Analysis Report
Overview
General Information |
---|
Analysis ID: | 90052 |
Start time: | 11:15:39 |
Start date: | 13/11/2015 |
Overall analysis duration: | 0h 4m 32s |
Report type: | full |
Sample file name: | 20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 7 (Office 2003 SP1, Java 1.8.0_40, Flash 16.0.0.305, Acrobat Reader 11.0.08, Internet Explorer 11, Chrome 41, Firefox 36) |
Number of analysed new started processes analysed: | 6 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies |
|
HCA Informations: |
|
EGA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Detection |
---|
Strategy | Score | Range | Reporting | Detection | |
---|---|---|---|---|---|
Threshold | 64 | 0 - 100 | Report FP / FN |
Signature Overview |
---|
Key, Mouse, Clipboard, Microphone and Screen Capturing: |
---|
Contains functionality for read data from the clipboard | Show sources |
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Code function: | 1_2_0040B2BF |
Networking: |
---|
Urls found in memory or binary data | Show sources |
Source: 20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | String found in binary or memory: | ||
Source: 20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | String found in binary or memory: | ||
Source: 20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | String found in binary or memory: | ||
Source: 20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | String found in binary or memory: | ||
Source: 20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | String found in binary or memory: | ||
Source: 20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | String found in binary or memory: | ||
Source: 20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | String found in binary or memory: | ||
Source: 20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | String found in binary or memory: | ||
Source: 20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | String found in binary or memory: | ||
Source: 20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | String found in binary or memory: | ||
Source: 20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | String found in binary or memory: | ||
Source: 20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | String found in binary or memory: | ||
Source: 20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | String found in binary or memory: | ||
Source: 20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | String found in binary or memory: | ||
Source: 20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | String found in binary or memory: | ||
Source: 20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | String found in binary or memory: | ||
Source: 20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | String found in binary or memory: |
Downloads files from webservers via HTTP | Show sources |
Source: global traffic | HTTP traffic detected: |
Found strings which match to known social media urls | Show sources |
Source: 20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | String found in binary or memory: | ||
Source: 20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | String found in binary or memory: | ||
Source: 20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | String found in binary or memory: | ||
Source: 20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | String found in binary or memory: | ||
Source: 20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | String found in binary or memory: | ||
Source: 20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | String found in binary or memory: | ||
Source: 20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | String found in binary or memory: | ||
Source: 20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | String found in binary or memory: | ||
Source: 20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | String found in binary or memory: |
Performs DNS lookups | Show sources |
Source: unknown | DNS traffic detected: |
Posts data to webserver | Show sources |
Source: unknown | HTTP traffic detected: |
Passes username and password via HTTP get | Show sources |
Source: global traffic | HTTP get: |
Stealing of Sensitive Information: |
---|
Searches for Windows Mail specific files | Show sources |
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Directory queried: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Directory queried: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Directory queried: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Directory queried: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Directory queried: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Directory queried: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Directory queried: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Directory queried: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Directory queried: |
