Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.FileRepMalware.7137.26178.exe

Overview

General Information

Sample name:SecuriteInfo.com.FileRepMalware.7137.26178.exe
Analysis ID:1433040
MD5:db742062ddf8dddd7521e31da16004de
SHA1:709dcf09e33a128d0eee3bdbd03c99614f37e035
SHA256:5ebde45359ac0a29318bbf1532367806a6219fae9a1508272862ecca77df2312
Tags:exe
Infos:

Detection

Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Machine Learning detection for sample
Opens the same file many times (likely Sandbox evasion)
Contains functionality to dynamically determine API calls
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found large amount of non-executed APIs
May sleep (evasive loops) to hinder dynamic analysis

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exeAvira: detected
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exeReversingLabs: Detection: 44%
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exeVirustotal: Detection: 57%Perma Link
Machine Learning detection for sample
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exeJoe Sandbox ML: detected
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.7137.26178.exeCode function: 0_2_00007FF681904F600_2_00007FF681904F60
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.7137.26178.exeCode function: 0_2_00007FF6819032E00_2_00007FF6819032E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.7137.26178.exeCode function: 0_2_00007FF681907A400_2_00007FF681907A40
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.7137.26178.exeCode function: 0_2_00007FF6819180D00_2_00007FF6819180D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.7137.26178.exeCode function: 0_2_00007FF6819223FA0_2_00007FF6819223FA
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.7137.26178.exeCode function: 0_2_00007FF681901BA00_2_00007FF681901BA0
Source: classification engineClassification label: mal64.evad.winEXE@1/1@0/0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.7137.26178.exeCode function: 0_2_00007FF6819032E0 _fileno,_fileno,_isatty,_errno,_errno,fgets,memchr,_errno,_errno,clearerr,fgets,_errno,_errno,clearerr,_errno,fgets,_errno,_errno,clearerr,fgets,_errno,_errno,clearerr,ferror,ferror,_fileno,_get_osfhandle,ReadConsoleW,fclose,GetLastError,FormatMessageW,LocalFree,0_2_00007FF6819032E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.7137.26178.exeFile created: C:\Users\user\Desktop\Options.iniJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.7137.26178.exeFile read: C:\Users\user\Desktop\Options.iniJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.7137.26178.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exeReversingLabs: Detection: 44%
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exeVirustotal: Detection: 57%
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.7137.26178.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.7137.26178.exeFile written: C:\Users\user\Desktop\Options.iniJump to behavior
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.7137.26178.exeCode function: 0_2_00007FF6819156E0 LoadLibraryA,GetProcAddress,0_2_00007FF6819156E0
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1

Malware Analysis System Evasion

barindex
Opens the same file many times (likely Sandbox evasion)
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.7137.26178.exeFile opened: C:\Users\user\Desktop\Options.ini count: 42090Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.7137.26178.exeWindow / User API: threadDelayed 2304Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.7137.26178.exeWindow / User API: threadDelayed 7695Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.7137.26178.exeWindow / User API: foregroundWindowGot 1775Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.7137.26178.exeAPI coverage: 7.8 %
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.7137.26178.exe TID: 5008Thread sleep count: 2304 > 30Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.7137.26178.exe TID: 5008Thread sleep time: -2304000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.7137.26178.exe TID: 5008Thread sleep count: 7695 > 30Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.7137.26178.exe TID: 5008Thread sleep time: -7695000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.7137.26178.exeCode function: 0_2_00007FF68191D670 GetSystemInfo,0_2_00007FF68191D670
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.7137.26178.exeCode function: 0_2_00007FF6819156E0 LoadLibraryA,GetProcAddress,0_2_00007FF6819156E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.7137.26178.exeCode function: 0_2_00007FF681901154 GetStartupInfoA,Sleep,_amsg_exit,_initterm,_initterm,SetUnhandledExceptionFilter,exit,_cexit,0_2_00007FF681901154
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AEE6000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Program Managerg
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AEE6000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Program Manager0v
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AEC7000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AECC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Program Manager
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AEE6000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Program Managera
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AEC1000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Program Manager0=
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AEE6000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Program Manager`m
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AECC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AEEF000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Program Manager0
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AED0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AEBB000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Program Managerp
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AEE6000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Program Manager`g
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AEE6000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Program Managerpf
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AEE6000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Program Manager@s
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AEE6000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Program Manager0d
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AECC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AEEF000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Program Manager`
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AECC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AEE1000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Program Manager
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AEE6000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Program Manager0j
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AEE6000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Program Manager@c
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AEE6000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Program Manager:\Windows\explo@t
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AEC7000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Program ManagerPr
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AEE6000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Program ManagerbNr
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: @Shell_TrayWnd
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AECC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AEE1000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Program ManagerP
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AED9000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Program Managernager
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AEE6000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Program ManagerbN
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AEC7000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Program Manager u
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AF0B000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Program Managerofile
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AEC7000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Program Manager`q
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AEE6000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Program Managert
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AEC7000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Program Manager ~
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AEE1000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AEBB000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Program Manager@
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AEC1000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Program Manager >
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AEC1000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Program Manager`7
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AEC1000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Program Manager:
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AEE6000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Program ManagerbN@r

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Native API		1
DLL Side-Loading		1
Process Injection		1
Masquerading		OS Credential Dumping11
Virtualization/Sandbox Evasion		Remote Services1
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		11
Virtualization/Sandbox Evasion		LSASS Memory1
Process Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Process Injection		Security Account Manager1
Application Window Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Obfuscated Files or Information		NTDS2
File and Directory Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Software Packing		LSA Secrets2
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
SecuriteInfo.com.FileRepMalware.7137.26178.exe45%ReversingLabsWin64.Trojan.Generic
SecuriteInfo.com.FileRepMalware.7137.26178.exe58%VirustotalBrowse
SecuriteInfo.com.FileRepMalware.7137.26178.exe100%AviraTR/Crypt.Agent.zzsrh
SecuriteInfo.com.FileRepMalware.7137.26178.exe100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1433040
Start date and time:2024-04-29 01:27:08 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 7m 1s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:4
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:SecuriteInfo.com.FileRepMalware.7137.26178.exe
Detection:MAL
Classification:mal64.evad.winEXE@1/1@0/0
EGA Information:
  • Successful, ratio: 100%
HCA Information:
  • Successful, ratio: 98%
  • Number of executed functions: 17
  • Number of non-executed functions: 53
Cookbook Comments:
  • Found application associated with file extension: .exe
  • Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

  • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
  • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com

Simulations

Behavior and APIs

TimeTypeDescription
01:28:29API Interceptor883929x Sleep call for process: SecuriteInfo.com.FileRepMalware.7137.26178.exe modified

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\Desktop\Options.ini

Download File
Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.7137.26178.exe
File Type:ASCII text
Category:dropped
Size (bytes):98
Entropy (8bit):4.651611402169601
Encrypted:false
SSDEEP:3:LDIuYjtKrbNAWKJQbaYDJPPFKV3cnaiJHUXdVQX3n:3gj0rhANGxFK4ZKXy3
MD5:B799FB24F748EE4BA434F82A099B005C
SHA1:391C6BB106731C01DF20EEF4ADD021A85EE8F7C8
SHA-256:1564A5E80D4EE91ACB6F09BAE6C3723BA2ADDD59D584AED91DD5CDFEFABE923F
SHA-512:EEA5B78C13968621EC8B2B97E9CCF447A132DFCDCD43E8C65BEFF55D3DF8D4EABE72AFC4CDFBD8EC8402E926435F6F5CE4852763AA5BFA513120643399EE00E5
Malicious:true
Reputation:low
Preview:[Profiles].; Title or Executable Name = Resolution.; Example.exe = 1600x900.; Example = 1280x720 .

Static File Info

General

File type:PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):6.597568007943218
TrID:
  • Win64 Executable GUI (202006/5) 81.26%
  • UPX compressed Win32 Executable (30571/9) 12.30%
  • Win64 Executable (generic) (12005/4) 4.83%
  • Generic Win/DOS Executable (2004/3) 0.81%
  • DOS Executable Generic (2002/1) 0.81%
File name:SecuriteInfo.com.FileRepMalware.7137.26178.exe
File size:156'975 bytes
MD5:db742062ddf8dddd7521e31da16004de
SHA1:709dcf09e33a128d0eee3bdbd03c99614f37e035
SHA256:5ebde45359ac0a29318bbf1532367806a6219fae9a1508272862ecca77df2312
SHA512:3ca0f13c58474067e16468a87eeb32cdfe7476559e06727665a68de6d7aa5359dcaaa11dcc1a5d5634aa67375cd1ea02193b7ddf01e2bd618e4631e6275d8b7f
SSDEEP:1536:ee2ywxNXxKSQBo/4+tVdUBj4pdWJ99sv7nyi95Br8zwv6jymsDahH9ShBo:eeexWBXMW4S99Ynn77iQ09ShBo
TLSH:E5E31AD121D44C9BEFA4637C86D6C222773CB6D087A78743897069369E13FC16EC27A6
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....sc..........&....$. .....................@............................. ............`... ............................

File Icon

Icon Hash:00928e8e8686b000

Static PE Info

General

Entrypoint:0x14004fde0
Entrypoint Section:UPX1
Digitally signed:false
Imagebase:0x140000000
Subsystem:windows gui
Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LARGE_ADDRESS_AWARE
DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
Time Stamp:0x63739CBF [Tue Nov 15 14:05:51 2022 UTC]
TLS Callbacks:0x4005007b, 0x1
CLR (.Net) Version:
OS Version Major:4
OS Version Minor:0
File Version Major:4
File Version Minor:0
Subsystem Version Major:4
Subsystem Version Minor:0
Import Hash:bcf839cc283f092a6aaf13cb38699669

Entrypoint Preview

Instruction
push ebx
push esi
push edi
push ebp
dec eax
lea esi, dword ptr [FFFEF23Ah]
dec eax
lea edi, dword ptr [esi-0003E025h]
dec eax
lea eax, dword ptr [edi+00042340h]
push dword ptr [eax]
mov dword ptr [eax], 5932CAB9h
push eax
push edi
xor ebx, ebx
xor ecx, ecx
dec eax
or ebp, FFFFFFFFh
call 00007F94349D6A95h
add ebx, ebx
je 00007F94349D6A44h
rep ret
mov ebx, dword ptr [esi]
dec eax
sub esi, FFFFFFFCh
adc ebx, ebx
mov dl, byte ptr [esi]
rep ret
dec eax
lea eax, dword ptr [edi+ebp]
cmp ecx, 05h
mov dl, byte ptr [eax]
jbe 00007F94349D6A63h
dec eax
cmp ebp, FFFFFFFCh
jnbe 00007F94349D6A5Dh
sub ecx, 04h
mov edx, dword ptr [eax]
dec eax
add eax, 04h
sub ecx, 04h
mov dword ptr [edi], edx
dec eax
lea edi, dword ptr [edi+04h]
jnc 00007F94349D6A31h
add ecx, 04h
mov dl, byte ptr [eax]
je 00007F94349D6A52h
dec eax
inc eax
mov byte ptr [edi], dl
sub ecx, 01h
mov dl, byte ptr [eax]
dec eax
lea edi, dword ptr [edi+01h]
jne 00007F94349D6A32h
rep ret
cld
inc ecx
pop ebx
jmp 00007F94349D6A4Ah
dec eax
inc esi
mov byte ptr [edi], dl
dec eax
inc edi
mov dl, byte ptr [esi]
add ebx, ebx
jne 00007F94349D6A4Ch
mov ebx, dword ptr [esi]
dec eax
sub esi, FFFFFFFCh
adc ebx, ebx
mov dl, byte ptr [esi]
jc 00007F94349D6A28h
lea eax, dword ptr [ecx+01h]
jmp 00007F94349D6A49h
dec eax
inc ecx
call ebx
adc eax, eax
inc ecx
call ebx
adc eax, eax
add ebx, ebx
jne 00007F94349D6A4Ch
mov ebx, dword ptr [esi]
dec eax
sub esi, FFFFFFFCh
adc ebx, ebx
mov dl, byte ptr [esi]
jnc 00007F94349D6A26h
sub eax, 03h
jc 00007F94349D6A5Bh
shl eax, 08h

Data Directories

NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IMPORT0x512280x10c.rsrc
IMAGE_DIRECTORY_ENTRY_RESOURCE0x510000x228.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x2c0000x1530UPX0
IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
IMAGE_DIRECTORY_ENTRY_BASERELOC0x513340x14.rsrc
IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x500a80x28UPX1
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x00x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

Sections

NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
UPX00x10000x3e0000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
UPX10x3f0000x120000x11200698ba04657aead56780ea05eabf7fcffFalse0.9873688412408759data7.929696455583514IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc0x510000x10000x400ca909c95024486106f6e8ec2a59bb133False0.4580078125data4.360581600936096IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

NameRVASizeTypeLanguageCountryZLIB Complexity
RT_MANIFEST0x5105c0x1caXML 1.0 document, ASCII text, with very long lines (456), with CRLF line terminatorsEnglishUnited States0.5764192139737991

Imports

DLLImport
KERNEL32.DLLLoadLibraryA, ExitProcess, GetProcAddress, VirtualProtect
msvcrt.dllexit
USER32.dllMessageBoxA

Possible Origin

Language of compilation systemCountry where language is spokenMap
EnglishUnited States

Network Behavior

No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

System Behavior

General

Target ID:0
Start time:01:27:52
Start date:29/04/2024
Path:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.7137.26178.exe
Wow64 process (32bit):false
Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.7137.26178.exe"
Imagebase:0x7ff681900000
File size:156'975 bytes
MD5 hash:DB742062DDF8DDDD7521E31DA16004DE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low
Has exited:false

