Edit tour

Windows Analysis Report
22w5dN070c.exe

Overview

General Information

Sample name:	22w5dN070c.exe renamed because original name is a hash value
Original sample name:	b2584406da7f9c66b50a4e57070b15286c92022cb337bc25392697a5a3a32043.exe
Analysis ID:	1411002
MD5:	8a0e29ab0781dfa6726efdd250f07b84
SHA1:	b6f362a8ac82388e17ba0cee4a0a75d1cfbbdc23
SHA256:	b2584406da7f9c66b50a4e57070b15286c92022cb337bc25392697a5a3a32043
Tags:	exe

Detection

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Detected PE file pumping (to bypass AV & sandboxing)

Machine Learning detection for sample

Contains functionality for execution timing, often used to detect debuggers

Detected potential crypto function

Found potential string decryption / allocating functions

PE file contains executable resources (Code or Archives)

PE file does not import any functions

Program does not show much activity (idle)

Tries to load missing DLLs

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

22w5dN070c.exe (PID: 5112 cmdline: C:\Users\user\Desktop\22w5dN070c.exe MD5: 8A0E29AB0781DFA6726EFDD250F07B84)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: 22w5dN070c.exe

Avira: detected

Multi AV Scanner detection for submitted file

Source: 22w5dN070c.exe

ReversingLabs: Detection: 52%

Machine Learning detection for sample

Source: 22w5dN070c.exe

Joe Sandbox ML: detected

Source: 22w5dN070c.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: C:\Users\user\Desktop\22w5dN070c.exe	Code function: 0_2_00411800	0_2_00411800
Source: C:\Users\user\Desktop\22w5dN070c.exe	Code function: 0_2_004108D0	0_2_004108D0
Source: C:\Users\user\Desktop\22w5dN070c.exe	Code function: 0_2_0040C8E0	0_2_0040C8E0
Source: C:\Users\user\Desktop\22w5dN070c.exe	Code function: 0_2_0040F0E9	0_2_0040F0E9
Source: C:\Users\user\Desktop\22w5dN070c.exe	Code function: 0_2_00410907	0_2_00410907
Source: C:\Users\user\Desktop\22w5dN070c.exe	Code function: 0_2_00404110	0_2_00404110
Source: C:\Users\user\Desktop\22w5dN070c.exe	Code function: 0_2_00409119	0_2_00409119
Source: C:\Users\user\Desktop\22w5dN070c.exe	Code function: 0_2_0040F1C7	0_2_0040F1C7
Source: C:\Users\user\Desktop\22w5dN070c.exe	Code function: 0_2_0040C1D0	0_2_0040C1D0
Source: C:\Users\user\Desktop\22w5dN070c.exe	Code function: 0_2_00404990	0_2_00404990
Source: C:\Users\user\Desktop\22w5dN070c.exe	Code function: 0_2_004091A7	0_2_004091A7
Source: C:\Users\user\Desktop\22w5dN070c.exe	Code function: 0_2_0040E246	0_2_0040E246
Source: C:\Users\user\Desktop\22w5dN070c.exe	Code function: 0_2_00428A08	0_2_00428A08
Source: C:\Users\user\Desktop\22w5dN070c.exe	Code function: 0_2_00425214	0_2_00425214
Source: C:\Users\user\Desktop\22w5dN070c.exe	Code function: 0_2_00405310	0_2_00405310
Source: C:\Users\user\Desktop\22w5dN070c.exe	Code function: 0_2_00408BC0	0_2_00408BC0
Source: C:\Users\user\Desktop\22w5dN070c.exe	Code function: 0_2_00415BD0	0_2_00415BD0
Source: C:\Users\user\Desktop\22w5dN070c.exe	Code function: 0_2_0041B3D0	0_2_0041B3D0
Source: C:\Users\user\Desktop\22w5dN070c.exe	Code function: 0_2_0040DBF0	0_2_0040DBF0
Source: C:\Users\user\Desktop\22w5dN070c.exe	Code function: 0_2_0041E3A0	0_2_0041E3A0
Source: C:\Users\user\Desktop\22w5dN070c.exe	Code function: 0_2_00409436	0_2_00409436
Source: C:\Users\user\Desktop\22w5dN070c.exe	Code function: 0_2_00409CF7	0_2_00409CF7
Source: C:\Users\user\Desktop\22w5dN070c.exe	Code function: 0_2_0041BD00	0_2_0041BD00
Source: C:\Users\user\Desktop\22w5dN070c.exe	Code function: 0_2_0040EDE0	0_2_0040EDE0
Source: C:\Users\user\Desktop\22w5dN070c.exe	Code function: 0_2_0040DE56	0_2_0040DE56
Source: C:\Users\user\Desktop\22w5dN070c.exe	Code function: 0_2_00410670	0_2_00410670
Source: C:\Users\user\Desktop\22w5dN070c.exe	Code function: 0_2_0040E676	0_2_0040E676
Source: C:\Users\user\Desktop\22w5dN070c.exe	Code function: 0_2_00409F47	0_2_00409F47
Source: C:\Users\user\Desktop\22w5dN070c.exe	Code function: 0_2_0040EF78	0_2_0040EF78
Source: C:\Users\user\Desktop\22w5dN070c.exe	Code function: 0_2_00405F30	0_2_00405F30
Source: C:\Users\user\Desktop\22w5dN070c.exe	Code function: 0_2_0040FF30	0_2_0040FF30

Source: C:\Users\user\Desktop\22w5dN070c.exe

Code function: String function: 0042664C appears 45 times

Source: 22w5dN070c.exe	Static PE information: Resource name: RT_ICON type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Source: 22w5dN070c.exe	Static PE information: Resource name: RT_ICON type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Source: 22w5dN070c.exe	Static PE information: Resource name: RT_ICON type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Source: 22w5dN070c.exe	Static PE information: Resource name: RT_ICON type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Source: 22w5dN070c.exe	Static PE information: Resource name: RT_ICON type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed

Source: 22w5dN070c.exe

Static PE information: No import functions for PE file found

Source: C:\Users\user\Desktop\22w5dN070c.exe

Section loaded: apphelp.dll

Jump to behavior

Source: 22w5dN070c.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: classification engine

Classification label: mal64.evad.winEXE@1/0@0/0

Source: C:\Users\user\Desktop\22w5dN070c.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: 22w5dN070c.exe

ReversingLabs: Detection: 52%

Source: C:\Users\user\Desktop\22w5dN070c.exe	Code function: 0_2_0042647C push eax; ret	0_2_0042649A
Source: C:\Users\user\Desktop\22w5dN070c.exe	Code function: 0_2_004254B0 push eax; ret	0_2_004254C4
Source: C:\Users\user\Desktop\22w5dN070c.exe	Code function: 0_2_004254B0 push eax; ret	0_2_004254EC
Source: C:\Users\user\Desktop\22w5dN070c.exe	Code function: 0_2_00426687 push ecx; ret	0_2_00426697

Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1

Malware Analysis System Evasion

Detected PE file pumping (to bypass AV & sandboxing)

Source: 22w5dN070c.exe

Static PE information: Resource name: RT_ICON size: 0xffffff28

Source: C:\Users\user\Desktop\22w5dN070c.exe

Code function: 0_2_0040C1D0 rdtsc

0_2_0040C1D0

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\22w5dN070c.exe

Code function: 0_2_0040C1D0 rdtsc

0_2_0040C1D0

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	1 Virtualization/Sandbox Evasion	OS Credential Dumping	11 Security Software Discovery	Remote Services	1 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Software Packing	LSASS Memory	1 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Deobfuscate/Decode Files or Information	Security Account Manager	1 System Information Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 DLL Side-Loading	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	21 Obfuscated Files or Information	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label
22w5dN070c.exe	53%	ReversingLabs	Win32.Worm.Stration
22w5dN070c.exe	100%	Avira	WORM/Stration.C
22w5dN070c.exe	100%	Joe Sandbox ML

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1411002
Start date and time:	2024-03-18 14:44:52 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 58s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	15
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	22w5dN070c.exe renamed because original name is a hash value
Original Sample Name:	b2584406da7f9c66b50a4e57070b15286c92022cb337bc25392697a5a3a32043.exe
Detection:	MAL
Classification:	mal64.evad.winEXE@1/0@0/0
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 52
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target 22w5dN070c.exe, PID 5112 because there are no executed function
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: 22w5dN070c.exe

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy (8bit):	3.9030108836785145
TrID:	Win32 Executable (generic) a (10002005/4) 99.66% UPX compressed Win32 Executable (30571/9) 0.30% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	22w5dN070c.exe
File size:	505'856 bytes
MD5:	8a0e29ab0781dfa6726efdd250f07b84
SHA1:	b6f362a8ac82388e17ba0cee4a0a75d1cfbbdc23
SHA256:	b2584406da7f9c66b50a4e57070b15286c92022cb337bc25392697a5a3a32043
SHA512:	ff74adfc031811da123cbc9b806fbd719d794c3425cdde72a3a9f969d57d6da14505e357ced57ee6e8ebed77063898790c169338fa99bc49811a47418647b819
SSDEEP:	3072:/FZyqVGXvEQU+dXmEUy9rfe3kUdKSh7hKNjf7CwhqjEr8IcGN8yGBYOosqkxQqoe:d4qVG/pJZzfFs4X+LOaysAHHE
TLSH:	B3B46C10E28DC1B1D44A187574A8927653723D1817BCAAF3AFE2FF18E5B32E07C75A46
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............fr..fr..fr..n...fr..j}..fr..n/..fr.jn/..fr..fs.wfr..j-..fr..j...fr..m,..fr..j(..fr.Rich.fr.................PE..L... ?.E...

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x467a00
Entrypoint Section:	UPX1
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
DLL Characteristics:
Time Stamp:	0x45113F20 [Wed Sep 20 13:16:16 2006 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:

Entrypoint Preview

Instruction
pushad
mov esi, 00450000h
lea edi, dword ptr [esi-0004F000h]
push edi
jmp 00007FCEB0B4186Dh
nop
mov al, byte ptr [esi]
inc esi
mov byte ptr [edi], al
inc edi
add ebx, ebx
jne 00007FCEB0B41869h
mov ebx, dword ptr [esi]
sub esi, FFFFFFFCh
adc ebx, ebx
jc 00007FCEB0B4184Fh
mov eax, 00000001h
add ebx, ebx
jne 00007FCEB0B41869h
mov ebx, dword ptr [esi]
sub esi, FFFFFFFCh
adc ebx, ebx
adc eax, eax
add ebx, ebx
jnc 00007FCEB0B41851h
jne 00007FCEB0B4186Bh
mov ebx, dword ptr [esi]
sub esi, FFFFFFFCh
adc ebx, ebx
jnc 00007FCEB0B41846h
xor ecx, ecx
sub eax, 03h
jc 00007FCEB0B4186Fh
shl eax, 08h
mov al, byte ptr [esi]
inc esi
xor eax, FFFFFFFFh
je 00007FCEB0B418D6h
mov ebp, eax
add ebx, ebx
jne 00007FCEB0B41869h
mov ebx, dword ptr [esi]
sub esi, FFFFFFFCh
adc ebx, ebx
adc ecx, ecx
add ebx, ebx
jne 00007FCEB0B41869h
mov ebx, dword ptr [esi]
sub esi, FFFFFFFCh
adc ebx, ebx
adc ecx, ecx
jne 00007FCEB0B41882h
inc ecx
add ebx, ebx
jne 00007FCEB0B41869h
mov ebx, dword ptr [esi]
sub esi, FFFFFFFCh
adc ebx, ebx
adc ecx, ecx
add ebx, ebx
jnc 00007FCEB0B41851h
jne 00007FCEB0B4186Bh
mov ebx, dword ptr [esi]
sub esi, FFFFFFFCh
adc ebx, ebx
jnc 00007FCEB0B41846h
add ecx, 02h
cmp ebp, FFFFF300h
adc ecx, 01h
lea edx, dword ptr [edi+ebp]
cmp ebp, FFFFFFFCh
jbe 00007FCEB0B41871h
mov al, byte ptr [edx]
inc edx
mov byte ptr [edi], al
inc edi
dec ecx
jne 00007FCEB0B41859h
jmp 00007FCEB0B417C8h
nop
mov eax, dword ptr [edx]
add edx, 04h
mov dword ptr [edi], eax
add edi, 04h
sub ecx, 04h
jnbe 00007FCEB0B41853h
add edi, ecx
jmp 00007FCEB0B517B1h

Rich Headers

Programming Language:

[ASM] VS2003 (.NET) build 3077
[ C ] VS2003 (.NET) build 3077
[C++] VS2003 (.NET) build 3077
[RES] VS2003 (.NET) build 3077
[LNK] VS2003 (.NET) build 3077

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x9251c	0x50	.rsrc
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x68000	0x2a51c	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x67b58	0x48	UPX1
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
UPX0	0x1000	0x4f000	0x39000	03f39bdb04e53cea9ebcffcabefd62f9	False	0.4647281044407895	data	5.875829469996839	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
UPX1	0x50000	0x18000	0x17c00	f21a448d514fa644c06e4d2e81bc44ab	False	0.059590871710526315	data	1.2092416086169242	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x68000	0x2b000	0x2a800	f247249a12328543721c1fe898ed6ac1	False	0.0037396599264705884	data	0.08953683762294112	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
	0x68308	0x2c00	ISO-8859 text, with very long lines (11264), with no line terminators	English	United States	0.003018465909090909
	0x6af0c	0xf000	ISO-8859 text, with very long lines (61440), with no line terminators	English	United States	0.0013346354166666667
	0x79f10	0xa000	ISO-8859 text, with very long lines (40960), with no line terminators	English	United States	0.0015380859375
	0x83f14	0xd000	ISO-8859 text, with very long lines (53248), with no line terminators	English	United States	0.0013897235576923077
	0x90f18	0x1600	ISO-8859 text, with very long lines (5632), with no line terminators	English	United States	0.004971590909090909
RT_ICON	0x34320	0x2e8	data	English	United States	0.239247311827957
RT_ICON	0x34608	0xffffff28	data	English	United States	0.06660298714831539
RT_ICON	0x0	0x0	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	English	United States	0.34375
RT_ICON	0x0	0x0	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	English	United States	0.34375
RT_ICON	0x0	0x0	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	English	United States	0.34375
RT_ICON	0x0	0x0	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	English	United States	0.34375
RT_ICON	0x0	0x0	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	English	United States	0.34375
RT_GROUP_ICON	0x9251c	0x0	empty	English	United States	0

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

⊘No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

System Behavior

Analysis Process: 22w5dN070c.exePID: 5112, Parent PID: 2592

General

Target ID:	0
Start time:	14:45:42
Start date:	18/03/2024
Path:	C:\Users\user\Desktop\22w5dN070c.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\22w5dN070c.exe
Imagebase:	0x400000
File size:	505'856 bytes
MD5 hash:	8A0E29AB0781DFA6726EFDD250F07B84
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

Reset < >

Analysis Process: 22w5dN070c.exePID: 5112, Parent PID: 2592COMMON

Non-executed Functions

Function 00408BC0 Relevance: 300.7, APIs: 1, Strings: 170, Instructions: 1478COMMON