Persistence and Installation Behavior: |
---|
Creates processes with suspicious names | Show sources |
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | File created: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | File created: |
Data Obfuscation: |
---|
Contains functionality to dynamically determine API calls | Show sources |
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Code function: | 1_2_004512E0 |
PE file contains an invalid checksum | Show sources |
Source: 20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Static PE information: |
Uses code obfuscation techniques (call, push, ret) | Show sources |
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Code function: | 2_2_00400620 |
Spreading: |
---|
Contains functionality to enumerate / list files inside a directory | Show sources |
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Code function: | 1_2_00406B78 | |
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Code function: | 1_2_004065C4 | |
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Code function: | 1_1_00406B78 | |
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Code function: | 1_1_004065C4 | |
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Code function: | 2_2_00406E77 |
Enumerates the file system | Show sources |
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | File opened: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | File opened: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | File opened: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | File opened: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | File opened: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | File opened: |
System Summary: |
---|
Tries to open an application configuration file (.cfg) | Show sources |
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | File opened: |
Checks if Microsoft Office is installed | Show sources |
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Key opened: |
PE file imports many functions | Show sources |
Source: 20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Static PE information: |
Binary contains paths to debug symbols | Show sources |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Contains functionality for error logging | Show sources |
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Code function: | 1_2_004128A4 |
Contains functionality to check free disk space | Show sources |
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Code function: | 1_2_00412D2E |
Contains functionality to load and extract PE file embedded resources | Show sources |
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Code function: | 1_2_0040ECA2 |
Creates temporary files | Show sources |
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | File created: |
Executable uses VB runtime library 6.0 (Probably coded in Visual Basic) | Show sources |
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Section loaded: |
PE file has an executable .text section and no other executable section | Show sources |
Source: 20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Static PE information: |
Reads ini files | Show sources |
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | File read: |
Reads software policies | Show sources |
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Key opened: |
SQL strings found in memory and binary data | Show sources |
Source: 20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Binary or memory string: | ||
Source: 20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Binary or memory string: | ||
Source: 20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Binary or memory string: | ||
Source: 20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Binary or memory string: | ||
Source: 20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Binary or memory string: | ||
Source: 20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Binary or memory string: | ||
Source: 20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Binary or memory string: |
Spawns processes | Show sources |
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Process created: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Process created: |
Uses an in-process (OLE) Automation server | Show sources |
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Key value queried: |
Writes ini files | Show sources |
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | File written: |
Reads the hosts file | Show sources |
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | File read: |
Sample file is different than original file name gathered from version info | Show sources |
Source: 20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Binary or memory string: | ||
Source: 20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Binary or memory string: | ||