Disassembly

Reset < >

    Execution Graph

    Execution Coverage:7.6%
    Dynamic/Decrypted Code Coverage:0%
    Signature Coverage:22.1%
    Total number of Nodes:958
    Total number of Limit Nodes:34
    execution_graph 12684 7ff6819168e0 12686 7ff6819168ef 12684->12686 12687 7ff681916902 12684->12687 12685 7ff681916937 12686->12687 12688 7ff681912830 46 API calls 12686->12688 12687->12685 12689 7ff681912830 46 API calls 12687->12689 12690 7ff68191691f 12687->12690 12688->12687 12689->12690 12690->12685 12692 7ff681912830 12690->12692 12699 7ff68190b5a0 12692->12699 12694 7ff681912851 12710 7ff68190aab0 12694->12710 12698 7ff681912875 12715 7ff681911020 12698->12715 12721 7ff681906b90 12698->12721 12700 7ff68190b5c3 12699->12700 12701 7ff68190b5d3 12700->12701 12826 7ff681909f30 12700->12826 12728 7ff681904f60 12701->12728 12704 7ff68190b5e6 12706 7ff681904f60 18 API calls 12704->12706 12709 7ff68190b625 memset 12704->12709 12707 7ff68190b772 memcpy 12706->12707 12837 7ff6819068e0 12707->12837 12709->12694 12711 7ff68190aac7 12710->12711 12712 7ff68190aac0 12710->12712 12711->12698 12712->12711 13051 7ff68190a710 12712->13051 12714 7ff68190aaff memcpy 12714->12698 12716 7ff68191103f 12715->12716 12718 7ff681911090 12716->12718 13077 7ff681910e90 12716->13077 12720 7ff681906b90 22 API calls 12720->12718 12722 7ff681906ba2 12721->12722 12723 7ff681906bb0 12721->12723 12722->12698 12724 7ff681904f60 18 API calls 12723->12724 12727 7ff681906c39 12723->12727 12725 7ff681906c00 memcpy 12724->12725 12726 7ff6819068e0 3 API calls 12725->12726 12726->12727 12727->12698 12729 7ff681904f83 12728->12729 12730 7ff681904ff0 12728->12730 12733 7ff681904f94 12729->12733 12734 7ff681905060 VirtualAlloc 12729->12734 12731 7ff681905005 12730->12731 12732 7ff681905148 12730->12732 12736 7ff6819051f0 12731->12736 12739 7ff681904fc7 12731->12739 12735 7ff681904890 10 API calls 12732->12735 12844 7ff681904890 12733->12844 12734->12736 12737 7ff681905083 12734->12737 12735->12739 12872 7ff681903f80 12736->12872 12740 7ff6819050bf 12737->12740 12744 7ff6819050da 12737->12744 12739->12704 12861 7ff681903fc0 12740->12861 12741 7ff681904f9c 12854 7ff681904e20 12741->12854 12744->12741 12753 7ff6819051d5 12753->12704 12828 7ff681909f40 12826->12828 12827 7ff68190a097 12827->12701 12828->12827 12906 7ff681907a40 12828->12906 12833 7ff68190a01b 12833->12701 12835 7ff681909fe6 12835->12833 12836 7ff681906b90 22 API calls 12835->12836 12836->12835 12838 7ff681906a10 12837->12838 12840 7ff681906912 12837->12840 12838->12709 12839 7ff6819069aa VirtualFree 12839->12838 12841 7ff6819069f0 12839->12841 12840->12838 12840->12839 12842 7ff681903eb0 _fputchar 12841->12842 12843 7ff6819069fc exit 12842->12843 12843->12838 12845 7ff6819048ab 12844->12845 12853 7ff681904a54 12844->12853 12846 7ff681904bb4 12845->12846 12849 7ff681904190 10 API calls 12845->12849 12850 7ff681904a04 12845->12850 12845->12853 12846->12853 12890 7ff681904190 12846->12890 12848 7ff681903fc0 7 API calls 12851 7ff681904aa2 12848->12851 12849->12846 12850->12853 12886 7ff681904510 12850->12886 12851->12741 12853->12848 12853->12851 12855 7ff681904ef0 12854->12855 12856 7ff681904e4b 12854->12856 12857 7ff681904efc 12855->12857 12859 7ff681903fc0 7 API calls 12855->12859 12858 7ff681904e57 12856->12858 12860 7ff681904e20 7 API calls 12856->12860 12857->12739 12858->12739 12859->12857 12860->12858 12862 7ff681904010 VirtualAlloc 12861->12862 12863 7ff681903fd9 12861->12863 12865 7ff681904070 12862->12865 12866 7ff68190402e 12862->12866 12863->12862 12864 7ff681903fe1 memset 12863->12864 12864->12753 12867 7ff681903f80 5 API calls 12865->12867 12866->12864 12869 7ff681904075 12867->12869 12868 7ff6819040ee 12868->12753 12869->12868 12870 7ff681903fc0 5 API calls 12869->12870 12871 7ff6819040c2 12870->12871 12871->12753 12873 7ff681903f90 shared_ptr 12872->12873 12903 7ff681903e20 12873->12903 12887 7ff681904565 12886->12887 12888 7ff6819045de 12887->12888 12889 7ff681903fc0 7 API calls 12887->12889 12888->12853 12889->12888 12891 7ff6819041ac 12890->12891 12892 7ff6819043f8 12890->12892 12893 7ff6819041e4 VirtualAlloc 12891->12893 12894 7ff6819043d8 VirtualAlloc 12891->12894 12892->12850 12896 7ff681904404 VirtualAlloc 12893->12896 12897 7ff6819041fb 12893->12897 12895 7ff6819043ef 12894->12895 12900 7ff681904202 12894->12900 12898 7ff681903f80 7 API calls 12895->12898 12896->12895 12896->12897 12897->12900 12899 7ff6819043f4 12898->12899 12899->12892 12901 7ff681903fc0 7 API calls 12900->12901 12902 7ff681904246 12900->12902 12901->12902 12902->12850 12904 7ff681903e41 fwrite 12903->12904 12905 7ff681903e36 strlen 12903->12905 12905->12904 12908 7ff681907a68 12906->12908 12907 7ff681907bb0 12952 7ff6819097f0 12907->12952 12908->12907 12909 7ff681907bc8 12908->12909 12910 7ff681904f60 18 API calls 12908->12910 12928 7ff681907c1d 12908->12928 12912 7ff681904f60 18 API calls 12909->12912 12911 7ff681907b6b memcpy 12910->12911 12914 7ff6819068e0 3 API calls 12911->12914 12913 7ff681907bed memcpy 12912->12913 12915 7ff6819068e0 3 API calls 12913->12915 12914->12908 12915->12928 12916 7ff6819081bd 12916->12907 12919 7ff681904f60 18 API calls 12916->12919 12917 7ff681904f60 18 API calls 12922 7ff681907eb4 memcpy 12917->12922 12918 7ff681907f4d 12921 7ff681904f60 18 API calls 12918->12921 12923 7ff68190825f memcpy 12919->12923 12920 7ff681907fb5 12926 7ff681904f60 18 API calls 12920->12926 12924 7ff681907f85 memcpy 12921->12924 12927 7ff6819068e0 3 API calls 12922->12927 12930 7ff6819068e0 3 API calls 12923->12930 12931 7ff6819068e0 3 API calls 12924->12931 12925 7ff68190801d 12929 7ff681904f60 18 API calls 12925->12929 12932 7ff681907fed memcpy 12926->12932 12927->12928 12928->12916 12928->12917 12928->12918 12928->12920 12928->12925 12933 7ff681908085 12928->12933 12935 7ff6819080ed 12928->12935 12940 7ff681908155 12928->12940 12942 7ff681907ef8 12928->12942 12934 7ff681908055 memcpy 12929->12934 12930->12916 12931->12920 12937 7ff6819068e0 3 API calls 12932->12937 12936 7ff681904f60 18 API calls 12933->12936 12938 7ff6819068e0 3 API calls 12934->12938 12941 7ff681904f60 18 API calls 12935->12941 12939 7ff6819080bd memcpy 12936->12939 12937->12925 12938->12933 12944 7ff6819068e0 3 API calls 12939->12944 12943 7ff681904f60 18 API calls 12940->12943 12945 7ff681908125 memcpy 12941->12945 12947 7ff681904f60 18 API calls 12942->12947 12946 7ff68190818d memcpy 12943->12946 12944->12935 12948 7ff6819068e0 3 API calls 12945->12948 12949 7ff6819068e0 3 API calls 12946->12949 12950 7ff681907f1d memcpy 12947->12950 12948->12940 12949->12916 12951 7ff6819068e0 3 API calls 12950->12951 12951->12918 12957 7ff681909808 12952->12957 12953 7ff681909930 12953->12835 12960 7ff681909bc0 12953->12960 12954 7ff6819068e0 3 API calls 12954->12957 12955 7ff681909961 12972 7ff681908f50 12955->12972 12957->12953 12957->12954 12957->12955 12958 7ff681909400 22 API calls 12957->12958 12958->12957 12961 7ff681909bf2 12960->12961 12965 7ff681909c07 12960->12965 12962 7ff6819097f0 44 API calls 12961->12962 12961->12965 12962->12961 12963 7ff6819068e0 3 API calls 12963->12965 12964 7ff681904f60 18 API calls 12964->12965 12965->12963 12965->12964 12967 7ff681906390 7 API calls 12965->12967 12968 7ff681909eb2 VirtualFree 12965->12968 12979 7ff681909060 12965->12979 12993 7ff681909b20 12965->12993 13001 7ff681903eb0 12965->13001 12967->12965 12968->12965 12973 7ff68190b5a0 46 API calls 12972->12973 12974 7ff681908f71 12973->12974 12975 7ff68190aab0 46 API calls 12974->12975 12976 7ff681908f95 12975->12976 12977 7ff681911020 46 API calls 12976->12977 12978 7ff681906b90 22 API calls 12976->12978 12977->12976 12978->12976 13005 7ff6819074b0 12979->13005 12981 7ff681909087 12982 7ff68190927a 12981->12982 12983 7ff681909294 12981->12983 12991 7ff6819090ba 12981->12991 12982->12991 13012 7ff681909970 12982->13012 13019 7ff681909400 12983->13019 12985 7ff681909188 12985->12965 12987 7ff6819092a8 12988 7ff681908f50 46 API calls 12987->12988 12990 7ff6819092b2 12988->12990 12989 7ff6819074b0 22 API calls 12989->12991 12991->12985 12991->12987 12991->12989 12992 7ff681909400 22 API calls 12991->12992 12992->12991 12994 7ff681909b37 12993->12994 12995 7ff681909b5d 12993->12995 12994->12995 12998 7ff681909b50 VirtualFree 12994->12998 12996 7ff681909b85 12995->12996 12999 7ff681909b78 VirtualFree 12995->12999 12997 7ff681909bb6 12996->12997 13000 7ff681909060 44 API calls 12996->13000 12997->12965 12998->12995 12998->12998 12999->12996 12999->12999 13000->12996 13002 7ff681903ed9 shared_ptr 13001->13002 13043 7ff68191f710 13002->13043 13004 7ff681903eeb exit 13004->12965 13006 7ff6819074e0 13005->13006 13008 7ff6819074ff 13006->13008 13009 7ff681907535 13006->13009 13025 7ff6819073e0 13006->13025 13008->12981 13010 7ff681904f60 18 API calls 13009->13010 13011 7ff681907570 13010->13011 13011->12981 13014 7ff681909990 13012->13014 13015 7ff681909a38 13012->13015 13013 7ff681908f50 46 API calls 13013->13014 13014->13012 13014->13013 13014->13015 13018 7ff681909400 22 API calls 13014->13018 13031 7ff6819096d0 13014->13031 13037 7ff6819092c0 13014->13037 13015->12991 13018->13014 13020 7ff681909447 13019->13020 13023 7ff68190941b 13019->13023 13020->12987 13021 7ff6819096d0 22 API calls 13021->13023 13022 7ff6819092c0 22 API calls 13022->13023 13023->13020 13023->13021 13023->13022 13024 7ff681909400 22 API calls 13023->13024 13024->13023 13026 7ff681904f60 18 API calls 13025->13026 13027 7ff681907415 memset 13026->13027 13028 7ff68190743a 13027->13028 13029 7ff6819068e0 3 API calls 13028->13029 13030 7ff68190749e 13029->13030 13030->13009 13033 7ff6819096e9 13031->13033 13032 7ff6819096f9 13032->13014 13033->13031 13033->13032 13034 7ff6819096d0 22 API calls 13033->13034 13035 7ff681909400 22 API calls 13033->13035 13036 7ff6819092c0 22 API calls 13033->13036 13034->13033 13035->13033 13036->13033 13038 7ff6819092fb 13037->13038 13039 7ff6819092ce 13037->13039 13038->13014 13039->13038 13040 7ff681904f60 18 API calls 13039->13040 13041 7ff68190936f memcpy 13040->13041 13042 7ff6819068e0 3 API calls 13041->13042 13042->13038 13044 7ff68191f730 13043->13044 13047 7ff68192153f 13044->13047 13046 7ff68191f754 13046->13004 13049 7ff68192155e 13047->13049 13048 7ff681921f23 13048->13046 13049->13048 13050 7ff68191f770 _fputchar 13049->13050 13050->13049 13052 7ff68190a74f 13051->13052 13053 7ff68190a763 13052->13053 13054 7ff681909f30 43 API calls 13052->13054 13055 7ff68190a858 13053->13055 13056 7ff68190a77b 13053->13056 13054->13053 13057 7ff68190a9b8 13055->13057 13058 7ff68190a875 13055->13058 13059 7ff68190a8d8 VirtualAlloc 13056->13059 13060 7ff68190a78c 13056->13060 13061 7ff681904890 10 API calls 13057->13061 13062 7ff68190aa88 13058->13062 13066 7ff68190a7cc memset 13058->13066 13059->13062 13064 7ff68190a8fb 13059->13064 13063 7ff681904890 10 API calls 13060->13063 13061->13066 13065 7ff681903f80 7 API calls 13062->13065 13068 7ff68190a79e 13063->13068 13064->13068 13069 7ff68190a93b 13064->13069 13074 7ff68190aaa5 13065->13074 13066->12714 13071 7ff681904e20 7 API calls 13068->13071 13070 7ff681903fc0 7 API calls 13069->13070 13073 7ff68190aa5e 13070->13073 13071->13066 13072 7ff68190aac7 13072->12714 13073->12714 13074->13072 13075 7ff68190a710 43 API calls 13074->13075 13076 7ff68190aaff memcpy 13075->13076 13076->12714 13078 7ff681910ead 13077->13078 13080 7ff681910fc8 13077->13080 13079 7ff681911017 13078->13079 13084 7ff681910f71 13078->13084 13086 7ff68190b5a0 45 API calls 13078->13086 13082 7ff681908f50 45 API calls 13079->13082 13080->13079 13081 7ff681910fef 13080->13081 13083 7ff68190b5a0 45 API calls 13081->13083 13087 7ff68191101c 13082->13087 13083->13084 13084->12718 13084->12720 13085 7ff681911090 13088 7ff681910f24 13086->13088 13087->13085 13089 7ff681910e90 45 API calls 13087->13089 13088->13079 13090 7ff681910f54 memcpy 13088->13090 13092 7ff68191105e 13089->13092 13090->13084 13092->13085 13093 7ff681906b90 22 API calls 13092->13093 13093->13085 13094 7ff68191c8f0 13107 7ff681902f90 13094->13107 13096 7ff68191c916 13125 7ff681916d30 13096->13125 13099 7ff68191c990 13128 7ff68191c5b0 13099->13128 13101 7ff68191c952 13102 7ff68191c97b 13101->13102 13145 7ff6819127b0 13101->13145 13150 7ff681902830 13107->13150 13109 7ff681902fba 13110 7ff681902fbe 13109->13110 13111 7ff68190b5a0 46 API calls 13109->13111 13110->13096 13112 7ff681902fe8 13111->13112 13113 7ff681903004 13112->13113 13114 7ff681903110 13112->13114 13160 7ff68190b7e0 13113->13160 13115 7ff68190b7e0 46 API calls 13114->13115 13118 7ff68190305d 13115->13118 13119 7ff681903095 13118->13119 13163 7ff6819072f0 13118->13163 13120 7ff6819030cd 13119->13120 13123 7ff6819072f0 22 API calls 13119->13123 13121 7ff681911020 46 API calls 13120->13121 13124 7ff6819030f8 13121->13124 13123->13120 13124->13096 13126 7ff68190b5a0 46 API calls 13125->13126 13127 7ff681916d49 _setjmp 13126->13127 13127->13099 13127->13101 13173 7ff681918360 13128->13173 13146 7ff6819127c2 longjmp 13145->13146 13147 7ff6819127d1 13145->13147 13146->13147 13482 7ff681911880 13147->13482 13149 7ff6819127f1 exit 13151 7ff68190285b 13150->13151 13170 7ff6819026f0 13151->13170 13154 7ff6819026f0 strlen 13155 7ff681902877 _wfopen 13154->13155 13156 7ff681902900 13155->13156 13157 7ff68190288b 13155->13157 13156->13109 13158 7ff6819028a2 13157->13158 13159 7ff6819028b0 setbuf 13157->13159 13158->13109 13159->13109 13161 7ff68190b5a0 46 API calls 