/7@2/4 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Detection |
---|
Strategy | Score | Range | Reporting | Whitelisted | Threat | Detection | |
---|---|---|---|---|---|---|---|
Threshold | 100 | 0 - 100 | Report FP / FN | false | Qbot |
Confidence |
---|
Strategy | Score | Range | Further Analysis Required? | Confidence | |
---|---|---|---|---|---|
Threshold | 5 | 0 - 5 | false |
Classification |
---|
Analysis Advice |
---|
Contains functionality to modify the execution of threads in other processes |
Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox |
Sample has a GUI, but Joe Sandbox has not found any clickable buttons, likely more UI automation may extend behavior |
Sample has functionality to log and monitor keystrokes, analyze it with the 'Simulates keyboard and window changes' cookbook |
Sample hooks winsock APIs (likely related to a banking trojan), analyze sample with the 'Check if internet explorer is infected by malware' cookbook |
Sample is a service DLL but no service has been registered |
Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--") |
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control |
---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts1 | Windows Management Instrumentation21 | Registry Run Keys / Startup Folder1 | Exploitation for Privilege Escalation1 | Software Packing22 | Network Sniffing1 | System Time Discovery1 | Remote File Copy2 | Input Capture11 | Data Encrypted11 | Uncommonly Used Port1 |
Replication Through Removable Media | Execution through API1 | Hooking21 | Hooking21 | Deobfuscate/Decode Files or Information1 | Hooking21 | Account Discovery1 | Remote Services | Clipboard Data1 | Exfiltration Over Other Network Medium | Remote File Copy2 |
Drive-by Compromise | Command-Line Interface1 | Valid Accounts1 | Valid Accounts1 | Obfuscated Files or Information2 | Input Capture11 | Security Software Discovery341 | Windows Remote Management | Data from Network Shared Drive | Automated Exfiltration | Standard Cryptographic Protocol22 |
Exploit Public-Facing Application | Service Execution2 | Scheduled Task1 | Access Token Manipulation11 | Rootkit2 | Credentials in Files | File and Directory Discovery1 | Logon Scripts | Input Capture | Data Encrypted | Standard Non-Application Layer Protocol3 |
Spearphishing Link | Scheduled Task1 | Modify Existing Service1 | Process Injection711 | Valid Accounts1 | Account Manipulation | Network Sniffing1 | Shared Webroot | Data Staged | Scheduled Transfer | Standard Application Layer Protocol13 |
Spearphishing Attachment | Graphical User Interface | New Service3 | Scheduled Task1 | Access Token Manipulation11 | Brute Force | System Information Discovery35 | Third-party Software | Screen Capture | Data Transfer Size Limits | Commonly Used Port |
Spearphishing via Service | Scripting | Path Interception | New Service3 | Process Injection711 | Two-Factor Authentication Interception | Network Share Discovery1 | Pass the Hash | Email Collection | Exfiltration Over Command and Control Channel | Uncommonly Used Port |
Supply Chain Compromise | Third-party Software | Logon Scripts | Process Injection | Indicator Blocking | Bash History | Query Registry1 | Remote Desktop Protocol | Clipboard Data | Exfiltration Over Alternative Protocol | Standard Application Layer Protocol |
Trusted Relationship | Rundll32 | DLL Search Order Hijacking | Service Registry Permissions Weakness | Process Injection | Input Prompt | Process Discovery4 | Windows Admin Shares | Automated Collection | Exfiltration Over Physical Medium | Multilayer Encryption |
Hardware Additions | PowerShell | Change Default File Association | Exploitation for Privilege Escalation | Scripting | Keychain | System Owner/User Discovery1 | Taint Shared Content | Audio Capture | Connection Proxy | |
Execution through API | File System Permissions Weakness | Valid Accounts | Indicator Removal from Tools | Private Keys | Remote System Discovery11 | Replication Through Removable Media | Video Capture | Communication Through Removable Media | ||
Regsvr32 | New Service | Bypass User Account Control | Indicator Removal on Host | Securityd Memory | System Network Configuration Discovery2 | Pass the Ticket | Man in the Browser | Custom Command and Control Protocol |
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Antivirus or Machine Learning detection for dropped file | Show sources |
Source: | Avira: | ||
Source: | Joe Sandbox ML: |
Antivirus or Machine Learning detection for sample | Show sources |
Source: | Avira: | ||
Source: | Joe Sandbox ML: |
Genetic Malware detection for sample | Show sources |
Source: | Intezer: | Perma Link |
Genetic detection for dropped file | Show sources |
Source: | Intezer: | Perma Link |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link |
Antivirus or Machine Learning detection for unpacked file | Show sources |
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: |
Cryptography: |
---|
Uses Microsoft's Enhanced Cryptographic Provider | Show sources |
Source: | Code function: | 12_2_01510C9E |
Spreading: |
---|
Contains functionality to enumerate network shares | Show sources |
Source: | Code function: | 0_2_00410BA0 | |
Source: | Code function: | 12_2_00400BA0 |
Contains functionality to enumerate / list files inside a directory | Show sources |
Source: | Code function: | 12_2_0151B870 |
Networking: |
---|
May check the online IP address of the machine | Show sources |
Source: | DNS query: |
Uses ping.exe to check the status of other devices and networks | Show sources |
Source: | Process created: |
Detected TCP or UDP traffic on non-standard ports | Show sources |
Source: | TCP traffic: |
IP address seen in connection with other malware | Show sources |
Source: | IP Address: |
Internet Provider seen in connection with other malware | Show sources |
Source: | ASN Name: |
JA3 SSL client fingerprint seen in connection with other malware | Show sources |
Source: | JA3 fingerprint: | ||
Source: | JA3 fingerprint: |
Uses a known web browser user agent for HTTP communication | Show sources |
Source: | HTTP traffic detected: |
Connects to IPs without corresponding DNS lookups | Show sources |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Downloads files | Show sources |
Source: | File created: | Jump to behavior |
Downloads files from webservers via HTTP | Show sources |
Source: | HTTP traffic detected: |
Found strings which match to known social media urls | Show sources |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Performs DNS lookups | Show sources |
Source: | DNS traffic detected: |
Urls found in memory or binary data | Show sources |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Uses HTTPS | Show sources |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Key, Mouse, Clipboard, Microphone and Screen Capturing: |
---|
Hooks clipboard functions (used to sniff clipboard data) | Show sources |
Source: | IAT, EAT or inline hook detected: |
Contains functionality to retrieve information about pressed keystrokes | Show sources |
Source: | Code function: | 19_2_015D9210 |
E-Banking Fraud: |
---|
Hooks winsocket function (used for sniffing or altering network traffic) | Show sources |
Source: | File created: |
System Summary: |
---|
Malicious sample detected (through community Yara rule) | Show sources |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Contains functionality to call native functions | Show sources |
Source: | Code function: | 0_2_0040C370 | |
Source: | Code function: | 19_2_015D940B | |
Source: | Code function: | 21_2_013B940B | |
Source: | Code function: | 24_2_011D940B | |
Source: | Code function: | 25_2_011B940B |
Contains functionality to launch a process as a different user | Show sources |
Source: | Code function: | 0_2_00404400 |
Creates mutexes | Show sources |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Detected potential crypto function | Show sources |
Source: | Code function: | 0_2_00409C00 | |
Source: | Code function: | 0_2_0040A090 | |
Source: | Code function: | 0_2_0040F770 | |
Source: | Code function: | 0_2_004031F0 | |
Source: | Code function: | 0_2_0041280F | |
Source: | Code function: | 0_2_00402690 | |
Source: | Code function: | 0_2_0040CEA0 | |
Source: | Code function: | 0_2_004088B0 | |
Source: | Code function: | 0_2_00413120 | |
Source: | Code function: | 12_2_003F2690 | |
Source: | Code function: | 12_2_003F9C00 | |
Source: | Code function: | 12_2_0040280F | |
Source: | Code function: | 12_2_003F88B0 | |
Source: | Code function: | 12_2_003FA090 | |
Source: | Code function: | 12_2_00403120 | |
Source: | Code function: | 12_2_003F31F0 | |
Source: | Code function: | 12_2_003FCEA0 | |
Source: | Code function: | 12_2_003FF770 | |
Source: | Code function: | 12_2_0151EA50 | |
Source: | Code function: | 12_2_0151E5C0 | |
Source: | Code function: | 12_2_01511112 | |
Source: | Code function: | 12_2_015131DC | |
Source: | Code function: | 12_2_015269AF | |
Source: | Code function: | 12_2_01511A1B | |
Source: | Code function: | 12_2_01512AD6 | |
Source: | Code function: | 12_2_015272C0 | |
Source: | Code function: | 12_2_01515530 | |
Source: | Code function: | 12_2_01511533 | |
Source: | Code function: | 12_2_01523C50 | |
Source: | Code function: | 12_2_01520650 | |
Source: | Code function: | 19_2_015E9EC0 | |
Source: | Code function: | 19_2_015E7100 | |
Source: | Code function: | 19_2_015E51D0 | |
Source: | Code function: | 19_2_015EB580 | |
Source: | Code function: | 19_2_015E4C00 | |
Source: | Code function: | 19_2_015D1430 | |
Source: | Code function: | 19_2_015E2382 | |
Source: | Code function: | 19_2_015E1AD0 | |
Source: | Code function: | 19_2_015E9AF0 | |
Source: | Code function: | 21_2_013C9EC0 | |
Source: | Code function: | 21_2_013C7100 | |
Source: | Code function: | 21_2_013C51D0 | |
Source: | Code function: | 21_2_013DA1CF | |
Source: | Code function: | 21_2_013DA354 | |
Source: | Code function: | 21_2_013DA352 | |
Source: | Code function: | 21_2_013C2382 | |
Source: | Code function: | 21_2_013C9AF0 | |
Source: | Code function: | 21_2_013C1AD0 | |
Source: | Code function: | 21_2_013CB580 | |
Source: | Code function: | 21_2_013B1430 | |
Source: | Code function: | 21_2_013C4C00 | |
Source: | Code function: | 24_2_011E9EC0 | |
Source: | Code function: | 24_2_011E7100 | |
Source: | Code function: | 24_2_011E51D0 | |
Source: | Code function: | 24_2_011FA1CF | |
Source: | Code function: | 24_2_011FA354 | |
Source: | Code function: | 24_2_011FA352 | |
Source: | Code function: | 24_2_011E2382 | |
Source: | Code function: | 24_2_011E1AD0 | |
Source: | Code function: | 24_2_011E9AF0 | |
Source: | Code function: | 24_2_011EB580 | |
Source: | Code function: | 24_2_011E4C00 | |
Source: | Code function: | 24_2_011D1430 | |
Source: | Code function: | 25_2_011C9EC0 | |
Source: | Code function: | 25_2_011C7100 | |
Source: | Code function: | 25_2_011C51D0 | |
Source: | Code function: | 25_2_011DA1CF | |
Source: | Code function: | 25_2_011DA354 | |
Source: | Code function: | 25_2_011DA352 | |
Source: | Code function: | 25_2_011C2382 | |
Source: | Code function: | 25_2_011C1AD0 | |
Source: | Code function: | 25_2_011C9AF0 | |
Source: | Code function: | 25_2_011CB580 | |
Source: | Code function: | 25_2_011C4C00 | |
Source: | Code function: | 25_2_011B1430 |
Found potential string decryption / allocating functions | Show sources |
Source: | Code function: |
PE file contains strange resources | Show sources |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Reads the hosts file | Show sources |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Sample file is different than original file name gathered from version info | Show sources |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Sample reads its own file content | Show sources |
Source: | File read: | Jump to behavior |
Yara signature match | Show sources |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
PE file contains an invalid data directory | Show sources |
Source: | Static PE information: | ||
Source: | Static PE information: |
PE file has section (not .text) which is very likely to contain packed code (zlib compression ratio < 0.011) | Show sources |
Source: | Static PE information: | ||
Source: | Static PE information: |
Classification label | Show sources |
Source: | Classification label: |
Contains functionality to adjust token privileges (e.g. debug / backup) | Show sources |
Source: | Code function: | 0_2_00407340 |
Contains functionality to enum processes or threads | Show sources |
Source: | Code function: | 0_2_00404290 |
Contains functionality to instantiate COM classes | Show sources |
Source: | Code function: | 0_2_00410920 |
Contains functionality to load and extract PE file embedded resources | Show sources |
Source: | Code function: | 0_2_00408290 |
Contains functionality to modify services (start/stop/modify) | Show sources |
Source: | Code function: | 0_2_00401420 |
Contains functionality to register a service control handler (likely the sample is a service DLL) | Show sources |
Source: | Code function: | 0_2_00401420 | |
Source: | Code function: | 12_2_003F1420 |
Creates files inside the user directory | Show sources |
Source: | File created: | Jump to behavior |
Creates temporary files | Show sources |
Source: | File created: | Jump to behavior |
Found command line output | Show sources |
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior |
Launches a second explorer.exe instance | Show sources |
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
PE file has an executable .text section and no other executable section | Show sources |
Source: | Static PE information: |
Queries a list of all open handles | Show sources |
Source: | System information queried: | Jump to behavior |
Queries process information (via WMI, Win32_Process) | Show sources |
Source: | WMI Queries: |
Reads software policies | Show sources |
Source: | Key opened: | Jump to behavior |
Sample is known by Antivirus | Show sources |
Source: | Virustotal: |
Sample requires command line parameters (based on API chain) | Show sources |
Source: | Evasive API call chain: |
Spawns processes | Show sources |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Uses an in-process (OLE) Automation server | Show sources |
Source: | Key value queried: | Jump to behavior |
PE file contains a debug data directory | Show sources |
Source: | Static PE information: |
Data Obfuscation: |
---|
Detected unpacking (changes PE section rights) | Show sources |
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: |
Detected unpacking (overwrites its own PE header) | Show sources |
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: |
Contains functionality to dynamically determine API calls | Show sources |
Source: | Code function: | 0_2_00407A30 |
PE file contains an invalid checksum | Show sources |
Source: | Static PE information: | ||
Source: | Static PE information: |
Uses code obfuscation techniques (call, push, ret) | Show sources |
Source: | Code function: | 12_2_0040ACE7 | |
Source: | Code function: | 12_2_0040AB0A | |
Source: | Code function: | 12_2_0040AB0A | |
Source: | Code function: | 12_2_01532202 | |
Source: | Code function: | 12_2_0152B11C | |
