Analysis Report
Overview
General Information |
---|
Joe Sandbox Version: | 23.0.0 |
Analysis ID: | 56303 |
Start time: | 15:34:04 |
Joe Sandbox Product: | Cloud |
Start date: | 03.07.2018 |
Overall analysis duration: | 0h 6m 22s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | csshead (renamed file extension from none to exe) |
Cookbook file name: | default.jbs |
Analysis system description: | W10 Native physical Machine for testing VM-aware malware (Office 2010, Java 1.8.0_91, Flash 22.0.0.192, Acrobat Reader DC 15.016.20039, Internet Explorer 11, Chrome 55, Firefox 50) |
Number of analysed new started processes analysed: | 2 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies |
|
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal76.evad.winEXE@3/0@0/0 |
HCA Information: |
|
EGA Information: |
|
HDC Information: |
|
Cookbook Comments: |
|
Detection |
---|
Strategy | Score | Range | Reporting | Detection | |
---|---|---|---|---|---|
Threshold | 76 | 0 - 100 | Report FP / FN |
Confidence |
---|
Strategy | Score | Range | Further Analysis Required? | Confidence | |
---|---|---|---|---|---|
Threshold | 5 | 0 - 5 | false |
Classification |
---|
Analysis Advice |
---|
Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--") |
Sample reads itself and does not show any behavior, likely it performs some host environment checks which are compared to an embedded key |
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior |
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Antivirus detection for unpacked file | Show sources |
Source: 0.2.csshead.exe.50000.0.unpack | Avira: | ||
Source: 0.2.csshead.exe.400000.1.unpack | Avira: | ||
Source: 0.0.csshead.exe.400000.0.unpack | Avira: | ||
Source: 1.2.explorer.exe.790000.2.unpack | Avira: | ||
Source: 1.2.explorer.exe.770000.1.unpack | Avira: | ||
Source: 0.1.csshead.exe.400000.0.unpack | Avira: |
Cryptography: |
---|
Uses Microsoft's Enhanced Cryptographic Provider | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_004017A2 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_0040153C | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00401402 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_004017A4 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00401AAE | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_004017E8 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00401574 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00401AB0 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00401374 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_004018A0 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_004014D0 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00401490 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00401404 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00401AF8 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00401B20 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_007714D0 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_00771404 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_00771AF8 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_00771402 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_00771574 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_00771AAE | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_007717E8 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_00771B20 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_007717A2 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_00771AB0 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_007718A0 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_00771490 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_00771374 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_0077153C | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_007717A4 |
Spam, unwanted Advertisements and Ransom Demands: |
---|
Contains functionality to import cryptographic keys (often used in ransomware) | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_004018A0 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_007718A0 |
Software Vulnerabilities: |
---|
Found inlined nop instructions (likely shell or obfuscated code) | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00409178 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00409147 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_00779147 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_00779178 |
Networking: |
---|
Contains functionality to upload files via FTP | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00419D20 |
Contains functionality to download additional files from the internet | Show sources |
Source: C:\Windows\explorer.exe | Code function: | 1_2_007715B0 |
Urls found in memory or binary data | Show sources |
Source: csshead.exe, explorer.exe | String found in binary or memory: |
Data Obfuscation: |
---|
Contains functionality to dynamically determine API calls | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00401928 |