13160->13161 13162 7ff681903010 memcpy 13161->13162 13162->13118 13164 7ff681907306 13163->13164 13165 7ff681907310 13163->13165 13164->13119 13166 7ff681907323 13165->13166 13167 7ff681904f60 18 API calls 13165->13167 13166->13119 13168 7ff68190736c memcpy 13167->13168 13169 7ff6819068e0 3 API calls 13168->13169 13169->13166 13171 7ff6819026fe strlen 13170->13171 13172 7ff681902718 13170->13172 13171->13172 13172->13154 13174 7ff68190b5a0 46 API calls 13173->13174 13175 7ff68191837d 13174->13175 13198 7ff681908ec0 13175->13198 13177 7ff68191838a 13178 7ff6819183a2 13177->13178 13220 7ff681911160 13177->13220 13180 7ff681908f50 46 API calls 13178->13180 13181 7ff6819183ac 13178->13181 13180->13181 13182 7ff6819183d3 13181->13182 13183 7ff681911160 52 API calls 13181->13183 13203 7ff68190b990 13182->13203 13183->13182 13185 7ff6819183e2 13186 7ff681908ec0 22 API calls 13185->13186 13187 7ff6819183ed 13186->13187 13188 7ff681917940 13187->13188 13189 7ff68191795b 13188->13189 13195 7ff681917967 13188->13195 13423 7ff6819020f0 13189->13423 13191 7ff6819020f0 47 API calls 13191->13195 13192 7ff681908ec0 22 API calls 13192->13195 13193 7ff681911160 52 API calls 13193->13195 13195->13191 13195->13192 13195->13193 13196 7ff681908f50 46 API calls 13195->13196 13364 7ff68190b820 13195->13364 13367 7ff6819173d0 13195->13367 13196->13195 13200 7ff681908ed1 13198->13200 13199 7ff681908f00 13199->13177 13200->13199 13201 7ff681906b90 22 API calls 13200->13201 13202 7ff681908f15 13201->13202 13202->13177 13204 7ff68190b9af 13203->13204 13205 7ff68190b9f2 13204->13205 13208 7ff68190b9e0 13204->13208 13206 7ff681908f50 46 API calls 13205->13206 13207 7ff68190b9f7 13206->13207 13211 7ff68190ba58 13207->13211 13213 7ff681909f30 46 API calls 13207->13213 13209 7ff68190b5a0 46 API calls 13208->13209 13210 7ff68190b9e5 13209->13210 13210->13185 13212 7ff681904f60 18 API calls 13211->13212 13214 7ff68190ba6b 13212->13214 13213->13211 13216 7ff681904f60 18 API calls 13214->13216 13219 7ff68190bab1 memcpy 13214->13219 13217 7ff68190bc12 memcpy 13216->13217 13218 7ff6819068e0 3 API calls 13217->13218 13218->13219 13219->13185 13245 7ff681902100 13220->13245 13223 7ff681902100 52 API calls 13224 7ff681911183 13223->13224 13225 7ff681902100 52 API calls 13224->13225 13226 7ff68191118e 13225->13226 13227 7ff68190b5a0 46 API calls 13226->13227 13228 7ff6819111d4 13227->13228 13248 7ff681903e70 memcpy 13228->13248 13230 7ff6819111f1 13231 7ff681911201 13230->13231 13249 7ff681903e70 memcpy 13230->13249 13250 7ff681903e70 memcpy 13231->13250 13234 7ff681911210 13235 7ff681911220 13234->13235 13251 7ff681903e70 memcpy 13234->13251 13252 7ff681903e70 memcpy 13235->13252 13238 7ff68191122f 13239 7ff68191123f 13238->13239 13253 7ff681903e70 memcpy 13238->13253 13254 7ff6819110d0 13239->13254 13261 7ff681901ba0 13245->13261 13247 7ff68190211a 13247->13223 13248->13230 13249->13231 13250->13234 13251->13235 13252->13238 13253->13239 13255 7ff68190b5a0 46 API calls 13254->13255 13256 7ff6819110f6 13255->13256 13257 7ff68190aab0 46 API calls 13256->13257 13258 7ff681911116 13257->13258 13259 7ff681911020 46 API calls 13258->13259 13260 7ff681906b90 22 API calls 13258->13260 13259->13258 13260->13258 13262 7ff681901e80 13261->13262 13276 7ff681901bbf 13261->13276 13262->13276 13326 7ff68190b860 13262->13326 13264 7ff681908f50 46 API calls 13267 7ff68190204a 13264->13267 13265 7ff68190203b 13270 7ff681908f50 46 API calls 13265->13270 13267->13267 13268 7ff681911160 51 API calls 13268->13276 13269 7ff681908ec0 22 API calls 13269->13276 13273 7ff681902040 13270->13273 13271 7ff68190b860 49 API calls 13271->13276 13272 7ff681911300 51 API calls 13279 7ff681901fcd 13272->13279 13273->13264 13274 7ff681901f64 13277 7ff681911160 51 API calls 13274->13277 13275 7ff681908f50 46 API calls 13275->13276 13276->13265 13276->13268 13276->13271 13276->13273 13276->13274 13276->13275 13278 7ff681911300 51 API calls 13276->13278 13276->13279 13281 7ff681901fc8 13276->13281 13282 7ff681901d5b 13276->13282 13284 7ff681908ec0 22 API calls 13276->13284 13280 7ff681901f83 13277->13280 13278->13276 13279->13272 13287 7ff681908f50 46 API calls 13279->13287 13280->13247 13283 7ff681908f50 46 API calls 13281->13283 13285 7ff681901d6a 13282->13285 13293 7ff681911300 13282->13293 13283->13279 13284->13276 13286 7ff681901d74 13285->13286 13289 7ff681911300 51 API calls 13285->13289 13290 7ff681901d7d memcpy 13286->13290 13291 7ff681911160 51 API calls 13286->13291 13287->13279 13289->13286 13290->13247 13292 7ff681901e72 13291->13292 13292->13290 13294 7ff681911318 13293->13294 13301 7ff6819113ae 13293->13301 13333 7ff681902130 13294->13333 13297 7ff681902130 52 API calls 13300 7ff681911328 13297->13300 13298 7ff681904f60 18 API calls 13298->13301 13299 7ff681909f30 46 API calls 13299->13301 13302 7ff681911524 13300->13302 13303 7ff681911334 13300->13303 13301->13298 13301->13299 13348 7ff681906af0 13301->13348 13306 7ff6819115b8 13302->13306 13307 7ff68191152d 13302->13307 13304 7ff68191157b 13303->13304 13305 7ff681911341 13303->13305 13308 7ff68190b5a0 46 API calls 13304->13308 13309 7ff68190b5a0 46 API calls 13305->13309 13310 7ff68190b5a0 46 API calls 13306->13310 13317 7ff681903e70 memcpy 13306->13317 13311 7ff68190b5a0 46 API calls 13307->13311 13312 7ff68191159b 13308->13312 13313 7ff681911364 13309->13313 13310->13306 13311->13301 13347 7ff681903e70 memcpy 13312->13347 13336 7ff681903e70 memcpy 13313->13336 13316 7ff681911381 13337 7ff681903e70 memcpy 13316->13337 13317->13306 13319 7ff68191138c 13338 7ff681903e70 memcpy 13319->13338 13322 7ff68191139b 13339 7ff681903e70 memcpy 13322->13339 13324 7ff6819113a6 13340 7ff681911270 13324->13340 13327 7ff68190b950 13326->13327 13328 7ff68190b889 13326->13328 13330 7ff68190b5a0 46 API calls 13327->13330 13329 7ff681901f06 13328->13329 13354 7ff68190a0b0 13328->13354 13329->13269 13330->13329 13334 7ff681901ba0 52 API calls 13333->13334 13335 7ff68190214a 13334->13335 13335->13297 13336->13316 13337->13319 13338->13322 13339->13324 13341 7ff68190b5a0 46 API calls 13340->13341 13342 7ff681911296 13341->13342 13343 7ff68190aab0 46 API calls 13342->13343 13344 7ff6819112b6 13343->13344 13345 7ff681911020 46 API calls 13344->13345 13346 7ff681906b90 22 API calls 13344->13346 13345->13344 13346->13344 13347->13306 13349 7ff681906b28 13348->13349 13350 7ff681906b0b 13348->13350 13351 7ff681904f60 18 API calls 13349->13351 13350->13301 13352 7ff681906b54 memcpy 13351->13352 13353 7ff6819068e0 3 API calls 13352->13353 13353->13350 13355 7ff68190a0d2 13354->13355 13356 7ff68190a0e2 13355->13356 13358 7ff681909f30 46 API calls 13355->13358 13357 7ff681904f60 18 API calls 13356->13357 13360 7ff68190a0f5 13357->13360 13358->13356 13359 7ff68190a134 memcpy memset 13359->13329 13360->13359 13361 7ff681904f60 18 API calls 13360->13361 13362 7ff68190a27a memcpy 13361->13362 13363 7ff6819068e0 3 API calls 13362->13363 13363->13359 13365 7ff68190b5a0 46 API calls 13364->13365 13366 7ff68190b853 13365->13366 13366->13195 13369 7ff6819173f4 13367->13369 13377 7ff681917822 13367->13377 13368 7ff681908f50 46 API calls 13370 7ff68191782c 13368->13370 13371 7ff6819020f0 47 API calls 13369->13371 13376 7ff681917414 13369->13376 13374 7ff681908f50 46 API calls 13370->13374 13371->13376 13372 7ff681917818 13373 7ff681908f50 46 API calls 13372->13373 13373->13377 13378 7ff681917836 13374->13378 13375 7ff68191784f 13380 7ff681908f50 46 API calls 13375->13380 13376->13372 13376->13375 13379 7ff68191778f 13376->13379 13397 7ff681917444 13376->13397 13377->13368 13386 7ff681908f50 46 API calls 13378->13386 13381 7ff6819020f0 47 API calls 13379->13381 13383 7ff68191785e 13380->13383 13384 7ff68191779b 13381->13384 13382 7ff6819174a7 13382->13370 13382->13378 13382->13384 13387 7ff6819174d7 13382->13387 13383->13383 13393 7ff681908f50 46 API calls 13384->13393 13385 7ff68191774d 13390 7ff681911300 52 API calls 13385->13390 13388 7ff681917840 13386->13388 13426 7ff681916e10 13387->13426 13399 7ff681908f50 46 API calls 13388->13399 13389 7ff681917809 13392 7ff681908f50 46 API calls 13389->13392 13403 7ff6819176b0 13390->13403 13392->13372 13396 7ff6819177a5 13393->13396 13394 7ff681917735 13402 7ff681911300 52 API calls 13394->13402 13405 7ff681908f50 46 API calls 13396->13405 13397->13382 13397->13385 13397->13389 13397->13394 13400 7ff681917496 memcpy 13397->13400 13398 7ff6819177fa 13401 7ff681908f50 46 API calls 13398->13401 13399->13375 13400->13382 13401->13389 13402->13385 13406 7ff681911300 52 API calls 13403->13406 13407 7ff6819176d3 13403->13407 13404 7ff681917517 13404->13396 13418 7ff681917521 13404->13418 13408 7ff6819176ea 13405->13408 13406->13407 13407->13195 13409 7ff681911300 52 API calls 13408->13409 13412 7ff68191770d 13408->13412 13409->13412 13410 7ff6819020f0 47 API calls 13410->13418 13411 7ff681911300 52 API calls 13411->13418 13412->13407 13415 7ff681908f50 46 API calls 13412->13415 13413 7ff681908f50 46 API calls 13413->13418 13414 7ff68190b860 49 API calls 13414->13418 13415->13407 13416 7ff681911160 52 API calls 13416->13418 13417 7ff681908ec0 22 API calls 13417->13418 13418->13407 13418->13410 13418->13411 13418->13413 13418->13414 13418->13416 13418->13417 13419 7ff681916e10 63 API calls 13418->13419 13420 7ff6819176df 13418->13420 13419->13418 13420->13408 13421 7ff6819177f0 13420->13421 13422 7ff681908f50 46 API calls 13421->13422 13422->13398 13475 7ff681902050 13423->13475 13427 7ff681916e30 13426->13427 13429 7ff681916e50 13426->13429 13433 7ff681903210 13427->13433 13430 7ff681911300 52 API calls 13429->13430 13431 7ff681908f50 46 API calls 13429->13431 13430->13429 13431->13429 13434 7ff68190322f 13433->13434 13435 7ff681903243 13434->13435 13436 7ff681903237 ferror 13434->13436 13435->13388 13435->13398 13435->13403 13435->13404 13436->13435 13437 7ff681903250 13436->13437 13440 7ff681902a00 _errno 13437->13440 13441 7ff681902130 52 API calls 13440->13441 13442 7ff681902a1e _errno 13441->13442 13443 7ff681902a2a 13442->13443 13453 7ff68190be60 13443->13453 13446 7ff68190b7e0 46 API calls 13448 7ff681902a52 memcpy 13446->13448 13447 7ff68190b7e0 46 API calls 13449 7ff681902af5 13447->13449 13450 7ff681902ad5 clearerr 13448->13450 13451 7ff681902ab5 memcpy 13448->13451 13449->13447 13449->13450 13449->13451 13466 7ff681902920 13450->13466 13451->13450 13454 7ff681902a32 13453->13454 13455 7ff68190be7f strlen 13453->13455 13454->13446 13454->13449 13456 7ff68190beb1 13455->13456 13457 7ff68190bed7 13456->13457 13459 7ff681909f30 46 API calls 13456->13459 13458 7ff681904f60 18 API calls 13457->13458 13461 7ff68190bf07 13458->13461 13459->13457 13462 7ff681904f60 18 API calls 13461->13462 13465 7ff68190bfc8 memcpy 13461->13465 13463 7ff68190c04f memcpy 13462->13463 13464 7ff6819068e0 3 API calls 13463->13464 13464->13465 13465->13454 13467 7ff68190b5a0 46 API calls 13466->13467 13468 7ff681902946 13467->13468 13469 7ff68190aab0 46 API calls 13468->13469 13470 7ff681902966 13469->13470 13471 7ff681902986 13470->13471 13472 7ff6819072f0 22 API calls 13470->13472 13473 7ff681911020 46 API calls 13471->13473 13474 7ff6819072f0 22 API calls 13471->13474 13472->13471 13473->13471 13474->13471 13476 7ff68190b5a0 46 API calls 13475->13476 13477 7ff681902076 13476->13477 13478 7ff68190aab0 46 API calls 13477->13478 13479 7ff681902096 13478->13479 13480 7ff681911020 46 API calls 13479->13480 13481 7ff6819072f0 22 API calls 13479->13481 13480->13479 13481->13479 13483 7ff6819118b8 13482->13483 13484 7ff6819118c2 13482->13484 13483->13484 13499 7ff68190c5e0 13483->13499 13488 7ff681911913 memcpy 13484->13488 13497 7ff681911932 13484->13497 13498 7ff6819119e9 13484->13498 13486 7ff681911ab6 13490 7ff681911976 13486->13490 13491 7ff681911ac3 strlen 13486->13491 13487 7ff68191193f 13489 7ff68191195b strlen 13487->13489 13496 7ff6819119d5 13487->13496 13488->13497 13489->13490 13492 7ff681911ade memcpy strlen 13489->13492 13493 7ff68191199c strlen 13490->13493 13490->13496 13509 7ff6819116b0 13490->13509 13491->13490 13491->13492 13492->13149 13494 7ff68190a0b0 47 API calls 13493->13494 13494->13496 13496->13492 13496->13498 13497->13486 13497->13487 13498->13149 13500 7ff68190b5a0 46 API calls 13499->13500 13505 7ff68190c615 13500->13505 13501 7ff68190c891 13501->13484 13502 7ff68190c360 49 API calls 13502->13505 13503 7ff681901ba0 52 API calls 13503->13505 13504 7ff68190a0b0 47 API calls 13504->13505 13505->13501 13505->13502 13505->13503 13505->13504 13506 7ff68190a2e0 48 API calls 13505->13506 13507 7ff68190a0b0 47 API calls 13505->13507 13506->13505 13508 7ff68190c746 memcpy 13507->13508 13508->13505 13510 7ff6819116dd _setjmp 13509->13510 13511 7ff68191179f 13509->13511 13512 7ff6819117c0 13510->13512 13513 7ff681911711 13510->13513 13514 7ff6819117ac 13511->13514 13515 7ff681911850 MessageBoxA 13511->13515 13518 7ff681911774 13512->13518 13520 7ff681906b90 22 API calls 13512->13520 13516 7ff68191171f strlen 13513->13516 13513->13518 13514->13490 13515->13514 13517 7ff68190a0b0 47 API calls 13516->13517 13519 7ff681911759 memcpy 13517->13519 13518->13511 13521 7ff68191186b 13518->13521 13522 7ff681911830 13518->13522 13519->13518 13520->13518 13544 7ff681911620 13521->13544 13541 7ff681911c00 13522->13541 13542 7ff681911c20 13541->13542 13543 7ff681911880 71 API calls 13542->13543 13545 7ff68190b5a0 46 API calls 13544->13545 13546 7ff681911641 13545->13546 13547 7ff68190aab0 46 API calls 13546->13547 