Source: 20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Binary or memory string: | ||
Source: 20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Binary or memory string: | ||
Source: 20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Binary or memory string: | ||
Source: 20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Binary or memory string: |
Initial sample is a PE file and has a suspicious name | Show sources |
Source: initial sample | Static PE information: |
HIPS / PFW / Operating System Protection Evasion: |
---|
May try to detect the Windows Explorer process (often used for injection) | Show sources |
Source: 20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Binary or memory string: | ||
Source: 20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Binary or memory string: | ||
Source: 20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Binary or memory string: | ||
Source: 20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Binary or memory string: |
Injects a PE file into a foreign processes | Show sources |
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Memory written: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Memory written: |
Modifies the context of a thread in another process (thread injection) | Show sources |
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Thread register set: |
Anti Debugging: |
---|
Checks for kernel debuggers (NtQuerySystemInformation(SystemKernelDebuggerInformation)) | Show sources |
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | System information queried: |
Contains functionality to dynamically determine API calls | Show sources |
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Code function: | 1_2_004512E0 |
Malware Analysis System Evasion: |
---|
Contains functionality to enumerate / list files inside a directory | Show sources |
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Code function: | 1_2_00406B78 | |
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Code function: | 1_2_004065C4 | |
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Code function: | 1_1_00406B78 | |
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Code function: | 1_1_004065C4 | |
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Code function: | 2_2_00406E77 |
Contains functionality to query system information | Show sources |
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Code function: | 1_2_00412F57 |
Enumerates the file system | Show sources |
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | File opened: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | File opened: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | File opened: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | File opened: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | File opened: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | File opened: |
May sleep (evasive loops) to hinder dynamic analysis | Show sources |
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe TID: 3396 | Thread sleep time: |
Hooking and other Techniques for Hiding and Protection: |
---|
Disables application error messsages (SetErrorMode) | Show sources |
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Process information set: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Process information set: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Process information set: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Process information set: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Process information set: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Process information set: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Process information set: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Process information set: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Process information set: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Process information set: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Process information set: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Process information set: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Process information set: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Process information set: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Process information set: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Process information set: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Process information set: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Process information set: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Process information set: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Process information set: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Process information set: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Process