|Overall analysis duration:||0h 8m 2s|
|Graph type:||Execution Graph|
|Sample file name:||f504ef6e9a269e354de802872dc5e209 (renamed file extension from none to exe)|
|Cookbook file name:||default.jbs|
|Analysis system description:||Windows 7 (Office 2003 SP1, Java 1.8.0_40, Flash 188.8.131.525, Acrobat Reader 11.0.08, Internet Explorer 11, Chrome 41, Firefox 36)|
- Key Decision
- Not Executed
- Signature Matched
- Richest Path
- Thread / callback entry
- Thread / callback creation
- Show Help
Graph for Process: yfoye.exe PID: 2964 Parent PID: 3100
|Dynamic/Decrypted Code Coverage:||0%|
|Total number of Nodes:||262|
|Total number of Limit Nodes:||2|
Execution Graphs are highly condensed control flow graphs which give the user a synthetic view of the code detected during Hybrid Code Analysis. They include additional runtime information such as the execution status which is highlighted with different colors and shapes.
Program entry point, most likely the entry point of the PE file.
A code location where a decision has been made to avoid execution of potentially malicious behavior.
Dynamic / Decrypted
Code which has been generated at runtime, often referred to as unpacked or self-modifying code.
Unpacker / Decrypter
Code section which is responsible for unpacking or decrypting a portion of dynamic code.
Code which has been executed at runtime.
Code which has not been executed at runtime.
Code for which it is unknown if it has been executed or not at runtime.
Code which matches a behavioral signature.
Path through the execution graph which shows a lot of behavior (e.g. with respect to called API functions).
Thread / callback entry
Code corresponding to a thread or callback entry point.
Thread / callback creation
Edges denoting either a thread creation (e.g. using CreateThread) or a callback registration (e.g. EnumWindows).