Source: | Code function: | 12_2_0152B11C | |
Source: | Code function: | 12_2_0152B11C | |
Source: | Code function: | 12_2_015323DF | |
Source: | Code function: | 12_2_01535264 | |
Source: | Code function: | 12_2_01532202 | |
Source: | Code function: | 19_2_015F3D7F | |
Source: | Code function: | 19_2_015F3BA2 | |
Source: | Code function: | 19_2_015F3BA2 | |
Source: | Code function: | 21_2_013D3BA2 | |
Source: | Code function: | 21_2_013D3BA2 | |
Source: | Code function: | 21_2_013D3D7F | |
Source: | Code function: | 24_2_011F3BA2 | |
Source: | Code function: | 24_2_011F3BA2 | |
Source: | Code function: | 24_2_011F3D7F | |
Source: | Code function: | 25_2_011D3BA2 | |
Source: | Code function: | 25_2_011D3BA2 | |
Source: | Code function: | 25_2_011D3D7F |
Persistence and Installation Behavior: |
---|
Drops PE files | Show sources |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Boot Survival: |
---|
Uses schtasks.exe or at.exe to add and modify task schedules | Show sources |
Source: | Process created: |
Contains functionality to start windows services | Show sources |
Source: | Code function: | 0_2_00401420 |
Creates an autostart registry key | Show sources |
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior |
Hooking and other Techniques for Hiding and Protection: |
---|
Modifies the prolog of user mode functions (user mode inline hooks) | Show sources |
Source: | User mode code has changed: |
Overwrites code with unconditional jumps - possibly settings hooks in foreign process | Show sources |
Source: | Memory written: | Jump to behavior |
Disables application error messsages (SetErrorMode) | Show sources |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Contains functionality to compare user and computer (likely to detect sandboxes) | Show sources |
Source: | Code function: | 0_2_0040B120 | |
Source: | Code function: | 12_2_003FB120 |
Contains functionality to detect virtual machines (IN, VMware) | Show sources |
Source: | Code function: | 0_2_0040B450 |
Found evasive API chain (may stop execution after checking mutex) | Show sources |
Source: | Evasive API call chain: | ||
Source: | Evasive API call chain: |
Found stalling execution ending in API Sleep call | Show sources |
Source: | Stalling execution: |
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) | Show sources |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Tries to detect virtualization through RDTSC time measurements | Show sources |
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: |
Uses ping.exe to sleep | Show sources |
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems) | Show sources |
Source: | Code function: | 0_2_0040AE50 |
Contains functionality to read device registry values (via SetupAPI) | Show sources |
Source: | Code function: | 0_2_0040AC10 |
Found dropped PE file which has not been started or loaded | Show sources |
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Found evasive API chain (date check) | Show sources |
Source: | Evasive API call chain: | ||
Source: | Evasive API call chain: | ||
Source: | Evasive API call chain: | ||
Source: | Evasive API call chain: | ||
Source: | Evasive API call chain: | ||
Source: | Evasive API call chain: |
Found evasive API chain (may stop execution after checking a module file name) | Show sources |
Source: | Evasive API call chain: |
Found evasive API chain checking for process token information | Show sources |
Source: | Check user administrative privileges: | ||
Source: | Check user administrative privileges: | ||
Source: | Check user administrative privileges: | ||
Source: | Check user administrative privileges: | ||
Source: | Check user administrative privileges: | ||
Source: | Check user administrative privileges: |
May sleep (evasive loops) to hinder dynamic analysis | Show sources |
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines) | Show sources |
Source: | WMI Queries: |
Contains functionality to enumerate / list files inside a directory | Show sources |
Source: | Code function: | 12_2_0151B870 |
Contains functionality to query system information | Show sources |
Source: | Code function: | 0_2_00409F40 |
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) | Show sources |
Source: | Binary or memory string: |
Program exit points | Show sources |
Source: | API call chain: |
Queries a list of all running processes | Show sources |
Source: | Process information queried: | Jump to behavior |
Anti Debugging: |
---|
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems) | Show sources |
Source: | Code function: | 0_2_0040AE50 |
Contains functionality to dynamically determine API calls | Show sources |
Source: | Code function: | 0_2_00407A30 |
Contains functionality to read the PEB | Show sources |
Source: | Code function: | 19_2_015FCDB0 | |
Source: | Code function: | 19_2_004C0000 | |
Source: | Code function: | 21_2_013DCDB0 | |
Source: | Code function: | 21_2_013DCDB0 | |
Source: | Code function: | 21_2_001E0000 | |
Source: | Code function: | 24_2_011FD090 | |
Source: | Code function: | 24_2_011FD090 | |
Source: | Code function: | 24_2_01250000 | |
Source: | Code function: | 25_2_011DCDB0 | |
Source: | Code function: | 25_2_011DCDB0 | |
Source: | Code function: | 25_2_011F0000 |
Contains functionality which may be used to detect a debugger (GetProcessHeap) | Show sources |
Source: | Code function: | 12_2_0150F10A |
Contains functionality to register its own exception handler | Show sources |
Source: | Code function: | 0_2_005C2A35 | |
Source: | Code function: | 1_2_01322A35 | |
Source: | Code function: | 2_2_01292A35 | |
Source: | Code function: | 5_2_006D2A35 | |
Source: | Code function: | 6_2_01292A35 | |
Source: | Code function: | 7_2_01292A35 | |
Source: | Code function: | 14_2_01252A35 | |
Source: | Code function: | 17_2_012A2A35 | |
Source: | Code function: | 18_2_01252A35 |
HIPS / PFW / Operating System Protection Evasion: |
---|
System process connects to network (likely due to code injection or exploit) | Show sources |
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior |
Allocates memory in foreign processes | Show sources |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Changes memory attributes in foreign processes to executable or writable | Show sources |
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior |
Creates a thread in another existing process (thread injection) | Show sources |
Source: | Thread created: | Jump to behavior | ||
Source: | Thread created: | Jump to behavior | ||
Source: | Thread created: | Jump to behavior | ||
Source: | Thread created: | Jump to behavior | ||
Source: | Thread created: | Jump to behavior | ||
Source: | Thread created: | Jump to behavior |
Injects code into the Windows Explorer (explorer.exe) | Show sources |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Maps a DLL or memory area into another process | Show sources |
Source: | Section loaded: | Jump to behavior |
Writes to foreign memory regions | Show sources |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Contains functionality to launch a program with higher privileges | Show sources |
Source: | Code function: | 0_2_004031F0 |
Creates a process in suspended mode (likely to inject code) | Show sources |
Source: | Process created: | Jump to behavior |
Contains functionality to add an ACL to a security descriptor | Show sources |
Source: | Code function: | 0_2_004077F0 |
Contains functionality to create a new security descriptor | Show sources |
Source: | Code function: | 0_2_00407550 |
May try to detect the Windows Explorer process (often used for injection) | Show sources |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Language, Device and Operating System Detection: |
---|
Contains functionality to query CPU information (cpuid) | Show sources |
Source: | Code function: | 0_2_0040A800 |
Queries device information via Setup API | Show sources |
Source: | Code function: | 0_2_0040AC10 |
Queries the volume information (name, serial number etc) of a device | Show sources |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Contains functionality to create pipes for IPC | Show sources |
Source: | Code function: | 12_2_01505564 |
Contains functionality to query local / system time | Show sources |
Source: | Code function: | 0_2_0040F770 |
Contains functionality to query the account / user name | Show sources |
Source: | Code function: | 0_2_00410BA0 |
Contains functionality to query windows version | Show sources |
Source: | Code function: | 0_2_0040A090 |
Queries the cryptographic machine GUID | Show sources |
Source: | Key value queried: | Jump to behavior |
Lowering of HIPS / PFW / Operating System Security Settings: |
---|
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI) | Show sources |
Source: | WMI Queries: |
Stealing of Sensitive Information: |
---|
Yara detected Qbot | Show sources |
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected Qbot | Show sources |
Source: | File source: |
Signature Similarity |
---|
Samplename | Analysis ID | SHA256 | Similarity |
---|
Behavior Graph |
---|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
19:27:48 | API Interceptor | |
19:27:58 | API Interceptor | |
19:27:59 | Task Scheduler | |
19:27:59 | API Interceptor | |
19:41:05 | API Interceptor | |
19:41:08 | Autostart | |
19:41:39 | API Interceptor | |
19:41:44 | API Interceptor | |
19:42:22 | API Interceptor | |
19:42:34 | API Interceptor |
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
76% | Virustotal | Browse | ||
100% | Intezer | Qakbot | Browse | |
100% | Avira | TR/Crypt.ZPACK.hfoah | ||
100% | Joe Sandbox ML |
Dropped Files |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | TR/Crypt.ZPACK.hfoah | ||
100% | Joe Sandbox ML | |||
100% | Intezer | Qakbot | Browse | |
0% | Metadefender | Browse |
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | HEUR/AGEN.1007600 | Download File | ||
100% | Avira | TR/Crypt.ZPACK.hfoah | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen3 | Download File | ||
100% | Avira | TR/Crypt.ZPACK.hfoah | Download File | ||
100% | Avira | HEUR/AGEN.1042725 | Download File | ||
100% | Avira | TR/Crypt.ZPACK.hfoah | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen3 | Download File | ||
100% | Avira | TR/Crypt.ZPACK.hfoah | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen3 | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | HEUR/AGEN.1007600 | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.ZPACK.hfoah | Download File | ||
100% | Avira | TR/Crypt.ZPACK.hfoah | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen3 | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen3 | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen3 | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen3 | Download File | ||
100% | Avira | TR/Crypt.ZPACK.hfoah | Download File | ||
100% | Avira | HEUR/AGEN.1007600 | Download File | ||
100% | Avira | TR/Crypt.ZPACK.hfoah | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen3 | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen3 | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | HEUR/AGEN.1007600 | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen3 | Download File | ||
100% | Avira | TR/Crypt.ZPACK.hfoah | Download File | ||
100% | Avira | HEUR/AGEN.1007600 | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File |
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | URL Reputation | safe | ||
0% | Virustotal | Browse | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe |
Yara Overview |
---|
Initial Sample |
---|
No yara matches |
---|
PCAP (Network Traffic) |
---|
No yara matches |
---|
Dropped Files |
---|
No yara matches |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Datper | detect Datper in memory | JPCERT/CC Incident Response Group |
| |
Datper | detect Datper in memory | JPCERT/CC Incident Response Group |
| |
QakBot | QakBot Payload | kevoreilly |
| |
Datper | detect Datper in memory | JPCERT/CC Incident Response Group |
| |
Datper | detect Datper in memory | JPCERT/CC Incident Response Group |
| |
Datper | detect Datper in memory | JPCERT/CC Incident Response Group |
| |
QakBot | QakBot Payload | kevoreilly |
| |
Datper | detect Datper in memory | JPCERT/CC Incident Response Group |
| |
JoeSecurity_Qbot | Yara detected Qbot | Joe Security |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
QakBot | QakBot Payload | kevoreilly |
| |
QakBot | QakBot Payload | kevoreilly |
| |
QakBot | QakBot Payload | kevoreilly |
| |
Datper | detect Datper in memory | JPCERT/CC Incident Response Group |
| |
QakBot | QakBot Payload | kevoreilly |
| |
QakBot | QakBot Payload | kevoreilly |
| |
QakBot | QakBot Payload | kevoreilly |
| |
QakBot | QakBot Payload | kevoreilly |
| |
QakBot | QakBot Payload | kevoreilly |
| |
Datper | detect Datper in memory | JPCERT/CC Incident Response Group |
| |
QakBot | QakBot Payload | kevoreilly |
| |
QakBot | QakBot Payload | kevoreilly |
| |
QakBot | QakBot Payload | kevoreilly |
| |
QakBot | QakBot Payload | kevoreilly |
| |
QakBot | QakBot Payload | kevoreilly |
|
Sigma Overview |
---|
No Sigma rule has matched |
---|
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
23.49.13.33 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
162.244.225.30 | Get hash | malicious | Browse | ||
209.126.124.166 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
www.ip-adress.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
CARSON-RTCA-CarsonCommunicationsLLCUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
unknown | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
unknown | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
7dcce5b76c8b17472d024758970a406b | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
eb88d0b3e1961a0562f006e5ce2a0b87 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Dropped Files |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
C:\Users\user\Desktop\zhAQkCQvME.exe | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Startup |
---|
|
Created / dropped Files |
---|
Process: | C:\Windows\explorer.exe |
File Type: | |
Size (bytes): | 28550 |
Entropy (8bit): | 5.617695193208009 |
Encrypted: | false |
MD5: | 096632DFB3832AB9296351FFF6D3DF8D |
SHA1: | 22981727C6E1452281E14DD74618FA895984EE9E |
SHA-256: | 0558F37D987D887F55172E3BAC6F2B7131F7AFC473C096A2A971F79B396094CC |
SHA-512: | ECA9AAB8AE3808381B10C11AD74642F938645D328A94CE2BB589A78BEFD59038F01E85B1FD08D5A62619A1F037549D0896675AFEA8F1593E5541272E9BE2EDE4 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\explorer.exe |
File Type: | |
Size (bytes): | 1008 |
Entropy (8bit): | 5.979490138693068 |
Encrypted: | false |
MD5: | 0B247F3DE093BFE93909368192FD3F2F |
SHA1: | B259C32FD8073B7C5655D1133429A3805542614B |
SHA-256: | E16FF59A24C527A7DB7C8B40318F587D84C2897635DD94F055D068252326788C |
SHA-512: | FA5C8C05768320E4921198566E71EDA3748221775B65CA20B7B2D2F3843F149BF59159DA08783F4ED521FD8F7F3E5F998FF7FDF174ACA576C5471E273916E74A |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\explorer.exe |
File Type: | |
Size (bytes): | 1569 |
Entropy (8bit): | 7.250934087925775 |
Encrypted: | false |
MD5: | 3D5F9EA4EAF4D7172EA28E601BA4DC90 |
SHA1: | 022F7416F2B62B1CB7D42533EBE473864788D1BA |