information set: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Process information set: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Process information set: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Process information set: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Process information set: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Process information set: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Process information set: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Process information set: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Process information set: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Process information set: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Process information set: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Process information set: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Process information set: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Process information set: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Process information set: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Process information set: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Process information set: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Process information set: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Process information set: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Process information set: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Process information set: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Process information set: | ||
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Process information set: |
Extensive use of GetProcAddress (often used to hide API calls) | Show sources |
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Code function: | 1_2_0043E71C |
Language, Device and Operating System Detection: |
---|
Contains functionality to query local / system time | Show sources |
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Code function: | 1_2_00412DF2 |
Contains functionality to query windows version | Show sources |
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Code function: | 1_2_00411971 |
Queries the cryptographic machine GUID | Show sources |
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Key value queried: |
Queries the volume information (name, serial number etc) of a device | Show sources |
Source: C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe | Queries volume information: |
Behavior Graph |
---|
Yara Overview |
---|
No Yara matches |
---|
Startup |
---|
|
Created / dropped Files |
---|
File Path | Type and Hashes |
---|---|
|
Contacted Domains/Contacted IPs |
---|
Contacted Domains |
---|
Name | IP | Active |
---|---|---|
hopsandfire.com.au | 27.121.64.200 | true |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Country | Flag | ASN | ASN Name |
---|---|---|---|---|
27.121.64.200 | Australia | 24446 | NetRegsitryPtyLtd | |
8.8.8.8 | United States | 15169 | GoogleInc |
Static File Info |
---|
General | |
---|---|
File type: | PE32 executable (GUI) Intel 80386, for MS Windows |
TrID: |
|
File name: | 20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe |
File size: | 565248 |
MD5: | f1af3fc4d59d1245889811b7ed7d2cec |
SHA1: | 2decc4b6560de2687e7881c4217b2828716d8904 |
SHA256: | 4aadcbfc1f25e289e000756220f79ab2e5d6de2dc5ab94e165a14c452c8611a3 |
SHA512: | b62d1170217856889b29469d540eedcb334cb0a5ae3c646e478ec97e5f820e33b1ec5d5168a23b8fc4b8c2ad2b7bbcae8c1ab792309749adf394537a5fe18a41 |
File Icon |
---|
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x413eb2 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui 50 |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED |
DLL Characteristics: | TERMINAL_SERVER_AWARE |
Time Stamp: | 0x5643D34B [Wed Nov 11 23:46:19 2015 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 0 |
File Version Major: | 5 |
File Version Minor: | 0 |
Subsystem Version Major: | |
Subsystem Version Minor: | |
Import Hash: | 8755ee316108fce40d21b5607cbc4293 |
Entrypoint Preview |
---|
Instruction |
---|
call 00007FD074D690D7h |
jmp 00007FD074D63C3Dh |
mov edi, edi |
push esi |
push edi |
xor esi, esi |
mov edi, 0045B0C0h |
cmp dword ptr [00431B5Ch+esi*8], 01h |
jne 00007FD074D63DE0h |
lea eax, dword ptr [00431B58h+esi*8] |
mov dword ptr [eax], edi |
push 00000FA0h |
push dword ptr [eax] |
add edi, 18h |
call 00007FD074D6914Ah |
pop ecx |
pop ecx |
test eax, eax |
je 00007FD074D63DCEh |
inc esi |
cmp esi, 24h |
jl 00007FD074D63D94h |
xor eax, eax |
inc eax |
pop edi |
pop esi |
ret |
and dword ptr [00431B58h+esi*8], 00000000h |
xor eax, eax |
jmp 00007FD074D63DB3h |
mov edi, edi |
push ebx |
mov ebx, dword ptr [00423294h] |
push esi |
mov esi, 00431B58h |
push edi |
mov edi, dword ptr [esi] |
test edi, edi |
je 00007FD074D63DD5h |