Download Yara Rule

Strings

1, xrefs: 00409BED
[, xrefs: 00409E97
T, xrefs: 0040A7DC
D, xrefs: 0040A7E4
&, xrefs: 0040A32F
=, xrefs: 00409CE3
}, xrefs: 00409485
c, xrefs: 00409591
H, xrefs: 004091DD
5, xrefs: 0040A646
n, xrefs: 00408EE3
=, xrefs: 0040920D
4, xrefs: 00409D95
;, xrefs: 00409CC3
$, xrefs: 00409AD2
E, xrefs: 00409CAA
p, xrefs: 0040A3C2
), xrefs: 00409D7D
;, xrefs: 0040A5BD
}, xrefs: 0040A505
b, xrefs: 00408D5B
7, xrefs: 00409C15
p, xrefs: 004093EA
f, xrefs: 0040999E
T, xrefs: 00409D6A
9, xrefs: 0040A057
}, xrefs: 0040A34F
9, xrefs: 004092A1
?, xrefs: 00408F13
., xrefs: 00409CCB
:, xrefs: 0040A80C
j, xrefs: 0040A0B1
n, xrefs: 004090CD
O, xrefs: 00409F6E
J, xrefs: 004096B6
2, xrefs: 0040A3DA
i, xrefs: 00409E0D
E, xrefs: 0040A236
y, xrefs: 004091ED
:, xrefs: 0040A3E2
K, xrefs: 00409A4B
a, xrefs: 004095A1
@, xrefs: 0040A030
d, xrefs: 0040A160
r, xrefs: 0040A860
F, xrefs: 0040A63E
s, xrefs: 00409030
Z, xrefs: 00409E9F
!, xrefs: 0040A565
E, xrefs: 0040A03F
g, xrefs: 0040A0A9
C, xrefs: 00409F76
., xrefs: 00409F96
V, xrefs: 00409F66
d, xrefs: 0040A878
[, xrefs: 004099BE
', xrefs: 004093E2
n, xrefs: 00409D85
`, xrefs: 0040A68E
&, xrefs: 004095A9
3, xrefs: 00409986
", xrefs: 0040AA3D
{, xrefs: 0040AA4F
\, xrefs: 0040A03A
i, xrefs: 004096CE
L, xrefs: 0040AA35
Z, xrefs: 0040AA1E
I, xrefs: 00409A8B
9, xrefs: 0040A1D2
c, xrefs: 0040A98F
s, xrefs: 0040A804
a, xrefs: 004090DD
8, xrefs: 0040991F
_, xrefs: 00409B95
+, xrefs: 0040A83C
>, xrefs: 0040981D
", xrefs: 0040A047
Z, xrefs: 00409CEB
q, xrefs: 00409AF3
h, xrefs: 0040A69E
6, xrefs: 00409A5B
K, xrefs: 00409C05
2, xrefs: 00408F0B
I, xrefs: 0040A58D
., xrefs: 00409FA0
u, xrefs: 004090D5
5, xrefs: 0040961C
o, xrefs: 004098F0
3, xrefs: 00409CD3
}, xrefs: 0040939E
x, xrefs: 00408DE6
j, xrefs: 00409624
;, xrefs: 0040A62E
$, xrefs: 0040A7EC
u, xrefs: 0040A880
/, xrefs: 004098DE
(, xrefs: 00408F8C
<, xrefs: 00409739
#, xrefs: 00409E1D
J, xrefs: 0040AA4A
/, xrefs: 00408D53
G, xrefs: 0040997E
E, xrefs: 00408DD6
), xrefs: 0040A8BB
\, xrefs: 0040931E
_, xrefs: 00409475
N, xrefs: 0040906F
H, xrefs: 00408F9C
l, xrefs: 0040998E
F, xrefs: 00409048
d, xrefs: 0040A96F
7, xrefs: 0040A5C5
q, xrefs: 00409BAD
B, xrefs: 00409F86
?, xrefs: 0040A555
4, xrefs: 00409CDB
g, xrefs: 004096A6
K, xrefs: 00409EA7
{, xrefs: 0040A170
], xrefs: 0040A97F
5, xrefs: 00409C8B
H, xrefs: 0040A0A1
#, xrefs: 0040A626
*, xrefs: 00409B03
[, xrefs: 0040A1F2
L, xrefs: 0040A04F
P, xrefs: 0040A766
t, xrefs: 00409E87
P, xrefs: 0040A64E
%, xrefs: 004090C5
!, xrefs: 004091CD
l, xrefs: 0040A987
-, xrefs: 0040992F
o, xrefs: 0040A870
*, xrefs: 0040A5A5
, xrefs: 0040A4FD
I, xrefs: 0040A834
_, xrefs: 0040A814
4, xrefs: 00409465
-, xrefs: 0040A33F
_, xrefs: 0040A61E
O, xrefs: 0040A5D5
Z, xrefs: 00408E76
_, xrefs: 00409AAB
E, xrefs: 004091E5
%, xrefs: 00409A43
K, xrefs: 00409F8E
E, xrefs: 0040AA59
N, xrefs: 004093FA
4, xrefs: 0040AA23
$, xrefs: 0040913C
e, xrefs: 00409AFB
>, xrefs: 00409134
z, xrefs: 00408DDE
), xrefs: 0040980D
t, xrefs: 0040A858
^, xrefs: 00409F7E
^, xrefs: 0040A595
o, xrefs: 004098E6
d, xrefs: 0040A868
', xrefs: 0040A844
-, xrefs: 00409706
&, xrefs: 0040A51D
W, xrefs: 00409050
Z, xrefs: 00409D00
V, xrefs: 0040A75E
s, xrefs: 0040901F
I, xrefs: 0040990F
U, xrefs: 00408DEE
<, xrefs: 00409A73

Memory Dump Source

Source File: 00000000.00000002.2498990034.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2498952853.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000434000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000465000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_22w5dN070c.jbxd

Similarity

API ID:
String ID: $!$!$"$"$#$#$$$$$$$%$%$&$&$&$'$'$($)$)$)$*$*$+$-$-$-$.$.$.$/$/$1$2$2$3$3$4$4$4$4$5$5$5$6$7$7$8$9$9$9$:$:$;$;$;$<$<$=$=$>$>$?$?$@$B$C$D$E$E$E$E$E$E$F$F$G$H$H$H$I$I$I$I$J$J$K$K$K$K$L$L$N$N$O$O$P$P$T$T$U$V$V$W$Z$Z$Z$Z$Z$[$[$[$\$\$]$^$^$_$_$_$_$_$`$a$a$b$c$c$d$d$d$d$e$f$g$g$h$i$i$j$j$l$l$n$n$n$o$o$o$p$p$q$q$r$s$s$s$t$t$u$u$x$y$z${${$}$}$}$}
API String ID: 0-319044234
Opcode ID: 27c5dd9ed91e9f4222842ece239cd7dae53f77e9feb70b9b7829357a5d2bca59
Instruction ID: 112317c9313a74c9b12a8399abeb6d4382841cb44c361794d62521e76ea744b4
Opcode Fuzzy Hash: 27c5dd9ed91e9f4222842ece239cd7dae53f77e9feb70b9b7829357a5d2bca59
Instruction Fuzzy Hash: 1513B12000C7C29AD332C63898587DFBED55BA7328F588BADD1ED4A2D2D775020AD767

Uniqueness

Uniqueness Score: -1.00%

Function 00409119 Relevance: 187.4, Strings: 149, Instructions: 1189COMMON

Download Yara Rule

Strings

1, xrefs: 00409BED
[, xrefs: 00409E97
T, xrefs: 0040A7DC
D, xrefs: 0040A7E4
&, xrefs: 0040A32F
=, xrefs: 00409CE3
}, xrefs: 00409485
c, xrefs: 00409591
H, xrefs: 004091DD
5, xrefs: 0040A646
=, xrefs: 0040920D
4, xrefs: 00409D95
;, xrefs: 00409CC3
$, xrefs: 00409AD2
E, xrefs: 00409CAA
p, xrefs: 0040A3C2
), xrefs: 00409D7D
;, xrefs: 0040A5BD
}, xrefs: 0040A505
7, xrefs: 00409C15
p, xrefs: 004093EA
f, xrefs: 0040999E
T, xrefs: 00409D6A
9, xrefs: 0040A057
}, xrefs: 0040A34F
9, xrefs: 004092A1
., xrefs: 00409CCB
:, xrefs: 0040A80C
j, xrefs: 0040A0B1
O, xrefs: 00409F6E
J, xrefs: 004096B6
2, xrefs: 0040A3DA
i, xrefs: 00409E0D
E, xrefs: 0040A236
y, xrefs: 004091ED
:, xrefs: 0040A3E2
K, xrefs: 00409A4B
a, xrefs: 004095A1
@, xrefs: 0040A030
d, xrefs: 0040A160
r, xrefs: 0040A860
F, xrefs: 0040A63E
Z, xrefs: 00409E9F
!, xrefs: 0040A565
E, xrefs: 0040A03F
g, xrefs: 0040A0A9
C, xrefs: 00409F76
., xrefs: 00409F96
V, xrefs: 00409F66
d, xrefs: 0040A878
[, xrefs: 004099BE
', xrefs: 004093E2
n, xrefs: 00409D85
`, xrefs: 0040A68E
&, xrefs: 004095A9
3, xrefs: 00409986
", xrefs: 0040AA3D
{, xrefs: 0040AA4F
\, xrefs: 0040A03A
i, xrefs: 004096CE
L, xrefs: 0040AA35
Z, xrefs: 0040AA1E
I, xrefs: 00409A8B
9, xrefs: 0040A1D2
c, xrefs: 0040A98F
s, xrefs: 0040A804
8, xrefs: 0040991F
_, xrefs: 00409B95
+, xrefs: 0040A83C
>, xrefs: 0040981D
", xrefs: 0040A047
Z, xrefs: 00409CEB
q, xrefs: 00409AF3
h, xrefs: 0040A69E
6, xrefs: 00409A5B
K, xrefs: 00409C05
I, xrefs: 0040A58D
., xrefs: 00409FA0
5, xrefs: 0040961C
o, xrefs: 004098F0
3, xrefs: 00409CD3
}, xrefs: 0040939E
j, xrefs: 00409624
;, xrefs: 0040A62E
$, xrefs: 0040A7EC
u, xrefs: 0040A880
/, xrefs: 004098DE
<, xrefs: 00409739
#, xrefs: 00409E1D
J, xrefs: 0040AA4A
G, xrefs: 0040997E
), xrefs: 0040A8BB
\, xrefs: 0040931E
_, xrefs: 00409475
l, xrefs: 0040998E
d, xrefs: 0040A96F
7, xrefs: 0040A5C5
q, xrefs: 00409BAD
B, xrefs: 00409F86
?, xrefs: 0040A555
4, xrefs: 00409CDB
g, xrefs: 004096A6
K, xrefs: 00409EA7
{, xrefs: 0040A170
], xrefs: 0040A97F
5, xrefs: 00409C8B
H, xrefs: 0040A0A1
#, xrefs: 0040A626
*, xrefs: 00409B03
[, xrefs: 0040A1F2
L, xrefs: 0040A04F
P, xrefs: 0040A766
t, xrefs: 00409E87
P, xrefs: 0040A64E
!, xrefs: 004091CD
l, xrefs: 0040A987
-, xrefs: 0040992F
o, xrefs: 0040A870
*, xrefs: 0040A5A5
, xrefs: 0040A4FD
I, xrefs: 0040A834
_, xrefs: 0040A814
4, xrefs: 00409465
-, xrefs: 0040A33F
_, xrefs: 0040A61E
O, xrefs: 0040A5D5
_, xrefs: 00409AAB
E, xrefs: 004091E5
%, xrefs: 00409A43
K, xrefs: 00409F8E
E, xrefs: 0040AA59
N, xrefs: 004093FA
4, xrefs: 0040AA23
$, xrefs: 0040913C
e, xrefs: 00409AFB
>, xrefs: 00409134
), xrefs: 0040980D
t, xrefs: 0040A858
^, xrefs: 00409F7E
^, xrefs: 0040A595
o, xrefs: 004098E6
d, xrefs: 0040A868
', xrefs: 0040A844
-, xrefs: 00409706
&, xrefs: 0040A51D
Z, xrefs: 00409D00
V, xrefs: 0040A75E
I, xrefs: 0040990F
<, xrefs: 00409A73

Memory Dump Source

Source File: 00000000.00000002.2498990034.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2498952853.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000434000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000465000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_22w5dN070c.jbxd

Similarity

API ID:
String ID: $!$!$"$"$#$#$$$$$$$%$&$&$&$'$'$)$)$)$*$*$+$-$-$-$.$.$.$/$1$2$3$3$4$4$4$4$5$5$5$6$7$7$8$9$9$9$:$:$;$;$;$<$<$=$=$>$>$?$@$B$C$D$E$E$E$E$E$F$G$H$H$I$I$I$I$J$J$K$K$K$K$L$L$N$O$O$P$P$T$T$V$V$Z$Z$Z$Z$[$[$[$\$\$]$^$^$_$_$_$_$_$`$a$c$c$d$d$d$d$e$f$g$g$h$i$i$j$j$l$l$n$o$o$o$p$p$q$q$r$s$t$t$u$y${${$}$}$}$}
API String ID: 0-2726720408
Opcode ID: c065fbb0a727f79b31f0768105665834e8a4b9922ee366cc8f58d9ceddc7ba13
Instruction ID: c0d7f1d9a2f8d6b118605d4ad9cba7deefa6b9821a418fff6e8ca7fff8a3d635
Opcode Fuzzy Hash: c065fbb0a727f79b31f0768105665834e8a4b9922ee366cc8f58d9ceddc7ba13
Instruction Fuzzy Hash: 2CF2AF2000C7C299D332C63898587DFBFD55BA7328F588BADD1ED4A2E2D675020AD767

Uniqueness

Uniqueness Score: -1.00%

Function 0040EDE0 Relevance: 187.0, Strings: 149, Instructions: 703COMMON

Download Yara Rule

Strings

r, xrefs: 0040F9A0
b, xrefs: 0040EED9
i, xrefs: 0040F9A8
r, xrefs: 0040EE1F
herej, xrefs: 0040FC78
i, xrefs: 0040F72C
e, xrefs: 0040EF10
r, xrefs: 0040F7A2
e, xrefs: 0040F34F
i, xrefs: 0040F67B
h, xrefs: 0040F5E5
3, xrefs: 0040F0B0
l, xrefs: 0040F6C4
e, xrefs: 0040EEC0
w, xrefs: 0040F500
g, xrefs: 0040F9B0
>, xrefs: 0040F2D7
o, xrefs: 0040EED1
6, xrefs: 0040F2DF
n, xrefs: 0040F94A
o, xrefs: 0040F792
s, xrefs: 0040F605
h, xrefs: 0040F508
n, xrefs: 0040FD61
k, xrefs: 0040F971
`, xrefs: 0040F6B4
s, xrefs: 0040FD79
7, xrefs: 0040F65B
l, xrefs: 0040F865
n, xrefs: 0040FB45
s, xrefs: 0040EE07
d, xrefs: 0040FB5C
l, xrefs: 0040FD42
g, xrefs: 0040FB25
m, xrefs: 0040F6E4
a, xrefs: 0040F64C
e, xrefs: 0040F7C2
p, xrefs: 0040F5FD
gibor, xrefs: 0040FE9D
c, xrefs: 0040F63C
g, xrefs: 0040F913
d, xrefs: 0040F79A
a, xrefs: 0040F85D
r, xrefs: 0040FDA8
d, xrefs: 0040FA0E
l, xrefs: 0040F842
z, xrefs: 0040FD52
e, xrefs: 0040F84C
J, xrefs: 0040F196
o, xrefs: 0040F71C
r, xrefs: 0040F714
a, xrefs: 0040F942
o, xrefs: 0040F298
r, xrefs: 0040F932
r, xrefs: 0040F2A8
agy, xrefs: 0040FE18
e, xrefs: 0040F3BE
eroon, xrefs: 0040FCD5
r, xrefs: 0040EEC9
e, xrefs: 0040F875
n, xrefs: 0040F981
e, xrefs: 0040F847
b, xrefs: 0040F724
m, xrefs: 0040F5F5
w, xrefs: 0040F855
n, xrefs: 0040FD89
g, xrefs: 0040F624
e, xrefs: 0040FB35
e, xrefs: 0040FD4A
e, xrefs: 0040EF00
c, xrefs: 0040EF3F
], xrefs: 0040F7F9
6, xrefs: 0040F663
g, xrefs: 0040F989
o, xrefs: 0040F367
o, xrefs: 0040F8FB
n, xrefs: 0040F8E4
r, xrefs: 0040FDC0
5, xrefs: 0040FA06
l, xrefs: 0040FD71
d, xrefs: 0040F347
a, xrefs: 0040FB54
y, xrefs: 0040F8F3
e, xrefs: 0040F92A
p, xrefs: 0040F39E
r, xrefs: 0040F78A
o, xrefs: 0040F60D
u, xrefs: 0040F7BA
n, xrefs: 0040F33F
l, xrefs: 0040F801
i, xrefs: 0040F510
q, xrefs: 0040F2E7
a, xrefs: 0040F62C
s, xrefs: 0040F557
e, xrefs: 0040F8CB
i, xrefs: 0040F979
o, xrefs: 0040F5ED
h, xrefs: 0040FA53
r, xrefs: 0040FB2D
b, xrefs: 0040F3CE
t, xrefs: 0040F518
e, xrefs: 0040F95A
B, xrefs: 0040F5CE
e, xrefs: 0040FB3D
z, xrefs: 0040F7CA
r, xrefs: 0040F6F4
e, xrefs: 0040F520
h, xrefs: 0040F922
j, xrefs: 0040EEF8
d, xrefs: 0040F952
r, xrefs: 0040F357
j, xrefs: 0040EEB6
u, xrefs: 0040F903
r, xrefs: 0040EF08
t, xrefs: 0040FDB0
H, xrefs: 0040F069
o, xrefs: 0040FD81
k, xrefs: 0040F86D
n, xrefs: 0040F93A
e, xrefs: 0040FD69
i, xrefs: 0040F7AA
n, xrefs: 0040F90B
h, xrefs: 0040F596
h, xrefs: 0040F9B8
>, xrefs: 0040FA5B
o, xrefs: 0040EEBB
r, xrefs: 0040F87D
s, xrefs: 0040FB74
k, xrefs: 0040EE0F
t, xrefs: 0040F5DD
i, xrefs: 0040F644
#, xrefs: 0040FA1E
n, xrefs: 0040F615
n, xrefs: 0040F36F
o, xrefs: 0040F2A0
m, xrefs: 0040FB6C
s, xrefs: 0040F35F
a, xrefs: 0040FB64
g, xrefs: 0040F7B2
w, xrefs: 0040F998
z, xrefs: 0040F962
lybor, xrefs: 0040FC6D
c, xrefs: 0040FD98
t, xrefs: 0040F9C0
e, xrefs: 0040FDB8
a, xrefs: 0040F337
y, xrefs: 0040EEE1
r, xrefs: 0040F634
a, xrefs: 0040FDA0

Memory Dump Source

Source File: 00000000.00000002.2498990034.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2498952853.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000434000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000465000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_22w5dN070c.jbxd