13548 7ff681911665 13547->13548 13549 7ff681911020 46 API calls 13548->13549 13550 7ff681906b90 22 API calls 13548->13550 13549->13548 13550->13548 13993 7ff68191b8c9 13994 7ff68191ba05 13993->13994 13998 7ff68191b6ed 13993->13998 13995 7ff681908f50 46 API calls 13994->13995 13997 7ff68191ba0a 13995->13997 13997->13997 13999 7ff681911300 52 API calls 13998->13999 14000 7ff681908f50 46 API calls 13998->14000 14001 7ff68190bc80 13998->14001 13999->13998 14000->13998 14002 7ff68190bc98 14001->14002 14004 7ff68190bc91 14001->14004 14002->13998 14003 7ff68190bcf0 14006 7ff681904f60 18 API calls 14003->14006 14004->14002 14004->14003 14005 7ff681909f30 46 API calls 14004->14005 14005->14003 14008 7ff68190bd1d 14006->14008 14009 7ff68190bdda memcpy 14008->14009 14010 7ff681906af0 22 API calls 14008->14010 14009->13998 14010->14009 14015 7ff6819032e0 _fileno _isatty 14016 7ff68190330f 14015->14016 14061 7ff681903790 14015->14061 14018 7ff68190b860 49 API calls 14016->14018 14020 7ff681903336 14018->14020 14023 7ff681908ec0 22 API calls 14020->14023 14021 7ff6819037de ReadConsoleW 14024 7ff681903805 14021->14024 14025 7ff681903aa0 GetLastError FormatMessageW 14021->14025 14022 7ff681911160 52 API calls 14026 7ff681903a42 14022->14026 14123 7ff681903341 14023->14123 14024->14026 14030 7ff68190382c 14024->14030 14126 7ff681903985 14024->14126 14027 7ff681903b68 14025->14027 14028 7ff681903ae7 14025->14028 14031 7ff681908f50 46 API calls 14026->14031 14029 7ff681902130 52 API calls 14027->14029 14035 7ff68190b7e0 46 API calls 14027->14035 14062 7ff681902790 memcpy 14027->14062 14101 7ff681902920 47 API calls 14027->14101 14033 7ff681903b04 14028->14033 14034 7ff681903afe LocalFree 14028->14034 14029->14027 14032 7ff6819038b3 14030->14032 14042 7ff681908f50 46 API calls 14030->14042 14058 7ff681903851 14030->14058 14041 7ff681903a4c 14031->14041 14037 7ff6819038c0 14032->14037 14038 7ff6819038b8 fclose 14032->14038 14036 7ff681902130 52 API calls 14033->14036 14034->14033 14035->14027 14043 7ff681903b0c 14036->14043 14039 7ff6819039ff 14037->14039 14037->14058 14038->14037 14046 7ff681908ec0 22 API calls 14039->14046 14040 7ff681911300 52 API calls 14045 7ff6819039a7 14040->14045 14047 7ff68190b860 49 API calls 14041->14047 14042->14030 14048 7ff681903bed 14043->14048 14049 7ff681903b18 14043->14049 14044 7ff6819034b0 _errno 14050 7ff6819036d0 ferror 14044->14050 14051 7ff6819034bc _errno clearerr 14044->14051 14045->14041 14059 7ff6819039b2 14045->14059 14052 7ff681903a0c 14046->14052 14053 7ff681903a63 14047->14053 14048->14027 14057 7ff68190b7e0 46 API calls 14048->14057 14049->14027 14055 7ff68190b7e0 46 API calls 14049->14055 14056 7ff6819036e0 14050->14056 14050->14123 14051->14123 14069 7ff681911160 52 API calls 14052->14069 14060 7ff681908ec0 22 API calls 14053->14060 14054 7ff681908f50 46 API calls 14054->14123 14063 7ff681903b31 14055->14063 14064 7ff681902a00 61 API calls 14056->14064 14065 7ff681903b43 14057->14065 14066 7ff681908ec0 22 API calls 14058->14066 14067 7ff68190b860 49 API calls 14059->14067 14083 7ff68190378b 14060->14083 14127 7ff681902170 14061->14127 14062->14027 14141 7ff681902790 memcpy 14063->14141 14072 7ff6819036e8 14064->14072 14142 7ff681902790 memcpy 14065->14142 14066->14083 14073 7ff6819039ba 14067->14073 14068 7ff681911300 52 API calls 14075 7ff681903635 14068->14075 14076 7ff681903a25 14069->14076 14070 7ff681903598 14070->14075 14080 7ff681911300 52 API calls 14070->14080 14088 7ff681911160 52 API calls 14072->14088 14081 7ff681908ec0 22 API calls 14073->14081 14074 7ff681911160 52 API calls 14084 7ff6819034fb fgets 14074->14084 14075->14061 14075->14068 14085 7ff681911160 52 API calls 14075->14085 14076->14022 14077 7ff681903404 fgets 14086 7ff681903520 _errno 14077->14086 14077->14123 14078 7ff68190343a memchr 14078->14123 14089 7ff6819035cf fgets 14080->14089 14081->14083 14082 7ff681911300 52 API calls 14091 7ff6819035e9 14082->14091 14084->14123 14093 7ff681903666 fgets 14085->14093 14086->14050 14092 7ff68190352c _errno clearerr 14086->14092 14087 7ff681903b4e 14143 7ff681902790 memcpy 14087->14143 14095 7ff681903704 14088->14095 14089->14091 14096 7ff681903688 _errno 14089->14096 14090 7ff681903720 ferror 14090->14056 14090->14091 14091->14082 14091->14090 14103 7ff681903618 _errno 14091->14103 14092->14123 14093->14091 14096->14090 14098 7ff681903694 _errno clearerr 14096->14098 14097 7ff6819039d8 14104 7ff681911300 52 API calls 14097->14104 14098->14070 14099 7ff681903c33 14105 7ff681908f50 46 API calls 14099->14105 14100 7ff681903b5d 14144 7ff681902790 memcpy 14100->14144 14101->14027 14102 7ff681903c2e 14107 7ff681908f50 46 API calls 14102->14107 14103->14090 14109 7ff681903624 _errno clearerr 14103->14109 14104->14097 14110 7ff681903c3d 14105->14110 14107->14099 14108 7ff68190376f 14108->14052 14112 7ff681903775 14108->14112 14109->14075 14110->14110 14111 7ff68190b860 49 API calls 14111->14123 14113 7ff68190b860 49 API calls 14112->14113 14116 7ff681903780 14113->14116 14114 7ff681911300 52 API calls 14114->14123 14115 7ff681908ec0 22 API calls 14115->14123 14118 7ff681908ec0 22 API calls 14116->14118 14117 7ff6819038f4 14119 7ff68190b860 49 API calls 14117->14119 14118->14083 14120 7ff6819038fc 14119->14120 14121 7ff681908ec0 22 API calls 14120->14121 14121->14083 14122 7ff68190396f 14122->14041 14124 7ff681903bbc 14122->14124 14122->14126 14123->14041 14123->14044 14123->14050 14123->14054 14123->14070 14123->14072 14123->14074 14123->14077 14123->14078 14123->14091 14123->14097 14123->14099 14123->14102 14123->14108 14123->14111 14123->14114 14123->14115 14123->14117 14123->14122 14125 7ff681908f50 46 API calls 14124->14125 14125->14027 14126->14040 14126->14045 14128 7ff6819023cc 14127->14128 14129 7ff681902190 14127->14129 14130 7ff681908f50 46 API calls 14128->14130 14131 7ff6819023d6 14129->14131 14133 7ff6819021a3 14129->14133 14134 7ff6819023b8 14129->14134 14130->14131 14132 7ff681908f50 46 API calls 14131->14132 14137 7ff6819023e0 14132->14137 14135 7ff68190b5a0 46 API calls 14133->14135 14136 7ff681911160 52 API calls 14134->14136 14138 7ff6819021b2 14135->14138 14136->14128 14137->14137 14139 7ff6819022ee _fileno _get_osfhandle 14138->14139 14140 7ff681908f50 46 API calls 14138->14140 14139->14021 14139->14076 14140->14138 14141->14065 14142->14087 14143->14100 14144->14027 13551 7ff6819010f6 13554 7ff681901154 13551->13554 13555 7ff681901188 13554->13555 13556 7ff68190123d _amsg_exit 13555->13556 13557 7ff681901249 13555->13557 13558 7ff68190127e 13556->13558 13557->13558 13559 7ff681901256 _initterm 13557->13559 13560 7ff681901296 _initterm 13558->13560 13561 7ff6819012bc 13558->13561 13559->13558 13560->13561 13570 7ff681901591 13561->13570 13563 7ff68190140e 13574 7ff68191e0b0 13563->13574 13566 7ff681901455 exit 13567 7ff681901462 13566->13567 13568 7ff681901117 13567->13568 13569 7ff68190146c _cexit 13567->13569 13569->13568 13571 7ff6819015b7 13570->13571 13572 7ff68190166a 13571->13572 13573 7ff6819015f1 _malloc_dbg memcpy 13571->13573 13572->13563 13573->13571 13575 7ff68191e0c8 13574->13575 13578 7ff68191df50 13575->13578 13579 7ff68191df65 13578->13579 13601 7ff681903d10 13579->13601 13581 7ff68191df6a 13614 7ff681912f50 13581->13614 13583 7ff68191df7e 13621 7ff681915440 13583->13621 13593 7ff68191df97 13686 7ff68191d6d0 13593->13686 13596 7ff68191dfbc 13599 7ff68191dff0 90 API calls 13596->13599 13600 7ff68191d9f0 59 API calls 13596->13600 13597 7ff681901445 13597->13566 13597->13567 13599->13597 13600->13597 13700 7ff681912190 13601->13700 13603 7ff681903d75 13604 7ff681903d84 13603->13604 13606 7ff6819121c0 6 API calls 13603->13606 13605 7ff681912550 strlen fwrite exit GetProcAddress GetProcAddress 13604->13605 13607 7ff681903d90 13605->13607 13606->13604 13608 7ff681912550 strlen fwrite exit GetProcAddress GetProcAddress 13607->13608 13609 7ff681903daa 13608->13609 13610 7ff681912550 strlen fwrite exit GetProcAddress GetProcAddress 13609->13610 13611 7ff681903dc4 13610->13611 13612 7ff681912550 strlen fwrite exit GetProcAddress GetProcAddress 13611->13612 13613 7ff681903dde 13612->13613 13613->13581 13615 7ff681912f69 13614->13615 13616 7ff681912fef 13614->13616 13703 7ff681911ea0 13615->13703 13717 7ff681903f00 13616->13717 13622 7ff681912190 LoadLibraryA 13621->13622 13623 7ff681915450 13622->13623 13624 7ff68191545f 13623->13624 13727 7ff6819121c0 13623->13727 13722 7ff681912550 GetProcAddress 13624->13722 13628 7ff6819154a0 13629 7ff681912190 LoadLibraryA 13628->13629 13630 7ff6819154b0 13629->13630 13631 7ff6819154bf 13630->13631 13633 7ff6819121c0 6 API calls 13630->13633 13632 7ff681912550 5 API calls 13631->13632 13634 7ff6819154cb 13632->13634 13633->13631 13635 7ff681912550 5 API calls 13634->13635 13636 7ff6819154e5 13635->13636 13637 7ff681915510 13636->13637 13638 7ff681912190 LoadLibraryA 13637->13638 13639 7ff681915520 13638->13639 13641 7ff6819121c0 6 API calls 13639->13641 13643 7ff681915533 13639->13643 13640 7ff681912550 5 API calls 13642 7ff68191553f 13640->13642 13641->13643 13644 7ff681912550 5 API calls 13642->13644 13643->13640 13645 7ff681915559 13644->13645 13646 7ff681912550 5 API calls 13645->13646 13647 7ff681915573 13646->13647 13648 7ff681912550 5 API calls 13647->13648 13649 7ff68191558d 13648->13649 13650 7ff681912550 5 API calls 13649->13650 13651 7ff6819155a7 13650->13651 13652 7ff681912550 5 API calls 13651->13652 13653 7ff6819155c1 13652->13653 13654 7ff681912550 5 API calls 13653->13654 13655 7ff6819155db 13654->13655 13656 7ff681912550 5 API calls 13655->13656 13657 7ff6819155f5 13656->13657 13658 7ff681912550 5 API calls 13657->13658 13659 7ff68191560f 13658->13659 13660 7ff681915640 13659->13660 13661 7ff681912190 LoadLibraryA 13660->13661 13662 7ff681915650 13661->13662 13664 7ff6819121c0 6 API calls 13662->13664 13666 7ff68191565f 13662->13666 13663 7ff681912550 5 API calls 13665 7ff68191566b 13663->13665 13664->13666 13667 7ff681915720 13665->13667 13666->13663 13668 7ff681912190 LoadLibraryA 13667->13668 13669 7ff681915730 13668->13669 13670 7ff681915743 13669->13670 13671 7ff6819121c0 6 API calls 13669->13671 13672 7ff681912550 5 API calls 13670->13672 13671->13670 13673 7ff68191574f 13672->13673 13674 7ff681912550 5 API calls 13673->13674 13675 7ff681915769 13674->13675 13676 7ff681912550 5 API calls 13675->13676 13677 7ff681915783 13676->13677 13678 7ff681912550 5 API calls 13677->13678 13679 7ff68191579d 13678->13679 13680 7ff681912550 5 API calls 13679->13680 13681 7ff6819157b7 13680->13681 13682 7ff681912550 5 API calls 13681->13682 13683 7ff6819157d1 13682->13683 13684 7ff681912550 5 API calls 13683->13684 13685 7ff6819157eb 13684->13685 13685->13593 13687 7ff681912190 LoadLibraryA 13686->13687 13688 7ff68191d6e0 13687->13688 13689 7ff68191d6ef 13688->13689 13691 7ff6819121c0 6 API calls 13688->13691 13690 7ff681912550 5 API calls 13689->13690 13692 7ff68191d6fb 13690->13692 13691->13689 13693 7ff68191d730 13692->13693 13758 7ff681903ca0 13693->13758 13695 7ff68191d739 13696 7ff6819156e0 LoadLibraryA GetProcAddress 13695->13696 13697 7ff68191d73e 13696->13697 13698 7ff681915890 shared_ptr 6 API calls 13697->13698 13699 7ff68191d743 13698->13699 13701 7ff6819121a8 LoadLibraryA 13700->13701 13702 7ff68191219c 13700->13702 13702->13701 13704 7ff681904f60 18 API calls 13703->13704 13705 7ff681911efa 13704->13705 13706 7ff681904f60 18 API calls 13705->13706 13707 7ff681911f51 13706->13707 13708 7ff681904f60 18 API calls 13707->13708 13709 7ff681911fa8 13708->13709 13710 7ff681904f60 18 API calls 13709->13710 13711 7ff681911ff8 13710->13711 13712 7ff681904f60 18 API calls 13711->13712 13713 7ff681912069 13712->13713 13714 7ff6819120bc signal signal signal signal signal 13713->13714 13715 7ff681908f50 46 API calls 13713->13715 13714->13583 13716 7ff6819120dd 13715->13716 13720 7ff681926140 13717->13720 13721 7ff681926197 13720->13721 13723 7ff681912575 13722->13723 13724 7ff681912587 13722->13724 13723->13628 13724->13723 13724->13724 13725 7ff681912655 13724->13725 13746 7ff6819124f0 13725->13746 13728 7ff6819121e0 13727->13728 13729 7ff681903e20 2 API calls 13728->13729 13730 7ff6819121ef 13729->13730 13731 7ff6819121f8 13730->13731 13732 7ff6819122fa 13730->13732 13733 7ff681903e20 2 API calls 13731->13733 13734 7ff681903e20 2 API calls 13732->13734 13735 7ff68191221d GetLastError 13733->13735 13736 7ff681912310 GetLastError 13734->13736 13739 7ff681912357 13735->13739 13745 7ff68191222e 13735->13745 13737 7ff681912416 13736->13737 13736->13745 13740 7ff681903e20 2 API calls 13737->13740 13738 7ff6819122b8 MessageBoxA 13738->13745 13741 7ff681903e20 2 API calls 13739->13741 13743 7ff6819123ff 13740->13743 13741->13745 13742 7ff681903e20 2 API calls 13744 7ff6819122dc exit 13742->13744 13743->13624 13744->13745 13745->13738 13745->13742 13745->13743 13747 7ff681912508 13746->13747 13748 7ff681903e20 2 API calls 13747->13748 13749 7ff681912517 13748->13749 13750 7ff681903e20 2 API calls 13749->13750 13751 7ff681912529 13750->13751 13752 7ff681903e20 2 API calls 13751->13752 13753 7ff68191253f exit 13752->13753 13754 7ff681912550 GetProcAddress 13753->13754 13755 7ff681912575 13754->13755 13756 7ff681912587 13754->13756 13755->13724 13756->13755 13756->13756 13757 7ff6819124f0 2 API calls 13756->13757 13757->13756 13759 7ff681903cb2 _fileno _setmode 13758->13759 13760 7ff681903cd5 _fileno _setmode 13759->13760 13761 7ff681903cea _fileno 13760->13761