SHA-256: | C4D326D3353FC2CF1226792E2C3CBD508E089B93C627861DB9C7868CC13DC70D |
SHA-512: | 9346D9B3543CBC2F63739AE664C1E4FDDDF2975B3B89DC2D13E6283079B4827831CDE288F943703ABE61F7486979E7A0101C2A1B8EFECCE4D5D530E7C033FB4E |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\zhAQkCQvME.exe |
File Type: | |
Size (bytes): | 676352 |
Entropy (8bit): | 7.853188857056287 |
Encrypted: | false |
MD5: | E7DE0CC04F0A433FCE5336B7C7504D2C |
SHA1: | FF44818AF235DA435F601532ACD29043B6A37AB0 |
SHA-256: | E736CF964B998E582FD2C191A0C9865814B632A315435F80798DD2A239A5E5F5 |
SHA-512: | 43B273A7570D6F0A9DC328913E330A16EC64D1768736D93FEE21824050A2F3FEAC5F64E99601543CF31D03E13784D0ACB5DDEC0BD063A3C870A4CB130CB54442 |
Malicious: | true |
Antivirus: |
|
Preview: |
|
Process: | C:\Users\user\Desktop\zhAQkCQvME.exe |
File Type: | |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | true |
Preview: |
|
Process: | C:\Windows\System32\cmd.exe |
File Type: | |
Size (bytes): | 776192 |
Entropy (8bit): | 7.15627507937909 |
Encrypted: | false |
MD5: | 60B7C0FEAD45F2066E5B805A91F4F0FC |
SHA1: | 9018A7D6CDBE859A430E8794E73381F77C840BE0 |
SHA-256: | 80C10EE5F21F92F89CBC293A59D2FD4C01C7958AACAD15642558DB700943FA22 |
SHA-512: | 68B9F9C00FC64DF946684CE81A72A2624F0FC07E07C0C8B3DB2FAE8C9C0415BD1B4A03AD7FFA96985AF0CC5E0410F6C5E29A30200EFFF21AB4B01369A3C59B58 |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: |
|
Preview: |
|
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
www.ip-adress.com | 209.126.124.166 | true | false | high | |
164.136.132.91.in-addr.arpa | unknown | unknown | true | low |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| low | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| low | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown |
Contacted IPs |
---|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.853188857056287 |
TrID: |
|
File name: | zhAQkCQvME.exe |
File size: | 676352 |
MD5: | e7de0cc04f0a433fce5336b7c7504d2c |
SHA1: | ff44818af235da435f601532acd29043b6a37ab0 |
SHA256: | e736cf964b998e582fd2c191a0c9865814b632a315435f80798dd2a239a5e5f5 |
SHA512: | 43b273a7570d6f0a9dc328913e330a16ec64d1768736d93fee21824050a2f3feac5f64e99601543cf31d03e13784d0acb5ddec0bd063a3c870a4cb130cb54442 |
SSDEEP: | 12288:/18kn+Q2MbyreC+7ZWCXBnqZADLQlz1GoUGUjZA2zopz9wiGLa9/8JQSaSZ:/oMbyrQ51qZZEoQjZAMt2187 |
File Content Preview: | MZ......................@...................................,...........!..L.!This program cannot be run in DOS mode....$............k}..k}..k}......k}......k}..6...k}......k}......k}......k}......k}......k}.15~..k}......k}..9...k}......k}......k}.....#k} |
File Icon |
---|
Icon Hash: | 8c8c80928292a60e |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x40234e |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED |
DLL Characteristics: | GUARD_CF, TERMINAL_SERVER_AWARE, NX_COMPAT |
Time Stamp: | 0x5DA4F8D4 [Mon Oct 14 22:38:12 2019 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 0 |
File Version Major: | 5 |
File Version Minor: | 0 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 0 |
Import Hash: | 5e1df473304da895e634216143b56c18 |
Entrypoint Preview |
---|
Instruction |
---|
call 00007F7278B5AC7Dh |
jmp 00007F7278B5A6D3h |
mov edi, edi |
push ebp |
mov ebp, esp |
mov eax, dword ptr [ebp+08h] |
mov eax, dword ptr [eax] |
cmp dword ptr [eax], E06D7363h |
jne 00007F7278B5A98Dh |
cmp dword ptr [eax+10h], 03h |
jne 00007F7278B5A987h |
mov eax, dword ptr [eax+14h] |
cmp eax, 19930520h |
je 00007F7278B5A977h |
cmp eax, 19930521h |
je 00007F7278B5A970h |
cmp eax, 19930522h |
je 00007F7278B5A969h |
cmp eax, 01994000h |
jne 00007F7278B5A968h |
call dword ptr [00406078h] |
xor eax, eax |
pop ebp |
retn 0004h |
push 00402358h |
call dword ptr [00406034h] |
xor eax, eax |
ret |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
mov edi, edi |
push ebp |
mov ebp, esp |
mov ecx, dword ptr [ebp+08h] |
mov eax, 00005A4Dh |
cmp word ptr [ecx], ax |
je 00007F7278B5A966h |
xor eax, eax |
pop ebp |
ret |
mov eax, dword ptr [ecx+3Ch] |
add eax, ecx |
cmp dword ptr [eax], 00004550h |
jne 00007F7278B5A951h |
xor edx, edx |
mov ecx, 0000010Bh |
cmp word ptr [eax+18h], cx |
sete dl |
mov eax, edx |
pop ebp |
ret |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
mov edi, edi |
push ebp |
mov ebp, esp |
mov eax, dword ptr [ebp+08h] |
mov ecx, dword ptr [eax+3Ch] |
add ecx, eax |
movzx eax, word ptr [ecx+14h] |
push ebx |
push esi |
movzx esi, word ptr [ecx+06h] |
xor edx, edx |
push edi |
lea eax, dword ptr [eax+ecx+18h] |
test esi, esi |
jbe 00007F7278B5A97Dh |
mov edi, dword ptr [ebp+0Ch] |
Rich Headers |
---|
Programming Language: |
|
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x4 | 0x3 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x62a4 | 0x8c | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x9e000 | 0xcdb0 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x4 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0xa0 | 0x1c | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x6000 | 0xb0 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x490c | 0x4a00 | False | 0.627375422297 | data | 6.20789976151 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x6000 | 0xaa5 | 0x800 | False | 0.49072265625 | data | 4.63372863295 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_LNK_COMDAT, IMAGE_SCN_MEM_READ |
.data | 0x7000 | 0x5928 | 0x2c00 | False | 0.608487215909 | data | 6.93693441659 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
CODE | 0xd000 | 0x90059 | 0x90200 | False | 0.999666291739 | data | 7.99951263317 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x9e000 | 0xcffa | 0xce00 | False | 0.262439320388 | data | 3.80618140741 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x9ed90 | 0x2e8 | data | English | United States |
RT_ICON | 0x9f078 | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 1317570696, next used block 204 | English | United States |
RT_MENU | 0x9f360 | 0x1c5c | data | English | United States |
RT_MENU | 0xa0fc0 | 0x154 | data | English | United States |
RT_DIALOG | 0xa1118 | 0x260 | data | English | United States |
RT_DIALOG | 0xa1378 | 0x1dc | data | English | United States |
RT_DIALOG | 0xa1558 | 0x1b8 | data | English | United States |
RT_DIALOG | 0xa1710 | 0x244 | data | English | United States |
RT_DIALOG | 0xa1958 | 0x154 | data | English | United States |
RT_DIALOG | 0xa1ab0 | 0x164 | data | English | United States |
RT_DIALOG | 0xa1c18 | 0x1fc | data | English | United States |
RT_DIALOG | 0xa1e18 | 0x1c8 | data | English | United States |
RT_DIALOG | 0xa1fe0 | 0x144 | data | English | United States |
RT_DIALOG | 0xa2128 | 0x160 | data | English | United States |
RT_DIALOG | 0xa2288 | 0x1e4 | data | English | United States |
RT_DIALOG | 0xa2470 | 0x180 | data | English | United States |
RT_DIALOG | 0xa25f0 | 0x198 | data | English | United States |
RT_DIALOG | 0xa2788 | 0x1b4 | data | English | United States |
RT_DIALOG | 0xa2940 | 0x1d0 | data | English | United States |
RT_DIALOG | 0xa2b10 | 0xfc | data | English | United States |
RT_DIALOG | 0xa2c10 | 0x134 | data | English | United States |
RT_DIALOG | 0xa2d48 | 0x428 | data | English | United States |
RT_DIALOG | 0xa3170 | 0x4be | data | English | United States |
RT_DIALOG | 0xa3630 | 0x1cc | data | English | United States |
RT_DIALOG | 0xa3800 | 0x5ee | data | English | United States |
RT_DIALOG | 0xa3df0 | 0x56c | data | English | United States |
RT_DIALOG | 0xa4360 | 0x1a4 | data | English | United States |
RT_DIALOG | 0xa4508 | 0x220 | data | English | United States |
RT_DIALOG | 0xa4728 | 0x680 | data | English | United States |
RT_DIALOG | 0xa4da8 | 0x11c | data | English | United States |
RT_DIALOG | 0xa4ec8 | 0x148 | data | English | United States |
RT_DIALOG | 0xa5010 | 0x148 | data | English | United States |
RT_STRING | 0xa5158 | 0x2da | data | English | United States |
RT_STRING | 0xa5438 | 0x176 | data | English | United States |
RT_STRING | 0xa55b0 | 0x42 | data | English | United States |
RT_STRING | 0xa55f8 | 0xfc | data | English | United States |
RT_STRING | 0xa56f8 | 0x5c | data | English | United States |
RT_STRING | 0xa5758 | 0x76 | data | English | United States |
RT_STRING | 0xa57d0 | 0xad2 | data | English | United States |
RT_STRING | 0xa62a8 | 0x6c0 | data | English | United States |
RT_STRING | 0xa6968 | 0x542 | data | English | United States |
RT_STRING | 0xa6eb0 | 0x84a | data | English | United States |
RT_STRING | 0xa7700 | 0x200 | data | English | United States |
RT_STRING | 0xa7900 | 0x45a | data | English | United States |
RT_STRING | 0xa7d60 | 0x400 | data | English | United States |
RT_STRING | 0xa8160 | 0x42a | data | English | United States |
RT_STRING | 0xa8590 | 0x4b0 | data | English | United States |
RT_STRING | 0xa8a40 | 0x6c | data | English | United States |
RT_STRING | 0xa8ab0 | 0x60 | AmigaOS bitmap font | English | United States |
RT_STRING | 0xa8b10 | 0xfc | data | English | United States |
RT_STRING | 0xa8c10 | 0x198 | data | English | United States |
RT_STRING | 0xa8da8 | 0xb2 | data | English | United States |
RT_STRING | 0xa8e60 | 0x342 | data | English | United States |
RT_STRING | 0xa91a8 | 0x22e | data | English | United States |
RT_STRING | 0xa93d8 | 0x1c0 | data | English | United States |
RT_STRING | 0xa9598 | 0x198 | data | English | United States |
RT_STRING | 0xa9730 | 0x1c0 | data | English | United States |
RT_STRING | 0xa98f0 | 0x1be | AmigaOS bitmap font | English | United States |
RT_STRING | 0xa9ab0 | 0x1be | data | English | United States |
RT_STRING | 0xa9c70 | 0x268 | data | English | United States |
RT_STRING | 0xa9ed8 | 0x1cc | data | English | United States |
RT_STRING | 0xaa0a8 | 0x100 | data | English | United States |
RT_ACCELERATOR | 0xaa1a8 | 0x4c0 | data | English | United States |
RT_ACCELERATOR | 0xaa668 | 0x20 | data | English | United States |
RT_GROUP_ICON | 0xaa688 | 0x14 | data | English | United States |
RT_GROUP_ICON | 0xaa6a0 | 0x14 | data | English | United States |
RT_VERSION | 0xaa6b8 | 0x378 | data | English | United States |
RT_MANIFEST | 0xaaa30 | 0x37b | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States |
Imports |
---|
DLL | Import |
---|---|
MSACM32.dll | acmDriverID |
msvcrt.dll | __p__fmode, _onexit, _lock, __dllonexit, _unlock, _controlfp, _except_handler4_common, ?terminate@@YAXXZ, __set_app_type, __getmainargs, __p__commode, __setusermatherr, _amsg_exit, _initterm, exit, _XcptFilter, _exit, _cexit |
ole32.dll | CreateStreamOnHGlobal |
KERNEL32.dll | GetModuleHandleA, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, SetUnhandledExceptionFilter, InterlockedCompareExchange, Sleep, InterlockedExchange, DeleteCriticalSection, GetLastError, IsValidLanguageGroup |
ADVAPI32.dll | OpenThreadToken |
GDI32.dll | FlattenPath |
Version Infos |
---|
Description | Data |
---|---|
LegalCopyright | Copyright 2004 |
InternalName | Java(TM) Control Panel |
FileVersion | 5.0.60.5 |
Full Version | 7.8.7.7 |
CompanyName | Sun Microsystems, Inc. |
ProductName | Java(TM) 2 Platform Standard Edition 5.0 Urdate 6 |
ProductVersion | 7.8.7.7 |
FileDescription | Java(TM) Control Panel |
OriginalFilename | rjrwer.exe |
Translation | 0x0409 0x04b0 |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 13, 2019 19:28:42.624562025 CET | 49158 | 443 | 192.168.1.107 | 162.244.225.30 |
Nov 13, 2019 19:28:42.626492023 CET | 49159 | 80 | 192.168.1.107 | 209.126.124.166 |
Nov 13, 2019 19:28:42.770479918 CET | 80 | 49159 | 209.126.124.166 | 192.168.1.107 |
Nov 13, 2019 19:28:42.770936012 CET | 49159 | 80 | 192.168.1.107 | 209.126.124.166 |
Nov 13, 2019 19:28:42.794912100 CET | 443 | 49158 | 162.244.225.30 | 192.168.1.107 |
Nov 13, 2019 19:28:42.796547890 CET | 49158 | 443 | 192.168.1.107 | 162.244.225.30 |
Nov 13, 2019 19:28:42.806310892 CET | 49159 | 80 | 192.168.1.107 | 209.126.124.166 |
Nov 13, 2019 19:28:42.875567913 CET | 49158 | 443 | 192.168.1.107 | 162.244.225.30 |
Nov 13, 2019 19:28:42.951075077 CET | 80 | 49159 | 209.126.124.166 | 192.168.1.107 |
Nov 13, 2019 19:28:42.951359987 CET | 80 | 49159 | 209.126.124.166 | 192.168.1.107 |
Nov 13, 2019 19:28:42.951508999 CET | 49159 | 80 | 192.168.1.107 | 209.126.124.166 |
Nov 13, 2019 19:28:42.961119890 CET | 49160 | 443 | 192.168.1.107 | 209.126.124.166 |
Nov 13, 2019 19:28:43.046484947 CET | 443 | 49158 | 162.244.225.30 | 192.168.1.107 |
Nov 13, 2019 19:28:43.046669960 CET | 49158 | 443 | 192.168.1.107 | 162.244.225.30 |
Nov 13, 2019 19:28:43.097728014 CET | 49158 | 443 | 192.168.1.107 | 162.244.225.30 |
Nov 13, 2019 19:28:43.105570078 CET | 443 | 49160 | 209.126.124.166 | 192.168.1.107 |
Nov 13, 2019 19:28:43.105843067 CET | 49160 | 443 | 192.168.1.107 | 209.126.124.166 |
Nov 13, 2019 19:28:43.108867884 CET | 49160 | 443 | 192.168.1.107 | 209.126.124.166 |
Nov 13, 2019 19:28:43.254031897 CET | 443 | 49160 | 209.126.124.166 | 192.168.1.107 |
Nov 13, 2019 19:28:43.254745960 CET | 443 | 49160 | 209.126.124.166 | 192.168.1.107 |
Nov 13, 2019 19:28:43.254879951 CET | 443 | 49160 | 209.126.124.166 | 192.168.1.107 |
Nov 13, 2019 19:28:43.254910946 CET | 443 | 49160 | 209.126.124.166 | 192.168.1.107 |
Nov 13, 2019 19:28:43.254951954 CET | 49160 | 443 | 192.168.1.107 | 209.126.124.166 |
Nov 13, 2019 19:28:43.255145073 CET | 49160 | 443 | 192.168.1.107 | 209.126.124.166 |
Nov 13, 2019 19:28:43.255285025 CET | 443 | 49160 | 209.126.124.166 | 192.168.1.107 |
Nov 13, 2019 19:28:43.255436897 CET | 49160 | 443 | 192.168.1.107 | 209.126.124.166 |
Nov 13, 2019 19:28:43.264657974 CET | 443 | 49160 | 209.126.124.166 | 192.168.1.107 |
Nov 13, 2019 19:28:43.264863968 CET | 49160 | 443 | 192.168.1.107 | 209.126.124.166 |
Nov 13, 2019 19:28:43.265147924 CET | 443 | 49160 | 209.126.124.166 | 192.168.1.107 |
Nov 13, 2019 19:28:43.265316010 CET | 49160 | 443 | 192.168.1.107 | 209.126.124.166 |
Nov 13, 2019 19:28:43.281600952 CET | 443 | 49158 | 162.244.225.30 | 192.168.1.107 |
Nov 13, 2019 19:28:43.281770945 CET | 49158 | 443 | 192.168.1.107 | 162.244.225.30 |
Nov 13, 2019 19:28:43.307698011 CET | 49160 | 443 | 192.168.1.107 | 209.126.124.166 |
Nov 13, 2019 19:28:43.452955008 CET | 443 | 49160 | 209.126.124.166 | 192.168.1.107 |
Nov 13, 2019 19:28:43.453205109 CET | 49160 | 443 | 192.168.1.107 | 209.126.124.166 |
Nov 13, 2019 19:28:45.954377890 CET | 80 | 49159 | 209.126.124.166 | 192.168.1.107 |
Nov 13, 2019 19:28:45.954531908 CET | 49159 | 80 | 192.168.1.107 | 209.126.124.166 |
Nov 13, 2019 19:28:46.256136894 CET | 49160 | 443 | 192.168.1.107 | 209.126.124.166 |
Nov 13, 2019 19:28:46.415179968 CET | 443 | 49160 | 209.126.124.166 | 192.168.1.107 |
Nov 13, 2019 19:28:46.415218115 CET | 443 | 49160 | 209.126.124.166 | 192.168.1.107 |
Nov 13, 2019 19:28:46.415240049 CET | 443 | 49160 | 209.126.124.166 | 192.168.1.107 |
Nov 13, 2019 19:28:46.415268898 CET | 443 | 49160 | 209.126.124.166 | 192.168.1.107 |
Nov 13, 2019 19:28:46.415330887 CET | 443 | 49160 | 209.126.124.166 | 192.168.1.107 |
Nov 13, 2019 19:28:46.415422916 CET | 443 | 49160 | 209.126.124.166 | 192.168.1.107 |
Nov 13, 2019 19:28:46.415436983 CET | 49160 | 443 | 192.168.1.107 | 209.126.124.166 |
Nov 13, 2019 19:28:46.415452003 CET | 443 | 49160 | 209.126.124.166 | 192.168.1.107 |