cmp dword ptr [esi+04h], 01h |
je 00007FD074D63DCFh |
push edi |
call ebx |
push edi |
call 00007FD074D69167h |
and dword ptr [esi], 00000000h |
pop ecx |
add esi, 08h |
cmp esi, 00431C78h |
jl 00007FD074D63D9Eh |
mov esi, 00431B58h |
pop edi |
mov eax, dword ptr [esi] |
test eax, eax |
je 00007FD074D63DCBh |
cmp dword ptr [esi+04h], 01h |
jne 00007FD074D63DC5h |
push eax |
call ebx |
add esi, 08h |
cmp esi, 00431C78h |
jl 00007FD074D63DA8h |
pop esi |
pop ebx |
ret |
mov edi, edi |
push ebp |
mov ebp, esp |
mov eax, dword ptr [ebp+08h] |
push dword ptr [00431B58h+eax*8] |
call dword ptr [004232B0h] |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x28e7c | 0xdc | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x5d000 | 0x58824 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x28a30 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x23000 | 0x82c | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Xored PE | ZLIB Complexity | File Type | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x21364 | 0x21400 | 6.34003063326 | False | 0.503788768797 | data | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x23000 | 0x8b68 | 0x8c00 | 6.33423025 | False | 0.540736607143 | data | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x2c000 | 0x30c80 | 0x7200 | 3.41835720371 | False | 0.282791940789 | data | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x5d000 | 0x58824 | 0x58a00 | 6.06685417308 | False | 0.751911803597 | data | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country | Nbr Of Functions | Xored PE |
---|---|---|---|---|---|---|---|
RT_BITMAP | 0x5d2e0 | 0x57228 | PC bitmap, Windows 3.x format, 266 x 224 x 24 | 0 | False | ||
RT_DIALOG | 0xb4508 | 0xb4 | data | English | United States | 0 | False |
RT_DIALOG | 0xb45bc | 0x120 | data | English | United States | 0 | False |
RT_DIALOG | 0xb46dc | 0x200 | data | English | United States | 0 | False |
RT_DIALOG | 0xb48dc | 0xf8 | data | English | United States | 0 | False |
RT_DIALOG | 0xb49d4 | 0xee | data | English | United States | 0 | False |
RT_STRING | 0xb4ac4 | 0x2f2 | data | English | United States | 0 | False |
RT_STRING | 0xb4db8 | 0x30c | data | English | United States | 0 | False |
RT_STRING | 0xb50c4 | 0x2ce | data | English | United States | 0 | False |
RT_STRING | 0xb5394 | 0x68 | data | English | United States | 0 | False |
RT_STRING | 0xb53fc | 0xb4 | data | English | United States | 0 | False |
RT_STRING | 0xb54b0 | 0xae | data | English | United States | 0 | False |
RT_MANIFEST | 0xb5560 | 0x2c1 | XML document text | English | United States | 0 | False |
Imports |
---|
DLL | Import |
---|---|
USER32.dll | GetKeyboardLayout, SendMessageTimeoutA, LoadCursorA, CreateDialogParamA, VkKeyScanExW, DrawCaption, GrayStringW, UnhookWindowsHookEx, GetMenuItemCount, GetWindowPlacement, IsIconic, SystemParametersInfoA, PtInRect, GetClassInfoW, SetMenu, MapWindowPoints, GetMessagePos, GetMessageTime, GetForegroundWindow, RemovePropW, GetPropW, SetPropW, GetClassLongW, CallNextHookEx, SetWindowsHookExW, GetCapture, SendDlgItemMessageA, SendDlgItemMessageW, ValidateRect, GetSysColorBrush, UnregisterClassW, DrawTextExW, PostQuitMessage, LoadCursorW, RegisterClassExW, GetDesktopWindow, MoveWindow, WaitMessage, GetNextDlgTabItem, SetCursor, FillRect, GetSubMenu, WindowFromPoint, DrawFocusRect, InflateRect, OffsetRect, TrackPopupMenuEx, LoadMenuW, DrawStateW, DestroyCursor, FrameRect, GetActiveWindow, DestroyMenu, DestroyIcon, CopyRect, InvalidateRect, UpdateWindow, FindWindowW, PostMessageW, MsgWaitForMultipleObjects, TranslateMessage, PeekMessageW, RegisterClassW, MessageBoxW, LoadBitmapW, TabbedTextOutW, IsWindowEnabled, SetMenuItemBitmaps, GetMenuCheckMarkDimensions, ModifyMenuW, CheckMenuItem, CloseDesktop, DispatchMessageA, GetThreadDesktop, GetUserObjectInformationA, OpenInputDesktop, GetWindow, GetKeyboardType, CloseClipboard, GetLastActivePopup, DrawIcon, IsDialogMessageW, CreateDialogIndirectParamW, GetAsyncKeyState, EmptyClipboard, LoadStringW, CheckDlgButton, OpenClipboard, SetClipboardData, WinHelpW, GetDialogBaseUnits, EndPaint, BeginPaint, AdjustWindowRectEx, GetTopWindow, SetActiveWindow, TrackPopupMenu, RegisterWindowMessageW, GetMenuItemID, RedrawWindow, SetMenuDefaultItem, EnumWindows, AppendMenuW, GetCursorPos, CreatePopupMenu, SendMessageTimeoutW, RemoveMenu, GetWindowThreadProcessId, SetRectEmpty, SetRect, GetClassNameW, IsWindowVisible, GetDlgCtrlID, SetForegroundWindow, GetFocus, GetClassInfoExW, ReleaseCapture, ChildWindowFromPointEx, ScrollDC, GetMenuState, MonitorFromPoint, wsprintfW, wvsprintfW, GetSystemMenu, EnableMenuItem, EnableWindow, MessageBeep, LoadIconW, LoadImageW, IsWindow, DefWindowProcW, CallWindowProcW, DrawIconEx, DialogBoxIndirectParamW, ClientToScreen, GetDC, DrawTextW, ShowWindow, SystemParametersInfoW, SetFocus, SetWindowLongW, GetSystemMetrics, GetClientRect, GetDlgItem, GetKeyState, wsprintfA, CharLowerW, MessageBoxA, SetTimer, GetMessageW, DispatchMessageW, KillTimer, SetWindowTextW, CreateWindowExW, DestroyWindow, GetSysColor, GetWindowTextLengthW, GetWindowTextW, CharUpperW, GetClassNameA, GetWindowLongW, GetMenu, SetWindowPos, GetWindowDC, ReleaseDC, CopyImage, GetParent, GetWindowRect, ScreenToClient, EndDialog, SendMessageW, PeekMessageA |