Similarity

API ID:
String ID: #$3$5$6$6$7$>$>$B$H$J$]$`$a$a$a$a$a$a$a$a$agy$b$b$b$c$c$c$d$d$d$d$d$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$eroon$g$g$g$g$g$g$gibor$h$h$h$h$h$h$herej$i$i$i$i$i$i$i$j$j$k$k$k$l$l$l$l$l$l$lybor$m$m$m$n$n$n$n$n$n$n$n$n$n$n$o$o$o$o$o$o$o$o$o$o$o$p$p$q$r$r$r$r$r$r$r$r$r$r$r$r$r$r$r$r$s$s$s$s$s$s$t$t$t$t$u$u$w$w$w$y$y$z$z$z
API String ID: 0-1715107583
Opcode ID: aea5ebc48b3bc7d7b6a86dcf904a2cd64dab5097f1304f19a11461aa15ae1b22
Instruction ID: c31594d21701e52a224cdcfe6db95929ccafb1db7881ef4c4193a4b74e5cc1ed
Opcode Fuzzy Hash: aea5ebc48b3bc7d7b6a86dcf904a2cd64dab5097f1304f19a11461aa15ae1b22
Instruction Fuzzy Hash: 5EA2AE2450D7C189E332C72884587DFBFD25BA6718F488E9EC4ED1B292C6BA0259C777

Uniqueness

Uniqueness Score: -1.00%

Function 004091A7 Relevance: 184.9, Strings: 147, Instructions: 1169COMMON

Download Yara Rule

Strings

1, xrefs: 00409BED
[, xrefs: 00409E97
T, xrefs: 0040A7DC
D, xrefs: 0040A7E4
&, xrefs: 0040A32F
=, xrefs: 00409CE3
}, xrefs: 00409485
c, xrefs: 00409591
H, xrefs: 004091DD
5, xrefs: 0040A646
=, xrefs: 0040920D
4, xrefs: 00409D95
;, xrefs: 00409CC3
$, xrefs: 00409AD2
E, xrefs: 00409CAA
p, xrefs: 0040A3C2
), xrefs: 00409D7D
;, xrefs: 0040A5BD
}, xrefs: 0040A505
7, xrefs: 00409C15
p, xrefs: 004093EA
f, xrefs: 0040999E
T, xrefs: 00409D6A
9, xrefs: 0040A057
}, xrefs: 0040A34F
9, xrefs: 004092A1
., xrefs: 00409CCB
:, xrefs: 0040A80C
j, xrefs: 0040A0B1
O, xrefs: 00409F6E
J, xrefs: 004096B6
2, xrefs: 0040A3DA
i, xrefs: 00409E0D
E, xrefs: 0040A236
y, xrefs: 004091ED
:, xrefs: 0040A3E2
K, xrefs: 00409A4B
a, xrefs: 004095A1
@, xrefs: 0040A030
d, xrefs: 0040A160
r, xrefs: 0040A860
F, xrefs: 0040A63E
Z, xrefs: 00409E9F
!, xrefs: 0040A565
E, xrefs: 0040A03F
g, xrefs: 0040A0A9
C, xrefs: 00409F76
., xrefs: 00409F96
V, xrefs: 00409F66
d, xrefs: 0040A878
[, xrefs: 004099BE
', xrefs: 004093E2
n, xrefs: 00409D85
`, xrefs: 0040A68E
&, xrefs: 004095A9
3, xrefs: 00409986
", xrefs: 0040AA3D
{, xrefs: 0040AA4F
\, xrefs: 0040A03A
i, xrefs: 004096CE
L, xrefs: 0040AA35
Z, xrefs: 0040AA1E
I, xrefs: 00409A8B
9, xrefs: 0040A1D2
c, xrefs: 0040A98F
s, xrefs: 0040A804
8, xrefs: 0040991F
_, xrefs: 00409B95
+, xrefs: 0040A83C
>, xrefs: 0040981D
", xrefs: 0040A047
Z, xrefs: 00409CEB
q, xrefs: 00409AF3
h, xrefs: 0040A69E
6, xrefs: 00409A5B
K, xrefs: 00409C05
I, xrefs: 0040A58D
., xrefs: 00409FA0
5, xrefs: 0040961C
o, xrefs: 004098F0
3, xrefs: 00409CD3
}, xrefs: 0040939E
j, xrefs: 00409624
;, xrefs: 0040A62E
$, xrefs: 0040A7EC
u, xrefs: 0040A880
/, xrefs: 004098DE
<, xrefs: 00409739
#, xrefs: 00409E1D
J, xrefs: 0040AA4A
G, xrefs: 0040997E
), xrefs: 0040A8BB
\, xrefs: 0040931E
_, xrefs: 00409475
l, xrefs: 0040998E
d, xrefs: 0040A96F
7, xrefs: 0040A5C5
q, xrefs: 00409BAD
B, xrefs: 00409F86
?, xrefs: 0040A555
4, xrefs: 00409CDB
g, xrefs: 004096A6
K, xrefs: 00409EA7
{, xrefs: 0040A170
], xrefs: 0040A97F
5, xrefs: 00409C8B
H, xrefs: 0040A0A1
#, xrefs: 0040A626
*, xrefs: 00409B03
[, xrefs: 0040A1F2
L, xrefs: 0040A04F
P, xrefs: 0040A766
t, xrefs: 00409E87
P, xrefs: 0040A64E
!, xrefs: 004091CD
l, xrefs: 0040A987
-, xrefs: 0040992F
o, xrefs: 0040A870
*, xrefs: 0040A5A5
, xrefs: 0040A4FD
I, xrefs: 0040A834
_, xrefs: 0040A814
4, xrefs: 00409465
-, xrefs: 0040A33F
_, xrefs: 0040A61E
O, xrefs: 0040A5D5
_, xrefs: 00409AAB
E, xrefs: 004091E5
%, xrefs: 00409A43
K, xrefs: 00409F8E
E, xrefs: 0040AA59
N, xrefs: 004093FA
4, xrefs: 0040AA23
e, xrefs: 00409AFB
), xrefs: 0040980D
t, xrefs: 0040A858
^, xrefs: 00409F7E
^, xrefs: 0040A595
o, xrefs: 004098E6
d, xrefs: 0040A868
', xrefs: 0040A844
-, xrefs: 00409706
&, xrefs: 0040A51D
Z, xrefs: 00409D00
V, xrefs: 0040A75E
I, xrefs: 0040990F
<, xrefs: 00409A73

Memory Dump Source

Source File: 00000000.00000002.2498990034.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2498952853.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000434000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000465000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_22w5dN070c.jbxd

Similarity

API ID:
String ID: $!$!$"$"$#$#$$$$$%$&$&$&$'$'$)$)$)$*$*$+$-$-$-$.$.$.$/$1$2$3$3$4$4$4$4$5$5$5$6$7$7$8$9$9$9$:$:$;$;$;$<$<$=$=$>$?$@$B$C$D$E$E$E$E$E$F$G$H$H$I$I$I$I$J$J$K$K$K$K$L$L$N$O$O$P$P$T$T$V$V$Z$Z$Z$Z$[$[$[$\$\$]$^$^$_$_$_$_$_$`$a$c$c$d$d$d$d$e$f$g$g$h$i$i$j$j$l$l$n$o$o$o$p$p$q$q$r$s$t$t$u$y${${$}$}$}$}
API String ID: 0-3452857728
Opcode ID: c0493743623b1349e292038f1bc0b74baf74390ee465781465d945827377ec9c
Instruction ID: f89c03aa277b30708e93470f35b2be22918357344e2688cb743a074f04aa4e51
Opcode Fuzzy Hash: c0493743623b1349e292038f1bc0b74baf74390ee465781465d945827377ec9c
Instruction Fuzzy Hash: 5AF2AF2000C7C299D332C63898587DFBFD55BA7328F588BADD1ED4A2E2D675020AD767

Uniqueness

Uniqueness Score: -1.00%

Function 00409436 Relevance: 171.1, Strings: 136, Instructions: 1070COMMON

Download Yara Rule

Strings

1, xrefs: 00409BED
[, xrefs: 00409E97
T, xrefs: 0040A7DC
D, xrefs: 0040A7E4
&, xrefs: 0040A32F
=, xrefs: 00409CE3
}, xrefs: 00409485
c, xrefs: 00409591
5, xrefs: 0040A646
4, xrefs: 00409D95
;, xrefs: 00409CC3
$, xrefs: 00409AD2
E, xrefs: 00409CAA
p, xrefs: 0040A3C2
), xrefs: 00409D7D
;, xrefs: 0040A5BD
}, xrefs: 0040A505
7, xrefs: 00409C15
f, xrefs: 0040999E
T, xrefs: 00409D6A
9, xrefs: 0040A057
}, xrefs: 0040A34F
., xrefs: 00409CCB
:, xrefs: 0040A80C
j, xrefs: 0040A0B1
O, xrefs: 00409F6E
J, xrefs: 004096B6
2, xrefs: 0040A3DA
i, xrefs: 00409E0D
E, xrefs: 0040A236
:, xrefs: 0040A3E2
K, xrefs: 00409A4B
a, xrefs: 004095A1
@, xrefs: 0040A030
d, xrefs: 0040A160
r, xrefs: 0040A860
F, xrefs: 0040A63E
Z, xrefs: 00409E9F
!, xrefs: 0040A565
E, xrefs: 0040A03F
g, xrefs: 0040A0A9
C, xrefs: 00409F76
., xrefs: 00409F96
V, xrefs: 00409F66
d, xrefs: 0040A878
[, xrefs: 004099BE
n, xrefs: 00409D85
`, xrefs: 0040A68E
&, xrefs: 004095A9
3, xrefs: 00409986
", xrefs: 0040AA3D
{, xrefs: 0040AA4F
\, xrefs: 0040A03A
i, xrefs: 004096CE
L, xrefs: 0040AA35
Z, xrefs: 0040AA1E
I, xrefs: 00409A8B
9, xrefs: 0040A1D2
c, xrefs: 0040A98F
s, xrefs: 0040A804
8, xrefs: 0040991F
_, xrefs: 00409B95
+, xrefs: 0040A83C
>, xrefs: 0040981D
", xrefs: 0040A047
Z, xrefs: 00409CEB
q, xrefs: 00409AF3
h, xrefs: 0040A69E
6, xrefs: 00409A5B
K, xrefs: 00409C05
I, xrefs: 0040A58D
., xrefs: 00409FA0
5, xrefs: 0040961C
o, xrefs: 004098F0
3, xrefs: 00409CD3
j, xrefs: 00409624
;, xrefs: 0040A62E
$, xrefs: 0040A7EC
u, xrefs: 0040A880
/, xrefs: 004098DE
<, xrefs: 00409739
#, xrefs: 00409E1D
J, xrefs: 0040AA4A
G, xrefs: 0040997E
), xrefs: 0040A8BB
_, xrefs: 00409475
l, xrefs: 0040998E
d, xrefs: 0040A96F
7, xrefs: 0040A5C5
q, xrefs: 00409BAD
B, xrefs: 00409F86
?, xrefs: 0040A555
4, xrefs: 00409CDB
g, xrefs: 004096A6
K, xrefs: 00409EA7
{, xrefs: 0040A170
], xrefs: 0040A97F
5, xrefs: 00409C8B
H, xrefs: 0040A0A1
#, xrefs: 0040A626
*, xrefs: 00409B03
[, xrefs: 0040A1F2
L, xrefs: 0040A04F
P, xrefs: 0040A766
t, xrefs: 00409E87
P, xrefs: 0040A64E
l, xrefs: 0040A987
-, xrefs: 0040992F
o, xrefs: 0040A870
*, xrefs: 0040A5A5
, xrefs: 0040A4FD
I, xrefs: 0040A834
_, xrefs: 0040A814
4, xrefs: 00409465
-, xrefs: 0040A33F
_, xrefs: 0040A61E
O, xrefs: 0040A5D5
_, xrefs: 00409AAB
%, xrefs: 00409A43
K, xrefs: 00409F8E
E, xrefs: 0040AA59
4, xrefs: 0040AA23
e, xrefs: 00409AFB
), xrefs: 0040980D
t, xrefs: 0040A858
^, xrefs: 00409F7E
^, xrefs: 0040A595
o, xrefs: 004098E6
d, xrefs: 0040A868
', xrefs: 0040A844
-, xrefs: 00409706
&, xrefs: 0040A51D
Z, xrefs: 00409D00
V, xrefs: 0040A75E
I, xrefs: 0040990F
<, xrefs: 00409A73

Memory Dump Source

Source File: 00000000.00000002.2498990034.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2498952853.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000434000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000465000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_22w5dN070c.jbxd

Similarity

API ID:
String ID: $!$"$"$#$#$$$$$%$&$&$&$'$)$)$)$*$*$+$-$-$-$.$.$.$/$1$2$3$3$4$4$4$4$5$5$5$6$7$7$8$9$9$:$:$;$;$;$<$<$=$>$?$@$B$C$D$E$E$E$E$F$G$H$I$I$I$I$J$J$K$K$K$K$L$L$O$O$P$P$T$T$V$V$Z$Z$Z$Z$[$[$[$\$]$^$^$_$_$_$_$_$`$a$c$c$d$d$d$d$e$f$g$g$h$i$i$j$j$l$l$n$o$o$o$p$q$q$r$s$t$t$u${${$}$}$}
API String ID: 0-3297533030
Opcode ID: f0bb9872303fdffae77e403bc1c89850f62179b3f1beb5c6c6c7327c82a972ef
Instruction ID: 082fff56f21fc62f50753e24676e63cce44abcfe45e5a024b0e2de527967505b
Opcode Fuzzy Hash: f0bb9872303fdffae77e403bc1c89850f62179b3f1beb5c6c6c7327c82a972ef
Instruction Fuzzy Hash: 08E2A02000C7C299D332C63898587DFBFD55BA7328F588BADD1ED4A2E2D675020AD767

Uniqueness

Uniqueness Score: -1.00%

Function 0040EF78 Relevance: 168.1, Strings: 134, Instructions: 635COMMON

Download Yara Rule

Strings

r, xrefs: 0040F9A0
i, xrefs: 0040F9A8
herej, xrefs: 0040FC78
i, xrefs: 0040F72C
r, xrefs: 0040F7A2
e, xrefs: 0040F34F
i, xrefs: 0040F67B
h, xrefs: 0040F5E5
3, xrefs: 0040F0B0
l, xrefs: 0040F6C4
w, xrefs: 0040F500
g, xrefs: 0040F9B0
>, xrefs: 0040F2D7
6, xrefs: 0040F2DF
n, xrefs: 0040F94A
o, xrefs: 0040F792
s, xrefs: 0040F605
h, xrefs: 0040F508
n, xrefs: 0040FD61
k, xrefs: 0040F971
`, xrefs: 0040F6B4
s, xrefs: 0040FD79
7, xrefs: 0040F65B
l, xrefs: 0040F865
n, xrefs: 0040FB45
d, xrefs: 0040FB5C
l, xrefs: 0040FD42
g, xrefs: 0040FB25
m, xrefs: 0040F6E4
a, xrefs: 0040F64C
e, xrefs: 0040F7C2
p, xrefs: 0040F5FD
gibor, xrefs: 0040FE9D
c, xrefs: 0040F63C
g, xrefs: 0040F913
d, xrefs: 0040F79A
a, xrefs: 0040F85D
r, xrefs: 0040FDA8
d, xrefs: 0040FA0E
l, xrefs: 0040F842
z, xrefs: 0040FD52
e, xrefs: 0040F84C
J, xrefs: 0040F196
o, xrefs: 0040F71C
r, xrefs: 0040F714
a, xrefs: 0040F942
o, xrefs: 0040F298
r, xrefs: 0040F932
r, xrefs: 0040F2A8
agy, xrefs: 0040FE18
e, xrefs: 0040F3BE
eroon, xrefs: 0040FCD5
e, xrefs: 0040F875
n, xrefs: 0040F981
e, xrefs: 0040F847
b, xrefs: 0040F724
m, xrefs: 0040F5F5
w, xrefs: 0040F855
n, xrefs: 0040FD89
g, xrefs: 0040F624
e, xrefs: 0040FB35
e, xrefs: 0040FD4A
], xrefs: 0040F7F9
6, xrefs: 0040F663
g, xrefs: 0040F989
o, xrefs: 0040F367
o, xrefs: 0040F8FB
n, xrefs: 0040F8E4
r, xrefs: 0040FDC0
5, xrefs: 0040FA06
l, xrefs: 0040FD71
d, xrefs: 0040F347
a, xrefs: 0040FB54
y, xrefs: 0040F8F3
e, xrefs: 0040F92A
p, xrefs: 0040F39E
r, xrefs: 0040F78A
o, xrefs: 0040F60D
u, xrefs: 0040F7BA
n, xrefs: 0040F33F
l, xrefs: 0040F801
i, xrefs: 0040F510
q, xrefs: 0040F2E7
a, xrefs: 0040F62C
s, xrefs: 0040F557
e, xrefs: 0040F8CB
i, xrefs: 0040F979
o, xrefs: 0040F5ED
h, xrefs: 0040FA53
r, xrefs: 0040FB2D
b, xrefs: 0040F3CE
t, xrefs: 0040F518
e, xrefs: 0040F95A
B, xrefs: 0040F5CE
e, xrefs: 0040FB3D
z, xrefs: 0040F7CA
r, xrefs: 0040F6F4
e, xrefs: 0040F520
h, xrefs: 0040F922
d, xrefs: 0040F952
r, xrefs: 0040F357
u, xrefs: 0040F903
t, xrefs: 0040FDB0
H, xrefs: 0040F069
o, xrefs: 0040FD81
k, xrefs: 0040F86D
n, xrefs: 0040F93A
e, xrefs: 0040FD69
i, xrefs: 0040F7AA
n, xrefs: 0040F90B
h, xrefs: 0040F596
h, xrefs: 0040F9B8
>, xrefs: 0040FA5B
r, xrefs: 0040F87D
s, xrefs: 0040FB74
t, xrefs: 0040F5DD
i, xrefs: 0040F644
#, xrefs: 0040FA1E
n, xrefs: 0040F615
n, xrefs: 0040F36F
o, xrefs: 0040F2A0
m, xrefs: 0040FB6C
s, xrefs: 0040F35F
a, xrefs: 0040FB64
g, xrefs: 0040F7B2
w, xrefs: 0040F998
z, xrefs: 0040F962
lybor, xrefs: 0040FC6D
c, xrefs: 0040FD98
t, xrefs: 0040F9C0
e, xrefs: 0040FDB8
a, xrefs: 0040F337
r, xrefs: 0040F634
a, xrefs: 0040FDA0