Uses code obfuscation techniques (call, push, ret) | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_004094C0 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_004094FE | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00401060 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_004010A0 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00429268 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00429F48 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00432D22 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_007794C0 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_007794FE | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_00771060 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_007710A0 |
Spreading: |
---|
Contains functionality to enumerate / list files inside a directory | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00403988 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00405640 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_00775640 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_00773988 |
System Summary: |
---|
Contains functionality to call native functions | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00404E94 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00408A48 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00404DE0 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00408A44 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00417E60 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00417ED0 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00418190 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_00778A48 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_00774E94 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_00778A44 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_00774DE0 |
Detected potential crypto function | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00405D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_0041C95B | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_0043256D | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00430D58 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00423AD0 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00430807 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_004302B6 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_0042E76B | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_1_0041C95B | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_1_0043256D | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_00775D20 |
Found potential string decryption / allocating functions | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Code function: |
PE file contains strange resources | Show sources |
Source: csshead.exe | Static PE information: |
Sample file is different than original file name gathered from version info | Show sources |
Source: csshead.exe | Binary or memory string: |
Sample reads its own file content | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | File read: | Jump to behavior |
Tries to load missing DLLs | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Section loaded: | Jump to behavior | ||
Source: C:\Users\user\Desktop\csshead.exe | Section loaded: | Jump to behavior | ||
Source: C:\Users\user\Desktop\csshead.exe | Section loaded: | Jump to behavior | ||
Source: C:\Users\user\Desktop\csshead.exe | Section loaded: | Jump to behavior | ||
Source: C:\Users\user\Desktop\csshead.exe | Section loaded: | Jump to behavior | ||
Source: C:\Users\user\Desktop\csshead.exe | Section loaded: | Jump to behavior | ||
Source: C:\Users\user\Desktop\csshead.exe | Section loaded: | Jump to behavior | ||
Source: C:\Users\user\Desktop\csshead.exe | Section loaded: | Jump to behavior | ||
Source: C:\Users\user\Desktop\csshead.exe | Section loaded: | Jump to behavior | ||
Source: C:\Users\user\Desktop\csshead.exe | Section loaded: | Jump to behavior | ||
Source: C:\Users\user\Desktop\csshead.exe | Section loaded: | Jump to behavior | ||
Source: C:\Users\user\Desktop\csshead.exe | Section loaded: | Jump to behavior | ||
Source: C:\Users\user\Desktop\csshead.exe | Section loaded: | Jump to behavior | ||
Source: C:\Users\user\Desktop\csshead.exe | Section loaded: | Jump to behavior | ||
Source: C:\Users\user\Desktop\csshead.exe | Section loaded: | Jump to behavior | ||
Source: C:\Users\user\Desktop\csshead.exe | Section loaded: | Jump to behavior | ||
Source: C:\Users\user\Desktop\csshead.exe | Section loaded: | Jump to behavior | ||
Source: C:\Users\user\Desktop\csshead.exe | Section loaded: | Jump to behavior | ||
Source: C:\Users\user\Desktop\csshead.exe | Section loaded: | Jump to behavior | ||
Source: C:\Users\user\Desktop\csshead.exe | Section loaded: | Jump to behavior |
Classification label | Show sources |
Source: classification engine | Classification label: |
Contains functionality to instantiate COM classes | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_1_0041C95B |
Contains functionality to load and extract PE file embedded resources | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00419D20 |
Launches a second explorer.exe instance | Show sources |
Source: unknown | Process created: | |||
Source: C:\Users\user\Desktop\csshead.exe | Process created: | Jump to behavior |
Might use command line arguments | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 |
PE file has an executable .text section and no other executable section | Show sources |
Source: csshead.exe | Static PE information: |
Reads software policies | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Key opened: | Jump to behavior |
Spawns processes | Show sources |