Nov 13, 2019 19:28:46.415473938 CET | 443 | 49160 | 209.126.124.166 | 192.168.1.107 |
Nov 13, 2019 19:28:46.415553093 CET | 443 | 49160 | 209.126.124.166 | 192.168.1.107 |
Nov 13, 2019 19:28:46.415574074 CET | 443 | 49160 | 209.126.124.166 | 192.168.1.107 |
Nov 13, 2019 19:28:46.415664911 CET | 49160 | 443 | 192.168.1.107 | 209.126.124.166 |
Nov 13, 2019 19:28:46.448227882 CET | 49160 | 443 | 192.168.1.107 | 209.126.124.166 |
Nov 13, 2019 19:28:46.559580088 CET | 443 | 49160 | 209.126.124.166 | 192.168.1.107 |
Nov 13, 2019 19:28:46.559607029 CET | 443 | 49160 | 209.126.124.166 | 192.168.1.107 |
Nov 13, 2019 19:28:46.559648037 CET | 443 | 49160 | 209.126.124.166 | 192.168.1.107 |
Nov 13, 2019 19:28:46.559684038 CET | 443 | 49160 | 209.126.124.166 | 192.168.1.107 |
Nov 13, 2019 19:28:46.559736013 CET | 443 | 49160 | 209.126.124.166 | 192.168.1.107 |
Nov 13, 2019 19:28:46.559770107 CET | 443 | 49160 | 209.126.124.166 | 192.168.1.107 |
Nov 13, 2019 19:28:46.559773922 CET | 49160 | 443 | 192.168.1.107 | 209.126.124.166 |
Nov 13, 2019 19:28:46.559799910 CET | 443 | 49160 | 209.126.124.166 | 192.168.1.107 |
Nov 13, 2019 19:28:46.559850931 CET | 443 | 49160 | 209.126.124.166 | 192.168.1.107 |
Nov 13, 2019 19:28:46.559998035 CET | 49160 | 443 | 192.168.1.107 | 209.126.124.166 |
Nov 13, 2019 19:28:46.560097933 CET | 443 | 49160 | 209.126.124.166 | 192.168.1.107 |
Nov 13, 2019 19:28:46.560139894 CET | 443 | 49160 | 209.126.124.166 | 192.168.1.107 |
Nov 13, 2019 19:28:46.560234070 CET | 49160 | 443 | 192.168.1.107 | 209.126.124.166 |
Nov 13, 2019 19:28:46.560255051 CET | 443 | 49160 | 209.126.124.166 | 192.168.1.107 |
Nov 13, 2019 19:28:46.560276985 CET | 443 | 49160 | 209.126.124.166 | 192.168.1.107 |
Nov 13, 2019 19:28:46.560291052 CET | 443 | 49160 | 209.126.124.166 | 192.168.1.107 |
Nov 13, 2019 19:28:46.560318947 CET | 443 | 49160 | 209.126.124.166 | 192.168.1.107 |
Nov 13, 2019 19:28:46.560353994 CET | 443 | 49160 | 209.126.124.166 | 192.168.1.107 |
Nov 13, 2019 19:28:46.560417891 CET | 49160 | 443 | 192.168.1.107 | 209.126.124.166 |
Nov 13, 2019 19:28:46.634526968 CET | 49160 | 443 | 192.168.1.107 | 209.126.124.166 |
Nov 13, 2019 19:28:46.646748066 CET | 49160 | 443 | 192.168.1.107 | 209.126.124.166 |
Nov 13, 2019 19:28:47.018258095 CET | 49161 | 7000 | 192.168.1.107 | 23.49.13.33 |
Nov 13, 2019 19:28:49.563240051 CET | 443 | 49160 | 209.126.124.166 | 192.168.1.107 |
Nov 13, 2019 19:28:49.563359976 CET | 49160 | 443 | 192.168.1.107 | 209.126.124.166 |
Nov 13, 2019 19:28:50.026355982 CET | 49161 | 7000 | 192.168.1.107 | 23.49.13.33 |
Nov 13, 2019 19:28:56.026453018 CET | 49161 | 7000 | 192.168.1.107 | 23.49.13.33 |
Nov 13, 2019 19:28:58.841746092 CET | 49158 | 443 | 192.168.1.107 | 162.244.225.30 |
Nov 13, 2019 19:28:59.210062981 CET | 443 | 49158 | 162.244.225.30 | 192.168.1.107 |
Nov 13, 2019 19:28:59.308619022 CET | 443 | 49158 | 162.244.225.30 | 192.168.1.107 |
Nov 13, 2019 19:28:59.308957100 CET | 49158 | 443 | 192.168.1.107 | 162.244.225.30 |
Nov 13, 2019 19:28:59.318762064 CET | 49162 | 443 | 192.168.1.107 | 162.244.225.30 |
Nov 13, 2019 19:28:59.475634098 CET | 443 | 49162 | 162.244.225.30 | 192.168.1.107 |
Nov 13, 2019 19:28:59.475799084 CET | 49162 | 443 | 192.168.1.107 | 162.244.225.30 |
Nov 13, 2019 19:28:59.477355003 CET | 49162 | 443 | 192.168.1.107 | 162.244.225.30 |
Nov 13, 2019 19:28:59.633157969 CET | 443 | 49162 | 162.244.225.30 | 192.168.1.107 |
Nov 13, 2019 19:28:59.633220911 CET | 49162 | 443 | 192.168.1.107 | 162.244.225.30 |
Nov 13, 2019 19:28:59.633922100 CET | 49162 | 443 | 192.168.1.107 | 162.244.225.30 |
Nov 13, 2019 19:28:59.900111914 CET | 49162 | 443 | 192.168.1.107 | 162.244.225.30 |
Nov 13, 2019 19:28:59.900342941 CET | 49162 | 443 | 192.168.1.107 | 162.244.225.30 |
Nov 13, 2019 19:28:59.987313032 CET | 443 | 49162 | 162.244.225.30 | 192.168.1.107 |
Nov 13, 2019 19:29:00.056915998 CET | 443 | 49162 | 162.244.225.30 | 192.168.1.107 |
Nov 13, 2019 19:29:00.057086945 CET | 49162 | 443 | 192.168.1.107 | 162.244.225.30 |
Nov 13, 2019 19:29:00.213268042 CET | 443 | 49162 | 162.244.225.30 | 192.168.1.107 |
Nov 13, 2019 19:29:00.632309914 CET | 443 | 49162 | 162.244.225.30 | 192.168.1.107 |
Nov 13, 2019 19:29:00.632488966 CET | 49162 | 443 | 192.168.1.107 | 162.244.225.30 |
Nov 13, 2019 19:29:00.665554047 CET | 49158 | 443 | 192.168.1.107 | 162.244.225.30 |
Nov 13, 2019 19:29:00.669272900 CET | 49163 | 443 | 192.168.1.107 | 162.244.225.30 |
Nov 13, 2019 19:29:00.827689886 CET | 443 | 49163 | 162.244.225.30 | 192.168.1.107 |
Nov 13, 2019 19:29:00.828440905 CET | 49163 | 443 | 192.168.1.107 | 162.244.225.30 |
Nov 13, 2019 19:29:00.830498934 CET | 49163 | 443 | 192.168.1.107 | 162.244.225.30 |
Nov 13, 2019 19:29:00.838584900 CET | 443 | 49158 | 162.244.225.30 | 192.168.1.107 |
Nov 13, 2019 19:29:00.838615894 CET | 443 | 49158 | 162.244.225.30 | 192.168.1.107 |
Nov 13, 2019 19:29:00.838638067 CET | 443 | 49158 | 162.244.225.30 | 192.168.1.107 |
Nov 13, 2019 19:29:00.840482950 CET | 49158 | 443 | 192.168.1.107 | 162.244.225.30 |
Nov 13, 2019 19:29:00.840548038 CET | 49158 | 443 | 192.168.1.107 | 162.244.225.30 |
Nov 13, 2019 19:29:01.004271984 CET | 443 | 49163 | 162.244.225.30 | 192.168.1.107 |
Nov 13, 2019 19:29:01.004460096 CET | 49163 | 443 | 192.168.1.107 | 162.244.225.30 |
Nov 13, 2019 19:29:01.005711079 CET | 49163 | 443 | 192.168.1.107 | 162.244.225.30 |
Nov 13, 2019 19:29:01.373788118 CET | 49163 | 443 | 192.168.1.107 | 162.244.225.30 |
Nov 13, 2019 19:29:01.378357887 CET | 443 | 49163 | 162.244.225.30 | 192.168.1.107 |
Nov 13, 2019 19:29:01.737212896 CET | 443 | 49163 | 162.244.225.30 | 192.168.1.107 |
Nov 13, 2019 19:29:01.833918095 CET | 443 | 49163 | 162.244.225.30 | 192.168.1.107 |
Nov 13, 2019 19:29:01.834053040 CET | 49163 | 443 | 192.168.1.107 | 162.244.225.30 |
Nov 13, 2019 19:29:30.751434088 CET | 443 | 49162 | 162.244.225.30 | 192.168.1.107 |
Nov 13, 2019 19:29:30.751468897 CET | 443 | 49162 | 162.244.225.30 | 192.168.1.107 |
Nov 13, 2019 19:29:30.751566887 CET | 49162 | 443 | 192.168.1.107 | 162.244.225.30 |
Nov 13, 2019 19:29:31.838704109 CET | 443 | 49163 | 162.244.225.30 | 192.168.1.107 |
Nov 13, 2019 19:29:31.838741064 CET | 443 | 49163 | 162.244.225.30 | 192.168.1.107 |
Nov 13, 2019 19:29:31.838890076 CET | 49163 | 443 | 192.168.1.107 | 162.244.225.30 |
Nov 13, 2019 19:29:35.582350016 CET | 49162 | 443 | 192.168.1.107 | 162.244.225.30 |
Nov 13, 2019 19:29:35.583807945 CET | 49162 | 443 | 192.168.1.107 | 162.244.225.30 |
Nov 13, 2019 19:29:35.754169941 CET | 443 | 49162 | 162.244.225.30 | 192.168.1.107 |
Nov 13, 2019 19:29:35.754298925 CET | 49162 | 443 | 192.168.1.107 | 162.244.225.30 |
Nov 13, 2019 19:29:35.869213104 CET | 49164 | 443 | 192.168.1.107 | 162.244.225.30 |
Nov 13, 2019 19:29:36.036416054 CET | 443 | 49164 | 162.244.225.30 | 192.168.1.107 |
Nov 13, 2019 19:29:36.036578894 CET | 49164 | 443 | 192.168.1.107 | 162.244.225.30 |
Nov 13, 2019 19:29:43.635901928 CET | 49164 | 443 | 192.168.1.107 | 162.244.225.30 |
Nov 13, 2019 19:29:43.792982101 CET | 443 | 49164 | 162.244.225.30 | 192.168.1.107 |
Nov 13, 2019 19:29:43.793158054 CET | 49164 | 443 | 192.168.1.107 | 162.244.225.30 |
Nov 13, 2019 19:29:50.418800116 CET | 49164 | 443 | 192.168.1.107 | 162.244.225.30 |
Nov 13, 2019 19:29:50.781721115 CET | 443 | 49164 | 162.244.225.30 | 192.168.1.107 |
Nov 13, 2019 19:30:15.245270014 CET | 49165 | 7000 | 192.168.1.107 | 23.49.13.33 |
Nov 13, 2019 19:30:18.245536089 CET | 49165 | 7000 | 192.168.1.107 | 23.49.13.33 |
Nov 13, 2019 19:30:20.374777079 CET | 443 | 49164 | 162.244.225.30 | 192.168.1.107 |
Nov 13, 2019 19:30:20.374811888 CET | 443 | 49164 | 162.244.225.30 | 192.168.1.107 |
Nov 13, 2019 19:30:20.375180006 CET | 49164 | 443 | 192.168.1.107 | 162.244.225.30 |
Nov 13, 2019 19:30:24.260863066 CET | 49165 | 7000 | 192.168.1.107 | 23.49.13.33 |
Nov 13, 2019 19:30:34.072216988 CET | 49164 | 443 | 192.168.1.107 | 162.244.225.30 |
Nov 13, 2019 19:30:34.072432041 CET | 49164 | 443 | 192.168.1.107 | 162.244.225.30 |
Nov 13, 2019 19:30:34.074356079 CET | 49160 | 443 | 192.168.1.107 | 209.126.124.166 |
Nov 13, 2019 19:30:34.074486971 CET | 49159 | 80 | 192.168.1.107 | 209.126.124.166 |
Nov 13, 2019 19:30:34.076313019 CET | 49166 | 443 | 192.168.1.107 | 162.244.225.30 |
Nov 13, 2019 19:30:34.229058027 CET | 443 | 49164 | 162.244.225.30 | 192.168.1.107 |
Nov 13, 2019 19:30:34.229368925 CET | 443 | 49164 | 162.244.225.30 | 192.168.1.107 |
Nov 13, 2019 19:30:34.231313944 CET | 443 | 49166 | 162.244.225.30 | 192.168.1.107 |
Nov 13, 2019 19:30:34.231434107 CET | 49166 | 443 | 192.168.1.107 | 162.244.225.30 |
Nov 13, 2019 19:30:34.495193958 CET | 49159 | 80 | 192.168.1.107 | 209.126.124.166 |
Nov 13, 2019 19:30:34.692689896 CET | 49160 | 443 | 192.168.1.107 | 209.126.124.166 |
Nov 13, 2019 19:30:35.245215893 CET | 49159 | 80 | 192.168.1.107 | 209.126.124.166 |
Nov 13, 2019 19:30:35.464284897 CET | 49160 | 443 | 192.168.1.107 | 209.126.124.166 |
Nov 13, 2019 19:30:36.304990053 CET | 49167 | 7000 | 192.168.1.107 | 23.49.13.33 |
Nov 13, 2019 19:30:36.792114973 CET | 49159 | 80 | 192.168.1.107 | 209.126.124.166 |
Nov 13, 2019 19:30:36.885718107 CET | 49160 | 443 | 192.168.1.107 | 209.126.124.166 |
Nov 13, 2019 19:30:39.354396105 CET | 49167 | 7000 | 192.168.1.107 | 23.49.13.33 |
Nov 13, 2019 19:30:39.729300976 CET | 49160 | 443 | 192.168.1.107 | 209.126.124.166 |
Nov 13, 2019 19:30:39.755330086 CET | 49159 | 80 | 192.168.1.107 | 209.126.124.166 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 13, 2019 19:28:42.550585985 CET | 57663 | 53 | 192.168.1.107 | 8.8.8.8 |
Nov 13, 2019 19:28:42.576579094 CET | 53 | 57663 | 8.8.8.8 | 192.168.1.107 |
Nov 13, 2019 19:28:46.532025099 CET | 54024 | 53 | 192.168.1.107 | 8.8.8.8 |
Nov 13, 2019 19:28:46.567949057 CET | 53 | 54024 | 8.8.8.8 | 192.168.1.107 |
Nov 13, 2019 19:28:46.681453943 CET | 59734 | 53 | 192.168.1.107 | 8.8.8.8 |
Nov 13, 2019 19:28:46.708089113 CET | 53 | 59734 | 8.8.8.8 | 192.168.1.107 |
Nov 13, 2019 19:28:47.526586056 CET | 54024 | 53 | 192.168.1.107 | 8.8.8.8 |
Nov 13, 2019 19:28:47.562509060 CET | 53 | 54024 | 8.8.8.8 | 192.168.1.107 |
Nov 13, 2019 19:28:48.526597977 CET | 54024 | 53 | 192.168.1.107 | 8.8.8.8 |
Nov 13, 2019 19:28:48.562614918 CET | 53 | 54024 | 8.8.8.8 | 192.168.1.107 |
Nov 13, 2019 19:28:50.526807070 CET | 54024 | 53 | 192.168.1.107 | 8.8.8.8 |
Nov 13, 2019 19:28:50.563119888 CET | 53 | 54024 | 8.8.8.8 | 192.168.1.107 |
Nov 13, 2019 19:28:54.526880026 CET | 54024 | 53 | 192.168.1.107 | 8.8.8.8 |
Nov 13, 2019 19:28:54.563188076 CET | 53 | 54024 | 8.8.8.8 | 192.168.1.107 |
Nov 13, 2019 19:30:15.654793024 CET | 59306 | 53 | 192.168.1.107 | 8.8.8.8 |
Nov 13, 2019 19:30:15.690959930 CET | 53 | 59306 | 8.8.8.8 | 192.168.1.107 |
Nov 13, 2019 19:30:16.652389050 CET | 59306 | 53 | 192.168.1.107 | 8.8.8.8 |
Nov 13, 2019 19:30:16.688600063 CET | 53 | 59306 | 8.8.8.8 | 192.168.1.107 |
Nov 13, 2019 19:30:17.652887106 CET | 59306 | 53 | 192.168.1.107 | 8.8.8.8 |
Nov 13, 2019 19:30:17.688945055 CET | 53 | 59306 | 8.8.8.8 | 192.168.1.107 |
Nov 13, 2019 19:30:34.038424969 CET | 59306 | 53 | 192.168.1.107 | 8.8.8.8 |
Nov 13, 2019 19:30:34.074563980 CET | 53 | 59306 | 8.8.8.8 | 192.168.1.107 |
Nov 13, 2019 19:30:38.026937962 CET | 59306 | 53 | 192.168.1.107 | 8.8.8.8 |
Nov 13, 2019 19:30:38.063720942 CET | 53 | 59306 | 8.8.8.8 | 192.168.1.107 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Nov 13, 2019 19:28:42.550585985 CET | 192.168.1.107 | 8.8.8.8 | 0xe53 | Standard query (0) | A (IP address) | IN (0x0001) | |
Nov 13, 2019 19:28:46.681453943 CET | 192.168.1.107 | 8.8.8.8 | 0x8df9 | Standard query (0) | PTR (Pointer record) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Nov 13, 2019 19:28:42.576579094 CET | 8.8.8.8 | 192.168.1.107 | 0xe53 | No error (0) | 209.126.124.166 | A (IP address) | IN (0x0001) | ||
Nov 13, 2019 19:28:42.576579094 CET | 8.8.8.8 | 192.168.1.107 | 0xe53 | No error (0) | 85.93.88.251 | A (IP address) | IN (0x0001) | ||
Nov 13, 2019 19:28:42.576579094 CET | 8.8.8.8 | 192.168.1.107 | 0xe53 | No error (0) | 85.93.89.6 | A (IP address) | IN (0x0001) | ||
Nov 13, 2019 19:28:42.576579094 CET | 8.8.8.8 | 192.168.1.107 | 0xe53 | No error (0) | 207.38.89.115 | A (IP address) | IN (0x0001) | ||
Nov 13, 2019 19:28:46.708089113 CET | 8.8.8.8 | 192.168.1.107 | 0x8df9 | Name error (3) | none | none | PTR (Pointer record) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.1.107 | 49159 | 209.126.124.166 | 80 | C:\Windows\explorer.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 13, 2019 19:28:42.806310892 CET | 0 | OUT | |
Nov 13, 2019 19:28:42.951359987 CET | 1 | IN |
HTTPS Packets |
---|
Timestamp | Source IP | Source Port | Dest IP | Dest Port | Subject | Issuer | Not Before | Not After | JA3 SSL Client Fingerprint | JA3 SSL Client Digest |
---|---|---|---|---|---|---|---|---|---|---|
Nov 13, 2019 19:28:43.046484947 CET | 162.244.225.30 | 443 | 192.168.1.107 | 49158 | CN=hcutk.org, OU=Gaqitkxu Meafniku, C=CA | CN=hcutk.org, O=Umkeu Zraskepud Inc., L=Pchijdiht, ST=NV, C=CA | Sat Oct 05 14:43:07 CEST 2019 | Wed Oct 04 15:31:05 CEST 2023 | 771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0 | eb88d0b3e1961a0562f006e5ce2a0b87 |
Nov 13, 2019 19:28:43.264657974 CET | 209.126.124.166 | 443 | 192.168.1.107 | 49160 | CN=*.ip-adress.com, OU=PositiveSSL Wildcard, OU=Domain Control Validated CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB | CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE | Wed May 16 02:00:00 CEST 2018 Wed Feb 12 01:00:00 CET 2014 Tue May 30 12:48:38 CEST 2000 | Thu May 21 01:59:59 CEST 2020 Mon Feb 12 00:59:59 CET 2029 Sat May 30 12:48:38 CEST 2020 | 771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,0-10-11-13-23-65281,23-24,0 | 7dcce5b76c8b17472d024758970a406b |
CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB | CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB | Wed Feb 12 01:00:00 CET 2014 | Mon Feb 12 00:59:59 CET 2029 | |||||||
CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB | CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE | Tue May 30 12:48:38 CEST 2000 | Sat May 30 12:48:38 CEST 2020 |
Code Manipulations |
---|
User Modules |
---|
Hook Summary |
---|
Function Name | Hook Type | Active in Processes |
---|---|---|
TranslateMessage | INLINE | explorer.exe |
GetClipboardData | INLINE | explorer.exe |
HttpSendRequestExW | INLINE | explorer.exe |
HttpOpenRequestW | INLINE | explorer.exe |
HttpOpenRequestA | INLINE | explorer.exe |
InternetReadFile | INLINE | explorer.exe |
InternetQueryDataAvailable | INLINE | explorer.exe |
InternetCloseHandle | INLINE | explorer.exe |
InternetWriteFile | INLINE | explorer.exe |
InternetReadFileExA | INLINE | explorer.exe |
HttpSendRequestA | INLINE | explorer.exe |
HttpSendRequestW | INLINE | explorer.exe |
LdrLoadDll | INLINE | explorer.exe |
ZwResumeThread | INLINE | explorer.exe |
NtResumeThread | INLINE | explorer.exe |
connect | INLINE | explorer.exe |
WSASend | INLINE | explorer.exe |
WSAConnect | INLINE | explorer.exe |
send | INLINE | explorer.exe |
Processes |
---|
Process: explorer.exe, Module: USER32.dll |
---|
Function Name | Hook Type | New Data |
---|---|---|
TranslateMessage | INLINE | 0xE9 0x91 0x10 0x02 0x2F 0xF4 |
