Analysis Report
Overview
General Information |
---|
Analysis ID: | 64973 |
Start time: | 12:43:46 |
Start date: | 05/05/2015 |
Overall analysis duration: | 0h 8m 2s |
Report type: | full |
Sample file name: | f504ef6e9a269e354de802872dc5e209 (renamed file extension from none to exe) |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 7 (Office 2003 SP1, Java 1.8.0_40, Flash 16.0.0.305, Acrobat Reader 11.0.08, Internet Explorer 11, Chrome 41, Firefox 36) |
Number of analysed new started processes analysed: | 5 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
HCA enabled: | true |
HCA success: |
|
Warnings: | Show All
|
Detection |
---|
Strategy | Score | Range | Reporting | Detection | |
---|---|---|---|---|---|
Threshold | 48 | 0 - 100 | Report FP / FN |
Signature Overview |
---|
Cryptography: |
---|
Uses Microsoft's Enhanced Cryptographic Provider | Show sources |
Source: C:\Users\admin\AppData\Roaming\rsr\yfoye.exe | Code function: | 3_2_00401960 | |
Source: C:\Users\admin\AppData\Roaming\rsr\yfoye.exe | Code function: | 3_2_00402970 | |
Source: C:\Users\admin\AppData\Roaming\rsr\yfoye.exe | Code function: | 3_2_00402390 | |
Source: C:\Users\admin\AppData\Roaming\rsr\yfoye.exe | Code function: | 3_2_00402900 |
Spam, unwanted Advertisements and Ransom Demands: |
---|
Contains functionality to import cryptographic keys (often used in ransomware) | Show sources |
Source: C:\Users\admin\AppData\Roaming\rsr\yfoye.exe | Code function: | 3_2_00402970 |
Key, Mouse, Clipboard, Microphone and Screen Capturing: |
---|
Contains functionality for read data from the clipboard | Show sources |
Source: C:\f504ef6e9a269e354de802872dc5e209.exe | Code function: | 1_2_0043A05C |
Contains functionality to read the clipboard data | Show sources |
Source: C:\f504ef6e9a269e354de802872dc5e209.exe | Code function: | 1_2_00429260 |
Contains functionality to record screenshots | Show sources |
Source: C:\f504ef6e9a269e354de802872dc5e209.exe | Code function: | 1_2_004298C0 |
Contains functionality to retrieve information about pressed keystrokes | Show sources |
Source: C:\f504ef6e9a269e354de802872dc5e209.exe | Code function: | 1_2_004423D4 |
Networking: |
---|
Urls found in memory or binary data | Show sources |
Source: yfoye.exe, f504ef6e9a269e354de802872dc5e209.exe | String found in binary or memory: | ||
Source: yfoye.exe, f504ef6e9a269e354de802872dc5e209.exe | String found in binary or memory: |
Boot Survival: |
---|
Creates a start menu entry (Start Menu\Programs\Startup) | Show sources |
Source: C:\f504ef6e9a269e354de802872dc5e209.exe | File created: |
Stores files to the Windows start menu directory | Show sources |
Source: C:\f504ef6e9a269e354de802872dc5e209.exe | File created: |
Persistence and Installation Behavior: |
---|
Drops PE files | Show sources |
Source: C:\f504ef6e9a269e354de802872dc5e209.exe | File created: |
Data Obfuscation: |
---|
Contains functionality to dynamically determine API calls | Show sources |
Source: C:\f504ef6e9a269e354de802872dc5e209.exe | Code function: | 1_2_0044C18C |
PE file contains an invalid checksum | Show sources |
Source: initial sample | Static PE information: |
Spreading: |
---|
Contains functionality to enumerate / list files inside a directory | Show sources |
Source: C:\f504ef6e9a269e354de802872dc5e209.exe | Code function: | 1_2_0048AA85 |
System Summary: |
---|
Submission file is bigger than most known malware samples | Show sources |
Source: initial sample | Static file information: |
Contains functionality for error logging | Show sources |
Source: C:\f504ef6e9a269e354de802872dc5e209.exe | Code function: | 1_2_004261F0 |
Contains functionality to adjust token privileges (e.g. debug / backup) | Show sources |
Source: C:\Users\admin\AppData\Roaming\rsr\yfoye.exe | Code function: | 3_2_00402CB0 | |
Source: C:\Users\admin\AppData\Roaming\rsr\yfoye.exe | Code function: | 3_2_00402C40 |