Source: unknown | Process created: | |||
Source: unknown | Process created: | |||
Source: C:\Users\user\Desktop\csshead.exe | Process created: | Jump to behavior |
Binary contains paths to debug symbols | Show sources |
Source: | Binary string: |
HIPS / PFW / Operating System Protection Evasion: |
---|
Injects code into the Windows Explorer (explorer.exe) | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Memory written: | Jump to behavior | ||
Source: C:\Users\user\Desktop\csshead.exe | Memory written: | Jump to behavior | ||
Source: C:\Users\user\Desktop\csshead.exe | Memory written: | Jump to behavior |
Writes to foreign memory regions | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Memory written: | Jump to behavior |
Contains functionality to add an ACL to a security descriptor | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00404406 |
Contains functionality to create a new security descriptor | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_004041C8 |
Anti Debugging: |
---|
Found API chain indicative of debugger detection | Show sources |
Source: C:\Windows\explorer.exe | Debugger detection routine: | graph_1-5244 | ||
Source: C:\Users\user\Desktop\csshead.exe | Debugger detection routine: | graph_0-20617 |
Contains functionality for execution timing, often used to detect debuggers | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_004010B4 |
Contains functionality to check if a debugger is running (IsDebuggerPresent) | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00406D40 |
Contains functionality to create guard pages, often used to hinder reverse engineering and debugging | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_004239DD |
Contains functionality to dynamically determine API calls | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00401928 |
Contains functionality to read the PEB | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_004024F8 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_01961560 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_01963134 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_007724F8 |
Contains functionality which may be used to detect a debugger (GetProcessHeap) | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00401460 |
Program does not show much activity (idle) | Show sources |
Source: all processes | Thread injection, dropped files, key value created, disk infection and DNS query: |
Contains functionality to register its own exception handler | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_0042CA48 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00424FEB | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00429814 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_1_0042CA48 |
Malware Analysis System Evasion: |
---|
Contains functionality to detect hardware virtualization (CPUID execution measurement) | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00406B18 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_00776B18 |
Contains functionality to detect sleep reduction / modifications | Show sources |
Source: C:\Windows\explorer.exe | Code function: | 1_2_00776DB0 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_00776DC8 |
Found evasive API chain (may execute only at specific dates) | Show sources |
Source: C:\Windows\explorer.exe | Evasive API call chain: | graph_1-4754 |
Found stalling execution ending in API Sleep call | Show sources |
Source: C:\Windows\explorer.exe | Stalling execution: | graph_1-4543 |
Tries to detect sandboxes and other dynamic analysis tools (process name or module) | Show sources |
Source: csshead.exe, 00000000.00000002.16598505108.00594000.00000004.sdmp | Binary or memory string: | ||
Source: csshead.exe, 00000000.00000002.16598505108.00594000.00000004.sdmp | Binary or memory string: |
Contains capabilities to detect virtual machines | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Registry key queried: | Jump to behavior |
Contains functionality for execution timing, often used to detect debuggers | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_004010B4 |
Found evasive API chain (date check) | Show sources |
Source: C:\Windows\explorer.exe | Evasive API call chain: | graph_1-4754 |
Found evasive API chain (may stop execution after accessing registry keys) | Show sources |
Source: C:\Windows\explorer.exe | Evasive API call chain: | graph_1-4677 |
Found evasive API chain (may stop execution after checking a module file name) | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Evasive API call chain: | graph_0-18809 |
Found evasive API chain checking for process token information | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Check user administrative privileges: | graph_0-19037 | ||
Source: C:\Windows\explorer.exe | Check user administrative privileges: | graph_1-4564 |
May sleep (evasive loops) to hinder dynamic analysis | Show sources |
Source: C:\Windows\explorer.exe TID: 3852 | Thread sleep count: | Jump to behavior | ||
Source: C:\Windows\explorer.exe TID: 3852 | Thread sleep time: | Jump to behavior |
Program does not show much activity (idle) | Show sources |
Source: all processes | Thread injection, dropped files, key value created, disk infection and DNS query: |
Sample execution stops while process was sleeping (likely an evasion) | Show sources |