GetClipboardData | INLINE | 0xE9 0x9F 0xF0 0x0F 0xFA 0xA4 |
Process: explorer.exe, Module: WININET.dll |
---|
Function Name | Hook Type | New Data |
---|---|---|
HttpSendRequestExW | INLINE | 0xE9 0x96 0x6A 0xAC 0xC4 0x49 |
HttpOpenRequestW | INLINE | 0xE9 0x9A 0xAC 0xC9 0x90 0x0A |
HttpOpenRequestA | INLINE | 0xE9 0x9E 0xE2 0x2D 0xD8 0x89 |
InternetReadFile | INLINE | 0xE9 0x96 0x6F 0xFC 0xC7 0x7A |
InternetQueryDataAvailable | INLINE | 0xE9 0x95 0x53 0x37 0x72 0x2A |
InternetCloseHandle | INLINE | 0xE9 0x9B 0xBC 0xCC 0xC0 0x0A |
InternetWriteFile | INLINE | 0xE9 0x93 0x36 0x6C 0xC3 0x39 |
InternetReadFileExA | INLINE | 0xE9 0x9E 0xE0 0x0F 0xFC 0xCA |
HttpSendRequestA | INLINE | 0xE9 0x92 0x23 0x33 0x36 0x69 |
HttpSendRequestW | INLINE | 0xE9 0x99 0x9D 0xD5 0x5B 0xBA |
Process: explorer.exe, Module: ntdll.dll |
---|
Function Name | Hook Type | New Data |
---|---|---|
LdrLoadDll | INLINE | 0xE9 0x92 0x27 0x70 0x0D 0xD4 |
ZwResumeThread | INLINE | 0xE9 0x99 0x96 0x63 0x33 0x35 |
NtResumeThread | INLINE | 0xE9 0x99 0x96 0x63 0x33 0x35 |
Process: explorer.exe, Module: WS2_32.dll |
---|
Function Name | Hook Type | New Data |
---|---|---|
connect | INLINE | 0xE9 0x9B 0xB4 0x48 0x8F 0xF0 |
WSASend | INLINE | 0xE9 0x90 0x0D 0xDB 0xB2 0x20 |
WSAConnect | INLINE | 0xE9 0x95 0x52 0x23 0x3B 0xB0 |
send | INLINE | 0xE9 0x97 0x7E 0xE8 0x8A 0xA0 |
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 19:27:47 |
Start date: | 13/11/2019 |
Path: | C:\Users\user\Desktop\zhAQkCQvME.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 676352 bytes |
MD5 hash: | E7DE0CC04F0A433FCE5336B7C7504D2C |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Antivirus matches: |
|
Reputation: | low |
General |
---|
Start time: | 19:27:49 |
Start date: | 13/11/2019 |
Path: | C:\Users\user\Desktop\zhAQkCQvME.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 676352 bytes |
MD5 hash: | E7DE0CC04F0A433FCE5336B7C7504D2C |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
General |
---|
Start time: | 19:27:58 |
Start date: | 13/11/2019 |
Path: | C:\Users\user\AppData\Roaming\Microsoft\Eacrrvkown\jkfkdm.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 676352 bytes |
MD5 hash: | E7DE0CC04F0A433FCE5336B7C7504D2C |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Antivirus matches: |
|
Reputation: | low |
General |
---|
Start time: | 19:27:58 |
Start date: | 13/11/2019 |
Path: | C:\Windows\System32\schtasks.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x4b0000 |
File size: | 179712 bytes |
MD5 hash: | 2003E9B15E1C502B146DAD2E383AC1E3 |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
General |
---|
Start time: | 19:41:01 |
Start date: | 13/11/2019 |
Path: | C:\Users\user\Desktop\zhAQkCQvME.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 676352 bytes |
MD5 hash: | E7DE0CC04F0A433FCE5336B7C7504D2C |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 19:41:01 |
Start date: | 13/11/2019 |
Path: | C:\Users\user\AppData\Roaming\Microsoft\Eacrrvkown\jkfkdm.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 676352 bytes |
MD5 hash: | E7DE0CC04F0A433FCE5336B7C7504D2C |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
General |
---|
Start time: | 19:41:02 |
Start date: | 13/11/2019 |
Path: | C:\Users\user\AppData\Roaming\Microsoft\Eacrrvkown\jkfkdm.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 676352 bytes |
MD5 hash: | E7DE0CC04F0A433FCE5336B7C7504D2C |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
General |
---|
Start time: | 19:41:03 |
Start date: | 13/11/2019 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x49d90000 |
File size: | 302592 bytes |
MD5 hash: | AD7B9C14083B52BC532FBA5948342B98 |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 19:41:04 |
Start date: | 13/11/2019 |
Path: | C:\Windows\System32\schtasks.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x810000 |
File size: | 179712 bytes |
MD5 hash: | 2003E9B15E1C502B146DAD2E383AC1E3 |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
General |
---|
Start time: | 19:41:04 |
Start date: | 13/11/2019 |
Path: | C:\Windows\explorer.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x20000 |
File size: | 2972672 bytes |
MD5 hash: | 6DDCA324434FFA506CF7DC4E51DB7935 |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 19:41:04 |
Start date: | 13/11/2019 |
Path: | C:\Windows\System32\PING.EXE |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x990000 |
File size: | 15360 bytes |
MD5 hash: | 6242E3D67787CCBF4E06AD2982853144 |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
General |
---|
Start time: | 19:41:05 |
Start date: | 13/11/2019 |
Path: | C:\Users\user\AppData\Roaming\Microsoft\Eacrrvkown\jkfkdm.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 676352 bytes |
MD5 hash: | E7DE0CC04F0A433FCE5336B7C7504D2C |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
General |
---|
Start time: | 19:41:17 |
Start date: | 13/11/2019 |
Path: | C:\Users\user\AppData\Roaming\Microsoft\Eacrrvkown\jkfkdm.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 676352 bytes |
MD5 hash: | E7DE0CC04F0A433FCE5336B7C7504D2C |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
General |
---|
Start time: | 19:41:18 |
Start date: | 13/11/2019 |
Path: | C:\Users\user\AppData\Roaming\Microsoft\Eacrrvkown\jkfkdm.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 676352 bytes |
MD5 hash: | E7DE0CC04F0A433FCE5336B7C7504D2C |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
General |
---|
Start time: | 19:41:28 |
Start date: | 13/11/2019 |
Path: | C:\Windows\System32\taskhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x830000 |
File size: | 49152 bytes |
MD5 hash: | 72E953215CADE1A726C04AAFDF6B463D |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
General |
---|
Start time: | 19:41:38 |
Start date: | 13/11/2019 |
Path: | C:\Windows\System32\dwm.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x90000 |
File size: | 92672 bytes |
MD5 hash: | 505BF4D1CADEB8D4F8BCD08D944DE25D |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
General |
---|
Start time: | 19:41:44 |
Start date: | 13/11/2019 |
Path: | C:\Windows\explorer.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x20000 |
File size: | 2972672 bytes |
MD5 hash: | 6DDCA324434FFA506CF7DC4E51DB7935 |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 19:42:02 |
Start date: | 13/11/2019 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x3f0000 |
File size: | 271360 bytes |
MD5 hash: | 761D6906DE888CF832606CFCDC9E7C47 |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
General |
---|
Start time: | 19:42:22 |
Start date: | 13/11/2019 |
Path: | C:\Windows\System32\notepad.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x30000 |
File size: | 179712 bytes |
MD5 hash: | A4F6DF0E33E644E802C8798ED94D80EA |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
General |
---|
Start time: | 19:42:34 |
Start date: | 13/11/2019 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x3f0000 |
File size: | 271360 bytes |
MD5 hash: | 761D6906DE888CF832606CFCDC9E7C47 |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
Function 0040A090, Relevance: 70.5, APIs: 31, Strings: 9, Instructions: 482stringlibraryloaderUNIQUELIBRARYCODECrypto
Control-flow Graph |
---|
C-Code - Quality: 50% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0040C370, Relevance: 40.5, APIs: 18, Strings: 5, Instructions: 297libraryloadernativeUNIQUE
Control-flow Graph |
---|
C-Code - Quality: 57% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 004031F0, Relevance: 33.6, APIs: 12, Strings: 7, Instructions: 333UNIQUECrypto
Control-flow Graph |
---|
C-Code - Quality: 54% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0040F770, Relevance: 19.6, APIs: 7, Strings: 4, Instructions: 321stringfiletimeUNIQUECrypto
Control-flow Graph |
---|
C-Code - Quality: 40% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Control-flow Graph |
---|
C-Code - Quality: 41% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 1.69% |
Function 00407A30, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 170libraryloaderUNIQUE
Control-flow Graph |
---|
C-Code - Quality: 73% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 00410BA0, Relevance: 7.6, APIs: 5, Instructions: 109sleepCOMMON
Control-flow Graph |
---|
C-Code - Quality: 19% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 1.74% |
Function 00404290, Relevance: 7.6, APIs: 5, Instructions: 91processCOMMONLIBRARYCODE
Control-flow Graph |
---|
C-Code - Quality: 38% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.68% |
C-Code - Quality: 82% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.03% |
Function 00409C00, Relevance: 5.2, Strings: 4, Instructions: 167UNIQUELIBRARYCODECrypto
C-Code - Quality: 64% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 00408290, Relevance: 4.7, APIs: 3, Instructions: 178COMMON
C-Code - Quality: 64% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.58% |
Function 005C2A35, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.01% |
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.02% |
Function 004097A0, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 96stringCOMMON
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 5.54% |
Function 0040EF00, Relevance: 12.7, APIs: 5, Strings: 2, Instructions: 405stringUNIQUE
Control-flow Graph |
---|
C-Code - Quality: 66% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Control-flow Graph |
---|
C-Code - Quality: 20% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 5.54% |
Control-flow Graph |
---|
C-Code - Quality: 32% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 005C1827, Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 275memoryUNIQUE
Control-flow Graph |
---|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 004041B0, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 76processsynchronizationUNIQUE
Control-flow Graph |
---|
C-Code - Quality: 37% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Control-flow Graph |
---|
C-Code - Quality: 62% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.90% |
Function 005C1826, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 225memoryUNIQUE
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 004101E0, Relevance: 6.1, APIs: 4, Instructions: 96COMMON
C-Code - Quality: 27% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.72% |
C-Code - Quality: 58% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.42% |
C-Code - Quality: 62% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 004086D0, Relevance: 4.6, APIs: 3, Instructions: 76COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 8.94% |
C-Code - Quality: 46% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.15% |
C-Code - Quality: 58% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 4.01% |
C-Code - Quality: 30% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.23% |
C-Code - Quality: 37% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.23% |
C-Code - Quality: 64% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 4.31% |
Function 00403F10, Relevance: 3.8, APIs: 3, Instructions: 39stringmemoryCOMMONLIBRARYCODE
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 4.65% |
C-Code - Quality: 38% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 005C2D3A, Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 148memoryUNIQUE
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 004100E0, Relevance: 3.1, APIs: 2, Instructions: 80sleepCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 4.65% |
Function 0040DFD0, Relevance: 3.0, APIs: 2, Instructions: 38COMMON
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 5.06% |
Function 00408540, Relevance: 3.0, APIs: 2, Instructions: 31fileCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.99% |
Function 0040FF20, Relevance: 3.0, APIs: 2, Instructions: 31fileCOMMON
C-Code - Quality: 37% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.28% |
C-Code - Quality: 58% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 23.02% |
C-Code - Quality: 37% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.17% |
C-Code - Quality: 75% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.28% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.02% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.01% |
Function 0040ECB0, Relevance: 1.6, APIs: 1, Instructions: 77COMMON
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 3.15% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.02% |
Function 004085E0, Relevance: 1.5, APIs: 1, Instructions: 41COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 00408660, Relevance: 1.5, APIs: 1, Instructions: 40fileCOMMON
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.02% |
Function 00410B40, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 3.53% |
Function 004085A0, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.01% |
C-Code - Quality: 58% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.03% |
Function 0040E040, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.01% |
Function 00403EE0, Relevance: 1.5, APIs: 1, Instructions: 14memoryCOMMONLIBRARYCODE
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 0040E080, Relevance: 1.5, APIs: 1, Instructions: 13COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.01% |
Function 00403EC0, Relevance: 1.5, APIs: 1, Instructions: 9memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.02% |
Function 00405DF0, Relevance: 1.5, APIs: 1, Instructions: 208COMMON
C-Code - Quality: 53% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.03% |
Function 0040FFD0, Relevance: 1.3, APIs: 1, Instructions: 79sleepCOMMON
C-Code - Quality: 50% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 0040EB00, Relevance: 1.3, APIs: 1, Instructions: 59COMMON
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.02% |
Function 00409410, Relevance: 1.3, APIs: 1, Instructions: 36COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.03% |
Function 0040EDF0, Relevance: 1.3, APIs: 1, Instructions: 14COMMON
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.03% |
Non-executed Functions |
---|
Function 00410920, Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 188comCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.20% |
Function 0040AE50, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83processUNIQUE
C-Code - Quality: 72% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 00402690, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 207sleepUNIQUECrypto
C-Code - Quality: 59% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 00404400, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 106processUNIQUE
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 23.02% |
Function 00407340, Relevance: 9.1, APIs: 6, Instructions: 89UNIQUE
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
C-Code - Quality: 81% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.90% |
C-Code - Quality: 37% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
C-Code - Quality: 50% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.85% |
Function 0040A800, Relevance: 3.8, APIs: 3, Instructions: 42COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.03% |
Function 0040AC10, Relevance: 3.1, APIs: 2, Instructions: 57COMMON