Contains functionality to check free disk space | Show sources |
Source: C:\f504ef6e9a269e354de802872dc5e209.exe | Code function: | 1_2_004097B4 |
Contains functionality to enum processes or threads | Show sources |
Source: C:\Users\admin\AppData\Roaming\rsr\yfoye.exe | Code function: | 3_2_00401960 |
Contains functionality to load and extract PE file embedded resources | Show sources |
Source: C:\f504ef6e9a269e354de802872dc5e209.exe | Code function: | 1_2_00418C30 |
Creates files inside the user directory | Show sources |
Source: C:\f504ef6e9a269e354de802872dc5e209.exe | File created: |
Spawns processes | Show sources |
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: C:\f504ef6e9a269e354de802872dc5e209.exe | Process created: | ||
Source: C:\Users\admin\AppData\Roaming\rsr\yfoye.exe | Process created: |
Contains functionality to communicate with device drivers | Show sources |
Source: C:\Users\admin\AppData\Roaming\rsr\yfoye.exe | Code function: | 3_2_00402840 |
Contains functionality to shutdown / reboot the system | Show sources |
Source: C:\Users\admin\AppData\Roaming\rsr\yfoye.exe | Code function: | 3_2_00401730 |
PE file contains executable resources (Code or Archives) | Show sources |
Source: initial sample | Static PE information: |
PE file contains strange resources | Show sources |
Source: initial sample | Static PE information: | ||
Source: initial sample | Static PE information: | ||
Source: initial sample | Static PE information: |
HIPS / PFW / Operating System Protection Evasion: |
---|
May try to detect the Windows Explorer process (often used for injection) | Show sources |
Source: yfoye.exe | Binary or memory string: | ||
Source: yfoye.exe | Binary or memory string: | ||
Source: yfoye.exe | Binary or memory string: |
Maps a DLL or memory area into another process | Show sources |
Source: C:\Users\admin\AppData\Roaming\rsr\yfoye.exe | Section loaded: |
Modifies the context of a thread in another process (thread injection) | Show sources |
Source: C:\Users\admin\AppData\Roaming\rsr\yfoye.exe | Thread register set: |
Anti Debugging: |
---|
Checks for kernel debuggers (NtQuerySystemInformation(SystemKernelDebuggerInformation)) | Show sources |
Source: C:\Users\admin\AppData\Roaming\rsr\yfoye.exe | System information queried: |
Contains functionality to dynamically determine API calls | Show sources |
Source: C:\f504ef6e9a269e354de802872dc5e209.exe | Code function: | 1_2_0044C18C |
Contains functionality which may be used to detect a debugger (GetProcessHeap) | Show sources |
Source: C:\Users\admin\AppData\Roaming\rsr\yfoye.exe | Code function: | 3_2_00402A40 |
Enables debug privileges | Show sources |
Source: C:\Users\admin\AppData\Roaming\rsr\yfoye.exe | Process token adjusted: |
Malware Analysis System Evasion: |
---|
Contains functionality to enumerate / list files inside a directory | Show sources |
Source: C:\f504ef6e9a269e354de802872dc5e209.exe | Code function: | 1_2_0048AA85 |
Contains functionality to query system information | Show sources |
Source: C:\f504ef6e9a269e354de802872dc5e209.exe | Code function: | 1_2_00426780 |
Queries a list of all running processes | Show sources |
Source: C:\Users\admin\AppData\Roaming\rsr\yfoye.exe | Process information queried: |
May sleep (evasive loops) to hinder dynamic analysis | Show sources |
Source: C:\Users\admin\AppData\Roaming\rsr\yfoye.exe TID: 924 | Thread sleep time: |
Hooking and other Techniques for Hiding and Protection: |
---|
Contains functionality to check if a window is minimized (may be used to check if an application is visible) | Show sources |
Source: C:\f504ef6e9a269e354de802872dc5e209.exe | Code function: | 1_2_00460328 | |
Source: C:\f504ef6e9a269e354de802872dc5e209.exe | Code function: | 1_2_00460328 | |
Source: C:\f504ef6e9a269e354de802872dc5e209.exe | Code function: | 1_2_00460ACC | |