Memory Dump Source

Source File: 00000000.00000002.2498990034.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2498952853.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000434000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000465000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_22w5dN070c.jbxd

Similarity

API ID:
String ID: #$3$5$6$6$7$>$>$B$H$J$]$`$a$a$a$a$a$a$a$a$agy$b$b$c$c$d$d$d$d$d$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$eroon$g$g$g$g$g$g$gibor$h$h$h$h$h$h$herej$i$i$i$i$i$i$i$k$k$l$l$l$l$l$l$lybor$m$m$m$n$n$n$n$n$n$n$n$n$n$n$o$o$o$o$o$o$o$o$o$p$p$q$r$r$r$r$r$r$r$r$r$r$r$r$r$s$s$s$s$s$t$t$t$t$u$u$w$w$w$y$z$z$z
API String ID: 0-1627083639
Opcode ID: 14858246a36da1c35253a31e0b9de006e50fb5eb430f8612f75d8495fbd4656f
Instruction ID: 897faa67981242d41c61dfb40b62df43763f7642aa4407e7da9ffeee02b4687e
Opcode Fuzzy Hash: 14858246a36da1c35253a31e0b9de006e50fb5eb430f8612f75d8495fbd4656f
Instruction Fuzzy Hash: 36929F2400D7C189E332C72884587DFBFD25BA6718F488E9ED4ED1B292C6BA0159C767

Uniqueness

Uniqueness Score: -1.00%

Function 0040F0E9 Relevance: 165.6, Strings: 132, Instructions: 572COMMON

Download Yara Rule

Strings

r, xrefs: 0040F9A0
i, xrefs: 0040F9A8
herej, xrefs: 0040FC78
i, xrefs: 0040F72C
r, xrefs: 0040F7A2
e, xrefs: 0040F34F
i, xrefs: 0040F67B
h, xrefs: 0040F5E5
l, xrefs: 0040F6C4
w, xrefs: 0040F500
g, xrefs: 0040F9B0
>, xrefs: 0040F2D7
6, xrefs: 0040F2DF
n, xrefs: 0040F94A
o, xrefs: 0040F792
s, xrefs: 0040F605
h, xrefs: 0040F508
n, xrefs: 0040FD61
k, xrefs: 0040F971
`, xrefs: 0040F6B4
s, xrefs: 0040FD79
7, xrefs: 0040F65B
l, xrefs: 0040F865
n, xrefs: 0040FB45
d, xrefs: 0040FB5C
l, xrefs: 0040FD42
g, xrefs: 0040FB25
m, xrefs: 0040F6E4
a, xrefs: 0040F64C
e, xrefs: 0040F7C2
p, xrefs: 0040F5FD
gibor, xrefs: 0040FE9D
c, xrefs: 0040F63C
g, xrefs: 0040F913
d, xrefs: 0040F79A
a, xrefs: 0040F85D
r, xrefs: 0040FDA8
d, xrefs: 0040FA0E
l, xrefs: 0040F842
z, xrefs: 0040FD52
e, xrefs: 0040F84C
J, xrefs: 0040F196
o, xrefs: 0040F71C
r, xrefs: 0040F714
a, xrefs: 0040F942
o, xrefs: 0040F298
r, xrefs: 0040F932
r, xrefs: 0040F2A8
agy, xrefs: 0040FE18
e, xrefs: 0040F3BE
eroon, xrefs: 0040FCD5
e, xrefs: 0040F875
n, xrefs: 0040F981
e, xrefs: 0040F847
b, xrefs: 0040F724
m, xrefs: 0040F5F5
w, xrefs: 0040F855
n, xrefs: 0040FD89
g, xrefs: 0040F624
e, xrefs: 0040FB35
e, xrefs: 0040FD4A
], xrefs: 0040F7F9
6, xrefs: 0040F663
g, xrefs: 0040F989
o, xrefs: 0040F367
o, xrefs: 0040F8FB
n, xrefs: 0040F8E4
r, xrefs: 0040FDC0
5, xrefs: 0040FA06
l, xrefs: 0040FD71
d, xrefs: 0040F347
a, xrefs: 0040FB54
y, xrefs: 0040F8F3
e, xrefs: 0040F92A
p, xrefs: 0040F39E
r, xrefs: 0040F78A
o, xrefs: 0040F60D
u, xrefs: 0040F7BA
n, xrefs: 0040F33F
l, xrefs: 0040F801
i, xrefs: 0040F510
q, xrefs: 0040F2E7
a, xrefs: 0040F62C
s, xrefs: 0040F557
e, xrefs: 0040F8CB
i, xrefs: 0040F979
o, xrefs: 0040F5ED
h, xrefs: 0040FA53
r, xrefs: 0040FB2D
b, xrefs: 0040F3CE
t, xrefs: 0040F518
e, xrefs: 0040F95A
B, xrefs: 0040F5CE
e, xrefs: 0040FB3D
z, xrefs: 0040F7CA
r, xrefs: 0040F6F4
e, xrefs: 0040F520
h, xrefs: 0040F922
d, xrefs: 0040F952
r, xrefs: 0040F357
u, xrefs: 0040F903
t, xrefs: 0040FDB0
o, xrefs: 0040FD81
k, xrefs: 0040F86D
n, xrefs: 0040F93A
e, xrefs: 0040FD69
i, xrefs: 0040F7AA
n, xrefs: 0040F90B
h, xrefs: 0040F596
h, xrefs: 0040F9B8
>, xrefs: 0040FA5B
r, xrefs: 0040F87D
s, xrefs: 0040FB74
t, xrefs: 0040F5DD
i, xrefs: 0040F644
#, xrefs: 0040FA1E
n, xrefs: 0040F615
n, xrefs: 0040F36F
o, xrefs: 0040F2A0
m, xrefs: 0040FB6C
s, xrefs: 0040F35F
a, xrefs: 0040FB64
g, xrefs: 0040F7B2
w, xrefs: 0040F998
z, xrefs: 0040F962
lybor, xrefs: 0040FC6D
c, xrefs: 0040FD98
t, xrefs: 0040F9C0
e, xrefs: 0040FDB8
a, xrefs: 0040F337
r, xrefs: 0040F634
a, xrefs: 0040FDA0

Memory Dump Source

Source File: 00000000.00000002.2498990034.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2498952853.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000434000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000465000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_22w5dN070c.jbxd

Similarity

API ID:
String ID: #$5$6$6$7$>$>$B$J$]$`$a$a$a$a$a$a$a$a$agy$b$b$c$c$d$d$d$d$d$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$eroon$g$g$g$g$g$g$gibor$h$h$h$h$h$h$herej$i$i$i$i$i$i$i$k$k$l$l$l$l$l$l$lybor$m$m$m$n$n$n$n$n$n$n$n$n$n$n$o$o$o$o$o$o$o$o$o$p$p$q$r$r$r$r$r$r$r$r$r$r$r$r$r$s$s$s$s$s$t$t$t$t$u$u$w$w$w$y$z$z$z
API String ID: 0-101099919
Opcode ID: 07a1bb48a789a4efc47915866229f0b807f70b5f033ee5e6a21004d50e86fdcd
Instruction ID: 9d4485feb2a8a036b1cfc007295b7909a2e3c490d21ab14ed2397911ff3ccdd3
Opcode Fuzzy Hash: 07a1bb48a789a4efc47915866229f0b807f70b5f033ee5e6a21004d50e86fdcd
Instruction Fuzzy Hash: 02829E2450D7C189E332C7288458BDFBFD25BE6718F488E9EC4DD1B292C6BA0259C767

Uniqueness

Uniqueness Score: -1.00%

Function 0040F1C7 Relevance: 164.3, Strings: 131, Instructions: 534COMMON

Download Yara Rule

Strings

r, xrefs: 0040F9A0
i, xrefs: 0040F9A8
herej, xrefs: 0040FC78
i, xrefs: 0040F72C
r, xrefs: 0040F7A2
e, xrefs: 0040F34F
i, xrefs: 0040F67B
h, xrefs: 0040F5E5
l, xrefs: 0040F6C4
w, xrefs: 0040F500
g, xrefs: 0040F9B0
>, xrefs: 0040F2D7
6, xrefs: 0040F2DF
n, xrefs: 0040F94A
o, xrefs: 0040F792
s, xrefs: 0040F605
h, xrefs: 0040F508
n, xrefs: 0040FD61
k, xrefs: 0040F971
`, xrefs: 0040F6B4
s, xrefs: 0040FD79
7, xrefs: 0040F65B
l, xrefs: 0040F865
n, xrefs: 0040FB45
d, xrefs: 0040FB5C
l, xrefs: 0040FD42
g, xrefs: 0040FB25
m, xrefs: 0040F6E4
a, xrefs: 0040F64C
e, xrefs: 0040F7C2
p, xrefs: 0040F5FD
gibor, xrefs: 0040FE9D
c, xrefs: 0040F63C
g, xrefs: 0040F913
d, xrefs: 0040F79A
a, xrefs: 0040F85D
r, xrefs: 0040FDA8
d, xrefs: 0040FA0E
l, xrefs: 0040F842
z, xrefs: 0040FD52
e, xrefs: 0040F84C
o, xrefs: 0040F71C
r, xrefs: 0040F714
a, xrefs: 0040F942
o, xrefs: 0040F298
r, xrefs: 0040F932
r, xrefs: 0040F2A8
agy, xrefs: 0040FE18
e, xrefs: 0040F3BE
eroon, xrefs: 0040FCD5
e, xrefs: 0040F875
n, xrefs: 0040F981
e, xrefs: 0040F847
b, xrefs: 0040F724
m, xrefs: 0040F5F5
w, xrefs: 0040F855
n, xrefs: 0040FD89
g, xrefs: 0040F624
e, xrefs: 0040FB35
e, xrefs: 0040FD4A
], xrefs: 0040F7F9
6, xrefs: 0040F663
g, xrefs: 0040F989
o, xrefs: 0040F367
o, xrefs: 0040F8FB
n, xrefs: 0040F8E4
r, xrefs: 0040FDC0
5, xrefs: 0040FA06
l, xrefs: 0040FD71
d, xrefs: 0040F347
a, xrefs: 0040FB54
y, xrefs: 0040F8F3
e, xrefs: 0040F92A
p, xrefs: 0040F39E
r, xrefs: 0040F78A
o, xrefs: 0040F60D
u, xrefs: 0040F7BA
n, xrefs: 0040F33F
l, xrefs: 0040F801
i, xrefs: 0040F510
q, xrefs: 0040F2E7
a, xrefs: 0040F62C
s, xrefs: 0040F557
e, xrefs: 0040F8CB
i, xrefs: 0040F979
o, xrefs: 0040F5ED
h, xrefs: 0040FA53
r, xrefs: 0040FB2D
b, xrefs: 0040F3CE
t, xrefs: 0040F518
e, xrefs: 0040F95A
B, xrefs: 0040F5CE
e, xrefs: 0040FB3D
z, xrefs: 0040F7CA
r, xrefs: 0040F6F4
e, xrefs: 0040F520
h, xrefs: 0040F922
d, xrefs: 0040F952
r, xrefs: 0040F357
u, xrefs: 0040F903
t, xrefs: 0040FDB0
o, xrefs: 0040FD81
k, xrefs: 0040F86D
n, xrefs: 0040F93A
e, xrefs: 0040FD69
i, xrefs: 0040F7AA
n, xrefs: 0040F90B
h, xrefs: 0040F596
h, xrefs: 0040F9B8
>, xrefs: 0040FA5B
r, xrefs: 0040F87D
s, xrefs: 0040FB74
t, xrefs: 0040F5DD
i, xrefs: 0040F644
#, xrefs: 0040FA1E
n, xrefs: 0040F615
n, xrefs: 0040F36F
o, xrefs: 0040F2A0
m, xrefs: 0040FB6C
s, xrefs: 0040F35F
a, xrefs: 0040FB64
g, xrefs: 0040F7B2
w, xrefs: 0040F998
z, xrefs: 0040F962
lybor, xrefs: 0040FC6D
c, xrefs: 0040FD98
t, xrefs: 0040F9C0
e, xrefs: 0040FDB8
a, xrefs: 0040F337
r, xrefs: 0040F634
a, xrefs: 0040FDA0

Memory Dump Source

Source File: 00000000.00000002.2498990034.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2498952853.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000434000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000465000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_22w5dN070c.jbxd

Similarity

API ID:
String ID: #$5$6$6$7$>$>$B$]$`$a$a$a$a$a$a$a$a$agy$b$b$c$c$d$d$d$d$d$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$eroon$g$g$g$g$g$g$gibor$h$h$h$h$h$h$herej$i$i$i$i$i$i$i$k$k$l$l$l$l$l$l$lybor$m$m$m$n$n$n$n$n$n$n$n$n$n$n$o$o$o$o$o$o$o$o$o$p$p$q$r$r$r$r$r$r$r$r$r$r$r$r$r$s$s$s$s$s$t$t$t$t$u$u$w$w$w$y$z$z$z
API String ID: 0-2951462607
Opcode ID: 77f0e781e143e235a9bb4cc1cb44776030fb1e3216169d80a4a766443f216362
Instruction ID: 3eef77c2757c53a506e9ba4930021fd98a878e4b0ac0346694406f782fac75c3
Opcode Fuzzy Hash: 77f0e781e143e235a9bb4cc1cb44776030fb1e3216169d80a4a766443f216362
Instruction Fuzzy Hash: AE729D2054D7C189E332C72884587DFBFD26BE6718F488E9ED4DD1B292C6BA0258C767

Uniqueness

Uniqueness Score: -1.00%

Function 0040C8E0 Relevance: 157.2, Strings: 125, Instructions: 925COMMON

Download Yara Rule

Strings

0, xrefs: 0040D6BC
4, xrefs: 0040D5BA
9, xrefs: 0040CF8D
', xrefs: 0040D5E2
<, xrefs: 0040D6DC
`, xrefs: 0040CF92
4, xrefs: 0040D74C
+, xrefs: 0040CAA4
0, xrefs: 0040D7A4
_, xrefs: 0040D2FB
Z, xrefs: 0040D245
&, xrefs: 0040D6E4
5, xrefs: 0040D5B5
x, xrefs: 0040D205
&u#&, xrefs: 0040CA56, 0040CA5A
9, xrefs: 0040D79C
e, xrefs: 0040D28D
w, xrefs: 0040D036
i, xrefs: 0040D36B
>, xrefs: 0040D4FD
3, xrefs: 0040D78C
&, xrefs: 0040D7DB
t, xrefs: 0040D235
E, xrefs: 0040D520
q, xrefs: 0040CFAB
--%s, xrefs: 0040D097, 0040D0EC
0, xrefs: 0040D7BC
E, xrefs: 0040D2AD
A, xrefs: 0040D384
7, xrefs: 0040D1BD
n, xrefs: 0040D77C
X, xrefs: 0040C905
[, xrefs: 0040D23D
d, xrefs: 0040D4A3
E, xrefs: 0040D265
!, xrefs: 0040D6B4
6, xrefs: 0040D754
n, xrefs: 0040D5CE
+, xrefs: 0040D3B5
h, xrefs: 0040D7C4
3, xrefs: 0040D19D
_, xrefs: 0040CFC9
5, xrefs: 0040CB70
W, xrefs: 0040D4F8
!, xrefs: 0040D744
!, xrefs: 0040D774
c, xrefs: 0040D502
4, xrefs: 0040D734
n, xrefs: 0040CBFF
<, xrefs: 0040D33A
U, xrefs: 0040D810
%, xrefs: 0040D6EC
g, xrefs: 0040CBC0
F, xrefs: 0040D2CA
P, xrefs: 0040D1B5
--%s--, xrefs: 0040D90D
<, xrefs: 0040D714
n, xrefs: 0040D185
A, xrefs: 0040D2E3
Q, xrefs: 0040D5BF
!, xrefs: 0040D70C
0, xrefs: 0040D3BA
w, xrefs: 0040D7CC
<, xrefs: 0040D704
:, xrefs: 0040D6F4
f, xrefs: 0040D5EC
", xrefs: 0040CD4F
u, xrefs: 0040D784
@, xrefs: 0040C9DA
M, xrefs: 0040D30E
., xrefs: 0040D3A6
_, xrefs: 0040D7F3
w, xrefs: 0040D7E3
<, xrefs: 0040D794
(, xrefs: 0040D5F6
k, xrefs: 0040C9E9
:, xrefs: 0040D71C
i, xrefs: 0040C9E4
., xrefs: 0040D2F6
4, xrefs: 0040D195
', xrefs: 0040D55C
8, xrefs: 0040D7B4
9, xrefs: 0040D4DF
/, xrefs: 0040D5D8
2, xrefs: 0040D344
U, xrefs: 0040D7FB
%, xrefs: 0040D4C6
:, xrefs: 0040CC6E
!, xrefs: 0040D6C4
x, xrefs: 0040D6CC
K, xrefs: 0040D24D
\, xrefs: 0040D018
1, xrefs: 0040D2D9
4, xrefs: 0040D7AC
i, xrefs: 0040D1CD
x, xrefs: 0040D2E8
/, xrefs: 0040D022
t, xrefs: 0040C9DF
?, xrefs: 0040D25D
8, xrefs: 0040CD22
o, xrefs: 0040D724
#, xrefs: 0040D1DD
u, xrefs: 0040D72C
Q, xrefs: 0040D584
8, xrefs: 0040D275
=, xrefs: 0040D75C
j, xrefs: 0040CB78
P, xrefs: 0040CC09
_, xrefs: 0040D2BD
:, xrefs: 0040D6AC
], xrefs: 0040C8FB
&, xrefs: 0040D6FC
m, xrefs: 0040CBD3
`, xrefs: 0040D575
0, xrefs: 0040D76C
8, xrefs: 0040CD36
[, xrefs: 0040D4F3
8, xrefs: 0040D764
X, xrefs: 0040D7EB
T, xrefs: 0040D295
', xrefs: 0040D255
!, xrefs: 0040D73C
g, xrefs: 0040CD04
:, xrefs: 0040CC13
\, xrefs: 0040D5A2