    Executed Functions

    Function 00007FF681904F60 Relevance: 10.9, APIs: 8, Instructions: 915memoryCOMMON
    Download Yara Rule
    APIs
    • VirtualAlloc.KERNEL32(?,?,?,?,00007FF681911EFA,?,?,?,?,?,00007FF681912FA6), ref: 00007FF681905071
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID: AllocVirtual
    • String ID:
    • API String ID: 4275171209-0
    • Opcode ID: 9a337c39e9fbd68c2939055e76a4218d5b4ab3975e78b545a5217bee15b4930b
    • Instruction ID: 04bf23fb3b4de7da31fe4d00e0f7d249634d27a85009526b99803b11375f2bb2
    • Opcode Fuzzy Hash: 9a337c39e9fbd68c2939055e76a4218d5b4ab3975e78b545a5217bee15b4930b
    • Instruction Fuzzy Hash: 7792BBB2A15B86C0FF198B15E4043A933A4FF44B98F588239DE5E87396EF38E595C340
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF681901154 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 193COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 242 7ff681901154-7ff681901193 call 7ff681924e50 245 7ff681901195-7ff68190119f 242->245 246 7ff6819011a8-7ff6819011d5 242->246 245->246 247 7ff6819011f8-7ff68190122d 246->247 248 7ff68190122f-7ff68190123b 247->248 249 7ff6819011d7-7ff6819011df 247->249 252 7ff68190123d-7ff681901247 _amsg_exit 248->252 253 7ff681901249-7ff681901254 248->253 250 7ff6819011e1-7ff6819011e8 249->250 251 7ff6819011ea-7ff6819011ef 249->251 250->248 251->247 254 7ff681901288-7ff681901294 252->254 255 7ff68190127e 253->255 256 7ff681901256-7ff68190127c _initterm 253->256 257 7ff6819012bc-7ff6819012c0 254->257 258 7ff681901296-7ff6819012b6 _initterm 254->258 255->254 256->254 259 7ff6819012c2-7ff6819012e0 257->259 260 7ff6819012e1-7ff6819012ee 257->260 258->257 259->260 261 7ff6819012f0-7ff681901305 260->261 262 7ff68190130c-7ff681901364 call 7ff68191ebad call 7ff681925640 call 7ff68191e440 call 7ff681925880 260->262 261->262 272 7ff6819013cc-7ff6819013d7 262->272 273 7ff681901366 262->273 274 7ff6819013fa-7ff681901440 call 7ff681901591 call 7ff68191e1b7 call 7ff68191e0b0 272->274 275 7ff6819013d9-7ff6819013e4 272->275 276 7ff681901385-7ff68190138e 273->276 295 7ff681901445-7ff681901453 274->295 280 7ff6819013ef 275->280 281 7ff6819013e6-7ff6819013ed 275->281 278 7ff681901390-7ff681901399 276->278 279 7ff681901368-7ff681901371 276->279 285 7ff68190139b-7ff68190139f 278->285 286 7ff6819013a8-7ff6819013b1 278->286 282 7ff681901373-7ff68190137d 279->282 283 7ff681901380 279->283 287 7ff6819013f4 280->287 281->287 282->283 283->276 285->279 289 7ff6819013a1 285->289 290 7ff6819013b3-7ff6819013bc 286->290 291 7ff6819013be-7ff6819013c9 286->291 287->274 289->286 290->291 293 7ff6819013a3 290->293 291->272 293->286 296 7ff681901455-7ff68190145d exit 295->296 297 7ff681901462-7ff68190146a 295->297 296->297 298 7ff681901471-7ff68190147f 297->298 299 7ff68190146c _cexit 297->299 299->298
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID: _initterm$_amsg_exit_cexitexit
    • String ID: 0
    • API String ID: 602970348-4108050209
    • Opcode ID: 18152dc38931aa76d55913cfdde5ce47ea42b5fc810d91329955d6071fa549f5
    • Instruction ID: 9530c077f219a2b85df9530a42def377f91053e77aa0ee4e1445472e63fdda95
    • Opcode Fuzzy Hash: 18152dc38931aa76d55913cfdde5ce47ea42b5fc810d91329955d6071fa549f5
    • Instruction Fuzzy Hash: A5A1D565B08B96C9FF508BA6E8903A833B4BF48B88F444079DD5C977A6DE3CE541C750
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6819156E0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 13libraryloaderCOMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID: AddressProc
    • String ID: inet_ntop
    • API String ID: 190572456-448242623
    • Opcode ID: e1d460bbce0865a637450e0f91de2002ebba67c024cd9f9fe951fcc0f47cd0bb
    • Instruction ID: 1064305f4e2adddc437c5c492045a3b690b780807b4adddcb37bd5478d0656e7
    • Opcode Fuzzy Hash: e1d460bbce0865a637450e0f91de2002ebba67c024cd9f9fe951fcc0f47cd0bb
    • Instruction Fuzzy Hash: 6ED0E220E1AA82C0FF08EB11A8910B422967F99388EC5483CC02EC9367EE2CB096C340
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF68191D670 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID: InfoSystem
    • String ID:
    • API String ID: 31276548-0
    • Opcode ID: c89b31c7888661c0a9a4f9aa8fe12e3e2f3bd5d212fccb190140e91747797806
    • Instruction ID: 779ab6b3bc2e5fc8681055bd3cdf63f6b9089eeafa6cabf3a151b275501faf53
    • Opcode Fuzzy Hash: c89b31c7888661c0a9a4f9aa8fe12e3e2f3bd5d212fccb190140e91747797806
    • Instruction Fuzzy Hash: 46E09232618F80C2EB609B00F49930BB2B1FB85349FA04218E6CD46B98CF7EC249CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF681902D20 Relevance: 17.7, APIs: 4, Strings: 6, Instructions: 151COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID: _setjmp_wfopenfclosememcpymemset
    • String ID: IOError$cannot o$io.nim$pen:$wbN$writeFile
    • API String ID: 1063761298-1396497175
    • Opcode ID: 27f821a2765c6139977250cb7966aed35f4cbf71f75cd712facd26d5db0e3d8b
    • Instruction ID: e80453f458086310d9f550a9a079b9174fd3135b3034b377993b2367dbf75e75
    • Opcode Fuzzy Hash: 27f821a2765c6139977250cb7966aed35f4cbf71f75cd712facd26d5db0e3d8b
    • Instruction Fuzzy Hash: 88613976A09B86C0EF55DF15E4443A963A5FF88B88F58803ADA5D873A6EF7CE444C340
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF681902F90 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 106COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID: _wfopenmemcpy
    • String ID: IOError$cannot o$cannot o$io.nim$open$pen:
    • API String ID: 980655097-49100086
    • Opcode ID: 21188ed88dc60ee596d35a9f4afba89d7a2040d39f31ad79330fe72baa837c41
    • Instruction ID: 6f6f5c51805072b61f76cbfbb9de8fe9855fba4401007f0354e56b0e511833fc
    • Opcode Fuzzy Hash: 21188ed88dc60ee596d35a9f4afba89d7a2040d39f31ad79330fe72baa837c41
    • Instruction Fuzzy Hash: C9414766615B8AC1EF049F19E4442AE63A1FF48B88F48803ADE5C8B7A6DF7CD545C340
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF681912F50 Relevance: 7.5, APIs: 5, Instructions: 38COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID: signal
    • String ID:
    • API String ID: 1946981877-0
    • Opcode ID: 8cf0164a6d6eaf762099ca9ed41d9dbfbdaa6152f87df9789dfe57ac783d1d8c
    • Instruction ID: 5c9bdf54d825e858fbc5c7f34eec7e176a569d0b3543507127ac220d2d981ec4
    • Opcode Fuzzy Hash: 8cf0164a6d6eaf762099ca9ed41d9dbfbdaa6152f87df9789dfe57ac783d1d8c
    • Instruction Fuzzy Hash: 23012C60A18682D1FF106751E8067BAA226FF88788F80403DDE6D873A7DE2CE545C784
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF681903F80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID: exitmemset
    • String ID: out of memory
    • API String ID: 2099101326-49810860
    • Opcode ID: 853497e125a0a92dd752f666bf22ca2b71ace8109358948c81d68bf103432a26
    • Instruction ID: 118a94cc6d5e95eb52806f74b2b0517efc91a906e72b56e1aa0ff680a410cf47
    • Opcode Fuzzy Hash: 853497e125a0a92dd752f666bf22ca2b71ace8109358948c81d68bf103432a26
    • Instruction Fuzzy Hash: 93212C22A09BC5C1FB149B66F4487A96265EF48F98F088039DE5C57796DE38A585D300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF681904190 Relevance: 3.9, APIs: 3, Instructions: 159memoryCOMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 354 7ff681904190-7ff6819041a6 355 7ff6819041ac-7ff6819041b9 354->355 356 7ff6819043f8-7ff6819043ff 354->356 357 7ff681904270-7ff6819042a6 355->357 358 7ff6819041bf-7ff6819041ca 355->358 359 7ff6819041cf-7ff6819041de 357->359 358->359 360 7ff6819041e4-7ff6819041f5 VirtualAlloc 359->360 361 7ff6819043d8-7ff6819043e9 VirtualAlloc 359->361 364 7ff681904404-7ff68190441d VirtualAlloc 360->364 365 7ff6819041fb 360->365 362 7ff681904202-7ff681904217 361->362 363 7ff6819043ef-7ff6819043f4 call 7ff681903f80 361->363 368 7ff681904220-7ff681904227 362->368 363->356 364->363 367 7ff68190441f-7ff681904426 364->367 365->362 367->362 370 7ff68190422d-7ff681904237 368->370 371 7ff6819042ab-7ff6819042c1 368->371 370->368 373 7ff681904239-7ff68190426a call 7ff681903fc0 370->373 372 7ff6819042c4-7ff6819042ec 371->372 374 7ff6819042ee 372->374 375 7ff6819042f8-7ff6819042fc 372->375 373->372 377 7ff681904329-7ff681904336 374->377 378 7ff6819042f0-7ff6819042f6 375->378 379 7ff6819042fe-7ff68190431b 375->379 382 7ff681904342-7ff68190435d 377->382 383 7ff681904338-7ff68190433d 377->383 378->375 378->377 379->377 381 7ff68190431d-7ff681904326 379->381 381->377 384 7ff681904370-7ff681904374 382->384 385 7ff68190435f 382->385 383->382 387 7ff681904368-7ff68190436e 384->387 388 7ff681904376-7ff68190439e 384->388 386 7ff6819043c8 385->386 389 7ff6819043cc-7ff6819043d2 386->389 387->384 387->386 388->389 390 7ff6819043a0-7ff6819043a4 388->390 391 7ff6819043a9-7ff6819043c0 389->391 390->389 392 7ff6819043a6 390->392 392->391
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID: AllocVirtual
    • String ID:
    • API String ID: 4275171209-0
    • Opcode ID: e493359e166283d94cceb80b45c459964f2ff1c8c56952fbc7783912b76423f3
    • Instruction ID: b30a9364da52ad333dd15b1703d33b000f71a77be6289de2023b8944eb241b03
    • Opcode Fuzzy Hash: e493359e166283d94cceb80b45c459964f2ff1c8c56952fbc7783912b76423f3
    • Instruction Fuzzy Hash: 62516CB2706B86C0EF199B19D9483A92791FF54FC8F59953ADE4D8B386EE38E441C300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF68191D750 Relevance: 3.1, APIs: 2, Instructions: 98COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID: ChangeCloseFileFindModuleNameNotification
    • String ID:
    • API String ID: 3974213399-0
    • Opcode ID: b4a91e13410b2409b7688e8971041f5dd9145c7f8b81d1c64d49f09dc1122c03
    • Instruction ID: 96ebc233d4378f7ba6daa29ce34e042f288c1bdbec37b01566bb7388f86d19ef
    • Opcode Fuzzy Hash: b4a91e13410b2409b7688e8971041f5dd9145c7f8b81d1c64d49f09dc1122c03
    • Instruction Fuzzy Hash: 8C315C21B04696C1EF04EB26A85426A2395BF89FD8F404139ED2E877E3DE3CE445C340
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF681902830 Relevance: 3.1, APIs: 2, Instructions: 73COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID: _wfopensetbuf
    • String ID:
    • API String ID: 3741545344-0
    • Opcode ID: 0afc50e70c385362d4a5c342205256d931b5ea8e45c8474936378456b5f7747f
    • Instruction ID: 0fbbc58c481b5b38366b49181529f4cd1bb7c373d67d4448207b6a7456e6fc0b
    • Opcode Fuzzy Hash: 0afc50e70c385362d4a5c342205256d931b5ea8e45c8474936378456b5f7747f
    • Instruction Fuzzy Hash: EC119022F0A29681FF5A9B5678417A551557F54B9CE88003EEE2D87783EE7CEAC1D300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF681903FC0 Relevance: 2.6, APIs: 2, Instructions: 88memoryCOMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID: AllocVirtualmemset
    • String ID:
    • API String ID: 921305906-0
    • Opcode ID: 72eb7ec76da0ebc84bfd8253e068abe5a3ee2639d0780ac1debb1b6a81347911
    • Instruction ID: fb33609d7eac39e18642bcffb4275c1ead020735df64d42e84f3bfb2d085811a
    • Opcode Fuzzy Hash: 72eb7ec76da0ebc84bfd8253e068abe5a3ee2639d0780ac1debb1b6a81347911
    • Instruction Fuzzy Hash: 47316732A05BD4C1EB158F56F8447A966A4EB48FD8F098139DE8C5B796DE389992C300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF68191C8F0 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID: _setjmp
    • String ID:
    • API String ID: 3051281561-0
    • Opcode ID: 252746b0932810a5d243ec31952864f6fd706ef753d64086097dc8eb499c2de7
    • Instruction ID: 87cd61793ec843401f89d1fdbf17beeb56a78f815bac5d475d1b0000a286d83f
    • Opcode Fuzzy Hash: 252746b0932810a5d243ec31952864f6fd706ef753d64086097dc8eb499c2de7
    • Instruction Fuzzy Hash: 9221CF76A08F85C0EF60AB15E48036A73A5FF887D8F545239EAAD437AADF3CD154C600
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF681903210 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID: ferror
    • String ID:
    • API String ID: 4103079560-0
    • Opcode ID: 7b8b12044b1de539b7e6ca5b6411228178162e78d2c3e4143ac5a52cb7d55953
    • Instruction ID: 4353a331b8d410df7033a01e7742a905f3c86f3d489c98af1448567a631630e3
    • Opcode Fuzzy Hash: 7b8b12044b1de539b7e6ca5b6411228178162e78d2c3e4143ac5a52cb7d55953
    • Instruction Fuzzy Hash: 02E01221A09096C1EF58A76328416B65291BF8AB8CF880479ED2E8B383ED3CB595C640
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6819173D0 Relevance: 1.5, APIs: 1, Instructions: 276COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 553 7ff6819173d0-7ff6819173ee 554 7ff681917827-7ff68191782c call 7ff681908f50 553->554 555 7ff6819173f4-7ff6819173fe 553->555 568 7ff681917831-7ff681917836 call 7ff681908f50 554->568 557 7ff681917400 555->557 558 7ff681917403-7ff681917406 555->558 557->558 559 7ff681917408-7ff68191740f call 7ff6819020f0 558->559 560 7ff681917414-7ff68191741d 558->560 559->560 563 7ff68191781d-7ff681917822 call 7ff681908f50 560->563 564 7ff681917423-7ff68191742d 560->564 563->554 565 7ff68191742f 564->565 566 7ff681917432-7ff681917435 564->566 565->566 570 7ff681917859 call 7ff681908f50 566->570 571 7ff68191743b-7ff68191743e 566->571 581 7ff68191783b-7ff681917840 call 7ff681908f50 568->581 580 7ff68191785e 570->580 574 7ff68191778f-7ff68191779b call 7ff6819020f0 571->574 575 7ff681917444 571->575 591 7ff6819177a0-7ff6819177a5 call 7ff681908f50 574->591 578 7ff681917446-7ff68191744e 575->578 579 7ff6819174a7-7ff6819174af 575->579 584 7ff681917757 578->584 585 7ff681917454-7ff68191745e 578->585 579->581 582 7ff6819174b5-7ff6819174b9 579->582 580->580 606 7ff681917845-7ff68191784f call 7ff681908f50 581->606 582->568 586 7ff6819174bf-7ff6819174d1 582->586 588 7ff68191775e-7ff681917765 call 7ff681911300 584->588 585->588 589 7ff681917464-7ff68191746d 585->589 590 7ff6819174d7-7ff6819174f1 call 7ff681916e10 586->590 586->591 609 7ff68191776a-7ff68191776d 588->609 593 7ff681917813-7ff681917818 call 7ff681908f50 589->593 594 7ff681917473-7ff68191747b 589->594 602 7ff6819174f6-7ff6819174f9 590->602 622 7ff6819177aa-7ff6819177af call 7ff681908f50 591->622 593->563 599 7ff681917481-7ff681917484 594->599 600 7ff681917735-7ff681917738 594->600 604 7ff6819177db-7ff6819177e2 599->604 608 7ff68191748a-7ff681917490 599->608 600->604 605 7ff68191773e 600->605 610 7ff6819177ff-7ff681917809 call 7ff681908f50 602->610 611 7ff6819174ff-7ff681917508 602->611 614 7ff681917745-7ff68191774d call 7ff681911300 604->614 612 7ff681917741 605->612 606->570 608->612 615 7ff681917496-7ff6819174a2 memcpy 608->615 617 7ff68191776f 609->617 618 7ff6819177d2-7ff6819177d9 609->618 610->593 611->606 619 7ff68191750e-7ff681917511 611->619 612->614 614->584 615->579 624 7ff681917772 617->624 627 7ff681917776-7ff68191778d call 7ff681911300 618->627 625 7ff681917517-7ff68191751b 619->625 626 7ff6819176b0-7ff6819176b8 619->626 637 7ff6819177b4-7ff6819177b7 622->637 624->627 625->622 633 7ff681917521-7ff681917526 625->633 626->609 632 7ff6819176be-7ff6819176c1 626->632 638 7ff681917721-7ff681917734 627->638 632->618 635 7ff6819176c7-7ff6819176cd 632->635 636 7ff68191752d-7ff681917530 633->636 635->624 639 7ff6819176d3-7ff6819176dd 635->639 640 7ff681917536 636->640 641 7ff68191764c 636->641 642 7ff6819177e7-7ff6819177ee 637->642 643 7ff6819177b9 637->643 639->638 644 7ff681917539-7ff68191753c 640->644 649 7ff681917658 641->649 646 7ff6819177c0-7ff6819177cd call 7ff681911300 642->646 645 7ff6819177bc 643->645 647 7ff68191754b-7ff68191754e 644->647 648 7ff68191753e-7ff681917546 call 7ff6819020f0 644->648 645->646 667 7ff68191770d-7ff681917715 646->667 651 7ff681917680-7ff681917683 647->651 652 7ff681917554 647->652 648->647 650 7ff68191765c-7ff681917669 call 7ff681911300 649->650 670 7ff68191756d-7ff681917586 650->670 657 7ff681917689-7ff68191768e 651->657 658 7ff681917592-7ff68191759c 651->658 656 7ff681917558-7ff68191755b 652->656 662 7ff681917670-7ff681917677 656->662 663 7ff681917561-7ff681917567 656->663 664 7ff6819175c1-7ff6819175e5 call 7ff68190b860 call 7ff681908ec0 657->664 665 7ff68191759e call 7ff681908f50 658->665 666 7ff6819175a3-7ff6819175a6 658->666 662->650 663->649 663->670 681 7ff6819175e7-7ff6819175f3 664->681 682 7ff6819175fa-7ff68191761c call 7ff681916e10 664->682 665->666 672 7ff6819175a8-7ff6819175b7 call 7ff681911160 666->672 673 7ff6819175bc 666->673 668 7ff681917717 call 7ff681908f50 667->668 669 7ff68191771c 667->669 668->669 669->638 670->669 676 7ff68191758c-7ff681917590 670->676 672->673 673->664 676->656 676->658 681->682 683 7ff6819175f5 call 7ff681908f50 681->683 687 7ff6819176df-7ff6819176e4 682->687 688 7ff681917622-7ff68191762a 682->688 683->682 691 7ff6819176ea-7ff6819176f2 687->691 692 7ff6819177f0-7ff6819177fa call 7ff681908f50 687->692 689 7ff681917698-7ff6819176a1 688->689 690 7ff68191762c-7ff681917633 688->690 689->644 690->636 693 7ff681917639-7ff681917646 call 7ff681908f50 690->693 691->637 695 7ff6819176f8-7ff6819176fb 691->695 692->610 693->640 693->641 695->642 698 7ff681917701-7ff681917707 695->698 698->645 698->667
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID: memcpy$memset
    • String ID:
    • API String ID: 438689982-0
    • Opcode ID: dc08fd6d3fc55408266f9dde7ca30003bbf7355f0e024b13de807a0a80f03677
    • Instruction ID: 1c642150321d067efabc827c5b785655cb930c4576594a43c24c35e9b0bad46d
    • Opcode Fuzzy Hash: dc08fd6d3fc55408266f9dde7ca30003bbf7355f0e024b13de807a0a80f03677
    • Instruction Fuzzy Hash: 7DB13761B09AC3C0EF199A29904417A669ABF44BECF154B39DE3EC63D7DE2CE481C351
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF681916350 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID: AttributesFile
    • String ID:
    • API String ID: 3188754299-0
    • Opcode ID: e9f0a96791c708a9010401f49bb86567d23ce87b713f713dae81a4fb1255bc17
    • Instruction ID: 0d63a4e7a1892db7fa68cbe43ce31a98e4c407d8b8b752aec0311e9a311a590b
    • Opcode Fuzzy Hash: e9f0a96791c708a9010401f49bb86567d23ce87b713f713dae81a4fb1255bc17
    • Instruction Fuzzy Hash: 8BD0A921F304A2C1AB58232E88826291250BF89B1CB800238DC2DC3BA2DC1EF082EB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF68191D730 Relevance: 1.5, APIs: 1, Instructions: 7COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID: _fileno$_setmode$AddressProcshared_ptr
    • String ID:
    • API String ID: 3442249512-0
    • Opcode ID: 1bbd6bee7ca314ecb5ff1f378a98e95d5ed50209f8fc3e91e3dfc1b4721c09f0
    • Instruction ID: 03ae593ff7338872598ecb14c9156787fc948a23eb214b8ea95a2111168e4c9e
    • Opcode Fuzzy Hash: 1bbd6bee7ca314ecb5ff1f378a98e95d5ed50209f8fc3e91e3dfc1b4721c09f0
    • Instruction Fuzzy Hash: 65B04800D1A092C0FA0432A214830A800082F5A388FA18838E50EC01878C0C31D2C922
    Uniqueness