SHELL32.dll | SHBrowseForFolderW, SHGetFileInfoW, SHGetSpecialFolderPathW, SHGetMalloc, ShellExecuteExW, ShellExecuteW, SHChangeNotify, CommandLineToArgvW, Shell_NotifyIconW, ExtractAssociatedIconW, SHGetPathFromIDListW |
ole32.dll | CoRegisterClassObject |
ADVAPI32.dll | RegOpenKeyExW, GetKernelObjectSecurity, GetSecurityDescriptorLength, RegCreateKeyExW, RegQueryValueExW, RegEnumValueW, RegCloseKey, GetFileSecurityW |
GDI32.dll | SetWindowExtEx, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, BitBlt, GetStockObject, GetPixel, CreateBitmap, SetPixel, SetBkColor, SetTextColor, CreateSolidBrush, CreatePen, CreatePatternBrush, CreateRectRgn, CreateFontW, FillRgn, Rectangle, PatBlt, GetTextExtentPoint32W, GetTextMetricsA, GetTextExtentPointA, CreateDCW, SaveDC, RestoreDC, ScaleWindowExtEx, SetMapMode, GetClipBox, LineTo, PtVisible, RectVisible, TextOutW, ExtTextOutW, Escape, MoveToEx, GetCharWidthFloatW, CopyMetaFileW, GetStretchBltMode, GetGlyphIndicesW, StartDocW, GetKerningPairsA, SetWindowOrgEx, RoundRect, UpdateICMRegKeyW, DeleteObject, GetDeviceCaps, GetObjectW, CreateCompatibleDC, SelectObject, CreateCompatibleBitmap, SetStretchBltMode, StretchBlt, GetCurrentObject, DeleteDC, CreateFontIndirectW, SetROP2, SetWorldTransform, GdiGetBatchLimit, ResizePalette, CreateHatchBrush, TextOutA, CloseMetaFile, SetBkMode, GetMapMode |
dbghelp.dll | UnDecorateSymbolName |
COMCTL32.dll | _TrackMouseEvent, InitCommonControlsEx |
VERSION.dll | VerQueryValueW |
SHLWAPI.dll | PathIsDirectoryEmptyW, PathMatchSpecW, PathFindExtensionW, SHCopyKeyW, PathFindFileNameW |
KERNEL32.dll | GlobalFlags, GlobalReAlloc, GlobalHandle, LocalReAlloc, SetErrorMode, GetStartupInfoW, CopyFileW, CreateFileMappingW, IsWow64Process, OpenProcess, WriteProcessMemory, VirtualProtectEx, ReadProcessMemory, VirtualQueryEx, SetThreadPriority, GetCurrentThread, LoadLibraryW, FreeLibrary, FindResourceW, GlobalDeleteAtom, GetStdHandle, VirtualFree, GetProcAddress, LoadLibraryA, LockResource, LoadResource, SizeofResource, FindResourceExA, GetModuleHandleW, MulDiv, GlobalFree, GlobalAlloc, lstrcmpiA, GetSystemDefaultLCID, GetSystemDefaultUILanguage, GetUserDefaultUILanguage, MultiByteToWideChar, GetLocaleInfoW, lstrlenA, lstrcmpiW, GetEnvironmentVariableW, GetSystemTimeAsFileTime, GetProcessTimes, GetCurrentProcess, CloseHandle, GlobalMemoryStatusEx, VirtualAlloc, WideCharToMultiByte, ExpandEnvironmentStringsW, lstrcmpW, SetThreadLocale, CreateFileW, RemoveDirectoryW, FindClose, FindNextFileW, ConvertDefaultLocale, FindFirstFileW, CompareFileTime, lstrlenW, GetModuleFileNameW, OutputDebugStringW, CreateMutexW, CreateEventA, SetEvent, ReleaseMutex, GetFileSizeEx, QueryPerformanceCounter, QueryPerformanceFrequency, GetCurrentThreadId, GetTempPathW, SetEnvironmentVariableW, GetDriveTypeW, SetCurrentDirectoryW, GetExitCodeProcess, GetCommandLineW, GetVersionExW, CreateEventW, ResetEvent, InitializeCriticalSection, TerminateThread, ResumeThread, SuspendThread, IsBadReadPtr, GetDiskFreeSpaceExW, WriteFile, lstrcpyW, FormatMessageW, DeleteCriticalSection, GetFileSize, SetFilePointer, ReadFile, SetFileTime, SetEndOfFile, EnterCriticalSection, LeaveCriticalSection, WaitForMultipleObjects, WriteConsoleA, InitializeCriticalSectionAndSpinCount, FlushFileBuffers, GetConsoleMode, GetConsoleCP, IsValidLocale, EnumSystemLocalesA, GetUserDefaultLCID, GetStringTypeA, GetCurrentProcessId, GetTickCount, GlobalAddAtomW, GlobalFindAtomW, GetVersionExA, CreateFileMappingA, CreateMutexA, CreatePipe, CreateProcessA, CreateSemaphoreA, DeviceIoControl, DuplicateHandle, GetCurrentDirectoryA, GetCurrentDirectoryW, GetFileAttributesA, GetSystemDirectoryA, GetThreadContext, LoadLibraryExA, OpenEventA, OpenFileMappingA, OpenMutexA, ReleaseSemaphore, VirtualQuery, lstrcatW, lstrcmpA, lstrcpyA, GetThreadLocale, LocalLock, WritePrivateProfileStringW, GetPrivateProfileStringW, LocalUnlock, VirtualProtect, GetFileInformationByHandle, FindResourceExW, QueryDosDeviceW, GetLogicalDrives, OpenFileMappingW, FlushViewOfFile, GetProcessHeap, EnumResourceLanguagesW, UpdateResourceW, SetNamedPipeHandleState, GetSystemInfo, WaitNamedPipeW, UnmapViewOfFile, MapViewOfFile, GetLongPathNameW, GetWindowsDirectoryW, OpenEventW, FindFirstFileExW, GetVersion, GetComputerNameW, GetProcessIoCounters, FreeResource, BeginUpdateResourceW, OpenMutexW, WaitForSingleObjectEx, EndUpdateResourceW, LoadLibraryExW, EnumResourceNamesW, SleepEx, GetSystemTime, FileTimeToLocalFileTime, FileTimeToSystemTime, LocalAlloc