Source: C:\f504ef6e9a269e354de802872dc5e209.exe | Code function: | 1_2_0042CC90 | |
Source: C:\f504ef6e9a269e354de802872dc5e209.exe | Code function: | 1_2_00447C30 | |
Source: C:\f504ef6e9a269e354de802872dc5e209.exe | Code function: | 1_2_00446A6C | |
Source: C:\f504ef6e9a269e354de802872dc5e209.exe | Code function: | 1_2_00460A1C | |
Source: C:\f504ef6e9a269e354de802872dc5e209.exe | Code function: | 1_2_0045D3A4 | |
Source: C:\f504ef6e9a269e354de802872dc5e209.exe | Code function: | 1_2_00447314 | |
Source: C:\f504ef6e9a269e354de802872dc5e209.exe | Code function: | 1_1_00460328 | |
Source: C:\f504ef6e9a269e354de802872dc5e209.exe | Code function: | 1_1_00460328 | |
Source: C:\f504ef6e9a269e354de802872dc5e209.exe | Code function: | 1_1_00460ACC | |
Source: C:\f504ef6e9a269e354de802872dc5e209.exe | Code function: | 1_1_0042CC90 | |
Source: C:\f504ef6e9a269e354de802872dc5e209.exe | Code function: | 1_1_00447C30 | |
Source: C:\f504ef6e9a269e354de802872dc5e209.exe | Code function: | 1_1_00446A6C | |
Source: C:\Users\admin\AppData\Roaming\rsr\yfoye.exe | Code function: | 2_2_00460328 | |
Source: C:\Users\admin\AppData\Roaming\rsr\yfoye.exe | Code function: | 2_2_00460328 | |
Source: C:\Users\admin\AppData\Roaming\rsr\yfoye.exe | Code function: | 2_2_00460ACC | |
Source: C:\Users\admin\AppData\Roaming\rsr\yfoye.exe | Code function: | 2_2_0042CC90 | |
Source: C:\Users\admin\AppData\Roaming\rsr\yfoye.exe | Code function: | 2_2_00447C30 | |
Source: C:\Users\admin\AppData\Roaming\rsr\yfoye.exe | Code function: | 2_2_00446A6C | |
Source: C:\Users\admin\AppData\Roaming\rsr\yfoye.exe | Code function: | 2_2_00460A1C | |
Source: C:\Users\admin\AppData\Roaming\rsr\yfoye.exe | Code function: | 2_2_0045D3A4 | |
Source: C:\Users\admin\AppData\Roaming\rsr\yfoye.exe | Code function: | 2_2_00447314 | |
Source: C:\Users\admin\AppData\Roaming\rsr\yfoye.exe | Code function: | 2_1_00460328 | |
Source: C:\Users\admin\AppData\Roaming\rsr\yfoye.exe | Code function: | 2_1_00460328 | |
Source: C:\Users\admin\AppData\Roaming\rsr\yfoye.exe | Code function: | 2_1_00460ACC | |
Source: C:\Users\admin\AppData\Roaming\rsr\yfoye.exe | Code function: | 2_1_0042CC90 | |
Source: C:\Users\admin\AppData\Roaming\rsr\yfoye.exe | Code function: | 2_1_00447C30 | |
Source: C:\Users\admin\AppData\Roaming\rsr\yfoye.exe | Code function: | 2_1_00446A6C |
Disables application error messsages (SetErrorMode) | Show sources |
Source: C:\f504ef6e9a269e354de802872dc5e209.exe | Process information set: | ||
Source: C:\f504ef6e9a269e354de802872dc5e209.exe | Process information set: | ||
Source: C:\f504ef6e9a269e354de802872dc5e209.exe | Process information set: | ||
Source: C:\f504ef6e9a269e354de802872dc5e209.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Roaming\rsr\yfoye.exe | Process information set: |
Extensive use of GetProcAddress (often used to hide API calls) | Show sources |
Source: C:\f504ef6e9a269e354de802872dc5e209.exe | Code function: | 1_2_0044C18C |
Language, Device and Operating System Detection: |
---|
Contains functionality to query local / system time | Show sources |
Source: C:\f504ef6e9a269e354de802872dc5e209.exe | Code function: | 1_2_0040B0C4 |
Contains functionality to query the account / user name | Show sources |
Source: C:\f504ef6e9a269e354de802872dc5e209.exe | Code function: | 1_2_004EEF98 |
Contains functionality to query windows version | Show sources |
Source: C:\f504ef6e9a269e354de802872dc5e209.exe | Code function: | 1_2_0044C7D8 |
Contains functionality locales information (e.g. system language) | Show sources |
Source: C:\f504ef6e9a269e354de802872dc5e209.exe | Code function: | 1_2_004061BC | |
Source: C:\f504ef6e9a269e354de802872dc5e209.exe | Code function: | 1_2_0040C748 | |
Source: C:\f504ef6e9a269e354de802872dc5e209.exe | Code function: | 1_2_0040C794 | |
Source: C:\f504ef6e9a269e354de802872dc5e209.exe | Code function: | 1_2_0040DDA8 | |