Memory Dump Source

Source File: 00000000.00000002.2498990034.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2498952853.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000434000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000465000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_22w5dN070c.jbxd

Similarity

API ID:
String ID: !$!$!$!$!$!$"$#$%$%$&$&$&$&u#&$'$'$'$($+$+$--%s$--%s--$.$.$/$/$0$0$0$0$0$1$2$3$3$4$4$4$4$4$5$5$6$7$8$8$8$8$8$9$9$9$:$:$:$:$:$<$<$<$<$<$=$>$?$@$A$A$E$E$E$F$K$M$P$P$Q$Q$T$U$U$W$X$X$Z$[$[$\$\$]$_$_$_$_$`$`$c$d$e$f$g$g$h$i$i$i$j$k$m$n$n$n$n$o$q$t$t$u$u$w$w$w$x$x$x
API String ID: 0-105764249
Opcode ID: 6e5666626b49c8209b6bcf41c7f57d1a6803d6c59e4f0be08a16ec91118b14fd
Instruction ID: 76a2d0d3a120653ea146fb598d041ca30ec9760fe042aa55d2c4b689ffa964e7
Opcode Fuzzy Hash: 6e5666626b49c8209b6bcf41c7f57d1a6803d6c59e4f0be08a16ec91118b14fd
Instruction Fuzzy Hash: 40A2072110C7C1D9D332C738988878FBFD51BA7228F485B9DE1E85A2D2D7B98149C76B

Uniqueness

Uniqueness Score: -1.00%

Function 0040DBF0 Relevance: 153.3, Strings: 122, Instructions: 783COMMON

Download Yara Rule

Strings

N, xrefs: 0040DF5A
i, xrefs: 0040E7F4
d, xrefs: 0040E7CD
u, xrefs: 0040E530
n, xrefs: 0040E7C5
f, xrefs: 0040E2F7
a, xrefs: 0040DD76
o, xrefs: 0040E1F6
m, xrefs: 0040DC2A
i, xrefs: 0040DD7E
rebyc, xrefs: 0040ED77
t, xrefs: 0040E96C
n, xrefs: 0040E424
t, xrefs: 0040DC8A
s, xrefs: 0040E1EE
h, xrefs: 0040ECC3
l, xrefs: 0040E0E8
q, xrefs: 0040E557
d, xrefs: 0040DDF6
W, xrefs: 0040DF3A
a, xrefs: 0040DC12
d, xrefs: 0040DC1A
n, xrefs: 0040E636
y, xrefs: 0040E974
l, xrefs: 0040E786
s, xrefs: 0040E7FC
l, xrefs: 0040E520
a, xrefs: 0040DDFE
a, xrefs: 0040E62E
a, xrefs: 0040E434
hyb, xrefs: 0040ED23
i, xrefs: 0040DE06
B, xrefs: 0040E2FC
e, xrefs: 0040E63E
l, xrefs: 0040E7EC
j, xrefs: 0040E55F
e, xrefs: 0040E99B
n, xrefs: 0040ECE3
a, xrefs: 0040E9DA
g, xrefs: 0040E73F
r, xrefs: 0040E9D2
d, xrefs: 0040DDD7
r, xrefs: 0040E7D5
e, xrefs: 0040DDE7
c, xrefs: 0040EAA6
s, xrefs: 0040E7B5
r, xrefs: 0040EAB6
o, xrefs: 0040ECDB
a, xrefs: 0040EAAE
o, xrefs: 0040E394
e, xrefs: 0040DDAD
d, xrefs: 0040DE0E
fna, xrefs: 0040E8D9
(, xrefs: 0040E301
e, xrefs: 0040DC39
!, xrefs: 0040E3FB
a, xrefs: 0040ECCB
t, xrefs: 0040E964
d, xrefs: 0040E9CA
,, xrefs: 0040E3CB
!, xrefs: 0040E323
W, xrefs: 0040E141
c, xrefs: 0040DD95
e, xrefs: 0040E95C
a, xrefs: 0040E9BA
j, xrefs: 0040E38C
i, xrefs: 0040E78E
a, xrefs: 0040E528
A, xrefs: 0040DF4A
l, xrefs: 0040EAC6
n, xrefs: 0040E9C2
d, xrefs: 0040E79E
a, xrefs: 0040DC22
a, xrefs: 0040E41C
dua, xrefs: 0040EC6E
n, xrefs: 0040E9A3
c, xrefs: 0040E518
@, xrefs: 0040DF62
s, xrefs: 0040E328
C, xrefs: 0040E747
h, xrefs: 0040E39C
y, xrefs: 0040DD9D
n, xrefs: 0040E796
6, xrefs: 0040E3C3
e, xrefs: 0040DC7A
O, xrefs: 0040E3DB
b, xrefs: 0040DC6A
x$], xrefs: 0040E376
y, xrefs: 0040E1E6
j, xrefs: 0040DEFD
o, xrefs: 0040E3BB
3, xrefs: 0040E915
<, xrefs: 0040E777
Ljq, xrefs: 0040E5C0
g, xrefs: 0040DD86
o, xrefs: 0040EABE
n, xrefs: 0040DDCE
r, xrefs: 0040ECD3
r, xrefs: 0040DD6E
n, xrefs: 0040E1FE
a, xrefs: 0040DDDF
j, xrefs: 0040E626
s, xrefs: 0040ECBB
b, xrefs: 0040DDA5
,, xrefs: 0040E30B
e, xrefs: 0040E0F8
n, xrefs: 0040E3A4
b, xrefs: 0040E954
A, xrefs: 0040E306
r, xrefs: 0040DC72
S, xrefs: 0040E71F
d, xrefs: 0040DDC4
s, xrefs: 0040E108
n, xrefs: 0040E42C
a, xrefs: 0040E7A6
s, xrefs: 0040E9B2
a, xrefs: 0040E804
I, xrefs: 0040E8FD
a, xrefs: 0040E7BD
n, xrefs: 0040DC82
a, xrefs: 0040E7DD
m, xrefs: 0040E9F9

Memory Dump Source

Source File: 00000000.00000002.2498990034.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2498952853.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000434000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000465000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_22w5dN070c.jbxd

Similarity

API ID:
String ID: !$!$($,$,$3$6$<$@$A$A$B$C$I$Ljq$N$O$S$W$W$a$a$a$a$a$a$a$a$a$a$a$a$a$a$a$a$a$b$b$b$c$c$c$d$d$d$d$d$d$d$d$dua$e$e$e$e$e$e$e$e$f$fna$g$g$h$h$hyb$i$i$i$i$j$j$j$j$l$l$l$l$l$m$m$n$n$n$n$n$n$n$n$n$n$n$n$o$o$o$o$o$q$r$r$r$r$r$r$rebyc$s$s$s$s$s$s$s$t$t$t$u$x$]$y$y$y
API String ID: 0-3571271366
Opcode ID: d9f5bd509eff14cd2aea2bd1b74280de2de4c51633d4af62a5555ca3ebe4929c
Instruction ID: 783009e22913d8b145aff4382d8fc585394a81b2b82b9b90aaca791fecb38a32
Opcode Fuzzy Hash: d9f5bd509eff14cd2aea2bd1b74280de2de4c51633d4af62a5555ca3ebe4929c
Instruction Fuzzy Hash: 00A2CF2000D7C189E332C77894547DFBFD11BA6318F489E9ED4ED6A292C6BA0259CB77

Uniqueness

Uniqueness Score: -1.00%

Function 0041E3A0 Relevance: 121.9, Strings: 97, Instructions: 627COMMON

Download Yara Rule

Strings

|, xrefs: 0041EA9D
N, xrefs: 0041EADB
^, xrefs: 0041ED79
,, xrefs: 0041E77D
P, xrefs: 0041EC5F
3, xrefs: 0041EDBA
v, xrefs: 0041E4EB
,, xrefs: 0041E796
L, xrefs: 0041EB93
Y:{, xrefs: 0041E648
E, xrefs: 0041EBB1
,, xrefs: 0041EA89
;, xrefs: 0041EA19
0, xrefs: 0041EDB0
T, xrefs: 0041EA84
L, xrefs: 0041E888
s, xrefs: 0041E8B0
A, xrefs: 0041E50B
3, xrefs: 0041E73A
E, xrefs: 0041E8B8
p, xrefs: 0041E51B
Z, xrefs: 0041EB8E
s, xrefs: 0041EBAC
z, xrefs: 0041E3EF
Z, xrefs: 0041EC95
, xrefs: 0041EDC9
|,T, xrefs: 0041ECF0
E, xrefs: 0041ED6F
|, xrefs: 0041EA8E
P, xrefs: 0041E7A0
O, xrefs: 0041ED60
J, xrefs: 0041E900
:, xrefs: 0041E59A
N, xrefs: 0041E7BD
0, xrefs: 0041E3F9
O, xrefs: 0041EBA2
^, xrefs: 0041E8C8
e, xrefs: 0041EBCA
), xrefs: 0041EAC3
e, xrefs: 0041ED88
v, xrefs: 0041E6CE
Z, xrefs: 0041ED4C
`, xrefs: 0041EC90
a, xrefs: 0041E9DA
A, xrefs: 0041E6EE
,, xrefs: 0041EAA2
w, xrefs: 0041E749
N, xrefs: 0041E996
C, xrefs: 0041E960
E, xrefs: 0041E93D
|, xrefs: 0041EC50
L, xrefs: 0041ED51
8, xrefs: 0041E94C
m, xrefs: 0041E9CC
^, xrefs: 0041EBBB
`, xrefs: 0041E983
6, xrefs: 0041EDBF
:, xrefs: 0041E3BD
{, xrefs: 0041E595
H, xrefs: 0041E621
I, xrefs: 0041E523
=, xrefs: 0041E9D1
I, xrefs: 0041E706
4, xrefs: 0041E5BD
^, xrefs: 0041EB06
0, xrefs: 0041EA02
Y, xrefs: 0041E908
e, xrefs: 0041E8E0
^, xrefs: 0041ECA4
), xrefs: 0041E7AE
,, xrefs: 0041EC3C
', xrefs: 0041E5B8
p, xrefs: 0041E6FE
z, xrefs: 0041E5CC
0, xrefs: 0041E5D6
3, xrefs: 0041E9B8
|, xrefs: 0041E791
|,T, xrefs: 0041E45E, 0041EB40, 0041E650
|,T, xrefs: 0041E838
}, xrefs: 0041E716
}, xrefs: 0041E533
Y:{, xrefs: 0041E46C
Y, xrefs: 0041E91F
p, xrefs: 0041E586
s, xrefs: 0041ED6A
&, xrefs: 0041ECA9
P, xrefs: 0041EAAC
:, xrefs: 0041E75D
4, xrefs: 0041E3E0
T, xrefs: 0041E778
E, xrefs: 0041E7C2
', xrefs: 0041E3DB
?, xrefs: 0041E9A0
T, xrefs: 0041EC37
O, xrefs: 0041E8A0
~, xrefs: 0041E956
, xrefs: 0041EDA1

Memory Dump Source

Source File: 00000000.00000002.2498990034.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2498952853.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000434000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000465000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_22w5dN070c.jbxd

Similarity

API ID:
String ID: $ $&$'$'$)$)$,$,$,$,$,$0$0$0$0$3$3$3$4$4$6$8$:$:$:$;$=$?$A$A$C$E$E$E$E$E$H$I$I$J$L$L$L$N$N$N$O$O$O$P$P$P$T$T$T$Y$Y$Y:{$Y:{$Z$Z$Z$^$^$^$^$^$`$`$a$e$e$e$m$p$p$p$s$s$s$v$v$w$z$z${$|$|$|$|$|,T$|,T$|,T$}$}$~
API String ID: 0-75302382
Opcode ID: b40853d48702b1590269934716534f9459763a8d504c30ad64e5e10b6178328c
Instruction ID: 0544d4bd05e75d62e2756a487d0dc6e4d92f5e832a14f0b3da5a45c8b404d5bb
Opcode Fuzzy Hash: b40853d48702b1590269934716534f9459763a8d504c30ad64e5e10b6178328c
Instruction Fuzzy Hash: 2072A62010C7C189D322D73C945878FFFD55BA7228F585A9DE1E85B3D3C2AA8249C76B

Uniqueness

Uniqueness Score: -1.00%

Function 0040DE56 Relevance: 119.4, Strings: 95, Instructions: 682COMMON

Download Yara Rule

Strings

N, xrefs: 0040DF5A
i, xrefs: 0040E7F4
d, xrefs: 0040E7CD
u, xrefs: 0040E530
e, xrefs: 0040E95C
n, xrefs: 0040E7C5
a, xrefs: 0040E9BA
j, xrefs: 0040E38C
i, xrefs: 0040E78E
f, xrefs: 0040E2F7
a, xrefs: 0040E528
A, xrefs: 0040DF4A
l, xrefs: 0040EAC6
n, xrefs: 0040E9C2
o, xrefs: 0040E1F6
rebyc, xrefs: 0040ED77
t, xrefs: 0040E96C
d, xrefs: 0040E79E
n, xrefs: 0040E424
s, xrefs: 0040E1EE
a, xrefs: 0040E41C
h, xrefs: 0040ECC3
dua, xrefs: 0040EC6E
n, xrefs: 0040E9A3
c, xrefs: 0040E518
l, xrefs: 0040E0E8
q, xrefs: 0040E557
@, xrefs: 0040DF62
s, xrefs: 0040E328
C, xrefs: 0040E747
h, xrefs: 0040E39C
W, xrefs: 0040DF3A
n, xrefs: 0040E796
6, xrefs: 0040E3C3
n, xrefs: 0040E636
y, xrefs: 0040E974
l, xrefs: 0040E786
O, xrefs: 0040E3DB
s, xrefs: 0040E7FC
x$], xrefs: 0040E376
l, xrefs: 0040E520
y, xrefs: 0040E1E6
a, xrefs: 0040E62E
j, xrefs: 0040DEFD
a, xrefs: 0040E434
hyb, xrefs: 0040ED23
B, xrefs: 0040E2FC
e, xrefs: 0040E63E
o, xrefs: 0040E3BB
3, xrefs: 0040E915
l, xrefs: 0040E7EC
j, xrefs: 0040E55F
<, xrefs: 0040E777
e, xrefs: 0040E99B
Ljq, xrefs: 0040E5C0
o, xrefs: 0040EABE
r, xrefs: 0040ECD3
n, xrefs: 0040ECE3
n, xrefs: 0040E1FE
a, xrefs: 0040E9DA
g, xrefs: 0040E73F
j, xrefs: 0040E626
s, xrefs: 0040ECBB
r, xrefs: 0040E9D2
,, xrefs: 0040E30B
e, xrefs: 0040E0F8
n, xrefs: 0040E3A4
b, xrefs: 0040E954
r, xrefs: 0040E7D5
A, xrefs: 0040E306
S, xrefs: 0040E71F
s, xrefs: 0040E108
c, xrefs: 0040EAA6
n, xrefs: 0040E42C
a, xrefs: 0040E7A6
s, xrefs: 0040E9B2
a, xrefs: 0040E804
s, xrefs: 0040E7B5
r, xrefs: 0040EAB6
o, xrefs: 0040ECDB
I, xrefs: 0040E8FD
a, xrefs: 0040EAAE
o, xrefs: 0040E394
fna, xrefs: 0040E8D9
(, xrefs: 0040E301
a, xrefs: 0040E7BD
!, xrefs: 0040E3FB
a, xrefs: 0040ECCB
t, xrefs: 0040E964
d, xrefs: 0040E9CA
a, xrefs: 0040E7DD
,, xrefs: 0040E3CB
!, xrefs: 0040E323
m, xrefs: 0040E9F9
W, xrefs: 0040E141

Memory Dump Source

Source File: 00000000.00000002.2498990034.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2498952853.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000434000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000465000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_22w5dN070c.jbxd

Similarity

API ID:
String ID: !$!$($,$,$3$6$<$@$A$A$B$C$I$Ljq$N$O$S$W$W$a$a$a$a$a$a$a$a$a$a$a$a$b$c$c$d$d$d$dua$e$e$e$e$f$fna$g$h$h$hyb$i$i$j$j$j$j$l$l$l$l$l$m$n$n$n$n$n$n$n$n$n$n$o$o$o$o$o$q$r$r$r$r$rebyc$s$s$s$s$s$s$s$t$t$u$x$]$y$y
API String ID: 0-130907447
Opcode ID: 3a230772105e73420e9e93df8b681fae37cbce5bc48f9f7d40fab1d8f76928a2
Instruction ID: a28a096e937e9de4dcdb39462e473e9428d52a79a1e09a05438f9163ff59b36a
Opcode Fuzzy Hash: 3a230772105e73420e9e93df8b681fae37cbce5bc48f9f7d40fab1d8f76928a2
Instruction Fuzzy Hash: 0192C02400D7C18AE332CB7894547DFFFD15BA6318F489E9EC4ED6A292C6B60149CB67