    Uniqueness Score: -1.00%

    Non-executed Functions

    Function 00007FF6819032E0 Relevance: 42.6, APIs: 28, Instructions: 565COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID: _fileno$ConsoleRead_get_osfhandle_isattyfgetsmemchr
    • String ID:
    • API String ID: 331362131-0
    • Opcode ID: bf7721558d5032ad57805503a0b48ce63dd80bbe9ee655aaabdf6ccb7f62d052
    • Instruction ID: 6476ca71df2ea146d9ac5105a49f2542e4935d8e1d806f27693df8586046208c
    • Opcode Fuzzy Hash: bf7721558d5032ad57805503a0b48ce63dd80bbe9ee655aaabdf6ccb7f62d052
    • Instruction Fuzzy Hash: 44227B25F09682C8EF14AB27945427A6291BF45BECF44823DDD2E8B7D7DE2CE685C301
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF681907A40 Relevance: 18.5, APIs: 11, Strings: 1, Instructions: 504COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID: memcpy
    • String ID: OverflowDefect
    • API String ID: 3510742995-6336404
    • Opcode ID: 81cb64b7fcd98d93e855f2303c98c2bac2d4b73a0909ed8a568bb3861618f2fb
    • Instruction ID: 9c5fda186eb2488856989cdff6487a8fcae6648363e1c800bf3de9f2234f6513
    • Opcode Fuzzy Hash: 81cb64b7fcd98d93e855f2303c98c2bac2d4b73a0909ed8a568bb3861618f2fb
    • Instruction Fuzzy Hash: B2224BB6A25B9AC2DF489F19D0403AD2366FB58FC8F405026DE5D5B39AEF79E481C340
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6819223FA Relevance: 5.9, APIs: 1, Strings: 2, Instructions: 1364COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID: Infinity$NaN
    • API String ID: 0-4285296124
    • Opcode ID: 12d1032e74e3b1f8543173a40b3ca490ec59d33540e1414a21d251a99bc50bef
    • Instruction ID: 535c8cdecd757d8238ed1d13a509c871f5dbbc985b18ab4e081579be79424949
    • Opcode Fuzzy Hash: 12d1032e74e3b1f8543173a40b3ca490ec59d33540e1414a21d251a99bc50bef
    • Instruction Fuzzy Hash: 98E20932A04B85CEEB51CF79C4442AD37A5FB0978CF104229EA2D97B5ADF78E585CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF681901BA0 Relevance: 3.3, APIs: 1, Strings: 1, Instructions: 288COMMON
    Download Yara Rule
    APIs
    Strings
    • 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899, xrefs: 00007FF681901BE0, 00007FF68190201F
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID: memcpy
    • String ID: 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899
    • API String ID: 3510742995-2272463933
    • Opcode ID: 8a17a78db8fd3797514e3aa661dc2083546ec29918882c3f96734bedf7378a3b
    • Instruction ID: dfe64a77213d4211165eb101ba082d7aa0801113aef175de84f18bff17fba8a5
    • Opcode Fuzzy Hash: 8a17a78db8fd3797514e3aa661dc2083546ec29918882c3f96734bedf7378a3b
    • Instruction Fuzzy Hash: 81A1BE61F096C6C1EF14AA2644002BA56967F45BECF48873DEE6D8B7D7EE2CE441D300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6819180D0 Relevance: .1, Instructions: 107COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: ec3724f8433fdec1104569e72a70f4e546433f7ba1a4e6760dd5b10f910ca2c1
    • Instruction ID: d0a7da64216fe8663e52ed8007f48f47eec1f54ca6159d67c26f72f2d67cfc4c
    • Opcode Fuzzy Hash: ec3724f8433fdec1104569e72a70f4e546433f7ba1a4e6760dd5b10f910ca2c1
    • Instruction Fuzzy Hash: EB318E1371494689AB05A63A0E05167AF4ABB887DCFD4A535CD0AC73C5EE3CE587D100
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6819116B0 Relevance: 26.5, APIs: 10, Strings: 5, Instructions: 283stringCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID: _setjmpmemcpystrlen
    • String ID: excepti$Error: u$OverflowDefect$nhandled$on:
    • API String ID: 2088497005-53087153
    • Opcode ID: 5b8764e1885f152dffe792192bc9f3bd8c7ca2b94d35ca257597eec2e571903b
    • Instruction ID: f2101c67e76ba7a52a9bb2ee96a57f41dd42f9801ee49263b3c840509b2f374c
    • Opcode Fuzzy Hash: 5b8764e1885f152dffe792192bc9f3bd8c7ca2b94d35ca257597eec2e571903b
    • Instruction Fuzzy Hash: 24C1BC36A09AC6D1FF658B25E0003BA27A5FF84B88F448139DA5D87796EF3CE581C740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6819121C0 Relevance: 24.7, APIs: 4, Strings: 10, Instructions: 199windowCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID: ErrorLast$Messageexitfwritestrlen
    • String ID: (bad format; library may be wrong architecture)$could no$could no$could no$could no$could not load: $t load: $t load: $t load: $t load:
    • API String ID: 1660677205-3355986595
    • Opcode ID: a0ebbc1aa5f57decb5802ebb50801389729744b8abeda43f721f25b26f1a80fd
    • Instruction ID: 3e22d0bd0f93bb2ce1c5602862b040fca9487d0aab46bf9f32e1f7d68d753a9e
    • Opcode Fuzzy Hash: a0ebbc1aa5f57decb5802ebb50801389729744b8abeda43f721f25b26f1a80fd
    • Instruction Fuzzy Hash: 2881B035B086C6C6EF289B15A5142796266FF49B88F94053DDB8E87BD6EF2CE941C300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF681911D10 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 99stringCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID: exitlongjmpstrlen
    • String ID: SIGABRT: Abnormal termination.$SIGFPE: Arithmetic error.$SIGILL: Illegal operation.$SIGINT: Interrupted by Ctrl-C.$SIGSEGV: Illegal storage access. (Attempt to read from nil?)$unknown signal
    • API String ID: 119334053-3987738871
    • Opcode ID: cbebec29c024a6b0373feadaf6e200350ef28ca1bc1492c835fde03d9a9d8403
    • Instruction ID: c004165d23eb1f7abb7c6054f146ab5fc37e43ecf12e1dc4f0b56d9f8896ce73
    • Opcode Fuzzy Hash: cbebec29c024a6b0373feadaf6e200350ef28ca1bc1492c835fde03d9a9d8403
    • Instruction Fuzzy Hash: 89410D25B09686E0FF59AB65A4542B863A6BF45B8CF98043DD92D87393EF3CF484C350
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF681911880 Relevance: 16.6, APIs: 6, Strings: 5, Instructions: 122stringCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID: strlen$memcpy
    • String ID: excepti$Error: u$OverflowDefect$nhandled$on:
    • API String ID: 3396830738-53087153
    • Opcode ID: e1c24bbce135b3d18759897efcc06499fe716de58060cb434a894cff0d39784b
    • Instruction ID: 4ac726bfe2240d286ba6e54a3931f94a8fd7697725a7e927b62df0ac8dc5f73e
    • Opcode Fuzzy Hash: e1c24bbce135b3d18759897efcc06499fe716de58060cb434a894cff0d39784b
    • Instruction Fuzzy Hash: 2941CE22B18AC1E4FF259B21D4107BA27A6FF44B88F848139DE1D87796EF2CE481C740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF681902A00 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 99COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID: memcpy$_errno$clearerrstrlen
    • String ID: errno: $errno: $errno:
    • API String ID: 4109585784-3447540251
    • Opcode ID: aa6546a8c98ccdf913fb2f439e9fa49704e5b1cb01143d19919ac61f47b1386a
    • Instruction ID: 8bdf10898b7799d452326293727567598436ad177049e37e1bb9b282c2569d2b
    • Opcode Fuzzy Hash: aa6546a8c98ccdf913fb2f439e9fa49704e5b1cb01143d19919ac61f47b1386a
    • Instruction Fuzzy Hash: 00411636605B8AC1DF14DF15E48926A77A4FF48BC4B86813AEB9D47392EF78D015C350
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF68191BB70 Relevance: 13.7, APIs: 2, Strings: 7, Instructions: 239COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID: memcpy
    • String ID: but fou$ but fou$nd: $symbol e$symbol e$xpected,$xpected,
    • API String ID: 3510742995-2789098900
    • Opcode ID: 15af5f699d1db3bdc301961243dfff77d9ad75df4c424fb4691942793ebd8562
    • Instruction ID: 739feef37f5b4feaa6c5b40a9551113cddec0c2a00ddcef88997646d34bfe708
    • Opcode Fuzzy Hash: 15af5f699d1db3bdc301961243dfff77d9ad75df4c424fb4691942793ebd8562
    • Instruction Fuzzy Hash: C9B18666E08B86C1EF14DB11E45836A67AAFF88B88F458039DA4E87397DF3CD445C340
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF68191C170 Relevance: 13.7, APIs: 2, Strings: 7, Instructions: 207COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID: memcpy
    • String ID: but fou$']' expe$cted, bu$nd: $symbol e$t found:$xpected,
    • API String ID: 3510742995-36579910
    • Opcode ID: f77e6d762190eab8ad80cf01f9cdec0fc499eaa4b8393219a389f8951c2625c3
    • Instruction ID: 3373875020bbd1f229aaf491fb1eb7da6b0a9333ae51fd95a4d63f0a25a147dd
    • Opcode Fuzzy Hash: f77e6d762190eab8ad80cf01f9cdec0fc499eaa4b8393219a389f8951c2625c3
    • Instruction Fuzzy Hash: 8E914C66A08AC6C1EF14DB15E05837A67AAFF84B88F45803ADA4D87397DF3CE542C344
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6819016F0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 40libraryloaderCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID: AddressProc$HandleLibraryLoadModule
    • String ID: __deregister_frame_info$__register_frame_info$libgcc_s_dw2-1.dll
    • API String ID: 384173800-1835852900
    • Opcode ID: ce02a011506e357bf45f3196b967d25c94d86fcd004b924e9f45382e4eb0ece2
    • Instruction ID: 0a5a64df1d0503ac169102901a6abca07ca8bb2ff20966981cda95f42b7f5e43
    • Opcode Fuzzy Hash: ce02a011506e357bf45f3196b967d25c94d86fcd004b924e9f45382e4eb0ece2
    • Instruction Fuzzy Hash: EC01D725A4AA8BD0EF25DB05BC5057523A5BF1978CF880539DC6D83226FF3CE149D300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF681914FA0 Relevance: 12.1, APIs: 1, Strings: 7, Instructions: 116COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID: memcpy
    • String ID: ValueError$integer:$integer:$invalid $invalid $parseInt$strutils.nim
    • API String ID: 3510742995-2575869123
    • Opcode ID: af2a370593cae6bdfc3af5b3e4b8499c1d162a7c626c986296c21c975703f8aa
    • Instruction ID: c6f240a9693b23188dade1bc47cf646f2048ddf03c770fbd3973432c1714bec8
    • Opcode Fuzzy Hash: af2a370593cae6bdfc3af5b3e4b8499c1d162a7c626c986296c21c975703f8aa
    • Instruction Fuzzy Hash: 6B512676605B86C1EF148B45E8842AA73A5FF48B88F85803ADF5D87366EF7CD545C380
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6819188B0 Relevance: 12.1, APIs: 1, Strings: 7, Instructions: 82COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID: memcpymemset
    • String ID: KeyError$found: $found: $key not $key not $raiseKeyError$tables.nim
    • API String ID: 1297977491-2326998190
    • Opcode ID: ec4ae277286c042054cfcef0febd612d20de72be345ef0ceaf75d2e7a6f71693
    • Instruction ID: 5c1527c2e5329ef9b1192551446deeacefa714facb562fcc4e2b4f17ee0e8005
    • Opcode Fuzzy Hash: ec4ae277286c042054cfcef0febd612d20de72be345ef0ceaf75d2e7a6f71693
    • Instruction Fuzzy Hash: 12412676A04F8AC0DF149B16E48426D63A5FF48F88F45843ACA9D87396EF7CD545C381
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF681912A60 Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 111stringCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID: memcpystrlen
    • String ID: (invali$d data!)
    • API String ID: 3412268980-1055083451
    • Opcode ID: 7caf39baad64467921a72ddc1ab645e4e13006e582cf206c94258c63edf0f937
    • Instruction ID: 363e80306a53625e53fb1f94dd95721518a3c1355fad0f4227014a6edfe5a559
    • Opcode Fuzzy Hash: 7caf39baad64467921a72ddc1ab645e4e13006e582cf206c94258c63edf0f937
    • Instruction Fuzzy Hash: 6B41A162A08B8AC1EF119F15D4003BA67A5FF59B88F95853ADE0D97396EE3CE485C300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF68191ED00 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 108COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID: CCG
    • API String ID: 0-1584390748
    • Opcode ID: 3ceb0cc64012009c35db62287a34ecb30aafb8c4ea5ebca20390819b85fc89c8
    • Instruction ID: 3f0f0447d84f54b24e6514b0aba240c9bca51dbed76c9e3b2a7c78c32827374a
    • Opcode Fuzzy Hash: 3ceb0cc64012009c35db62287a34ecb30aafb8c4ea5ebca20390819b85fc89c8
    • Instruction Fuzzy Hash: 63411E71A08696CAFF218B68C54477C2268BF4531CF504A3AEA2DC77E6CF3CA981D241
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF681903CA0 Relevance: 7.5, APIs: 5, Instructions: 33COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID: _fileno$_setmode