Source: C:\f504ef6e9a269e354de802872dc5e209.exe | Code function: | 1_2_004062C8 | |
Source: C:\f504ef6e9a269e354de802872dc5e209.exe | Code function: | 1_1_004061BC | |
Source: C:\f504ef6e9a269e354de802872dc5e209.exe | Code function: | 1_1_0040C748 | |
Source: C:\Users\admin\AppData\Roaming\rsr\yfoye.exe | Code function: | 2_2_004061BC | |
Source: C:\Users\admin\AppData\Roaming\rsr\yfoye.exe | Code function: | 2_2_0040C748 | |
Source: C:\Users\admin\AppData\Roaming\rsr\yfoye.exe | Code function: | 2_2_0040C794 | |
Source: C:\Users\admin\AppData\Roaming\rsr\yfoye.exe | Code function: | 2_2_0040DDA8 | |
Source: C:\Users\admin\AppData\Roaming\rsr\yfoye.exe | Code function: | 2_2_004062C8 | |
Source: C:\Users\admin\AppData\Roaming\rsr\yfoye.exe | Code function: | 2_1_004061BC |
Queries the cryptographic machine GUID | Show sources |
Source: C:\Users\admin\AppData\Roaming\rsr\yfoye.exe | Key value queried: |
Yara Overview |
---|
No Yara matches |
---|
Startup |
---|
|
Created / dropped Files |
---|
File Path | Type and Hashes |
---|---|
| |
| |
| |
|
Contacted Domains/Contacted IPs |
---|
Static File Info |
---|
General | |
---|---|
File type: | PE32 executable for MS Windows (GUI) Intel 80386 32-bit |
TrID: |
|
File name: | f504ef6e9a269e354de802872dc5e209.exe |
File size: | 1294848 |
MD5: | f504ef6e9a269e354de802872dc5e209 |
SHA1: | 2f9b26b90311e62662c5946a1ac600d2996d3758 |
SHA256: | 77bacb44132eba894ff4cb9c8aa50c3e9c6a26a08f93168f65c48571fdf48e2a |
SHA512: | 70f47e35c3fa61e1c6c6ddb79923cc39b79b2862a06211e07976c4388510818975ab3306c8983addf93782de477cf98d7c5f9c926605aa7e4196b3344947ad44 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x4ef690 |
Entrypoint Section: | CODE |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui 40 |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, BYTES_REVERSED_LO, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, BYTES_REVERSED_HI |
DLL Characteristics: | |
Time Stamp: | 0x2A4242B4 [Fri Jun 19 20:25:24 1992 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Entrypoint Preview |
---|
Instruction |
---|
push ebp |
mov ebp, esp |
add esp, FFFFFFF0h |
mov eax, 004EF268h |
call 0DC039E9h |
mov eax, dword ptr [004F834Ch] |
mov eax, dword ptr [eax] |
call 0DC5DD31h |
mov ecx, dword ptr [004F856Ch] |
mov eax, dword ptr [004F834Ch] |
mov eax, dword ptr [eax] |
mov edx, dword ptr [004EEB5Ch] |
call 0DC5DD31h |
mov eax, dword ptr [004F834Ch] |
mov eax, dword ptr [eax] |
call 0DC5DDA5h |
call 0DC01328h |
lea eax, dword ptr [eax+00h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xfa000 | 0x2bb8 | .idata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x113000 | 0x2ebd8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xff000 | 0x1320c | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0xfe000 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Xored PE | ZLIB Complexity | File Type | Characteristics |
---|---|---|---|---|---|---|---|---|
CODE | 0x1000 | 0xee6d8 | 0xee800 | 6.57312939285 | False | 0.497613870873 | ump; data | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
DATA | 0xf0000 | 0x868c | 0x8800 | 7.01422280273 | False | 0.766860064338 | ump; data | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
BSS | 0xf9000 | 0xf81 | 0x0 | 0.0 | False | 0 | ump; empty | IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.idata | 0xfa000 | 0x2bb8 | 0x2c00 | 5.04404012119 | False | 0.368519176136 | ump; data | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.tls | 0xfd000 | 0x10 | 0x0 | 0.0 | False | 0 | ump; empty | IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rdata | 0xfe000 | 0x18 | 0x200 | 0.195201267787 | False | 0.046875 | ump; data | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ |
.reloc | 0xff000 | 0x1320c | 0x13400 | 6.60275662235 | False | 0.482878449675 | ump; data | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ |
.rsrc | 0x113000 | 0x2ebd8 | 0x2ec00 | 5.34783289769 | False | 0.330213903743 | ump; data | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country | Nbr Of Functions | Xored PE |
---|---|---|---|---|---|---|---|
RT_CURSOR | 0x1151c0 | 0x134 | ump; data | 0 | False | ||
RT_CURSOR | 0x1152f4 | 0x134 | ump; data | 0 | False | ||
RT_CURSOR | 0x115428 | 0x134 | ump; data | 0 | False | ||
RT_CURSOR | 0x11555c | 0x134 | ump; data | 0 | False | ||
RT_CURSOR | 0x115690 | 0x134 | ump; data | 0 | False | ||
RT_CURSOR | 0x1157c4 | 0x134 | ump; data | 0 | False | ||
RT_CURSOR | 0x1158f8 | 0x134 | ump; data | 0 | False | ||
RT_BITMAP | 0x115a2c | 0x1d0 | ump; data | 0 | False | ||
RT_BITMAP | 0x115bfc | 0x1e4 | ump; data | 0 | False | ||
RT_BITMAP | 0x115de0 | 0x1d0 | ump; data | 0 | False | ||
RT_BITMAP | 0x115fb0 | 0x1d0 | ump; data | 0 | False | ||
RT_BITMAP | 0x116180 | 0x1d0 | ump; data | 0 | False | ||
RT_BITMAP | 0x116350 | 0x1d0 | ump; data | 0 | False | ||
RT_BITMAP | 0x116520 | 0x1d0 | ump; data | 0 | False | ||
RT_BITMAP | 0x1166f0 | 0x1d0 | ump; data | 0 | False | ||
RT_BITMAP | 0x1168c0 | 0x1d0 | ump; data | 0 | False | ||
RT_BITMAP | 0x116a90 | 0x1d0 | ump; data | 0 | False | ||
RT_BITMAP | 0x116c60 | 0xe8 | ump; GLS_BINARY_LSB_FIRST | 0 | False | ||
RT_BITMAP | 0x116d48 | 0x158 | ump; data | 0 | False | ||
RT_BITMAP | 0x116ea0 | 0x158 | ump; data | 0 | False | ||
RT_BITMAP | 0x116ff8 | 0x158 | ump; data | 0 | False | ||
RT_BITMAP | 0x117150 | 0x158 | ump; data | 0 | False | ||
RT_BITMAP | 0x1172a8 | 0x140 | ump; data | 0 | False | ||
RT_BITMAP | 0x1173e8 | 0x140 | ump; data | 0 | False | ||
RT_BITMAP | 0x117528 | 0x140 | ump; data | 0 | False | ||
RT_BITMAP | 0x117668 | 0x158 | ump; data | 0 | False | ||
RT_BITMAP | 0x1177c0 | 0x140 | ump; data | 0 | False | ||
RT_BITMAP | 0x117900 | 0x140 | ump; data | 0 | False | ||
RT_BITMAP | 0x117a40 | 0x140 | ump; data | 0 | False | ||
RT_BITMAP | 0x117b80 | 0x158 | ump; data | 0 | False | ||
RT_BITMAP | 0x117cd8 | 0x140 | ump; data | 0 | False | ||
RT_BITMAP | 0x117e18 | 0x140 | ump; data | 0 | False | ||
RT_BITMAP | 0x117f58 | 0x158 | ump; data | 0 | False | ||
RT_BITMAP | 0x1180b0 | 0x140 | ump; data | 0 | False | ||
RT_BITMAP | 0x1181f0 | 0x140 | ump; data | 0 | False | ||
RT_BITMAP | 0x118330 | 0x158 | ump; data | 0 | False | ||
RT_BITMAP | 0x118488 | 0x158 | ump; data | 0 | False | ||
RT_BITMAP | 0x1185e0 | 0x158 | ump; data | 0 | False | ||
RT_BITMAP | 0x118738 | 0x158 | ump; data | 0 | False | ||
RT_BITMAP | 0x118890 | 0x158 | ump; data | 0 | False | ||
RT_BITMAP | 0x1189e8 | 0x158 | ump; data | 0 | False | ||
RT_BITMAP | 0x118b40 | 0x158 | ump; data | 0 | False | ||
RT_BITMAP | 0x118c98 | 0x158 | ump; data | 0 | False | ||
RT_BITMAP | 0x118df0 | 0x158 | ump; data | 0 | False | ||
RT_BITMAP | 0x118f48 | 0x158 | ump; data | 0 | False | ||
RT_BITMAP | 0x1190a0 | 0x158 | ump; data | 0 | False | ||
RT_BITMAP | 0x1191f8 | 0x158 | ump; data | 0 | False | ||
RT_BITMAP | 0x119350 | 0x158 | ump; data | 0 | False | ||
RT_BITMAP | 0x1194a8 | 0x140 | ump; data | 0 | False | ||
RT_BITMAP | 0x1195e8 | 0x158 | ump; data | 0 | False | ||
RT_BITMAP | 0x119740 | 0x158 | ump; data | 0 | False | ||
RT_BITMAP | 0x119898 | 0x140 | ump; data | 0 | False | ||
RT_BITMAP | 0x1199d8 | 0x158 | ump; data | 0 | False | ||
RT_BITMAP | 0x119b30 | 0x140 | ump; data | 0 | False | ||
RT_BITMAP | 0x119c70 | 0x158 | ump; data | 0 | False | ||
RT_BITMAP | 0x119dc8 | 0x158 | ump; data | 0 | False | ||
RT_BITMAP | 0x119f20 | 0x158 | ump; data | 0 | False | ||
RT_BITMAP | 0x11a078 | 0x158 | ump; data | 0 | False | ||
RT_BITMAP | 0x11a1d0 | 0x140 | ump; data | 0 | False | ||
RT_BITMAP | 0x11a310 | 0x140 | ump; data | 0 | False | ||
RT_BITMAP | 0x11a450 | 0x140 | ump; data | 0 | False | ||
RT_BITMAP | 0x11a590 | 0x158 | ump; data | 0 | False | ||
RT_BITMAP | 0x11a6e8 | 0x140 | ump; data | 0 | False | ||