C-Code - Quality: 75% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 5.06% |
Function 0040B450, Relevance: 2.6, Strings: 2, Instructions: 53COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.22% |
Function 00401420, Relevance: 1.5, APIs: 1, Instructions: 28COMMON
C-Code - Quality: 50% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.49% |
C-Code - Quality: 100% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.74% |
Function 00413120, Relevance: .2, Instructions: 179COMMONCrypto
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 0040E230, Relevance: 44.0, APIs: 19, Strings: 6, Instructions: 290stringregistrylibraryCOMMON
C-Code - Quality: 32% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 3.53% |
Function 00402270, Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 151windowregistrysynchronizationUNIQUE
C-Code - Quality: 43% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
C-Code - Quality: 80% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0040E7F0, Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 212stringregistryUNIQUE
C-Code - Quality: 35% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 004110A0, Relevance: 16.8, APIs: 9, Strings: 2, Instructions: 334stringUNIQUE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
C-Code - Quality: 41% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 00409FB0, Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 47libraryloaderUNIQUE
C-Code - Quality: 37% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
C-Code - Quality: 40% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0040ACC0, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 88processUNIQUE
C-Code - Quality: 62% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0040AFB0, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 87processUNIQUE
C-Code - Quality: 62% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 004068D0, Relevance: 13.6, APIs: 4, Strings: 5, Instructions: 61stringUNIQUE
C-Code - Quality: 37% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
C-Code - Quality: 34% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 6.12% |
Function 00406460, Relevance: 10.9, APIs: 5, Strings: 1, Instructions: 359stringUNIQUE
C-Code - Quality: 70% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0040C710, Relevance: 10.7, APIs: 1, Strings: 6, Instructions: 208stringUNIQUE
C-Code - Quality: 65% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
C-Code - Quality: 58% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.71% |
Function 00402920, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 100synchronizationthreadUNIQUE
C-Code - Quality: 56% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 004016F0, Relevance: 10.6, APIs: 7, Instructions: 64UNIQUE
C-Code - Quality: 68% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
C-Code - Quality: 43% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 5.54% |
C-Code - Quality: 84% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 5.54% |
Function 004021B0, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 60libraryloaderUNIQUE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 004018E0, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 39windowUNIQUE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 00410510, Relevance: 7.6, APIs: 5, Instructions: 141COMMON
C-Code - Quality: 42% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
C-Code - Quality: 65% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 8.94% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.28% |
Function 00404D50, Relevance: 7.6, APIs: 6, Instructions: 76stringCOMMON
C-Code - Quality: 82% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.04% |
Function 00407230, Relevance: 7.5, APIs: 5, Instructions: 40threadCOMMONLIBRARYCODE
C-Code - Quality: 50% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.81% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 6.12% |
C-Code - Quality: 30% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0040FBA9, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42stringfileUNIQUE
C-Code - Quality: 37% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
C-Code - Quality: 54% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.99% |
C-Code - Quality: 42% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.20% |
Function 004071D0, Relevance: 6.0, APIs: 4, Instructions: 36COMMON
C-Code - Quality: 37% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 3.75% |
Function 00402D30, Relevance: 6.0, APIs: 1, Strings: 3, Instructions: 30stringUNIQUE
C-Code - Quality: 37% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 00402A60, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51libraryUNIQUE
C-Code - Quality: 33% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 00403E00, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33timeUNIQUE
C-Code - Quality: 91% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Callgraph |
---|
Executed Functions |
---|
Function 01322A35, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.01% |
Function 01321827, Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 275memoryUNIQUE
Control-flow Graph |
---|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 01321826, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 225memoryUNIQUE
Control-flow Graph |
---|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 01322D3A, Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 148memoryUNIQUE
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.02% |
Control-flow Graph |
---|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.01% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.02% |
Non-executed Functions |
---|
Callgraph |
---|
Executed Functions |
---|
Function 01292A35, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.01% |
Function 01291827, Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 275memoryUNIQUE
Control-flow Graph |
---|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 01291826, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 225memoryUNIQUE
Control-flow Graph |
---|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 01292D3A, Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 148memoryUNIQUE
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.02% |
Control-flow Graph |
---|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.01% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.02% |
Non-executed Functions |
---|
Callgraph |
---|
Executed Functions |
---|
Function 006D2A35, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.01% |
Function 006D1827, Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 275memoryUNIQUE
Control-flow Graph |
---|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 006D1826, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 225memoryUNIQUE
Control-flow Graph |
---|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 006D2D3A, Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 148memoryUNIQUE
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.02% |
Control-flow Graph |
---|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.01% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.02% |
Non-executed Functions |
---|
Callgraph |
---|
Executed Functions |
---|
Function 01292A35, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.01% |
Function 01291827, Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 275memoryUNIQUE
Control-flow Graph |
---|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 01291826, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 225memoryUNIQUE
Control-flow Graph |
---|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 01292D3A, Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 148memoryUNIQUE
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.02% |
Control-flow Graph |
---|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.01% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.02% |
Non-executed Functions |
---|
Callgraph |
---|
Executed Functions |
---|
Function 01292A35, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.01% |
Function 01291827, Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 275memoryUNIQUE
Control-flow Graph |
---|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 01291826, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 225memoryUNIQUE
Control-flow Graph |
---|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 01292D3A, Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 148memoryUNIQUE
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.02% |
Control-flow Graph |
---|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.01% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.02% |
Non-executed Functions |
---|
Executed Functions |
---|
Function 0151EA50, Relevance: 70.5, APIs: 31, Strings: 9, Instructions: 482stringlibraryloaderUNIQUELIBRARYCODECrypto
Control-flow Graph |
---|
C-Code - Quality: 50% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 003F2690, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 207sleepUNIQUECrypto
Control-flow Graph |
---|
C-Code - Quality: 59% |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 01505564, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 66pipeUNIQUE
C-Code - Quality: 77% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0151E5C0, Relevance: 5.2, Strings: 4, Instructions: 167UNIQUELIBRARYCODECrypto
C-Code - Quality: 64% |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 01510C9E, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 11encryptionUNIQUE
C-Code - Quality: 58% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0151C470, Relevance: 44.0, APIs: 19, Strings: 6, Instructions: 290stringregistrylibraryCOMMON
Control-flow Graph |
---|
C-Code - Quality: 32% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 3.53% |
Function 01506383, Relevance: 38.8, APIs: 10, Strings: 12, Instructions: 251UNIQUE
Control-flow Graph |
---|
C-Code - Quality: 82% |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 015145B0, Relevance: 18.3, APIs: 9, Strings: 3, Instructions: 334stringUNIQUE
Control-flow Graph |
---|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Control-flow Graph |
---|
C-Code - Quality: 80% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 01503148, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 102threadsleepUNIQUE
Control-flow Graph |
---|
C-Code - Quality: 93% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 01524390, Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 91libraryloaderUNIQUE
Control-flow Graph |
---|
C-Code - Quality: 24% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 003F9FB0, Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 47libraryloaderUNIQUE
Control-flow Graph |
---|
C-Code - Quality: 37% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0150F062, Relevance: 15.0, APIs: 2, Strings: 8, Instructions: 50stringUNIQUE
Control-flow Graph |
---|
C-Code - Quality: 65% |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Control-flow Graph |
---|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 003F68D0, Relevance: 13.6, APIs: 4, Strings: 5, Instructions: 61stringUNIQUE
Control-flow Graph |
---|
C-Code - Quality: 37% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0150EA96, Relevance: 13.6, APIs: 3, Strings: 6, Instructions: 55stringUNIQUE
Control-flow Graph |
---|
C-Code - Quality: 57% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Control-flow Graph |
---|
C-Code - Quality: 50% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Control-flow Graph |
---|
C-Code - Quality: 31% |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
C-Code - Quality: 34% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 10.55% |
Function 01516520, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 170libraryloaderUNIQUE
C-Code - Quality: 73% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 003F7A30, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 170libraryloaderUNIQUE
C-Code - Quality: 73% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 003F2920, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 100synchronizationthreadUNIQUE
C-Code - Quality: 56% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 015022D8, Relevance: 9.2, APIs: 6, Instructions: 198synchronizationUNIQUE
C-Code - Quality: 70% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
C-Code - Quality: 51% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 8.94% |
C-Code - Quality: 47% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
C-Code - Quality: 47% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
C-Code - Quality: 47% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
C-Code - Quality: 59% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 01520E90, Relevance: 7.6, APIs: 5, Instructions: 129comUNIQUE
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
C-Code - Quality: 20% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 23.02% |
Function 003F2270, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 151synchronizationUNIQUE
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 3.53% |
C-Code - Quality: 100% |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 015066F6, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 25fileUNIQUE
C-Code - Quality: 75% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
C-Code - Quality: 54% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.99% |
C-Code - Quality: 58% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.42% |
C-Code - Quality: 42% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 2.20% |
Function 0151B570, Relevance: 6.1, APIs: 4, Instructions: 71UNIQUE
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0151F820, Relevance: 6.0, APIs: 4, Instructions: 36COMMON
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 3.75% |
C-Code - Quality: 83% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
C-Code - Quality: 70% |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 01502E13, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69synchronizationUNIQUE
C-Code - Quality: 77% |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 01503F7B, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68stringUNIQUE
C-Code - Quality: 88% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 003F2A60, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51libraryUNIQUE
C-Code - Quality: 33% |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0150723D, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16windowUNIQUE
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0151B300, Relevance: 5.1, APIs: 4, Instructions: 74COMMON
C-Code - Quality: 62% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.02% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 12.89% |
Function 003F8290, Relevance: 4.7, APIs: 3, Instructions: 178COMMON
C-Code - Quality: 64% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.58% |
C-Code - Quality: 96% |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 01506FC0, Relevance: 4.6, APIs: 3, Instructions: 133COMMON
C-Code - Quality: 92% |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 01519030, Relevance: 4.6, APIs: 3, Instructions: 76COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 8.94% |