Uniqueness

Uniqueness Score: -1.00%

Function 00409CF7 Relevance: 109.5, Strings: 87, Instructions: 708COMMON

Download Yara Rule

Strings

[, xrefs: 00409E97
T, xrefs: 0040A7DC
D, xrefs: 0040A7E4
&, xrefs: 0040A32F
5, xrefs: 0040A646
;, xrefs: 0040A62E
$, xrefs: 0040A7EC
u, xrefs: 0040A880
4, xrefs: 00409D95
p, xrefs: 0040A3C2
), xrefs: 00409D7D
#, xrefs: 00409E1D
J, xrefs: 0040AA4A
;, xrefs: 0040A5BD
}, xrefs: 0040A505
), xrefs: 0040A8BB
T, xrefs: 00409D6A
9, xrefs: 0040A057
}, xrefs: 0040A34F
d, xrefs: 0040A96F
7, xrefs: 0040A5C5
:, xrefs: 0040A80C
j, xrefs: 0040A0B1
B, xrefs: 00409F86
?, xrefs: 0040A555
O, xrefs: 00409F6E
K, xrefs: 00409EA7
2, xrefs: 0040A3DA
i, xrefs: 00409E0D
E, xrefs: 0040A236
{, xrefs: 0040A170
], xrefs: 0040A97F
:, xrefs: 0040A3E2
H, xrefs: 0040A0A1
#, xrefs: 0040A626
[, xrefs: 0040A1F2
@, xrefs: 0040A030
d, xrefs: 0040A160
L, xrefs: 0040A04F
t, xrefs: 00409E87
P, xrefs: 0040A766
P, xrefs: 0040A64E
r, xrefs: 0040A860
F, xrefs: 0040A63E
Z, xrefs: 00409E9F
!, xrefs: 0040A565
E, xrefs: 0040A03F
l, xrefs: 0040A987
g, xrefs: 0040A0A9
o, xrefs: 0040A870
C, xrefs: 00409F76
*, xrefs: 0040A5A5
., xrefs: 00409F96
, xrefs: 0040A4FD
V, xrefs: 00409F66
I, xrefs: 0040A834
d, xrefs: 0040A878
_, xrefs: 0040A814
-, xrefs: 0040A33F
_, xrefs: 0040A61E
n, xrefs: 00409D85
`, xrefs: 0040A68E
O, xrefs: 0040A5D5
", xrefs: 0040AA3D
{, xrefs: 0040AA4F
\, xrefs: 0040A03A
E, xrefs: 0040AA59
K, xrefs: 00409F8E
4, xrefs: 0040AA23
L, xrefs: 0040AA35
Z, xrefs: 0040AA1E
9, xrefs: 0040A1D2
c, xrefs: 0040A98F
s, xrefs: 0040A804
+, xrefs: 0040A83C
", xrefs: 0040A047
t, xrefs: 0040A858
^, xrefs: 00409F7E
^, xrefs: 0040A595
h, xrefs: 0040A69E
d, xrefs: 0040A868
I, xrefs: 0040A58D
', xrefs: 0040A844
&, xrefs: 0040A51D
Z, xrefs: 00409D00
., xrefs: 00409FA0
V, xrefs: 0040A75E

Memory Dump Source

Source File: 00000000.00000002.2498990034.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2498952853.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000434000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000465000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_22w5dN070c.jbxd

Similarity

API ID:
String ID: $!$"$"$#$#$$$&$&$'$)$)$*$+$-$.$.$2$4$4$5$7$9$9$:$:$;$;$?$@$B$C$D$E$E$E$F$H$I$I$J$K$K$L$L$O$O$P$P$T$T$V$V$Z$Z$Z$[$[$\$]$^$^$_$_$`$c$d$d$d$d$g$h$i$j$l$n$o$p$r$s$t$t$u${${$}$}
API String ID: 0-3399755458
Opcode ID: 43149b2187378aa6fae40cecef48038d7510e606109a132ce14cf99751542127
Instruction ID: 7bb5c3633d4d28a97bd5419e7888351cfa4f1d60291a9d888d1e89523d7a5470
Opcode Fuzzy Hash: 43149b2187378aa6fae40cecef48038d7510e606109a132ce14cf99751542127
Instruction Fuzzy Hash: DDA2A13040C7C29AD336C63888587CBBFD46BA6324F588B9DD1ED4A2D2D675024AD767

Uniqueness

Uniqueness Score: -1.00%

Function 00405310 Relevance: 108.9, APIs: 1, Strings: 61, Instructions: 376COMMON

Download Yara Rule

Strings

E, xrefs: 0040537B
s, xrefs: 00405820
b, xrefs: 00405341
8, xrefs: 00405869
c, xrefs: 0040538C
t, xrefs: 0040582A
d, xrefs: 0040561B
p, xrefs: 0040547D
q, xrefs: 00405698
s, xrefs: 00405833
>, xrefs: 004053DE
t, xrefs: 004056C4
h, xrefs: 004056B1
t, xrefs: 00405843
u, xrefs: 00405662
o, xrefs: 00405629
p, xrefs: 00405809
h, xrefs: 004053BA
h, xrefs: 00405451
D, xrefs: 00405371
", xrefs: 00405376
b, xrefs: 00405646
l, xrefs: 00405817
{, xrefs: 004055FA
s, xrefs: 00405620
t, xrefs: 00405633
t, xrefs: 004054EF
*, xrefs: 004054EA
b, xrefs: 00405641
n, xrefs: 0040566C
I, xrefs: 0040585F
', xrefs: 0040536C
i, xrefs: 00405667
s, xrefs: 00405478
g, xrefs: 00405391
t, xrefs: 004053C2
v, xrefs: 004055F0
h, xrefs: 00405804
s, xrefs: 004055CE
f, xrefs: 0040562E
$, xrefs: 00405367
t, xrefs: 0040563C
d, xrefs: 004053B2
p, xrefs: 00405812
o, xrefs: 00405616
m, xrefs: 0040584B
g, xrefs: 004055D3
t, xrefs: 00405459
l, xrefs: 00405469
z, xrefs: 004055EB
i, xrefs: 00405396
h, xrefs: 00405825
m, xrefs: 00405461
p, xrefs: 004057FF
m, xrefs: 004055C9
s, xrefs: 004056AC
h, xrefs: 0040583B
m, xrefs: 004053CA
o, xrefs: 00405553
w, xrefs: 004056A7
r, xrefs: 0040568E

Memory Dump Source

Source File: 00000000.00000002.2498990034.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2498952853.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000434000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000465000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_22w5dN070c.jbxd

Similarity

API ID:
String ID: "$$$'$*$8$>$D$E$I$b$b$b$c$d$d$f$g$g$h$h$h$h$h$h$i$i$l$l$m$m$m$m$n$o$o$o$p$p$p$p$q$r$s$s$s$s$s$s$t$t$t$t$t$t$t$t$u$v$w$z${
API String ID: 0-1889039134
Opcode ID: dec72836df19488ad945200970be7321c970dafb499dde412f3599a45517c0fd
Instruction ID: d93a35099a26fe614cb1a3d73480c0d45d8b3759dc0d557f6e2bb2caa7de7eb8
Opcode Fuzzy Hash: dec72836df19488ad945200970be7321c970dafb499dde412f3599a45517c0fd
Instruction Fuzzy Hash: 5C12E82540D7C1CDD322CB28945478FFFD15FA6618F489E9EE1E847392D2BA8209CB67

Uniqueness

Uniqueness Score: -1.00%

Function 0040E246 Relevance: 103.0, Strings: 82, Instructions: 512COMMON

Download Yara Rule

Strings

i, xrefs: 0040E7F4
d, xrefs: 0040E7CD
u, xrefs: 0040E530
e, xrefs: 0040E95C
n, xrefs: 0040E7C5
a, xrefs: 0040E9BA
j, xrefs: 0040E38C
i, xrefs: 0040E78E
a, xrefs: 0040E528
f, xrefs: 0040E2F7
l, xrefs: 0040EAC6
n, xrefs: 0040E9C2
rebyc, xrefs: 0040ED77
d, xrefs: 0040E79E
t, xrefs: 0040E96C
n, xrefs: 0040E424
h, xrefs: 0040ECC3
a, xrefs: 0040E41C
dua, xrefs: 0040EC6E
c, xrefs: 0040E518
n, xrefs: 0040E9A3
q, xrefs: 0040E557
s, xrefs: 0040E328
C, xrefs: 0040E747
h, xrefs: 0040E39C
n, xrefs: 0040E796
6, xrefs: 0040E3C3
n, xrefs: 0040E636
l, xrefs: 0040E786
y, xrefs: 0040E974
O, xrefs: 0040E3DB
s, xrefs: 0040E7FC
x$], xrefs: 0040E376
l, xrefs: 0040E520
a, xrefs: 0040E62E
a, xrefs: 0040E434
hyb, xrefs: 0040ED23
B, xrefs: 0040E2FC
e, xrefs: 0040E63E
o, xrefs: 0040E3BB
3, xrefs: 0040E915
l, xrefs: 0040E7EC
j, xrefs: 0040E55F
<, xrefs: 0040E777
e, xrefs: 0040E99B
Ljq, xrefs: 0040E5C0
o, xrefs: 0040EABE
r, xrefs: 0040ECD3
n, xrefs: 0040ECE3
a, xrefs: 0040E9DA
g, xrefs: 0040E73F
s, xrefs: 0040ECBB
r, xrefs: 0040E9D2
j, xrefs: 0040E626
,, xrefs: 0040E30B
n, xrefs: 0040E3A4
r, xrefs: 0040E7D5
b, xrefs: 0040E954
A, xrefs: 0040E306
S, xrefs: 0040E71F
c, xrefs: 0040EAA6
n, xrefs: 0040E42C
a, xrefs: 0040E7A6
s, xrefs: 0040E9B2
a, xrefs: 0040E804
s, xrefs: 0040E7B5
r, xrefs: 0040EAB6
o, xrefs: 0040ECDB
I, xrefs: 0040E8FD
a, xrefs: 0040EAAE
o, xrefs: 0040E394
fna, xrefs: 0040E8D9
a, xrefs: 0040E7BD
!, xrefs: 0040E3FB
(, xrefs: 0040E301
a, xrefs: 0040ECCB
t, xrefs: 0040E964
d, xrefs: 0040E9CA
a, xrefs: 0040E7DD
,, xrefs: 0040E3CB
!, xrefs: 0040E323
m, xrefs: 0040E9F9

Memory Dump Source

Source File: 00000000.00000002.2498990034.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2498952853.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000434000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000465000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_22w5dN070c.jbxd

Similarity

API ID:
String ID: !$!$($,$,$3$6$<$A$B$C$I$Ljq$O$S$a$a$a$a$a$a$a$a$a$a$a$a$b$c$c$d$d$d$dua$e$e$e$f$fna$g$h$h$hyb$i$i$j$j$j$l$l$l$l$m$n$n$n$n$n$n$n$n$n$o$o$o$o$q$r$r$r$r$rebyc$s$s$s$s$s$t$t$u$x$]$y
API String ID: 0-961658943
Opcode ID: c34bb54202e96460af6db262f979f762e7ff6a4bd4a96d0418c97f26c3c0ca8b
Instruction ID: 214f063a2eaa7479a4200d3698902748cf37a85b794205f16bdb65cf0bbf3bb2
Opcode Fuzzy Hash: c34bb54202e96460af6db262f979f762e7ff6a4bd4a96d0418c97f26c3c0ca8b
Instruction Fuzzy Hash: C862AF2400D7C18AE332CB7894547DFFFD15BA6308F089EAED4DD6A292C6B60159CB67

Uniqueness

Uniqueness Score: -1.00%

Function 00409F47 Relevance: 95.6, Strings: 76, Instructions: 616COMMON

Download Yara Rule

Strings

T, xrefs: 0040A7DC
D, xrefs: 0040A7E4
&, xrefs: 0040A32F
5, xrefs: 0040A646
;, xrefs: 0040A62E
$, xrefs: 0040A7EC
u, xrefs: 0040A880
p, xrefs: 0040A3C2
J, xrefs: 0040AA4A
;, xrefs: 0040A5BD
}, xrefs: 0040A505
), xrefs: 0040A8BB
9, xrefs: 0040A057
}, xrefs: 0040A34F
d, xrefs: 0040A96F
7, xrefs: 0040A5C5
:, xrefs: 0040A80C
j, xrefs: 0040A0B1
B, xrefs: 00409F86
?, xrefs: 0040A555
O, xrefs: 00409F6E
2, xrefs: 0040A3DA
E, xrefs: 0040A236
{, xrefs: 0040A170
], xrefs: 0040A97F
:, xrefs: 0040A3E2
H, xrefs: 0040A0A1
#, xrefs: 0040A626
[, xrefs: 0040A1F2
@, xrefs: 0040A030
d, xrefs: 0040A160
L, xrefs: 0040A04F
P, xrefs: 0040A766
P, xrefs: 0040A64E
r, xrefs: 0040A860
F, xrefs: 0040A63E
!, xrefs: 0040A565
E, xrefs: 0040A03F
l, xrefs: 0040A987
g, xrefs: 0040A0A9
o, xrefs: 0040A870
C, xrefs: 00409F76
*, xrefs: 0040A5A5
., xrefs: 00409F96
, xrefs: 0040A4FD
V, xrefs: 00409F66
I, xrefs: 0040A834
d, xrefs: 0040A878
_, xrefs: 0040A814
-, xrefs: 0040A33F
_, xrefs: 0040A61E
`, xrefs: 0040A68E
O, xrefs: 0040A5D5
", xrefs: 0040AA3D
{, xrefs: 0040AA4F
\, xrefs: 0040A03A
E, xrefs: 0040AA59
K, xrefs: 00409F8E
4, xrefs: 0040AA23
L, xrefs: 0040AA35
Z, xrefs: 0040AA1E
9, xrefs: 0040A1D2
c, xrefs: 0040A98F
s, xrefs: 0040A804
+, xrefs: 0040A83C
", xrefs: 0040A047
t, xrefs: 0040A858
^, xrefs: 00409F7E
^, xrefs: 0040A595
h, xrefs: 0040A69E
d, xrefs: 0040A868
I, xrefs: 0040A58D
', xrefs: 0040A844
&, xrefs: 0040A51D
., xrefs: 00409FA0
V, xrefs: 0040A75E

Memory Dump Source

Source File: 00000000.00000002.2498990034.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2498952853.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000434000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000465000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_22w5dN070c.jbxd

Similarity

API ID:
String ID: $!$"$"$#$$$&$&$'$)$*$+$-$.$.$2$4$5$7$9$9$:$:$;$;$?$@$B$C$D$E$E$E$F$H$I$I$J$K$L$L$O$O$P$P$T$V$V$Z$[$\$]$^$^$_$_$`$c$d$d$d$d$g$h$j$l$o$p$r$s$t$u${${$}$}
API String ID: 0-3967217698
Opcode ID: 59e08d15932c1d00a34fbb40f17c7b85bccc01d33a10bc7055c9ff6ab6dcfbe1
Instruction ID: c25c44ad86f806f1bc6481ccfacf67464102ede46037e78e9a54b81988712fa8
Opcode Fuzzy Hash: 59e08d15932c1d00a34fbb40f17c7b85bccc01d33a10bc7055c9ff6ab6dcfbe1
Instruction Fuzzy Hash: 6A82A03040C7C29AD376CA3884487CBBFD56BE6324F488B9DD1ED4A2D2DA75024AD767

Uniqueness

Uniqueness Score: -1.00%

Function 00415BD0 Relevance: 83.1, Strings: 66, Instructions: 646COMMON

Download Yara Rule

Strings

., xrefs: 00415C91
3, xrefs: 004163A8
?, xrefs: 00415D66
c, xrefs: 00415D4E
n, xrefs: 004163DA
~, xrefs: 0041635D
0, xrefs: 00415C3E
k, xrefs: 004163D0
/, xrefs: 00415D61
', xrefs: 00415EC8
s, xrefs: 00415EE6
i, xrefs: 00416033
], xrefs: 00415E96
], xrefs: 00415D8D
#, xrefs: 00416248
h, xrefs: 0041604C
U, xrefs: 00416051
G, xrefs: 004163F3
A, xrefs: 00416042
", xrefs: 004160D1
M, xrefs: 00415EA0
4, xrefs: 00415C25
g, xrefs: 004163B2
p, xrefs: 00416385
N, xrefs: 00415D97
I, xrefs: 00415EF4
f, xrefs: 00415EFE
:, xrefs: 00415C04
n, xrefs: 004161B3
n, xrefs: 00416234
&, xrefs: 004163BC
^, xrefs: 0041638F
c, xrefs: 00415C7F
F, xrefs: 00415D79
', xrefs: 00415C20
p, xrefs: 00416056
>, xrefs: 004163C6
b, xrefs: 004163F8
{, xrefs: 00415F03
d, xrefs: 00416029
\, xrefs: 00415EC3
d, xrefs: 00416220
7, xrefs: 00416402
l, xrefs: 00415CBE
z, xrefs: 00415C34
O, xrefs: 00415DB0
M, xrefs: 004163CB
T, xrefs: 004163B7
|, xrefs: 0041603D
a, xrefs: 0041640C
7, xrefs: 004163E4
U, xrefs: 004163A3
a, xrefs: 004163EE
v, xrefs: 004160F9
M, xrefs: 00415C8C
Y, xrefs: 00415C09
., xrefs: 0041634E
9, xrefs: 00415E55
S, xrefs: 00416211
6, xrefs: 00415ED7
:, xrefs: 00415D44
?, xrefs: 00415ED2
7, xrefs: 004160FE
\, xrefs: 00416376
{, xrefs: 00415BFF
2, xrefs: 00415C68

