The table below presents matching against Cuckoo sanboxing of similar samples.
The score is computed from the comparison of the graph of API call observed during the execution of the different sample identified below by their SHA256.
A graph is built for each process using the tuple (thread id, caller address) as node id and the API call name as symbol. As a result the matching is per process, e.g. if the present sample is executing the command cmd.exe it will match at 100% or so any other sample executing the same process with similar arguments. For this reasons the matching table below is presented per process.
In order to compute a numeric matching score, the API call graph is exploded into sub-graphs, lets denote SG(A) the set of subgraphs associated to the execution of a process A. Then the score relies on the cannonic set metric, that is the matching score of two processes A and B is size(SG(A) & SG(B)) / size(SG(A) | SG(B)) where & and | respectively denotes the set intersection and union.
We also reference family names, note that is indicative only; the family names are extracted from the Cuckoo sanboxing of the referenced sample which can be subject to error and misclassifications. Also keep in mind the cmd.exe example presented above and only consider discriminative processes in the table below.

{% if analysis.classification.family_top %}

Overall classfication

{% for score in analysis.classification.family_top %} {% for entry in score %} {% endfor %} {% endfor %}
Family Score
{{entry}}
{% endif %}

Per thread classfication

{% if analysis.classification.details %} {% for block in analysis.classification.details %} {% endfor %} {% else %} {% for block in analysis.classification %} {% endfor %}
{% endif %}
Meta {{block.meta}}
Thread {% if block.pid %} Pid: {{block.pid}} {% endif %} {% if block.tid %} Tid: {{block.tid}} {% endif %}
Details {% if block.results %} {% for sub_block in block.results %} {% for key, value in sub_block.iteritems %} {% if key == "samples" %} {% for sub_value in value %} {% for skey, svalue in sub_value.iteritems %}
  • {{ skey }}: {{ svalue }}
    • {% endfor %}
    {% endfor %} {% else %}
  • {{ key }}: {{value}}
    • {% endif %} {% endfor %} {% endfor %} {% endif %}
    Meta {{block.meta}}
    Thread {% if block.pid %} Pid: {{block.pid}} {% endif %} {% if block.tid %} Tid: {{block.tid}} {% endif %}
    Details {% if block.results %} {% for sub_block in block.results %} {% for key, value in sub_block.iteritems %} {% if key == "samples" %} {% for sub_value in value %} {% for skey, svalue in sub_value.iteritems %}
  • {{ skey }}: {{ svalue }}
    • {% endfor %} {% endfor %} {% else %}
  • {{ key }}: {{value}}
    • {% endif %} {% endfor %} {% endfor %} {% endif %}