Function 01502ECB, Relevance: 4.6, APIs: 3, Instructions: 76threadsynchronizationCOMMON
C-Code - Quality: 97% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 10.55% |
Function 003F86D0, Relevance: 4.6, APIs: 3, Instructions: 76COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 8.94% |
C-Code - Quality: 46% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.15% |
C-Code - Quality: 46% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.15% |
C-Code - Quality: 58% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 4.01% |
C-Code - Quality: 58% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 4.01% |
Function 01502A8E, Relevance: 4.5, APIs: 2, Strings: 1, Instructions: 45stringUNIQUE
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
C-Code - Quality: 30% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.23% |
Function 01516380, Relevance: 4.5, APIs: 3, Instructions: 37UNIQUE
C-Code - Quality: 16% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
C-Code - Quality: 37% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.23% |
Function 003F6FE0, Relevance: 4.5, APIs: 2, Strings: 1, Instructions: 32stringUNIQUE
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 01501D04, Relevance: 3.9, APIs: 3, Instructions: 137COMMON
C-Code - Quality: 98% |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
C-Code - Quality: 64% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 4.31% |
C-Code - Quality: 64% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 4.31% |
Function 01513990, Relevance: 3.8, APIs: 3, Instructions: 39stringmemoryCOMMONLIBRARYCODE
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 4.65% |
Function 003F3F10, Relevance: 3.8, APIs: 3, Instructions: 39stringmemoryCOMMONLIBRARYCODE
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 4.65% |
C-Code - Quality: 38% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 003F6460, Relevance: 3.4, APIs: 1, Strings: 1, Instructions: 359stringUNIQUE
C-Code - Quality: 45% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 01514C10, Relevance: 3.2, APIs: 2, Instructions: 190timeUNIQUE
C-Code - Quality: 53% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.03% |
Function 01508AEC, Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 88stringUNIQUE
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0150678F, Relevance: 3.1, APIs: 2, Instructions: 84stringUNIQUE
C-Code - Quality: 81% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 003F1F20, Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 65stringUNIQUE
C-Code - Quality: 16% |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 015068B4, Relevance: 3.1, APIs: 2, Instructions: 51stringUNIQUE
C-Code - Quality: 84% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
C-Code - Quality: 27% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.10% |
Function 01506692, Relevance: 3.0, APIs: 2, Instructions: 39threadCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 12.89% |
Function 01518DB0, Relevance: 3.0, APIs: 2, Instructions: 31fileCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.99% |
Function 015244A0, Relevance: 3.0, APIs: 2, Instructions: 28threadCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 16.53% |
Function 01524460, Relevance: 3.0, APIs: 2, Instructions: 26COMMON
C-Code - Quality: 87% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 16.53% |
Function 01510C78, Relevance: 3.0, APIs: 2, Instructions: 13UNIQUE
C-Code - Quality: 79% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
C-Code - Quality: 39% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
C-Code - Quality: 88% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.29% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.03% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.03% |
C-Code - Quality: 75% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 2.28% |
Function 003F25E0, Relevance: 1.6, APIs: 1, Instructions: 54threadCOMMON
C-Code - Quality: 16% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.06% |
Function 01514F30, Relevance: 1.5, APIs: 1, Instructions: 46COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.90% |
Function 01518E50, Relevance: 1.5, APIs: 1, Instructions: 41COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 01518ED0, Relevance: 1.5, APIs: 1, Instructions: 40fileCOMMON
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.02% |
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.02% |
Function 01518E10, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.01% |
C-Code - Quality: 58% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.03% |
C-Code - Quality: 58% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.03% |
Function 0151BCA0, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.01% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.03% |
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.43% |
Function 0151BCE0, Relevance: 1.5, APIs: 1, Instructions: 13COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.01% |
Function 01513940, Relevance: 1.5, APIs: 1, Instructions: 9memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.02% |
Function 0150631C, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.90% |
Function 003F3EC0, Relevance: 1.5, APIs: 1, Instructions: 9memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.02% |
Function 015182B0, Relevance: 1.5, APIs: 1, Instructions: 208COMMON
C-Code - Quality: 53% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.03% |
C-Code - Quality: 78% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.02% |
Function 003F69A0, Relevance: 1.3, APIs: 1, Instructions: 95COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 015097CC, Relevance: 1.3, APIs: 1, Instructions: 78stringCOMMON
C-Code - Quality: 87% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.02% |
Function 01509720, Relevance: 1.3, APIs: 1, Instructions: 70stringCOMMON
C-Code - Quality: 87% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.02% |
Function 01506F12, Relevance: 1.3, APIs: 1, Instructions: 37COMMON
C-Code - Quality: 81% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.03% |
Function 01509554, Relevance: 1.3, APIs: 1, Instructions: 29stringCOMMON
C-Code - Quality: 86% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.02% |
Function 01506F78, Relevance: 1.3, APIs: 1, Instructions: 29COMMON
C-Code - Quality: 87% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.03% |
Function 003F6F80, Relevance: 1.3, APIs: 1, Instructions: 29stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.02% |
Function 0150626D, Relevance: 1.3, APIs: 1, Instructions: 21stringCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.02% |
Function 0151C7F0, Relevance: 1.3, APIs: 1, Instructions: 20stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.02% |
Function 01513960, Relevance: 1.3, APIs: 1, Instructions: 14memoryCOMMONLIBRARYCODE
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.06% |
Function 003F3EE0, Relevance: 1.3, APIs: 1, Instructions: 14memoryCOMMONLIBRARYCODE
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.06% |
Non-executed Functions |
---|
Function 003FA090, Relevance: 70.5, APIs: 31, Strings: 9, Instructions: 482stringlibraryloaderUNIQUELIBRARYCODECrypto
C-Code - Quality: 50% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 003F31F0, Relevance: 31.8, APIs: 11, Strings: 7, Instructions: 333UNIQUECrypto
C-Code - Quality: 51% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 003FF770, Relevance: 19.6, APIs: 7, Strings: 4, Instructions: 321stringfiletimeUNIQUECrypto
C-Code - Quality: 40% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0151B870, Relevance: 9.2, APIs: 6, Instructions: 155sleepfilesynchronizationUNIQUE
C-Code - Quality: 66% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
C-Code - Quality: 81% |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.90% |
C-Code - Quality: 81% |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.90% |
Function 00400BA0, Relevance: 7.6, APIs: 5, Instructions: 109sleepCOMMON
C-Code - Quality: 19% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 1.74% |
C-Code - Quality: 37% |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 003F9C00, Relevance: 5.2, Strings: 4, Instructions: 167UNIQUELIBRARYCODECrypto
C-Code - Quality: 64% |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 01511112, Relevance: 4.9, APIs: 1, Strings: 2, Instructions: 353COMMONCrypto
C-Code - Quality: 95% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 7.75% |
C-Code - Quality: 76% |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 5.54% |
Function 0150F10A, Relevance: 2.5, APIs: 2, Instructions: 9memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.14% |
C-Code - Quality: 100% |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.74% |
Function 003F1420, Relevance: 1.5, APIs: 1, Instructions: 28COMMON
C-Code - Quality: 50% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.49% |
C-Code - Quality: 100% |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.74% |
Function 01511533, Relevance: .4, Instructions: 370COMMONCrypto
C-Code - Quality: 62% |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 01511A1B, Relevance: .4, Instructions: 363COMMONCrypto
C-Code - Quality: 62% |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 015272C0, Relevance: .2, Instructions: 179COMMONCrypto
C-Code - Quality: 100% |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 00403120, Relevance: .2, Instructions: 179COMMONCrypto
C-Code - Quality: 100% |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 01523C50, Relevance: .2, Instructions: 168COMMONCrypto
C-Code - Quality: 83% |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 015131DC, Relevance: .1, Instructions: 122COMMONCrypto
C-Code - Quality: 76% |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
C-Code - Quality: 100% |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
C-Code - Quality: 100% |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 01506934, Relevance: 45.8, APIs: 17, Strings: 9, Instructions: 254stringtimeUNIQUE
C-Code - Quality: 38% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 003FE230, Relevance: 44.0, APIs: 19, Strings: 6, Instructions: 290stringregistrylibraryCOMMON
C-Code - Quality: 32% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 3.53% |
Function 003FC370, Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 297libraryloaderUNIQUE
C-Code - Quality: 49% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0150B8E0, Relevance: 34.8, APIs: 21, Strings: 2, Instructions: 273stringUNIQUE
C-Code - Quality: 48% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0150DC40, Relevance: 22.8, APIs: 11, Strings: 4, Instructions: 295stringUNIQUE
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0150C6F0, Relevance: 22.7, APIs: 5, Strings: 10, Instructions: 190stringCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 8.94% |
Function 01509D8E, Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 308sleepthreadUNIQUE
C-Code - Quality: 87% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 01506C0A, Relevance: 21.2, APIs: 5, Strings: 7, Instructions: 190registryUNIQUE
C-Code - Quality: 79% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0150D150, Relevance: 21.1, APIs: 9, Strings: 5, Instructions: 99stringCOMMON
C-Code - Quality: 87% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 10.55% |
Function 0150D2A0, Relevance: 19.6, APIs: 7, Strings: 6, Instructions: 90stringUNIQUE
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0150E350, Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 165stringUNIQUE
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 004010A0, Relevance: 18.3, APIs: 9, Strings: 3, Instructions: 334stringUNIQUE
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 003FE7F0, Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 212stringregistryUNIQUE
C-Code - Quality: 35% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 003F97A0, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 96stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 5.54% |
C-Code - Quality: 41% |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0150327D, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 102sleepthreadUNIQUE
C-Code - Quality: 81% |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0151E970, Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 47libraryloaderUNIQUE
C-Code - Quality: 37% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
C-Code - Quality: 100% |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 01510BDC, Relevance: 15.1, APIs: 2, Strings: 8, Instructions: 53stringUNIQUE
C-Code - Quality: 65% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
C-Code - Quality: 34% |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 00400920, Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 188comCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 2.20% |
C-Code - Quality: 40% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0150C190, Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 128stringCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 10.55% |
Function 01524B00, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 100stringCOMMON
C-Code - Quality: 90% |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 8.94% |
Function 003FEF00, Relevance: 12.7, APIs: 5, Strings: 2, Instructions: 405stringUNIQUE
C-Code - Quality: 66% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
C-Code - Quality: 70% |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 01507655, Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 115fileUNIQUE
C-Code - Quality: 71% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0151BA80, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 82fileCOMMON
C-Code - Quality: 38% |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 10.55% |
Function 0150561A, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 82stringsynchronizationUNIQUE
C-Code - Quality: 89% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
C-Code - Quality: 34% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 6.12% |
C-Code - Quality: 96% |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 015160D0, Relevance: 12.1, APIs: 8, Instructions: 80UNIQUE
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
C-Code - Quality: 72% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 10.55% |
C-Code - Quality: 20% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 5.54% |
C-Code - Quality: 70% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 12.89% |
Function 003FC710, Relevance: 10.7, APIs: 1, Strings: 6, Instructions: 208stringUNIQUE
C-Code - Quality: 65% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
C-Code - Quality: 94% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 1.18% |
Function 003F4400, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 106processUNIQUE
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 23.02% |
C-Code - Quality: 59% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 8.94% |
C-Code - Quality: 32% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
C-Code - Quality: 45% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 003F16F0, Relevance: 10.6, APIs: 7, Instructions: 64UNIQUE