Source: C:\Windows\explorer.exe | Last function: |
Contains functionality to enumerate / list files inside a directory | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00403988 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00405640 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_00775640 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_00773988 |
Contains functionality to query system information | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00419D20 |
Program exit points | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | API call chain: | graph_0-18811 | ||
Source: C:\Users\user\Desktop\csshead.exe | API call chain: | graph_0-20649 | ||
Source: C:\Windows\explorer.exe | API call chain: | graph_1-5197 | ||
Source: C:\Windows\explorer.exe | API call chain: | graph_1-5140 | ||
Source: C:\Windows\explorer.exe | API call chain: | graph_1-5566 |
Hooking and other Techniques for Hiding and Protection: |
---|
Contains functionality to check if a window is minimized (may be used to check if an application is visible) | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00420B80 |
Lowering of HIPS / PFW / Operating System Security Settings: |
---|
May initialize a security null descriptor | Show sources |
Source: csshead.exe | Binary or memory string: |
Language, Device and Operating System Detection: |
---|
Contains functionality to query CPU information (cpuid) | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00406C6C |
Queries device information via Setup API | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00406EEC |
Queries the installation date of Windows | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Key value queried: | Jump to behavior |
Queries the product ID of Windows | Show sources |
Source: C:\Windows\explorer.exe | Key value queried: | Jump to behavior | ||
Source: C:\Windows\explorer.exe | Key value queried: | Jump to behavior | ||
Source: C:\Windows\explorer.exe | Key value queried: | Jump to behavior | ||
Source: C:\Windows\explorer.exe | Key value queried: | Jump to behavior |
Contains functionality to query local / system time | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00405468 |
Contains functionality to query the account / user name | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_0041C95B |
Contains functionality to query windows version | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_004064BC |
Behavior Graph |
---|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
15:35:03 | API Interceptor | 3x Sleep call for process: csshead.exe modified |
Antivirus Detection |
---|
Initial Sample |
---|
No Antivirus matches |
---|
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | TR/Crypt.XPACK.Gen | ||
100% | Avira | HEUR/AGEN.1023574 | ||
100% | Avira | TR/Patched.Gen | ||
100% | Avira | TR/Patched.Ren.Gen | ||
100% | Avira | TR/Crypt.XPACK.Gen | ||
100% | Avira | TR/Patched.Gen |
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
No Antivirus matches |
---|
Yara Overview |
---|
Initial Sample |
---|
No yara matches |
---|
PCAP (Network Traffic) |
---|
No yara matches |
---|
Dropped Files |
---|
No yara matches |
---|
Memory Dumps |
---|
No yara matches |
---|
Unpacked PEs |
---|
No yara matches |
---|
Joe Sandbox View / Context |
---|
Screenshots |
---|
Startup |
---|
|
Created / dropped Files |
---|
No created / dropped files found |
---|
Contacted Domains/Contacted IPs |
---|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 6.472920800285694 |
TrID: |
|
File name: | csshead.exe |
File size: | 321024 |
MD5: | 9e3ea995e40b62adae78e93e6b30780c |
SHA1: | 35b1fdd71e01d72e4bd49d4c301ccd6b2a9ac0a3 |
SHA256: | e3785b4cc4c314854e7ef225bc76a1853b0d1603016bbe5b5ffcc792e4b36972 |
SHA512: | cc2d1fdab7a19dac3a338290790489a531d949057412e1807c067edb9c3d4a45005e6c74bae76226b47aa173726fbbbd5abbe3d0cd525027a1d42a8be6eadf26 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*I.dn(.7n(.7n(.7.^?7k(.7u..7J(.7gP.7i(.7gP.7I(.7n(.7.).7u.>7.(.7u.?7/(.7u..7o(.7u..7o(.7Richn(.7........PE..L...F.9[........... |
File Icon |
---|
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x424d6e |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED |
DLL Characteristics: | TERMINAL_SERVER_AWARE |
Time Stamp: | 0x5B392E46 [Sun Jul 1 19:40:54 2018 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 1 |
File Version Major: | 5 |
File Version Minor: | 1 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 1 |
Import Hash: | 77535e666d5a37b2da29fe59caf3bb3c |
Entrypoint Preview |
---|
Instruction |
---|
call 00007FE325815C94h |
jmp 00007FE32580D7CEh |
push 0000000Ch |
push 0043CD98h |
call 00007FE325812AB1h |
push 0000000Eh |
call 00007FE325814C45h |
pop ecx |
and dword ptr [ebp-04h], 00000000h |
mov esi, dword ptr [ebp+08h] |
mov ecx, dword ptr [esi+04h] |
test ecx, ecx |
je 00007FE32580D971h |
mov eax, dword ptr [00442C44h] |
mov edx, 00442C40h |
mov dword ptr [ebp-1Ch], eax |
test eax, eax |
je 00007FE32580D953h |
cmp dword ptr [eax], ecx |
jne 00007FE32580D96Eh |
mov ecx, dword ptr [eax+04h] |
mov dword ptr [edx+04h], ecx |
push eax |
call 00007FE32580B38Eh |
pop ecx |
push dword ptr [esi+04h] |
call 00007FE32580B385h |
pop ecx |
and dword ptr [esi+04h], 00000000h |
mov dword ptr [ebp-04h], FFFFFFFEh |
call 00007FE32580D94Fh |
call 00007FE325812AA0h |
ret |
mov edx, eax |