RT_BITMAP | 0x11a828 | 0x158 | ump; data | 0 | False | ||
RT_BITMAP | 0x11a980 | 0x158 | ump; data | 0 | False | ||
RT_BITMAP | 0x11aad8 | 0x158 | ump; data | 0 | False | ||
RT_BITMAP | 0x11ac30 | 0x140 | ump; data | 0 | False | ||
RT_BITMAP | 0x11ad70 | 0x140 | ump; data | 0 | False | ||
RT_BITMAP | 0x11aeb0 | 0x140 | ump; data | 0 | False | ||
RT_ICON | 0x11aff0 | 0xea8 | ump; data | 0 | False | ||
RT_ICON | 0x11be98 | 0x8a8 | ump; data | 0 | False | ||
RT_ICON | 0x11c740 | 0x568 | ump; GLS_BINARY_LSB_FIRST | 0 | False | ||
RT_ICON | 0x11cca8 | 0x25a8 | ump; data | 0 | False | ||
RT_ICON | 0x11f250 | 0x10a8 | ump; data | 0 | False | ||
RT_ICON | 0x1202f8 | 0x468 | ump; GLS_BINARY_LSB_FIRST | 0 | False | ||
RT_DIALOG | 0x120760 | 0x52 | ump; data | 0 | False | ||
RT_STRING | 0x1207b4 | 0xc0 | ump; data | 0 | False | ||
RT_STRING | 0x120874 | 0x3dc | ump; data | 0 | False | ||
RT_STRING | 0x120c50 | 0x49c | ump; data | 0 | False | ||
RT_STRING | 0x1210ec | 0x2c4 | ump; data | 0 | False | ||
RT_STRING | 0x1213b0 | 0x32c | ump; data | 0 | False | ||
RT_STRING | 0x1216dc | 0x3e0 | ump; data | 0 | False | ||
RT_STRING | 0x121abc | 0x1c0 | ump; AmigaOS bitmap font | 0 | False | ||
RT_STRING | 0x121c7c | 0x17c | ump; Hitachi SH big-endian COFF object, not stripped | 0 | False | ||
RT_STRING | 0x121df8 | 0x268 | ump; AmigaOS bitmap font | 0 | False | ||
RT_STRING | 0x122060 | 0x320 | ump; data | 0 | False | ||
RT_STRING | 0x122380 | 0x3ec | ump; data | 0 | False | ||
RT_STRING | 0x12276c | 0x5d0 | ump; data | 0 | False | ||
RT_STRING | 0x122d3c | 0x488 | ump; data | 0 | False | ||
RT_STRING | 0x1231c4 | 0x3ec | ump; data | 0 | False | ||
RT_STRING | 0x1235b0 | 0x480 | ump; data | 0 | False | ||
RT_STRING | 0x123a30 | 0x4f0 | ump; data | 0 | False | ||
RT_STRING | 0x123f20 | 0x490 | ump; data | 0 | False | ||
RT_STRING | 0x1243b0 | 0x324 | ump; DBase 3 data file (7077989 records) | 0 | False | ||
RT_STRING | 0x1246d4 | 0xd4 | ump; PCX ver. 2.5 image data | 0 | False | ||
RT_STRING | 0x1247a8 | 0x110 | ump; data | 0 | False | ||
RT_STRING | 0x1248b8 | 0x224 | ump; data | 0 | False | ||
RT_STRING | 0x124adc | 0x3e8 | ump; data | 0 | False | ||
RT_STRING | 0x124ec4 | 0x39c | ump; data | 0 | False | ||
RT_STRING | 0x125260 | 0x374 | ump; data | 0 | False | ||
RT_STRING | 0x1255d4 | 0x40c | ump; data | 0 | False | ||
RT_STRING | 0x1259e0 | 0x114 | ump; data | 0 | False | ||
RT_STRING | 0x125af4 | 0xe4 | ump; DBase 3 data file (6750325 records) | 0 | False | ||
RT_STRING | 0x125bd8 | 0x280 | ump; data | 0 | False | ||
RT_STRING | 0x125e58 | 0x3c4 | ump; data | 0 | False | ||
RT_STRING | 0x12621c | 0x334 | ump; data | 0 | False | ||
RT_STRING | 0x126550 | 0x328 | ump; data | 0 | False | ||
RT_RCDATA | 0x126878 | 0x10 | ump; Sendmail frozen configuration | 0 | False | ||
RT_RCDATA | 0x126888 | 0x554 | ump; data | 0 | False | ||
RT_RCDATA | 0x126ddc | 0x59e | ump; data | 0 | False | ||
RT_RCDATA | 0x12737c | 0x1de6 | ump; data | 0 | False | ||
RT_RCDATA | 0x129164 | 0x7790 | ump; data | 0 | False | ||
RT_RCDATA | 0x1308f4 | 0x1ad4 | ump; data | 0 | False | ||
RT_RCDATA | 0x1323c8 | 0x7d3 | ump; data | 0 | False | ||
RT_RCDATA | 0x132b9c | 0x66c | ump; data | 0 | False | ||
RT_RCDATA | 0x133208 | 0x1b23 | ump; data | 0 | False | ||
RT_RCDATA | 0x134d2c | 0x562 | ump; data | 0 | False | ||
RT_RCDATA | 0x135290 | 0x1dc | ump; data | 0 | False | ||
RT_RCDATA | 0x13546c | 0x3d2b | ump; data | 0 | False | ||
RT_MESSAGETABLE | 0x139198 | 0x8618 | ump; data | English | United States | 0 | False |
RT_GROUP_CURSOR | 0x1417b0 | 0x14 | ump; Lotus 1-2-3 | 0 | False | ||
RT_GROUP_CURSOR | 0x1417c4 | 0x14 | ump; Lotus 1-2-3 | 0 | False | ||
RT_GROUP_CURSOR | 0x1417d8 | 0x14 | ump; Lotus 1-2-3 | 0 | False | ||
RT_GROUP_CURSOR | 0x1417ec | 0x14 | ump; Lotus 1-2-3 | 0 | False | ||
RT_GROUP_CURSOR | 0x141800 | 0x14 | ump; Lotus 1-2-3 | 0 | False | ||