C-Code - Quality: 68% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 01519E50, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 1.85% |
Function 01520E00, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46libraryloaderCOMMON
C-Code - Quality: 84% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 12.89% |
Function 01519DE0, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 37stringCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 1.85% |
Function 0151CFD0, Relevance: 9.2, APIs: 1, Strings: 5, Instructions: 208stringUNIQUE
C-Code - Quality: 65% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
C-Code - Quality: 36% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 8.94% |
C-Code - Quality: 70% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 5.54% |
C-Code - Quality: 77% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 10.55% |
C-Code - Quality: 72% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 8.94% |
C-Code - Quality: 86% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 10.55% |
C-Code - Quality: 41% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 7.75% |
C-Code - Quality: 70% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 8.94% |
C-Code - Quality: 54% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 10.55% |
C-Code - Quality: 28% |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 4.31% |
C-Code - Quality: 29% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
C-Code - Quality: 84% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 5.54% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 4.31% |
Function 015045A5, Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 101stringUNIQUE
C-Code - Quality: 81% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
C-Code - Quality: 58% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 003F21B0, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 60libraryloaderUNIQUE
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 015140E0, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 41libraryloaderUNIQUE
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 00400510, Relevance: 7.6, APIs: 5, Instructions: 141COMMON
C-Code - Quality: 42% |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
C-Code - Quality: 25% |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
C-Code - Quality: 95% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 5.06% |
Function 0151CA10, Relevance: 7.6, APIs: 5, Instructions: 108comCOMMON
C-Code - Quality: 31% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 2.84% |
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 1.18% |
Function 015033DF, Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 100stringUNIQUE
C-Code - Quality: 89% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
C-Code - Quality: 83% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 10.55% |
C-Code - Quality: 62% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.90% |
C-Code - Quality: 81% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 10.55% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.28% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.28% |
C-Code - Quality: 68% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 5.54% |
Function 01516FF0, Relevance: 7.6, APIs: 6, Instructions: 76stringCOMMON
C-Code - Quality: 82% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.04% |
Function 003F4D50, Relevance: 7.6, APIs: 6, Instructions: 76stringCOMMON
C-Code - Quality: 82% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.04% |
Function 01504FFD, Relevance: 7.6, APIs: 5, Instructions: 73stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 1.18% |
Function 01508BC1, Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 70stringUNIQUE
C-Code - Quality: 85% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 01524A60, Relevance: 7.6, APIs: 5, Instructions: 61stringCOMMON
C-Code - Quality: 78% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 12.89% |
C-Code - Quality: 78% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 12.89% |
Function 0151D630, Relevance: 7.5, APIs: 5, Instructions: 40threadCOMMONLIBRARYCODE
C-Code - Quality: 50% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.81% |
Function 003F7230, Relevance: 7.5, APIs: 5, Instructions: 40threadCOMMONLIBRARYCODE
C-Code - Quality: 50% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.81% |
C-Code - Quality: 89% |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
C-Code - Quality: 67% |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
C-Code - Quality: 23% |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 003F41B0, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 76synchronizationUNIQUE
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0150E1F0, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 68stringUNIQUE
C-Code - Quality: 53% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0150A537, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 59threadUNIQUE
C-Code - Quality: 90% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 6.12% |
C-Code - Quality: 30% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 003FFBA9, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42stringfileUNIQUE
C-Code - Quality: 37% |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
C-Code - Quality: 75% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 015081D6, Relevance: 6.4, APIs: 5, Instructions: 185COMMON
C-Code - Quality: 88% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 2.98% |
C-Code - Quality: 84% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.02% |
C-Code - Quality: 25% |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
C-Code - Quality: 54% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.99% |
Function 015193D0, Relevance: 6.2, APIs: 4, Instructions: 190fileCOMMON
C-Code - Quality: 16% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 1.34% |
C-Code - Quality: 18% |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
C-Code - Quality: 25% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 004001E0, Relevance: 6.1, APIs: 4, Instructions: 96COMMON
C-Code - Quality: 27% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.72% |
C-Code - Quality: 58% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.42% |
Function 003F7340, Relevance: 6.1, APIs: 4, Instructions: 89UNIQUE
C-Code - Quality: 64% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0150E790, Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 85stringCOMMON
C-Code - Quality: 79% |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 7.75% |
Function 0150C320, Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 84stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 10.55% |
Function 01505B03, Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 81stringUNIQUE
C-Code - Quality: 89% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 01501FB3, Relevance: 6.1, APIs: 4, Instructions: 81UNIQUE
C-Code - Quality: 81% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
C-Code - Quality: 42% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 2.20% |
C-Code - Quality: 16% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 015170D0, Relevance: 6.1, APIs: 4, Instructions: 69stringCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.46% |
Function 015247D0, Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 53stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 10.55% |
Function 0151B670, Relevance: 6.0, APIs: 4, Instructions: 48stringUNIQUE
C-Code - Quality: 37% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 37.75% |
Function 003F71D0, Relevance: 6.0, APIs: 4, Instructions: 36COMMON
C-Code - Quality: 37% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 3.75% |
Function 003F2D30, Relevance: 6.0, APIs: 1, Strings: 3, Instructions: 30stringUNIQUE
C-Code - Quality: 37% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
C-Code - Quality: 81% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0151AFE0, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 122synchronizationUNIQUE
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 37.75% |
Function 0151A4E0, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 102libraryUNIQUE
C-Code - Quality: 52% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0151B220, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76synchronizationUNIQUE
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 37.75% |
Function 0151B150, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 71synchronizationUNIQUE
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 37.75% |
Function 015048F0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67stringUNIQUE
C-Code - Quality: 82% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 015049A9, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 61stringUNIQUE
C-Code - Quality: 95% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 01519D70, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37windowUNIQUE
C-Code - Quality: 37% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 01505A48, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36synchronizationCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 4.65% |
Function 003F3E00, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33timeUNIQUE
C-Code - Quality: 91% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Callgraph |
---|
Executed Functions |
---|
Function 01252A35, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.01% |
Function 01251827, Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 275memoryUNIQUE
Control-flow Graph |
---|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 01251826, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 225memoryUNIQUE
Control-flow Graph |
---|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 01252D3A, Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 148memoryUNIQUE
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.02% |
Control-flow Graph |
---|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.01% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.02% |
Non-executed Functions |
---|
Callgraph |
---|
Executed Functions |
---|
Function 012A2A35, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.01% |
Function 012A1827, Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 275memoryUNIQUE
Control-flow Graph |
---|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 012A1826, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 225memoryUNIQUE
Control-flow Graph |
---|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 012A2D3A, Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 148memoryUNIQUE
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.02% |
Control-flow Graph |
---|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.01% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.02% |
Non-executed Functions |
---|
Callgraph |
---|
Executed Functions |
---|
Function 01252A35, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.01% |
Function 01251827, Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 275memoryUNIQUE
Control-flow Graph |
---|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 01251826, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 225memoryUNIQUE
Control-flow Graph |
---|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 01252D3A, Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 148memoryUNIQUE
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.02% |
Control-flow Graph |
---|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.01% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.02% |
Non-executed Functions |
---|
Executed Functions |
---|
Function 015E9EC0, Relevance: 70.5, APIs: 31, Strings: 9, Instructions: 482stringlibraryloaderUNIQUELIBRARYCODECrypto
Control-flow Graph |
---|
C-Code - Quality: 50% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 3.75% |
Function 004C0000, Relevance: .4, Instructions: 368COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Control-flow Graph |
---|
C-Code - Quality: 41% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 1.69% |
Function 015D9D74, Relevance: 12.1, APIs: 8, Instructions: 68threadmemoryprocessUNIQUE
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Control-flow Graph |
---|
C-Code - Quality: 54% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 5.54% |
Function 015D9EE8, Relevance: 7.6, APIs: 5, Instructions: 79memoryCOMMON
Control-flow Graph |
---|
C-Code - Quality: 71% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 1.13% |
Control-flow Graph |
---|
C-Code - Quality: 58% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.42% |
Control-flow Graph |
---|
C-Code - Quality: 82% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.03% |
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.58% |
Function 015DBD41, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108threadUNIQUE
Control-flow Graph |
---|
C-Code - Quality: 85% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Control-flow Graph |
---|
C-Code - Quality: 46% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.15% |
Control-flow Graph |
---|
C-Code - Quality: 58% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 4.01% |
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.80% |
Function 015E5C60, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9memoryUNIQUE
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 23.02% |
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
C-Code - Quality: 77% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.10% |
C-Code - Quality: 37% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.17% |
Function 015D2A16, Relevance: 1.5, APIs: 1, Instructions: 45memoryCOMMON
C-Code - Quality: 89% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.02% |
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.02% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.03% |
Function 015E90F0, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.01% |
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.03% |
Function 015D959A, Relevance: 1.3, APIs: 1, Instructions: 33memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Non-executed Functions |
---|
C-Code - Quality: 81% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.90% |
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 015D9134, Relevance: 19.6, APIs: 1, Strings: 12, Instructions: 65stringUNIQUE
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
C-Code - Quality: 64% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 4.01% |
Function 015DC117, Relevance: 12.1, APIs: 8, Instructions: 70threadprocessinjectionUNIQUE
C-Code - Quality: 82% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 37.75% |
Function 015DE104, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 37stringnetworkUNIQUE
C-Code - Quality: 86% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 015E9150, Relevance: 7.5, APIs: 5, Instructions: 40threadCOMMONLIBRARYCODE
C-Code - Quality: 50% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.81% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 7.75% |
C-Code - Quality: 87% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.02% |