jmp 00007FE32580D907h |
push 0000000Eh |
call 00007FE325814B11h |
pop ecx |
ret |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
mov edx, dword ptr [esp+04h] |
mov ecx, dword ptr [esp+08h] |
test edx, 00000003h |
jne 00007FE32580D97Eh |
mov eax, dword ptr [edx] |
cmp al, byte ptr [ecx] |
jne 00007FE32580D970h |
or al, al |
je 00007FE32580D968h |
cmp ah, byte ptr [ecx+01h] |
jne 00007FE32580D967h |
or ah, ah |
je 00007FE32580D95Fh |
shr eax, 10h |
cmp al, byte ptr [ecx+02h] |
jne 00007FE32580D95Bh |
or al, al |
je 00007FE32580D953h |
cmp ah, byte ptr [ecx+03h] |
jne 00007FE32580D952h |
add ecx, 04h |
add edx, 04h |
or ah, ah |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x3d278 | 0x190 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x45000 | 0x8964 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x3a518 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x31edc | 0x32000 | False | 0.537592773438 | data | 6.55027699615 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x33000 | 0xc348 | 0xc400 | False | 0.43775908801 | data | 5.53658582571 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x40000 | 0x4aac | 0x2c00 | False | 0.263227982955 | data | 4.45525333861 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x45000 | 0x8964 | 0x8a00 | False | 0.948907382246 | data | 7.86989360139 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x4e000 | 0x4642 | 0x4800 | False | 0.00222439236111 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RCDATA | 0x451e8 | 0x3e6b | data | English | United States |
RCDATA | 0x49054 | 0x4080 | data | English | United States |
RT_ICON | 0x4d0d4 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x4d1fc | 0x2e8 | data | English | United States |
RT_GROUP_ICON | 0x4d4e4 | 0x22 | MS Windows icon resource - 2 icons, 16x16, 16-colors | English | United States |
RT_VERSION | 0x4d508 | 0x300 | data | English | United States |
RT_MANIFEST | 0x4d808 | 0x15a | ASCII text, with CRLF line terminators | English | United States |
Imports |
---|
DLL | Import |
---|---|
KERNEL32.DLL | CreateThread, GetSystemInfo, GetCommandLineA, LockResource, lstrcatA, GetSystemTimeAsFileTime, SetConsoleCtrlHandler, CreateFileA, CreateFileW, FlushFileBuffers, WriteConsoleW, SetStdHandle, GetConsoleMode, GetConsoleCP, SetFilePointer, GetTickCount, QueryPerformanceCounter, GetFileType, SetHandleCount, GetEnvironmentStringsW, FreeEnvironmentStringsW, LCMapStringW, LoadLibraryW, HeapCreate, CreateIoCompletionPort, GetModuleFileNameW, GetStdHandle, TlsFree, TlsSetValue, TlsGetValue, TlsAlloc, IsValidCodePage, GetOEMCP, GetACP, GetCPInfo, HeapSize, HeapReAlloc, TerminateProcess, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetStartupInfoW, HeapSetInformation, ExitProcess, RtlUnwind, ExitThread, VirtualQuery, VirtualProtect, EncodePointer, DecodePointer, InterlockedPopEntrySList, VirtualFree, IsProcessorFeaturePresent, HeapAlloc, GetProcessHeap, HeapFree, InterlockedPushEntrySList, InterlockedCompareExchange, VirtualAlloc, WaitNamedPipeA, SetNamedPipeHandleState, WriteFile, ReadFile, LocalAlloc, LocalFree, EnumDateFormatsA, Sleep, GetCurrentProcessId, LoadLibraryExA, FindResourceA, LoadResource, SizeofResource, FreeLibrary, GlobalAlloc, GlobalLock, GlobalUnlock, MulDiv, lstrcmpA, SetEvent, IsDBCSLeadByte, GetModuleHandleW, GetModuleFileNameA, CreateEventA, LoadLibraryA, WaitForSingleObject, CloseHandle, GetVersionExA, lstrcmpiA, GetModuleHandleA, GetProcAddress, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, GetLastError, lstrlenW, WideCharToMultiByte, DeleteFileA, OutputDebugStringA, DebugBreak, InterlockedIncrement, GetFileAttributesA, GetFullPathNameA, GetVolumeInformationA, FindFirstFileA, FindClose, lstrcpyA, lstrcpynA, lstrlenA, InterlockedDecrement, MultiByteToWideChar, SetLastError, GetCurrentThreadId, GetCurrentProcess, FlushInstructionCache, LeaveCriticalSection, EnterCriticalSection, GetStringTypeW, RaiseException |
ADVAPI32.dll | RegDeleteKeyA, RegCreateKeyExA, RegOpenKeyExA, RegCloseKey, RegSetValueExA, RegQueryInfoKeyW, RegEnumKeyExA, RegQueryInfoKeyA, LookupAccountNameA, RegDeleteValueA |
COMCTL32.dll | InitCommonControlsEx, ImageList_Destroy, ImageList_GetImageCount, ImageList_Draw, ImageList_DrawIndirect, ImageList_Create, ImageList_LoadImageA, ImageList_AddMasked |
COMDLG32.dll | CommDlgExtendedError, GetOpenFileNameA, GetSaveFileNameA, GetFileTitleA |
dxva2.dll | GetNumberOfPhysicalMonitorsFromHMONITOR |
GDI32.dll | GetCurrentObject, CreateRectRgnIndirect, CreateDIBSection, CreatePatternBrush, CreateBitmap, PatBlt, SetBkColor, SetBrushOrgEx, SetTextColor, SetBkMode, GetViewportOrgEx, CreateFontIndirectA, SetViewportOrgEx, GetStockObject, GetObjectA, CreateSolidBrush, GetDeviceCaps, StartDocA, StartPage, TextOutA, EndPage, EndDoc, CreateMetaFileA, GetDIBits, CreatePen, Polyline, SetStretchBltMode, CreateCompatibleDC, BitBlt, DeleteObject, SetAbortProc, SelectObject, DeleteDC, CreateCompatibleBitmap |
gdiplus.dll | GdipDisposeImage, GdipGetImageRawFormat, GdipLoadImageFromFile, GdipAlloc, GdipCloneImage, GdiplusShutdown, GdiplusStartup, GdipFree |
mscms.dll | OpenColorProfileA |
NETAPI32.dll | NetShareGetInfo |
ODBC32.dll | |