Memory Dump Source

Source File: 00000000.00000002.2498990034.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2498952853.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000434000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000465000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_22w5dN070c.jbxd

Similarity

API ID:
String ID: "$#$&$'$'$.$.$/$0$2$3$4$6$7$7$7$9$:$:$>$?$?$A$F$G$I$M$M$M$N$O$S$T$U$U$Y$\$\$]$]$^$a$a$b$c$c$d$d$f$g$h$i$k$l$n$n$n$p$p$s$v$z${${$|$~
API String ID: 0-88862724
Opcode ID: 90359420ef7d4ca3279d72dac21ca6aa41311dffe89597a6a1c65bc88d3c4032
Instruction ID: d3d8d2549f7682fd1551bd31a31a6895d5c84ed4d1ce20b04fc8ae49b41e83c9
Opcode Fuzzy Hash: 90359420ef7d4ca3279d72dac21ca6aa41311dffe89597a6a1c65bc88d3c4032
Instruction Fuzzy Hash: D8622A2110D7C189D322CB3C985868FBFD51BA7218F585E9DF5E44B3E3C2AA8249C767

Uniqueness

Uniqueness Score: -1.00%

Function 00404990 Relevance: 76.6, Strings: 61, Instructions: 363COMMON

Download Yara Rule

Strings

d, xrefs: 0040500E
j, xrefs: 00404A48
g, xrefs: 00404B6D
v, xrefs: 00404DC0
R, xrefs: 00404E5D
a, xrefs: 00404BA8
|, xrefs: 00404EB0
m, xrefs: 00404E2E
w, xrefs: 00404CC7
e, xrefs: 00404E10
p, xrefs: 00405009
m, xrefs: 00405013
e, xrefs: 00404CCF
k, xrefs: 00404BA3
v, xrefs: 00404BB6
l, xrefs: 00404A67
g, xrefs: 00405018
N, xrefs: 00404AA9
u, xrefs: 00404B75
d, xrefs: 00404EA6
r, xrefs: 00404E9C
r, xrefs: 00404CBF
U, xrefs: 00404ADA
2, xrefs: 00404A90
f, xrefs: 00404E92
n, xrefs: 00404E4D
v, xrefs: 00404B65
_, xrefs: 00404D6A
3, xrefs: 00404A86
j, xrefs: 00404E55
4, xrefs: 00404D5A
(, xrefs: 004049E0
bewrd, xrefs: 00404FC2
n, xrefs: 00404E3E
H, xrefs: 004049F0
a, xrefs: 00404E01
m, xrefs: 00404D44
i, xrefs: 00404D06
w, xrefs: 00404FFF
u, xrefs: 00405004
], xrefs: 00404A8B
b, xrefs: 00404E26
W, xrefs: 00404A9F
K, xrefs: 00404A6F
, xrefs: 00404AAE
k, xrefs: 00404DB6
p, xrefs: 00404B7D
&, xrefs: 00404ECB
edippugvawpubewrd, xrefs: 00404F91
d, xrefs: 00404DF9
v, xrefs: 00404BAD
}, xrefs: 00404D7A
o, xrefs: 00404E36
V, xrefs: 00404A95
<, xrefs: 00404AA4
r, xrefs: 0040501D
a, xrefs: 00404DBB
e, xrefs: 00404A9A
d, xrefs: 00404D0E
p, xrefs: 00404CFE
d, xrefs: 00404CB7

Memory Dump Source

Source File: 00000000.00000002.2498990034.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2498952853.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000434000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000465000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_22w5dN070c.jbxd

Similarity

API ID:
String ID: $&$($2$3$4$<$H$K$N$R$U$V$W$]$_$a$a$a$b$bewrd$d$d$d$d$d$e$e$e$edippugvawpubewrd$f$g$g$i$j$j$k$k$l$m$m$m$n$n$o$p$p$p$r$r$r$u$u$v$v$v$v$w$w$|$}
API String ID: 0-3024838208
Opcode ID: 6c855e2a308126537b651434938bf1e0cd50f95b4b1806b0239418e6293662b1
Instruction ID: dfcb897c3c3ddb5f64d256e8bd4ce8caa9f1c39f7f70016a84696abcb0595acb
Opcode Fuzzy Hash: 6c855e2a308126537b651434938bf1e0cd50f95b4b1806b0239418e6293662b1
Instruction Fuzzy Hash: EA12BE2010D7C18DE322C678945479FFFD11BA7618F484A9EE1E85B393D6BA8109CB77

Uniqueness

Uniqueness Score: -1.00%

Function 004108D0 Relevance: 71.6, Strings: 57, Instructions: 348COMMON

Download Yara Rule

Strings

I, xrefs: 004108F3
[, xrefs: 00410AA2
y, xrefs: 00410E83
&, xrefs: 00410D6F
s, xrefs: 00410C51
{O, xrefs: 004109AE
N, xrefs: 00410AAA
, xrefs: 00410E74
m, xrefs: 00410B62
1, xrefs: 00410DCF
o, xrefs: 00410E6A
H, xrefs: 004108E4
r, xrefs: 00410E47
r, xrefs: 00410E4C
l, xrefs: 00410C31
6, xrefs: 00410AC2
l, xrefs: 00410B49
r, xrefs: 00410B67
`, xrefs: 00410AF2
E, xrefs: 00410E42
d, xrefs: 00410E6F
<, xrefs: 00410D26
R, xrefs: 00410DE3
r, xrefs: 00410E56
d, xrefs: 00410E79
S, xrefs: 00410D60
B, xrefs: 00410ADA
x, xrefs: 00410D79
x, xrefs: 00410BA7
m, xrefs: 00410974
*, xrefs: 00410D21
w, xrefs: 00410BD6
c, xrefs: 00410BB7
, xrefs: 00410C59
p, xrefs: 00410979
o, xrefs: 00410B7F
%, xrefs: 00410ABA
, xrefs: 00410B53
y, xrefs: 00410D3A
0, xrefs: 00410C21
X, xrefs: 00410AEA
L, xrefs: 00410B0A
<, xrefs: 00410B7A
A, xrefs: 00410BC6
d, xrefs: 00410B58
o, xrefs: 00410C49
c, xrefs: 00410D03
a, xrefs: 00410E7E
d, xrefs: 00410B3F
G, xrefs: 00410E60
o, xrefs: 00410E65
o, xrefs: 00410E51
6, xrefs: 00410BED
K, xrefs: 00410B1A
O, xrefs: 00410960
A, xrefs: 00410DD9
;, xrefs: 00410DE8

Memory Dump Source

Source File: 00000000.00000002.2498990034.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2498952853.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000434000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000465000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_22w5dN070c.jbxd

Similarity

API ID:
String ID: $ $ $%$&$*$0$1$6$6$;$<$<$A$A$B$E$G$H$I$K$L$N$O$R$S$X$[$`$a$c$c$d$d$d$d$l$l$m$m$o$o$o$o$o$p$r$r$r$r$s$w$x$x$y$y${O
API String ID: 0-4106264321
Opcode ID: 2ebc4e51359c4df789ad3cfe4159600ad56d5c1a5147c912e14382492506f4e4
Instruction ID: 43956b3c6462715040061548aa2c3e0b9dcfe60922f62804308211c4145eee04
Opcode Fuzzy Hash: 2ebc4e51359c4df789ad3cfe4159600ad56d5c1a5147c912e14382492506f4e4
Instruction Fuzzy Hash: C312C02010D7C18DD362867C949878FFFD11BE7228F585A9DF1E84A3E3C2AA8149C767

Uniqueness

Uniqueness Score: -1.00%

Function 00410907 Relevance: 69.1, Strings: 55, Instructions: 336COMMON

Download Yara Rule

Strings

[, xrefs: 00410AA2
y, xrefs: 00410E83
&, xrefs: 00410D6F
s, xrefs: 00410C51
{O, xrefs: 004109AE
N, xrefs: 00410AAA
, xrefs: 00410E74
m, xrefs: 00410B62
1, xrefs: 00410DCF
o, xrefs: 00410E6A
r, xrefs: 00410E47
r, xrefs: 00410E4C
l, xrefs: 00410C31
6, xrefs: 00410AC2
l, xrefs: 00410B49
r, xrefs: 00410B67
`, xrefs: 00410AF2
E, xrefs: 00410E42
d, xrefs: 00410E6F
<, xrefs: 00410D26
R, xrefs: 00410DE3
r, xrefs: 00410E56
d, xrefs: 00410E79
S, xrefs: 00410D60
B, xrefs: 00410ADA
x, xrefs: 00410D79
x, xrefs: 00410BA7
m, xrefs: 00410974
*, xrefs: 00410D21
w, xrefs: 00410BD6
c, xrefs: 00410BB7
, xrefs: 00410C59
p, xrefs: 00410979
o, xrefs: 00410B7F
%, xrefs: 00410ABA
, xrefs: 00410B53
y, xrefs: 00410D3A
0, xrefs: 00410C21
X, xrefs: 00410AEA
L, xrefs: 00410B0A
<, xrefs: 00410B7A
A, xrefs: 00410BC6
d, xrefs: 00410B58
o, xrefs: 00410C49
c, xrefs: 00410D03
a, xrefs: 00410E7E
d, xrefs: 00410B3F
G, xrefs: 00410E60
o, xrefs: 00410E65
o, xrefs: 00410E51
6, xrefs: 00410BED
K, xrefs: 00410B1A
O, xrefs: 00410960
A, xrefs: 00410DD9
;, xrefs: 00410DE8

Memory Dump Source

Source File: 00000000.00000002.2498990034.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2498952853.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000434000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000465000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_22w5dN070c.jbxd

Similarity

API ID:
String ID: $ $ $%$&$*$0$1$6$6$;$<$<$A$A$B$E$G$K$L$N$O$R$S$X$[$`$a$c$c$d$d$d$d$l$l$m$m$o$o$o$o$o$p$r$r$r$r$s$w$x$x$y$y${O
API String ID: 0-3556337449
Opcode ID: ddb4976dbccc3943f1dd89cb37b10034a73522ee18580c2b25cbbb7c66aaa720
Instruction ID: 1d3985015a6004c57cc64fd4eab342ec2e216b16199d8406fbd0a1e5bf867d26
Opcode Fuzzy Hash: ddb4976dbccc3943f1dd89cb37b10034a73522ee18580c2b25cbbb7c66aaa720
Instruction Fuzzy Hash: 1602B02010D7C18DD362867D949878FFFD11BE7228F585A9DE1E84B3E3C2AA8149C767

Uniqueness

Uniqueness Score: -1.00%

Function 00411800 Relevance: 67.9, Strings: 54, Instructions: 399COMMON

Download Yara Rule

Strings

b, xrefs: 00411B93
a, xrefs: 004119E9
^, xrefs: 00411835
s, xrefs: 00411D82
r, xrefs: 00411D92
}, xrefs: 00411A8A
|, xrefs: 00411917
d, xrefs: 00411BBA
m, xrefs: 00411C3C
P, xrefs: 00411C27
p, xrefs: 00411821
d, xrefs: 00411E58
f, xrefs: 004119BA
c, xrefs: 00411D8A
l, xrefs: 00411D2A
d, xrefs: 00411D04
d, xrefs: 004119E1
s, xrefs: 00411C44
p, xrefs: 00411E61
t, xrefs: 004119AB
g, xrefs: 00411C4C
o, xrefs: 00411D32
i, xrefs: 00411E66
t, xrefs: 00411993
e, xrefs: 00411D5C
e, xrefs: 00411D6C
L, xrefs: 0041183A
m, xrefs: 00411E53
H, xrefs: 00411964
x, xrefs: 00411D64
7, xrefs: 00411927
i, xrefs: 004119C2
x, xrefs: 004119A3
t, xrefs: 00411D14
#, xrefs: 0041190F
1, xrefs: 00411DB5
o, xrefs: 00411B9B
t, xrefs: 004119F1
l, xrefs: 004119CA
i, xrefs: 004118F7
e, xrefs: 0041199B
g, xrefs: 00411D3A
C, xrefs: 004118FF
a, xrefs: 00411D0C
y, xrefs: 00411BAB
d, xrefs: 00411969
e, xrefs: 004119D2
a, xrefs: 004119F9
G, xrefs: 0041196E
c, xrefs: 00411E4E
e, xrefs: 00411C0B
-, xrefs: 00411C5B
d, xrefs: 00411BA3
f, xrefs: 00411E6B

Memory Dump Source

Source File: 00000000.00000002.2498990034.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2498952853.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000434000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000465000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_22w5dN070c.jbxd

Similarity

API ID:
String ID: #$-$1$7$C$G$H$L$P$^$a$a$a$b$c$c$d$d$d$d$d$d$e$e$e$e$e$f$f$g$g$i$i$i$l$l$m$m$o$o$p$p$r$s$s$t$t$t$t$x$x$y$|$}
API String ID: 0-2094285404
Opcode ID: af00fcf26b9bd5dde46bf30c9039ea3fca7f8f9a003fed3a4dbdc1ac5e6eb509
Instruction ID: f91fdec992fe17677b43e0b7d472141b995edb7bc8f57b37002556bdc30744f2
Opcode Fuzzy Hash: af00fcf26b9bd5dde46bf30c9039ea3fca7f8f9a003fed3a4dbdc1ac5e6eb509
Instruction Fuzzy Hash: 4822022110D7C18DE3328B38945479BBFD21FE7218F185E9EE5E84B3A2C6B58109DB67

Uniqueness

Uniqueness Score: -1.00%

Function 0040FF30 Relevance: 66.7, Strings: 53, Instructions: 412COMMON

Download Yara Rule

Strings

c, xrefs: 00410067
i, xrefs: 00410606
+er, xrefs: 0041043A
|, xrefs: 00410280
#, xrefs: 00410095
., xrefs: 00410480
^, xrefs: 00410339
2, xrefs: 0041047B
y, xrefs: 00410191
1, xrefs: 004102B2
;, xrefs: 004103E8
6, xrefs: 004100A9
4, xrefs: 004104FC
m, xrefs: 004101CE
., xrefs: 00410254
y, xrefs: 00410510
., xrefs: 004101B7
m, xrefs: 0041026B
y, xrefs: 0041024C
1, xrefs: 004100C7
@, xrefs: 0041009A
h, xrefs: 004101A1
a, xrefs: 0041046C
b, xrefs: 00410048
c, xrefs: 0041025C
l, xrefs: 0041060B
g, xrefs: 0041022E
Z, xrefs: 00410294
i, xrefs: 00410038
), xrefs: 0041029E
e, xrefs: 004103A8
a, xrefs: 00410199
Y, xrefs: 00410374
a, xrefs: 0041035D
w, xrefs: 00410244
c, xrefs: 004101BF
x, xrefs: 00410057
e, xrefs: 00410476
m, xrefs: 00410076
P, xrefs: 0041028F
0, xrefs: 004102A3
r, xrefs: 004103A3
w, xrefs: 004104C5
], xrefs: 004102A8
n, xrefs: 00410040
., xrefs: 0041005F
H, xrefs: 0041038B
r, xrefs: 00410471
N', xrefs: 0040FFBE
8, xrefs: 004103BC
f, xrefs: 004104BB
a, xrefs: 00410601
m, xrefs: 00410489

Memory Dump Source

Source File: 00000000.00000002.2498990034.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2498952853.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000434000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000465000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_22w5dN070c.jbxd

Similarity

API ID:
String ID: #$)$+er$.$.$.$.$0$1$1$2$4$6$8$;$@$H$N'$P$Y$Z$]$^$a$a$a$a$b$c$c$c$e$e$f$g$h$i$i$l$m$m$m$m$n$r$r$w$w$x$y$y$y$|
API String ID: 0-4186895133
Opcode ID: 1076b42134b8ed1335151efb0514aa1866bf7ca5ce278ab788567a58a99602f1
Instruction ID: d9655f3602fa6a1bb02df14978dde1affe4b5e2ecf171b0ab4337b2ceb98d59a
Opcode Fuzzy Hash: 1076b42134b8ed1335151efb0514aa1866bf7ca5ce278ab788567a58a99602f1
Instruction Fuzzy Hash: B032D02110E7C18DD322973C945879FFFE11BA7218F585E9DE1E88B393C2A68149C767