, DisconnectNamedPipe, CreateNamedPipeW, ConnectNamedPipe, GlobalUnlock, GlobalLock, CreateProcessW, GetFileAttributesExW, IsSystemResumeAutomatic, AssignProcessToJobObject, HeapDestroy, DeleteFileA, InterlockedDecrement, GetFileType, SearchPathA, lstrcatA, DeleteFileW, InterlockedIncrement, SetHandleCount, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, HeapSize, CreateFileA, GetLocaleInfoA, MoveFileW, FormatMessageA, RtlUnwind, HeapFree, GetSystemDirectoryW, SetStdHandle, WriteConsoleW, GetConsoleOutputCP, ExitProcess, SetFileAttributesW, LocalFree, SetLastError, Sleep, GetExitCodeThread, WaitForSingleObject, CreateThread, GetLastError, SystemTimeToFileTime, GetLocalTime, GetFileAttributesW, CreateDirectoryW, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, RaiseException, HeapAlloc, GetTimeFormatA, GetDateFormatA, ExitThread, HeapReAlloc, GetCommandLineA, GetStartupInfoA, LCMapStringA, LCMapStringW, SetEnvironmentVariableA, GetCPInfo, GetStringTypeW, CompareStringA, CompareStringW, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, GetModuleFileNameA, HeapCreate, GetTimeZoneInformation, GetModuleHandleA, GetACP, GetOEMCP, IsValidCodePage, GetTempPathA |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 13, 2015 11:16:49.313988924 CET | 59507 | 53 | 192.168.1.12 | 8.8.8.8 |
Nov 13, 2015 11:16:49.919990063 CET | 53 | 59507 | 8.8.8.8 | 192.168.1.12 |
Nov 13, 2015 11:16:49.951251030 CET | 49168 | 80 | 192.168.1.12 | 27.121.64.200 |
Nov 13, 2015 11:16:49.951278925 CET | 80 | 49168 | 27.121.64.200 | 192.168.1.12 |
Nov 13, 2015 11:16:49.951370955 CET | 49168 | 80 | 192.168.1.12 | 27.121.64.200 |
Nov 13, 2015 11:16:49.952131987 CET | 49168 | 80 | 192.168.1.12 | 27.121.64.200 |
Nov 13, 2015 11:16:49.952157974 CET | 80 | 49168 | 27.121.64.200 | 192.168.1.12 |
Nov 13, 2015 11:16:50.948788881 CET | 80 | 49168 | 27.121.64.200 | 192.168.1.12 |
Nov 13, 2015 11:16:50.948941946 CET | 49168 | 80 | 192.168.1.12 | 27.121.64.200 |
Nov 13, 2015 11:16:50.949292898 CET | 49168 | 80 | 192.168.1.12 | 27.121.64.200 |
Nov 13, 2015 11:16:50.949356079 CET | 80 | 49168 | 27.121.64.200 | 192.168.1.12 |
Nov 13, 2015 11:16:50.949450970 CET | 49168 | 80 | 192.168.1.12 | 27.121.64.200 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 13, 2015 11:16:49.313988924 CET | 59507 | 53 | 192.168.1.12 | 8.8.8.8 |
Nov 13, 2015 11:16:49.919990063 CET | 53 | 59507 | 8.8.8.8 | 192.168.1.12 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Nov 13, 2015 11:16:49.313988924 CET | 192.168.1.12 | 8.8.8.8 | 0xd26b | Standard query (0) | hopsandfire.com.au | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Replay Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Nov 13, 2015 11:16:49.919990063 CET | 8.8.8.8 | 192.168.1.12 | 0xd26b | No error (0) | hopsandfire.com.au | 27.121.64.200 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP | Header | Total Bytes Transfered (KB) |
---|---|---|---|---|---|---|
Nov 13, 2015 11:16:49.952131987 CET | 49168 | 80 | 192.168.1.12 | 27.121.64.200 | 1 | |
Nov 13, 2015 11:16:50.948788881 CET | 80 | 49168 | 27.121.64.200 | 192.168.1.12 | 2 |
Hooks - Code Manipulation Behavior |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
System Behavior |
---|
General |
---|
Start time: | 11:16:40 |
Start date: | 13/11/2015 |
Path: | C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe |
Wow64 process (32bit): | false |
Commandline: | unknown |
Imagebase: | 0x400000 |
File size: | 565248 bytes |
MD5 hash: | F1AF3FC4D59D1245889811B7ED7D2CEC |
General |
---|
Start time: | 11:16:40 |
Start date: | 13/11/2015 |
Path: | C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe |
Wow64 process (32bit): | false |
Commandline: | /scomma C:\Users\admin\AppData\Local\Temp\eJyRJq1aKn.ini |
Imagebase: | 0x400000 |
File size: | 565248 bytes |
MD5 hash: | F1AF3FC4D59D1245889811B7ED7D2CEC |
General |
---|
Start time: | 11:16:53 |
Start date: | 13/11/2015 |
Path: | C:\20' CONTAINER THAILAND ORDER- BANGKOK PORT.exe |
Wow64 process (32bit): | false |
Commandline: | /scomma C:\Users\admin\AppData\Local\Temp\jrazCiRTrc.ini |
Imagebase: | 0x400000 |
File size: | 565248 bytes |
MD5 hash: | F1AF3FC4D59D1245889811B7ED7D2CEC |
Disassembly |
---|
Code Analysis |
---|
Execution Graph |
---|
Execution Coverage: | 5.6% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 2.7% |
Total number of Nodes: | 1069 |
Total number of Limit Nodes: | 50 |
Executed Functions |
---|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Non-executed Functions |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Execution Graph |
---|
Execution Coverage: | 12.6% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 0.8% |
Total number of Nodes: | 1309 |
Total number of Limit Nodes: | 30 |
Executed Functions |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Non-executed Functions |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|