ole32.dll | CoInitialize, CoUninitialize, CoLockObjectExternal, RegisterDragDrop, RevokeDragDrop, CoResumeClassObjects, OleUninitialize, OleInitialize, CLSIDFromString, CLSIDFromProgID, CoGetClassObject, OleLockRunning, StringFromGUID2, CreateStreamOnHGlobal, GetHGlobalFromStream, CoTaskMemFree, CoRegisterClassObject, CoRevokeClassObject, CoTaskMemRealloc, CoTaskMemAlloc, CoCreateInstance, CoInitializeEx |
OLEAUT32.dll | LoadTypeLib, UnRegisterTypeLib, RegisterTypeLib, VarUI4FromStr, SysAllocString, VariantClear, OleCreateFontIndirect, LoadRegTypeLib, OleCreatePictureIndirect, SysAllocStringLen, SysStringLen, VariantInit, SysFreeString |
pdh.dll | PdhGetFormattedCounterValue |
SHELL32.dll | DragQueryFileA, SHGetFileInfoA |
SHLWAPI.dll | PathFindFileNameA, PathStripToRootA, PathIsUNCA, PathFindExtensionA |
USER32.dll | CreateMenu, LoadBitmapA, BeginDeferWindowPos, GetIconInfo, SetWindowContextHelpId, GetDlgItemTextA, CopyImage, SetClassLongA, GetCursorPos, EnableMenuItem, DrawMenuBar, GetMenuStringA, CheckMenuRadioItem, RemoveMenu, AppendMenuA, CreatePopupMenu, DefFrameProcA, LoadStringW, PostQuitMessage, SetMenuDefaultItem, GetWindowTextLengthA, GetWindowTextA, GetWindowLongA, GetParent, SetWindowTextA, GetSubMenu, SetWindowsHookExA, CallNextHookEx, GetSysColorBrush, GetKeyState, CharLowerA, UnhookWindowsHookEx, InflateRect, SystemParametersInfoA, SetRectEmpty, IsMenu, GetWindowDC, TrackPopupMenuEx, TrackPopupMenu, GetMenu, SetMenu, TranslateMDISysAccel, DialogBoxParamA, SetWindowPos, UnregisterClassA, MapWindowPoints, GetClientRect, GetMonitorInfoA, MonitorFromWindow, GetWindowRect, GetWindow, EndDialog, SetWindowLongA, GetClassInfoExA, LoadCursorA, TranslateAcceleratorA, RegisterClassExA, CreateWindowExA, SendMessageA, GetTopWindow, CharUpperA, LoadStringA, SetCursor, CharNextA, MessageBoxA, GetActiveWindow, WindowFromPoint, MessageBeep, GetSystemMenu, GetCapture, PtInRect, FrameRect, ModifyMenuA, DrawEdge, MonitorFromPoint, DrawFrameControl, DrawTextA, OffsetRect, SetRect, GetClassLongA, GetMenuDefaultItem, SetMenuItemInfoA, IsIconic, AdjustWindowRectEx, DefMDIChildProcA, GetMessagePos, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, DrawIconEx, GetWindowThreadProcessId, IsWindowEnabled, IsWindowVisible, UpdateWindow, PostMessageA, LoadMenuA, LoadAcceleratorsA, RegisterWindowMessageA, CharNextW, DestroyMenu, CreateAcceleratorTableA, PostThreadMessageA, ShowWindow, IsWindow, LoadIconA, DefWindowProcA, DispatchMessageA, TranslateMessage, GetMessageA, PeekMessageA, BringWindowToTop, GetLastActivePopup, DestroyWindow, LoadImageA, GetSystemMetrics, GetSysColor, MoveWindow, ClientToScreen, ScreenToClient, GetDC, GetDesktopWindow, SetFocus, GetFocus, DestroyAcceleratorTable, BeginPaint, EndPaint, CallWindowProcA, FillRect, ReleaseCapture, GetClassNameA, GetDlgItem, IsChild, SetCapture, RedrawWindow, InvalidateRgn, InvalidateRect, ReleaseDC, wsprintfA |
WININET.dll | FtpPutFileEx |
WINMM.dll | mmioSetInfo, mmioAscend |
WINSPOOL.DRV | EnumPrintersA |
Version Infos |
---|
Description | Data |
---|---|
LegalCopyright | Copyright (C) 2018 |
InternalName | template.exe |
FileVersion | 1.0.0.1 |
CompanyName | TODO: <Company name> |
ProductName | TODO: <Product name> |
ProductVersion | 1.0.0.1 |
FileDescription | TODO: <File description> |
OriginalFilename | template.exe |
Translation | 0x0409 0x04b0 |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
No network behavior found |
---|
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 15:34:40 |
Start date: | 03/07/2018 |
Path: | C:\Users\user\Desktop\csshead.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 321024 bytes |
MD5 hash: | 9E3EA995E40B62ADAE78E93E6B30780C |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
General |
---|
Start time: | 15:35:23 |
Start date: | 03/07/2018 |
Path: | C:\Windows\explorer.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x1230000 |
File size: | 4064320 bytes |
MD5 hash: | FCBCED2A237DCD7EF86CED551B731742 |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Disassembly |
---|
Code Analysis |
---|
Execution Graph |
---|
Execution Coverage: | 13.8% |
Dynamic/Decrypted Code Coverage: | 0.7% |
Signature Coverage: | 18.9% |
Total number of Nodes: | 1918 |
Total number of Limit Nodes: | 50 |
Graph
Executed Functions |
---|
C-Code - Quality: 58% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 51% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 76% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
C-Code - Quality: 98% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
C-Code - Quality: 98% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
C-Code - Quality: 66% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 56% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
C-Code - Quality: 88% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 21% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
C-Code - Quality: 75% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
C-Code - Quality: 93% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