    • String ID:
    • API String ID: 2194614063-0
    • Opcode ID: 6b486c4441be94e2f0301b1d4818ecb7412a578e173f43d219c3094d8d2157d6
    • Instruction ID: 0fe545c429f0083e789b4c2af6d7dac341ee762e0a9764302059225584d89f2e
    • Opcode Fuzzy Hash: 6b486c4441be94e2f0301b1d4818ecb7412a578e173f43d219c3094d8d2157d6
    • Instruction Fuzzy Hash: 9BF06D10B0065982EF28A3B2BD2433E0686BF88BC9F18403ECC0E873D6EC3CD8428340
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF681909BC0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 201COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID: OverflowDefect$virtualFree failing!
    • API String ID: 0-2131891075
    • Opcode ID: 23340cadaab590c764c49b545c9f10ba5ae78fb53191b9cfdf58fa7f2bb085e2
    • Instruction ID: 2b2c523ad1ac95e8b4b6c468e781fd11badb22e9751c5ee00a65c6c1be7aa5a3
    • Opcode Fuzzy Hash: 23340cadaab590c764c49b545c9f10ba5ae78fb53191b9cfdf58fa7f2bb085e2
    • Instruction Fuzzy Hash: 4991AAA2A04B89C0EF54CB15E8097BA33A5FF44B98F558239DE1D83396EF79E585C340
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6819124F0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47libraryloaderCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID: AddressProcexitfwritestrlen
    • String ID: ReadConsoleW$could not import:
    • API String ID: 1310865319-1654923658
    • Opcode ID: 9f17eff50fe2149bd4000c1bfba7140c0df9c0bbc685c7b52b93562c049d4b34
    • Instruction ID: e54fcbca3958a10769a25d8c2368ce769a7cc20bc5bf8748fe2e081c97962365
    • Opcode Fuzzy Hash: 9f17eff50fe2149bd4000c1bfba7140c0df9c0bbc685c7b52b93562c049d4b34
    • Instruction Fuzzy Hash: 6B016906B0959295EF09A763BC05BB992167F4DB98F08513DED1D87383ED2CA881C210
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF681903F00 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 18fileCOMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Strings
    • [GC] cannot register thread local variable; too many thread local variables, xrefs: 00007FF681903F1C
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID: exitfflushfwrite
    • String ID: [GC] cannot register thread local variable; too many thread local variables
    • API String ID: 3476253079-685140759
    • Opcode ID: b1129ac7011c5f0abb28453bde0b1a43b42c62fe93fac6d853b28c55bda9875b
    • Instruction ID: 4f17bc680fe08065503b70143feb3a89016f1b07fdb60bd8e0a907edceed8b6c
    • Opcode Fuzzy Hash: b1129ac7011c5f0abb28453bde0b1a43b42c62fe93fac6d853b28c55bda9875b
    • Instruction Fuzzy Hash: A0E08C21A08182C6FF04AB62B4163B82651FF8FB86F505438DD2E973C3CE2CB000C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6819017F0 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 229COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID: 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899$c$c
    • API String ID: 0-490972902
    • Opcode ID: de985ee001b1a982980778b7b5b074106110538a389bc1bb2d9d7e2dfdfedfe8
    • Instruction ID: 654a87f529c86cbdedd986f94f2962c3aa3ca5381f954220abd8714f0388899e
    • Opcode Fuzzy Hash: de985ee001b1a982980778b7b5b074106110538a389bc1bb2d9d7e2dfdfedfe8
    • Instruction Fuzzy Hash: 3581CB61F085D6C5EF14A62654002BA56817F42BECF48473AEE7D8B7DBEE2CE541C340
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF68190C5E0 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 192COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID: memcpymemset
    • String ID: [[rerais$]]$ed from:
    • API String ID: 1297977491-96586220
    • Opcode ID: 20c7c04c5ac7f1f89dbe6824fb1ecc26adeac56c9fcb24cabecc77d35593341d
    • Instruction ID: cc4c283e6671a77222a144dee15e48a025655e5f0583a4c44d7a9ef492958179
    • Opcode Fuzzy Hash: 20c7c04c5ac7f1f89dbe6824fb1ecc26adeac56c9fcb24cabecc77d35593341d
    • Instruction Fuzzy Hash: 5D818F22A08B85C1EB159F09E4443AA63A0FF85BE8F548639EF5D47796EF3DD550C340
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF681915C60 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 189COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID: memcpymemset
    • String ID: Addition$OSError$al info:
    • API String ID: 1297977491-3176383263
    • Opcode ID: cd119692149ee067ddb0f3556ba89c3bc2d7157f50d8f6f27743ad59c1698aa3
    • Instruction ID: ddb1cac01f9cfa4a0aa390fe56bb44c7a5748616e2c850e9b6a812bccb9f6f49
    • Opcode Fuzzy Hash: cd119692149ee067ddb0f3556ba89c3bc2d7157f50d8f6f27743ad59c1698aa3
    • Instruction Fuzzy Hash: 74813A66B05B9AC1EF449B19D44836E27A8FF45B8CF56443ACA1D87352DF3CE484C380
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF681910E90 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 152COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID: memcpy
    • String ID: OverflowDefect$fatal.nim$sysFatal
    • API String ID: 3510742995-4192902156
    • Opcode ID: 457d6eb9bcc74fe7aac17223433d3288756246776cd126c354bdad939fe9f767
    • Instruction ID: 97d0c2196a341397e7a95589003f1c44fabd831cf6c8a5d688325111c397ce9a
    • Opcode Fuzzy Hash: 457d6eb9bcc74fe7aac17223433d3288756246776cd126c354bdad939fe9f767
    • Instruction Fuzzy Hash: E851C2A6F05AC6D1EF198B258004379635AFF96BD8F488639DA1D47795EE2DE481C300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF681925681 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID: _filenofflushfsetpos
    • String ID:
    • API String ID: 3644693540-0
    • Opcode ID: d0ca8a237423217caf397254134ffad79e1d260f24f96827e5f6fc2611406444
    • Instruction ID: 1073f66f282f36d749f7ae05f24a25d3c099a70f12812853aca9bd75588303b6
    • Opcode Fuzzy Hash: d0ca8a237423217caf397254134ffad79e1d260f24f96827e5f6fc2611406444
    • Instruction Fuzzy Hash: E7114A32A09A81CAFF209F24D8411EC22A5BF0839CF104A39EA6EC779ADF38D050C340
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF681908590 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 178COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID: virtualFree failing!
    • API String ID: 0-3108117800
    • Opcode ID: 0138f3ebfe1d8814a013829393d1563cb45dd9ef025f2ddc7c3c6041cecedd64
    • Instruction ID: d010868d8155c52ac83e11e2e09db2bac584a87d55d00ea7e4e45a27db46cc9d
    • Opcode Fuzzy Hash: 0138f3ebfe1d8814a013829393d1563cb45dd9ef025f2ddc7c3c6041cecedd64
    • Instruction Fuzzy Hash: 5C818BA2A05B85C0EF188B15E8057B923A1FF44B98F158239DE5D87396EF7DE195C340
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6819082E0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 160COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID: virtualFree failing!
    • API String ID: 0-3108117800
    • Opcode ID: 425a0496c772cc5c1d80018f3ff9dee4f14434dcb7c260b63f9f2c0aa4b6e69a
    • Instruction ID: bd4b780694512e16d74cae663254df77bc4ac4cded50557eccce6aac8fcffbca
    • Opcode Fuzzy Hash: 425a0496c772cc5c1d80018f3ff9dee4f14434dcb7c260b63f9f2c0aa4b6e69a
    • Instruction Fuzzy Hash: 3561ABA2B05B86C0EF188B05E8047B933A1FF44B98F168239DE5D87396EF79E185C340
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF681908910 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 133COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID: FreeVirtualexit
    • String ID: virtualFree failing!
    • API String ID: 1212090140-3108117800
    • Opcode ID: 65fabff0587de2aab546a1a1a99a463432e5765287a45eb1c8f9dbbbdca7bc5e
    • Instruction ID: 9e2a44056b32e096488c4dbc5c90bb8ade0717f12649f40d9b1ad679647debaf
    • Opcode Fuzzy Hash: 65fabff0587de2aab546a1a1a99a463432e5765287a45eb1c8f9dbbbdca7bc5e
    • Instruction Fuzzy Hash: BD517BB2B05B85C0EF198B15D8487A823A5FF14B98F46C239CA5D8779AEF79E5C1C340
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF681906E70 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 128COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID: FreeVirtualexit
    • String ID: virtualFree failing!
    • API String ID: 1212090140-3108117800
    • Opcode ID: 1e44db4672fce98a60575f5e5b6e857ecd11ab728ce616865ef00a08acca69e9
    • Instruction ID: 8beebbcc28a5c9c2aec023a1eb4fa04be5e1a424df639baae7847c7140e6724a
    • Opcode Fuzzy Hash: 1e44db4672fce98a60575f5e5b6e857ecd11ab728ce616865ef00a08acca69e9
    • Instruction Fuzzy Hash: BF5188B2A05B86C0EF18CB05E4557B823A5FF54B98F51923DCA5C86396EF7EE584C340
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6819070B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 128COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID: FreeVirtualexit
    • String ID: virtualFree failing!
    • API String ID: 1212090140-3108117800
    • Opcode ID: 91adef67cfafe5c59c23a01761c528b155d876e8685450da5ddcc3a62e2d7501
    • Instruction ID: 7e7ef36bd8419f1bf7300cb7b2c0ec8ec2513a554e5bcf8504600394436bb814
    • Opcode Fuzzy Hash: 91adef67cfafe5c59c23a01761c528b155d876e8685450da5ddcc3a62e2d7501
    • Instruction Fuzzy Hash: C4518DB2A05B86C0EF58CB09E44577823A6FF54BA8F159239DA5C86396EF79E580C340
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF681906C60 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 119COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID: FreeVirtualexit
    • String ID: virtualFree failing!
    • API String ID: 1212090140-3108117800
    • Opcode ID: 7e3d00f9b071aa364ea367a537c9000e0324df5a615c4d0df74692d4c7d7603b
    • Instruction ID: 9d5cdb05b391d3a1e61814f1a0319241e648c5e8fb885909ed1ec83a67b07a01
    • Opcode Fuzzy Hash: 7e3d00f9b071aa364ea367a537c9000e0324df5a615c4d0df74692d4c7d7603b
    • Instruction Fuzzy Hash: 8051ADB2A05B95C0EF14CB15E8587A823A6FF44784F52C239CA5D97386EF7AE9D4C340
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6819068E0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 118COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID: FreeVirtualexit
    • String ID: virtualFree failing!
    • API String ID: 1212090140-3108117800
    • Opcode ID: 9e5c08023df4c27e1e3bf71d35d04174eff6a6251eb51123912d75438b7bd8bb
    • Instruction ID: c495f447194b94abe1808f64b726630ad377fd95b9cb0aa3dd7a6a8425949d87
    • Opcode Fuzzy Hash: 9e5c08023df4c27e1e3bf71d35d04174eff6a6251eb51123912d75438b7bd8bb
    • Instruction Fuzzy Hash: D8519DB2A15B85C0EF14CB15E4587A823AAFF44784F52C239CA5D9739AEF79E5C4C340
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF681912550 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 77libraryloaderCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID: AddressProc
    • String ID: @$ReadConsoleW
    • API String ID: 190572456-3032575433
    • Opcode ID: b8640936a3ef6e5ed720298ecde5db3b85afe54ef3445a45ffaa5f94e1ea1017
    • Instruction ID: 010c75e51eb202a94e684e3b3473c7cc74f3f21e56edd10e21b60dc7ec04c0be
    • Opcode Fuzzy Hash: b8640936a3ef6e5ed720298ecde5db3b85afe54ef3445a45ffaa5f94e1ea1017
    • Instruction Fuzzy Hash: 8F21F452F092C195EF259729A95037A5A56BF897C8F58463ACE0E47786FE3DE086C300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF68190F310 Relevance: 5.3, APIs: 4, Instructions: 306COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID: memcpy
    • String ID:
    • API String ID: 3510742995-0
    • Opcode ID: 84017ceea74d9e11c9b32201ad6c7ae5081ae58b82403b97433ccf4f9476d7cf
    • Instruction ID: 997147df7b4243ec94e99ae4b29191ec0f131f95df13a621efaf4fa2b54e6388
    • Opcode Fuzzy Hash: 84017ceea74d9e11c9b32201ad6c7ae5081ae58b82403b97433ccf4f9476d7cf
    • Instruction Fuzzy Hash: 93D12BA5B09A8AC1EF14DB19E45827933A5BF44B8CF94543ACD6C877A3DE3CE586C340
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF68190E290 Relevance: 5.3, APIs: 4, Instructions: 306COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID: memcpy