RT_GROUP_CURSOR | 0x141814 | 0x14 | ump; Lotus 1-2-3 | 0 | False | ||
RT_GROUP_CURSOR | 0x141828 | 0x14 | ump; Lotus 1-2-3 | 0 | False | ||
RT_GROUP_ICON | 0x14183c | 0x5a | ump; MS Windows icon resource - 6 icons, 48x48, 256-colors | 0 | False | ||
RT_VERSION | 0x141898 | 0x340 | ump; data | English | United States | 0 | False |
Imports |
---|
DLL | Import |
---|---|
kernel32.dll | DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, SetCurrentDirectoryA, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCurrentDirectoryA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetSystemTime, GetFileType, CreateFileA, CloseHandle |
user32.dll | GetKeyboardType, LoadStringA, MessageBoxA, CharNextA |
advapi32.dll | RegQueryValueExA, RegOpenKeyExA, RegCloseKey |
oleaut32.dll | SysFreeString, SysReAllocStringLen, SysAllocStringLen |
kernel32.dll | TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA |
advapi32.dll | RegSetValueExA, RegQueryValueExA, RegOpenKeyExA, RegDeleteKeyA, RegCreateKeyExA, RegCloseKey, GetUserNameA |
kernel32.dll | lstrcpyA, WriteFile, WaitForSingleObject, VirtualQuery, VirtualFree, VirtualAlloc, Sleep, SizeofResource, SetThreadLocale, SetLastError, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, SetCurrentDirectoryA, SearchPathA, ResetEvent, ReleaseMutex, ReadFile, OutputDebugStringA, OpenFileMappingA, MultiByteToWideChar, MulDiv, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, IsDBCSLeadByte, InitializeCriticalSection, GlobalUnlock, GlobalSize, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetVersionExA, GetVersion, GetUserDefaultLCID, GetTickCount, GetThreadLocale, GetTempPathA, GetTempFileNameA, GetSystemInfo, GetSystemDefaultLCID, GetStringTypeExA, GetStdHandle, GetShortPathNameA, GetProfileStringA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCurrentDirectoryA, GetCPInfo, GetACP, FreeResource, InterlockedIncrement, InterlockedDecrement, FreeLibrary, FormatMessageA, FindResourceA, FindFirstFileA, FindClose, FileTimeToLocalFileTime, FileTimeToDosDateTime, FatalAppExitA, EnumCalendarInfoA, EnterCriticalSection, DeleteFileA, DeleteCriticalSection, CreateThread, CreateMutexA, CreateFileA, CreateEventA, CompareStringW, CompareStringA, CloseHandle |
version.dll | VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA |
gdi32.dll | UnrealizeObject, StretchBlt, StartPage, StartDocA, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetTextAlign, SetStretchBltMode, SetROP2, SetPixel, SetMapMode, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SetAbortProc, SelectPalette, SelectObject, SelectClipRgn, SaveDC, RestoreDC, Rectangle, RectVisible, RealizePalette, Polyline, PlayEnhMetaFile, PatBlt, MoveToEx, MaskBlt, LineTo, LPtoDP, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPointA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetRgnBox, GetPixel, GetPaletteEntries, GetObjectA, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileDescriptionA, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, ExtTextOutA, ExcludeClipRect, EndPage, EndDoc, Ellipse, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreateRectRgn, CreatePenIndirect, CreatePalette, CreateICA, CreateHalftonePalette, CreateFontIndirectA, CreateEnhMetaFileA, CreateDIBitmap, CreateDIBSection, CreateDCA, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, CombineRgn, CloseEnhMetaFile, BitBlt, AbortDoc |