C-Code - Quality: 79% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 37% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 33% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 83% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 92% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 23% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 66% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 82% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 75% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 81% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 37% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Non-executed Functions |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 64% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 91% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 98% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 58% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 84% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 58% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 71% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 65% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 46% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 79% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 97% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 91% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 86% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 90% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 90% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 63% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 90% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 83% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 96% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 90% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 73% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 88% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 75% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 98% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 95% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 91% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 64% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 90% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 89% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 64% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 49% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 68% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 29% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 64% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 96% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 64% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 81% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 83% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 98% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 70% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 58% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 58% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 69% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 91% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 85% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 93% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 75% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Execution Graph |
---|
Execution Coverage: | 21% |
Dynamic/Decrypted Code Coverage: | 99.9% |
Signature Coverage: | 8.6% |
Total number of Nodes: | 1805 |
Total number of Limit Nodes: | 19 |
Graph
Executed Functions |
---|
C-Code - Quality: 58% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 58% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
C-Code - Quality: 87% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
C-Code - Quality: 66% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
C-Code - Quality: 91% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
C-Code - Quality: 88% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
C-Code - Quality: 64% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
C-Code - Quality: 64% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
C-Code - Quality: 94% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 88% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 50% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 25% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Non-executed Functions |
---|
C-Code - Quality: 91% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 72% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 72% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 98% |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 84% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 65% |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 98% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 98% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 90% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 90% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 96% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 98% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 95% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 75% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 92% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 78% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 28% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 98% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 93% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 35% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 82% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 92% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 88% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|