    • String ID:
    • API String ID: 3510742995-0
    • Opcode ID: 4d20cfc5b1b22a1958ca2c238f67bb5ecef1f3fb05850c12e5dc1e795ab5ef5e
    • Instruction ID: 5d4dced0e24b8fecdd6c2841a4f9705865e8c9413309b5b69f168e5f31594f37
    • Opcode Fuzzy Hash: 4d20cfc5b1b22a1958ca2c238f67bb5ecef1f3fb05850c12e5dc1e795ab5ef5e
    • Instruction Fuzzy Hash: 22D14EA5B09A8AD0FF14DB19E45867933A5BF44B8CF94543EC96C877A2DE3CE486C340
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF68190FE10 Relevance: 5.3, APIs: 4, Instructions: 306COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID: memcpy
    • String ID:
    • API String ID: 3510742995-0
    • Opcode ID: 4e767019a44db144721f3bb043483c2c8f97765b11d352332249e8792a8a0a6b
    • Instruction ID: 1a2ae3a121fe2c751cf63961be3452edec3be6540691423e5197da6a7fe0b635
    • Opcode Fuzzy Hash: 4e767019a44db144721f3bb043483c2c8f97765b11d352332249e8792a8a0a6b
    • Instruction Fuzzy Hash: 3FD15FA1B09A8AC1EF14DB15E45827933A5BF44B8CF94543EDA6C877A3DE3CE586C340
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF68190ED90 Relevance: 5.3, APIs: 4, Instructions: 306COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID: memcpy
    • String ID:
    • API String ID: 3510742995-0
    • Opcode ID: a5f881628f53ef8999b8150711c41346f681037853f9c482ca394ed926307b9e
    • Instruction ID: 16883e574239692b137f21bafabc72005cbef9ac1c1de08db6466d94dbf3a31a
    • Opcode Fuzzy Hash: a5f881628f53ef8999b8150711c41346f681037853f9c482ca394ed926307b9e
    • Instruction Fuzzy Hash: C7D15EA5B09A8AC0EF14DB19E45867973A5BF44B8CF94543DCA2C877A3DE3CE586C340
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF68190DD10 Relevance: 5.3, APIs: 4, Instructions: 306COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID: memcpy
    • String ID:
    • API String ID: 3510742995-0
    • Opcode ID: 4dcdb15daa13a812431a0392ecdc2c26053ba295d60206aa86708e8c9be6986a
    • Instruction ID: 3e397517b09197612a9879588c2de0d6fe837f2b41fedf39f995699507052943
    • Opcode Fuzzy Hash: 4dcdb15daa13a812431a0392ecdc2c26053ba295d60206aa86708e8c9be6986a
    • Instruction Fuzzy Hash: C9D11FA5B09A8AD0EF14DB19E45827973A9BF44B8CF94543DC96C877A3DE3CE486C340
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF681910910 Relevance: 5.3, APIs: 4, Instructions: 306COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID: memcpy
    • String ID:
    • API String ID: 3510742995-0
    • Opcode ID: e6cc75ff21f256c7670d9b354706b090fce2deee813b772f04f2209691073b17
    • Instruction ID: ecb7100c48bae2033f55bcb49d8f9036d87099c532eb8a66274d02b3e6a611ec
    • Opcode Fuzzy Hash: e6cc75ff21f256c7670d9b354706b090fce2deee813b772f04f2209691073b17
    • Instruction Fuzzy Hash: 66D14DA5B09A8AC0FF14DB15E45827933A9BF44B8CF98547DD96C877A2DE3DE086C340
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF68190F890 Relevance: 5.3, APIs: 4, Instructions: 306COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID: memcpy
    • String ID:
    • API String ID: 3510742995-0
    • Opcode ID: 5240c7922480d5963e39295d491e236aa0c60e3c24a3be448c24888c982735e0
    • Instruction ID: 4343bbf1e9e2934e9b0173861dd6d2e6cd63ebd76bc00e24d591e4629c12a950
    • Opcode Fuzzy Hash: 5240c7922480d5963e39295d491e236aa0c60e3c24a3be448c24888c982735e0
    • Instruction Fuzzy Hash: 39D15CA5B09A8AD1EF14DB15E45827933A5BF44B8CF94503EC96C8B7A3DE3CE586C340
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF68190E810 Relevance: 5.3, APIs: 4, Instructions: 306COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID: memcpy
    • String ID:
    • API String ID: 3510742995-0
    • Opcode ID: 2857288372560d81f6e3e47d259be95d5ff0af091aaba3b2308c8bf9b6b29d9a
    • Instruction ID: 08de716a00cb41684e6dc16d56538383f5878ab77ba32a74d61d33b06437e411
    • Opcode Fuzzy Hash: 2857288372560d81f6e3e47d259be95d5ff0af091aaba3b2308c8bf9b6b29d9a
    • Instruction Fuzzy Hash: 73D14AA5B09A8AC0FF14DB19E45867973A5BF44B88F94543EC96C877A3DE3CE486C340
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF681910390 Relevance: 5.3, APIs: 4, Instructions: 306COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID: memcpy
    • String ID:
    • API String ID: 3510742995-0
    • Opcode ID: bdb736044b42876e5453f1b3320e684f0ec841daad779a575a93551459dd1439
    • Instruction ID: ec6987127cf505baa03efa2828b78de8bec89882aa34b8dbd1de2241692dfeea
    • Opcode Fuzzy Hash: bdb736044b42876e5453f1b3320e684f0ec841daad779a575a93551459dd1439
    • Instruction Fuzzy Hash: FED140A5B09A8AC0EF14DB15E45827933A9BF44B8CF98547DD95C877A3EE3DE086C340
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF68191E320 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID: fprintf
    • String ID: Unknown error$_matherr(): %s in %s(%g, %g) (retval=%g)
    • API String ID: 383729395-3474627141
    • Opcode ID: ec8199171c3e615a35b311817bb1b299cf11335b7842fe9cd88249e2f3f6893e
    • Instruction ID: ad4204fb8e113957c0a373cdc72e8006db3203a6b9c1c9ab20134c1d2a88cabc
    • Opcode Fuzzy Hash: ec8199171c3e615a35b311817bb1b299cf11335b7842fe9cd88249e2f3f6893e
    • Instruction Fuzzy Hash: C4212526A04FC4DAEB118F68E8412EA73A5FF5D798F448626EE8C57725EF78D245C300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF681906820 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID: FreeVirtualexit
    • String ID: virtualFree failing!
    • API String ID: 1212090140-3108117800
    • Opcode ID: e8dff241bd6c8ab9048c54f362b3d2605ec7c4613284ad76d58e41d426b6ae5b
    • Instruction ID: f12cbb69bd2e0a491f3fd9b2c352b1802b216cdc729eb821cf7d4227f63dc4b1
    • Opcode Fuzzy Hash: e8dff241bd6c8ab9048c54f362b3d2605ec7c4613284ad76d58e41d426b6ae5b
    • Instruction Fuzzy Hash: 001152A2B15A8682EF59DB16E4512B92262FF98BD4F58D13DCD0D93392DF2CE588C301
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF68191E36C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID: fprintf
    • String ID: Argument domain error (DOMAIN)$_matherr(): %s in %s(%g, %g) (retval=%g)
    • API String ID: 383729395-2713391170
    • Opcode ID: d3e9d94820c0787150318eb4983f187c6193e37621f0c9f1ef0b75b64f747614
    • Instruction ID: 343171adec0c81e0b669bead6c7b2a2ab093330c25f085e17c0a4775b80b59ad
    • Opcode Fuzzy Hash: d3e9d94820c0787150318eb4983f187c6193e37621f0c9f1ef0b75b64f747614
    • Instruction Fuzzy Hash: BD014826A04F84CAEB118F69D8402AA7775FF4DB98F054626EE8D27765DF28D145C300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF68191E3A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID: fprintf
    • String ID: Total loss of significance (TLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
    • API String ID: 383729395-4273532761
    • Opcode ID: d39b3df2066deba0bf1d26dec713b9a72e5fc5024426a68b961914756e4e3ec3
    • Instruction ID: a373b57a809132a02123b1c0bb99ed361e84a5acde361100c5bda584160e4674
    • Opcode Fuzzy Hash: d39b3df2066deba0bf1d26dec713b9a72e5fc5024426a68b961914756e4e3ec3
    • Instruction Fuzzy Hash: 70014826A04F84CAEB118F69D8402AA7765FF4DB98F054626EE9D27725DF38D185C300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF68191E3AD Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID: fprintf
    • String ID: The result is too small to be represented (UNDERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
    • API String ID: 383729395-2187435201
    • Opcode ID: a610c4caf6207335a2622998c9376b228e99479fd73a3aee26bce9b52be0257f
    • Instruction ID: e9a38502e5737bd9976e089892dad11df546a20afcd08eea1817166d54e35f22
    • Opcode Fuzzy Hash: a610c4caf6207335a2622998c9376b228e99479fd73a3aee26bce9b52be0257f
    • Instruction Fuzzy Hash: 58014826A04F84CAEB118F69D8402AA7765FF4DB98F054726EE8D27725DF28D145C300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF68191E379 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID: fprintf
    • String ID: Argument singularity (SIGN)$_matherr(): %s in %s(%g, %g) (retval=%g)
    • API String ID: 383729395-2468659920
    • Opcode ID: 87d0707e8e17711ec9bc85561669745790c21bc284f9c52845e774c83a05a0df
    • Instruction ID: d9d52e5ee553699db00ad6690f1d24d62bccd238090715bff20fa86a2067be8c
    • Opcode Fuzzy Hash: 87d0707e8e17711ec9bc85561669745790c21bc284f9c52845e774c83a05a0df
    • Instruction Fuzzy Hash: ED014826A04F84CAEB118F69D8402AA7765FF4DB98F054626EE8D27725DF28D145C300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF68191E386 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID: fprintf
    • String ID: Overflow range error (OVERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
    • API String ID: 383729395-4064033741
    • Opcode ID: 8e9784acdcc79370e33441a874e279fcb86056de5df4e8eedd7ffd4cc3467ba8
    • Instruction ID: 6fc475fbed9baf46d9ad461848b0c71a15a5a6774583d68389162a57dba05c49
    • Opcode Fuzzy Hash: 8e9784acdcc79370e33441a874e279fcb86056de5df4e8eedd7ffd4cc3467ba8
    • Instruction Fuzzy Hash: 16014826A04F84CAEB118F69D8402AA7765FF4DB98F054626EE8D27725DF28D145C300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF68191E393 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID: fprintf
    • String ID: Partial loss of significance (PLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
    • API String ID: 383729395-4283191376
    • Opcode ID: 552e9b2626a51707ac364c60fb7294cba141bf0ce767cdf52303ace0bfebed09
    • Instruction ID: 11b5ef80e9a31c0428384ee9980a14b60749ab0753d7db73aa4354828045ff38
    • Opcode Fuzzy Hash: 552e9b2626a51707ac364c60fb7294cba141bf0ce767cdf52303ace0bfebed09
    • Instruction Fuzzy Hash: C4014826A04F88CAEB118F69D8402AA7765FF4DB98F054626EE8D27769DF28D145C300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF68190CF00 Relevance: 5.3, APIs: 4, Instructions: 279COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID: memcpy$FreeVirtualexit
    • String ID:
    • API String ID: 926890474-0
    • Opcode ID: b9df6a56c9db302064fd7ac3b317fb7889b7247b33204b6375ee1899eab4f5fd
    • Instruction ID: 84ad8ea0641a81f8246cdeae2f7649ce9e4653c4d10dd26ecbe798796e92c790
    • Opcode Fuzzy Hash: b9df6a56c9db302064fd7ac3b317fb7889b7247b33204b6375ee1899eab4f5fd
    • Instruction Fuzzy Hash: 00C12DA5B09B86C0FF14DB15E85427933A9BF84B88F94543ACA5C877A3DE7CE486C340
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF68190D3F0 Relevance: 5.3, APIs: 4, Instructions: 279COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF681900000, based on PE: true
    • Associated: 00000000.00000002.4529708411.00007FF681900000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68192C000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF681940000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529740415.00007FF68194A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529823641.00007FF68194F000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529839262.00007FF681950000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.4529854963.00007FF681951000.00000004.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff681900000_SecuriteInfo.jbxd
    Similarity
    • API ID: memcpy$FreeVirtualexit
    • String ID:
    • API String ID: 926890474-0
    • Opcode ID: 07966187eb6258ffd971fdb7df65f38594ccf8eccfebe6e78f6a2f8e1ae12361
    • Instruction ID: c6f5c34abd8a05e5905a9fbe4cffda94157532f4169b2baae95261472afa475c
    • Opcode Fuzzy Hash: 07966187eb6258ffd971fdb7df65f38594ccf8eccfebe6e78f6a2f8e1ae12361
    • Instruction Fuzzy Hash: B3C12BA5B09A86C0FF14DB15E85827933A9BF84B8CF94543ACD5C877A6DE3CE586C340
    Uniqueness

    Uniqueness Score: -1.00%