user32.dll | WindowFromPoint, WinHelpA, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCursor, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClipboardData, SetClassLongA, SetCapture, SetActiveWindow, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageA, OpenClipboard, OffsetRect, OemToCharBuffA, OemToCharA, MessageBoxA, MessageBeep, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetWindowDC, GetUpdateRect, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMessageTime, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDlgItem, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, EmptyClipboard, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DrawEdge, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreateWindowExA, CreatePopupMenu, CreateMenu, CreateIcon, CloseClipboard, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BringWindowToTop, BeginPaint, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, CharToOemBuffA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout |
kernel32.dll | Sleep |
oleaut32.dll | SafeArrayPtrOfIndex, SafeArrayPutElement, SafeArrayGetElement, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayRedim, SafeArrayCreate, VariantChangeTypeEx, VariantCopyInd, VariantCopy, VariantClear, VariantInit |
ole32.dll | CreateStreamOnHGlobal, IsAccelerator, OleDraw, OleSetMenuDescriptor, CoTaskMemFree, CLSIDFromProgID, StringFromCLSID, CoCreateInstance, CoLockObjectExternal, CoDisconnectObject, CoRevokeClassObject, CoGetClassObject, CoUninitialize, CoInitialize, IsEqualGUID |
oleaut32.dll | CreateErrorInfo, GetErrorInfo, SetErrorInfo, DispGetIDsOfNames, LoadRegTypeLib, VariantClear, VariantInit, SysFreeString |
comctl32.dll | ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Replace, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create, InitCommonControls |
winspool.drv | OpenPrinterA, GetPrinterDriverA, EnumPrintersA, DocumentPropertiesA, DeviceCapabilitiesA, ClosePrinter |
comdlg32.dll | FindTextA, ChooseColorA, GetSaveFileNameA, GetOpenFileNameA |
wsock32.dll | WSACleanup, WSAStartup, WSAGetLastError, WSAAsyncGetHostByName, WSAAsyncSelect, socket, setsockopt, send, recv, inet_addr, htons, connect, closesocket, accept |
Version Infos |
---|
Description | Data |
---|---|
LegalCopyright | NoVirusThanks Company Srl |
InternalName | |
FileVersion | 1.0.0.0 |
CompanyName | NoVirusThanks Company Srl |
LegalTrademarks | |
Comments | NPE File Analyzer |
ProductName | NPE File Analyzer |
ProductVersion | 1.0.0.0 |
FileDescription | NPE File Analyzer |
OriginalFilename | NPE.exe |
Translation | 0x0810 0x04e4 |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
No network behavior found |
---|
Hooks - Code Manipulation Behavior |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
System Behavior |
---|
General |
---|
Start time: | 12:44:12 |
Start date: | 05/05/2015 |
Path: | C:\f504ef6e9a269e354de802872dc5e209.exe |
Wow64 process (32bit): | false |
Commandline: | unknown |
Imagebase: | 0x400000 |
File size: | 1294848 bytes |
MD5 hash: | F504EF6E9A269E354DE802872DC5E209 |
General |
---|
Start time: | 12:44:21 |
Start date: | 05/05/2015 |
Path: | C:\Users\admin\AppData\Roaming\rsr\yfoye.exe |
Wow64 process (32bit): | false |
Commandline: | C:\Users\admin\AppData\Roaming\rsr\yfoye.exe |
Imagebase: | 0x76ec0000 |
File size: | 1294848 bytes |
MD5 hash: | F504EF6E9A269E354DE802872DC5E209 |
General |
---|
Start time: | 12:44:29 |
Start date: | 05/05/2015 |
Path: | C:\Users\admin\AppData\Roaming\rsr\yfoye.exe |
Wow64 process (32bit): | false |
Commandline: | C:\Users\admin\AppData\Roaming\rsr\yfoye.exe |
Imagebase: | 0x400000 |
File size: | 1294848 bytes |
MD5 hash: | F504EF6E9A269E354DE802872DC5E209 |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Non-executed Functions |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Executed Functions |
---|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Non-executed Functions |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Execution Graph |
---|
Execution Coverage: | 11.4% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 32.8% |
Total number of Nodes: | 262 |
Total number of Limit Nodes: | 2 |
Executed Functions |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Non-executed Functions |
---|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|