Uniqueness

Uniqueness Score: -1.00%

Function 0040E676 Relevance: 65.3, Strings: 52, Instructions: 320COMMON

Download Yara Rule

Strings

i, xrefs: 0040E7F4
d, xrefs: 0040E7CD
e, xrefs: 0040E95C
n, xrefs: 0040E7C5
a, xrefs: 0040E9BA
i, xrefs: 0040E78E
l, xrefs: 0040EAC6
n, xrefs: 0040E9C2
rebyc, xrefs: 0040ED77
n, xrefs: 0040E833
d, xrefs: 0040E79E
t, xrefs: 0040E96C
h, xrefs: 0040ECC3
dua, xrefs: 0040EC6E
n, xrefs: 0040E9A3
C, xrefs: 0040E747
a, xrefs: 0040E813
n, xrefs: 0040E796
l, xrefs: 0040E786
y, xrefs: 0040E974
s, xrefs: 0040E7FC
hyb, xrefs: 0040ED23
3, xrefs: 0040E915
l, xrefs: 0040E7EC
<, xrefs: 0040E777
e, xrefs: 0040E99B
o, xrefs: 0040EABE
r, xrefs: 0040ECD3
n, xrefs: 0040ECE3
a, xrefs: 0040E9DA
g, xrefs: 0040E73F
s, xrefs: 0040ECBB
r, xrefs: 0040E9D2
r, xrefs: 0040E7D5
b, xrefs: 0040E954
S, xrefs: 0040E71F
c, xrefs: 0040EAA6
a, xrefs: 0040E7A6
s, xrefs: 0040E9B2
a, xrefs: 0040E804
s, xrefs: 0040E7B5
r, xrefs: 0040EAB6
o, xrefs: 0040ECDB
I, xrefs: 0040E8FD
a, xrefs: 0040EAAE
fna, xrefs: 0040E8D9
a, xrefs: 0040E7BD
a, xrefs: 0040ECCB
t, xrefs: 0040E964
d, xrefs: 0040E9CA
a, xrefs: 0040E7DD
m, xrefs: 0040E9F9

Memory Dump Source

Source File: 00000000.00000002.2498990034.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2498952853.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000434000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000465000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_22w5dN070c.jbxd

Similarity

API ID:
String ID: 3$<$C$I$S$a$a$a$a$a$a$a$a$a$b$c$d$d$d$dua$e$e$fna$g$h$hyb$i$i$l$l$l$m$n$n$n$n$n$n$o$o$r$r$r$r$rebyc$s$s$s$s$t$t$y
API String ID: 0-331394858
Opcode ID: 83e441ad9d7be405456a1bdf8cc5889321146d06f670f700d0f21db89d6dff14
Instruction ID: 78c049e7797477cb6e619203f3ba55b69d2c157b8d549aaa0d27a5a6a91e7049
Opcode Fuzzy Hash: 83e441ad9d7be405456a1bdf8cc5889321146d06f670f700d0f21db89d6dff14
Instruction Fuzzy Hash: 6812BF3440D3C18EE332CB2994547DFBFE16BA6308F088DAED4DD5A292D6B60159CB67

Uniqueness

Uniqueness Score: -1.00%

Function 0041B3D0 Relevance: 3.0, Strings: 2, Instructions: 470COMMON

Download Yara Rule

Strings

M, xrefs: 0041B52A
M, xrefs: 0041B6A4

Memory Dump Source

Source File: 00000000.00000002.2498990034.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2498952853.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000434000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000465000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_22w5dN070c.jbxd

Similarity

API ID:
String ID: M$M
API String ID: 0-2122717962
Opcode ID: f1ab65ebfbc987a47319c4af3dcf7c54cab0a8ad6c9dfd15136680e690ae9060
Instruction ID: 65662130b59962f93e7e6451055683d101b0e1da79cd26758f1cd863abbc9b8b
Opcode Fuzzy Hash: f1ab65ebfbc987a47319c4af3dcf7c54cab0a8ad6c9dfd15136680e690ae9060
Instruction Fuzzy Hash: 9A12F4B15083408FD704DF24D891AEBBBE9EF99304F04596EF885873A2C775D885CB9A

Uniqueness

Uniqueness Score: -1.00%

Function 00405F30 Relevance: 1.5, Strings: 1, Instructions: 262COMMON

Download Yara Rule

Strings

8, xrefs: 004061AA

Memory Dump Source

Source File: 00000000.00000002.2498990034.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2498952853.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000434000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000465000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_22w5dN070c.jbxd

Similarity

API ID:
String ID: 8
API String ID: 0-4194326291
Opcode ID: 93799d157298d11d7b5cd2b691f9722c13ba2630185f1170581c23b25e9fc5fc
Instruction ID: 26635683ad8bc6e3c89de0789139caf88a326a2f6bde127323b4d45711ec2293
Opcode Fuzzy Hash: 93799d157298d11d7b5cd2b691f9722c13ba2630185f1170581c23b25e9fc5fc
Instruction Fuzzy Hash: 239136701083914BD710CE2895907AFBBE1ABD6300F45593EE8D26B392D27CD95A8B4B

Uniqueness

Uniqueness Score: -1.00%

Function 00410670 Relevance: 1.4, Strings: 1, Instructions: 178COMMON

Download Yara Rule

Strings

%c%c%c%c%c, xrefs: 004107EB

Memory Dump Source

Source File: 00000000.00000002.2498990034.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2498952853.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000434000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000465000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_22w5dN070c.jbxd

Similarity

API ID:
String ID: %c%c%c%c%c
API String ID: 0-1277064353
Opcode ID: d24fbf8f8ebcbefa4be57593fafbeb4ca4ae5c9c70a761fca9471f3e8d618094
Instruction ID: 4dc9e3df276925cb3a034685040d612f820b75638e41f6e52d904118c8461c86
Opcode Fuzzy Hash: d24fbf8f8ebcbefa4be57593fafbeb4ca4ae5c9c70a761fca9471f3e8d618094
Instruction Fuzzy Hash: CD5105706083409BD304EB26C9C2B9FB6E7AFC9714F04CA3FB159672D1DABC94448B5A

Uniqueness

Uniqueness Score: -1.00%

Function 00404110 Relevance: .3, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2498990034.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2498952853.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000434000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000465000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_22w5dN070c.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e8bd05fa93af3aee8352165ca63447f1b4b1cce5fb19eebbfaf28000b7e392d
Instruction ID: 8c9ce78122583aa8a55ee52179d80f89be94f9b8b227595c5774061f7ec44eb9
Opcode Fuzzy Hash: 2e8bd05fa93af3aee8352165ca63447f1b4b1cce5fb19eebbfaf28000b7e392d
Instruction Fuzzy Hash: 50C190751083809FD320CF29D885B9BBBE4AFD9304F10492EF599873A2CB78A509CB56

Uniqueness

Uniqueness Score: -1.00%

Function 0041BD00 Relevance: .2, Instructions: 246COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2498990034.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2498952853.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000434000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000465000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_22w5dN070c.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0f0f2f94d7dec52d98f834188af29d980dc8eb5f490ab785fe16a6582106086
Instruction ID: 8b5a2351a7d1e8d8b8448e22e26b40c83a0be625b2b6ea0dbd06899092a7e69e
Opcode Fuzzy Hash: f0f0f2f94d7dec52d98f834188af29d980dc8eb5f490ab785fe16a6582106086
Instruction Fuzzy Hash: 74A16E762043808FE314CF35EC927967BE6ABA9700F14652EE995873B1D3F78448CB59

Uniqueness

Uniqueness Score: -1.00%

Function 00425214 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2498990034.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2498952853.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000434000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000465000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_22w5dN070c.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4374541c7480c9de861eca13ad143b888a03e34fd4b500e75caf825a3247e9c9
Instruction ID: 3cdbe674e5470716266b0416ac65ed08902d21a00894794e9fc3ed7962c02048
Opcode Fuzzy Hash: 4374541c7480c9de861eca13ad143b888a03e34fd4b500e75caf825a3247e9c9
Instruction Fuzzy Hash: F721D632A00614DFCB14DF69D8809ABB7A5FF45310B8A80A9E915CB286E734F915CBF0

Uniqueness

Uniqueness Score: -1.00%

Function 0040C1D0 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2498990034.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2498952853.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000434000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000465000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_22w5dN070c.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c9193b7122c9ada05db2bf893685bdb1e040ed9adec1d3d207f007b4c2f18bb
Instruction ID: 8ac1f8066ba04423f4662e4113d208e2f1450d097528ad0d5c8686e1bb647505
Opcode Fuzzy Hash: 6c9193b7122c9ada05db2bf893685bdb1e040ed9adec1d3d207f007b4c2f18bb
Instruction Fuzzy Hash: 56F0A9319283B19F9704EF39C94518BBBE5EBC4250F54CD2EA895C3214E378D915DF92

Uniqueness

Uniqueness Score: -1.00%

Function 0041D159 Relevance: 194.7, APIs: 13, Strings: 98, Instructions: 492COMMON

Download Yara Rule

APIs

76B81222.KERNEL32(00000000,00000032), ref: 0041D1AD
76B81222.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,00000007,?,00000001), ref: 0041D28A
76B81222.KERNEL32 ref: 0041D2E2
76B81222.KERNEL32(00000000), ref: 0041D33A
76B81222.KERNEL32(00000000,0000006B), ref: 0041D4A3
76B84977.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000007,?,00000001), ref: 0041D53F
76B81222.KERNEL32(00000000,0000009A), ref: 0041D637
76B81222.KERNEL32(00000000,000000A5), ref: 0041D6A1
76B81222.KERNEL32(00000000,000000EA), ref: 0041D718
76B81222.KERNEL32(00000000,00000088), ref: 0041D80A
76B81222.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,00000007,?,00000001), ref: 0041D967
76B84977.KERNEL32(00000040), ref: 0041D9FF
76B81222.KERNEL32(00000000,0000008A), ref: 0041DA87

Strings

w, xrefs: 0041D9B7
<, xrefs: 0041D8A2
&, xrefs: 0041DAFD
J, xrefs: 0041D91D
v, xrefs: 0041D501
Q, xrefs: 0041D362
6, xrefs: 0041D842
g, xrefs: 0041D51F
4, xrefs: 0041D3B2
R, xrefs: 0041D2BA
T, xrefs: 0041DADA
y, xrefs: 0041D905
!, xrefs: 0041D4FC
C, xrefs: 0041D72E
&, xrefs: 0041DAF8
B, xrefs: 0041D8D1
P, xrefs: 0041D9DF
~, xrefs: 0041DAA8
&, xrefs: 0041D87A
W, xrefs: 0041D2A2
v, xrefs: 0041D515
x, xrefs: 0041D267
W, xrefs: 0041D2FA
r, xrefs: 0041D8B2
c, xrefs: 0041D2CA
A, xrefs: 0041D392
j, xrefs: 0041D747
(, xrefs: 0041D3DA
9, xrefs: 0041D915
q, xrefs: 0041D50B
:, xrefs: 0041DB0B
`, xrefs: 0041D852
x, xrefs: 0041D9D5
h, xrefs: 0041D93D
`, xrefs: 0041D94D
_, xrefs: 0041D20A
A, xrefs: 0041D52D
g, xrefs: 0041D92D
v, xrefs: 0041D2D2
', xrefs: 0041DB1A
g, xrefs: 0041DB47
A, xrefs: 0041D2B2
t, xrefs: 0041D8E5
4, xrefs: 0041D3C2
., xrefs: 0041D249
T, xrefs: 0041D35A
S, xrefs: 0041D312
W, xrefs: 0041D9BC
", xrefs: 0041DABC
>, xrefs: 0041D41A
w, xrefs: 0041D7BD
I, xrefs: 0041DAC1
S, xrefs: 0041D4C0
H, xrefs: 0041D4E3
e, xrefs: 0041D31A
D, xrefs: 0041D43D
k, xrefs: 0041D352
<, xrefs: 0041D401
$, xrefs: 0041D429
h, xrefs: 0041D8F5
+, xrefs: 0041D782
N, xrefs: 0041D4E8
i, xrefs: 0041D39A
S, xrefs: 0041D302
2, xrefs: 0041D862
A, xrefs: 0041D30A
A, xrefs: 0041DB38
e, xrefs: 0041D2C2
8, xrefs: 0041D7D5
>, xrefs: 0041D86A
$, xrefs: 0041D9AD
J, xrefs: 0041D37A
4, xrefs: 0041D3CA
&, xrefs: 0041DB33
d, xrefs: 0041D32A
o, xrefs: 0041DB51
f, xrefs: 0041D451
P, xrefs: 0041D44C
S, xrefs: 0041D2AA
x, xrefs: 0041D787
[, xrefs: 0041D45B
/, xrefs: 0041D925
a, xrefs: 0041D465
Y, xrefs: 0041D46A
T, xrefs: 0041DB3D
+, xrefs: 0041DAA3
n, xrefs: 0041D322
e, xrefs: 0041D8DB
|, xrefs: 0041D244
I, xrefs: 0041D524
, xrefs: 0041D75A
5, xrefs: 0041D764
t, xrefs: 0041D271
:, xrefs: 0041D90D
H, xrefs: 0041DAE9
1, xrefs: 0041DAB7
#, xrefs: 0041D1CA
l, xrefs: 0041D4D9

Memory Dump Source

Source File: 00000000.00000002.2498990034.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2498952853.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000434000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000465000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_22w5dN070c.jbxd

Similarity

API ID: B81222$B84977
String ID: $!$"$#$$$$$&$&$&$&$'$($+$+$.$/$1$2$4$4$4$5$6$8$9$:$:$<$<$>$>$A$A$A$A$A$B$C$D$H$H$I$I$J$J$N$P$P$Q$R$S$S$S$S$T$T$T$W$W$W$Y$[$_$`$`$a$c$d$e$e$e$f$g$g$g$h$h$i$j$k$l$n$o$q$r$t$t$v$v$v$w$w$x$x$x$y$|$~
API String ID: 372746600-185529573
Opcode ID: dc4f4d0b471bad00b7934a0f93fd220da11310dade4a00c83dc98633790c7239
Instruction ID: 7ccb03b487649084fc74278674e482db3498c0e72adea3aa0db0a4bb0860342b
Opcode Fuzzy Hash: dc4f4d0b471bad00b7934a0f93fd220da11310dade4a00c83dc98633790c7239
Instruction Fuzzy Hash: 8052871000C7C2C9D332D63C984879FBED51BA7228F584F9DE1F95A2E2D7A5814AC767

Uniqueness

Uniqueness Score: -1.00%

Function 0041D478 Relevance: 119.4, APIs: 9, Strings: 59, Instructions: 352COMMON

Download Yara Rule

APIs

76B81222.KERNEL32(00000000,0000006B), ref: 0041D4A3
76B84977.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000007,?,00000001), ref: 0041D53F
76B81222.KERNEL32(00000000,0000009A), ref: 0041D637
76B81222.KERNEL32(00000000,000000A5), ref: 0041D6A1
76B81222.KERNEL32(00000000,000000EA), ref: 0041D718
76B81222.KERNEL32(00000000,00000088), ref: 0041D80A
76B81222.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,00000007,?,00000001), ref: 0041D967
76B84977.KERNEL32(00000040), ref: 0041D9FF
76B81222.KERNEL32(00000000,0000008A), ref: 0041DA87

Strings

H, xrefs: 0041D4E3
w, xrefs: 0041D9B7
<, xrefs: 0041D8A2
&, xrefs: 0041DAFD
J, xrefs: 0041D91D
v, xrefs: 0041D501
6, xrefs: 0041D842
g, xrefs: 0041D51F
T, xrefs: 0041DADA
h, xrefs: 0041D8F5
y, xrefs: 0041D905
!, xrefs: 0041D4FC
+, xrefs: 0041D782
C, xrefs: 0041D72E
&, xrefs: 0041DAF8
N, xrefs: 0041D4E8
B, xrefs: 0041D8D1
P, xrefs: 0041D9DF
~, xrefs: 0041DAA8
2, xrefs: 0041D862
&, xrefs: 0041D87A
A, xrefs: 0041DB38
v, xrefs: 0041D515
r, xrefs: 0041D8B2
8, xrefs: 0041D7D5
j, xrefs: 0041D747
>, xrefs: 0041D86A
9, xrefs: 0041D915
q, xrefs: 0041D50B
:, xrefs: 0041DB0B
`, xrefs: 0041D852
$, xrefs: 0041D9AD
x, xrefs: 0041D9D5
h, xrefs: 0041D93D
&, xrefs: 0041DB33
`, xrefs: 0041D94D
o, xrefs: 0041DB51
A, xrefs: 0041D52D
g, xrefs: 0041D92D
x, xrefs: 0041D787
/, xrefs: 0041D925
T, xrefs: 0041DB3D
+, xrefs: 0041DAA3
e, xrefs: 0041D8DB
', xrefs: 0041DB1A
g, xrefs: 0041DB47
I, xrefs: 0041D524
t, xrefs: 0041D8E5
, xrefs: 0041D75A
5, xrefs: 0041D764
:, xrefs: 0041D90D
H, xrefs: 0041DAE9
W, xrefs: 0041D9BC
", xrefs: 0041DABC
1, xrefs: 0041DAB7
w, xrefs: 0041D7BD
l, xrefs: 0041D4D9
I, xrefs: 0041DAC1
S, xrefs: 0041D4C0

Memory Dump Source

Source File: 00000000.00000002.2498990034.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2498952853.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000434000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000465000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_22w5dN070c.jbxd

Similarity

API ID: B81222$B84977
String ID: $!$"$$$&$&$&$&$'$+$+$/$1$2$5$6$8$9$:$:$<$>$A$A$B$C$H$H$I$I$J$N$P$S$T$T$W$`$`$e$g$g$g$h$h$j$l$o$q$r$t$v$v$w$w$x$x$y$~
API String ID: 372746600-1987729831
Opcode ID: 9902535520e839ef24ee0495d87cf929a135d6cea27c4b1a160b0368d0602a5f
Instruction ID: c88c92e81769959b913fd42799760bedd8082ca8a985cd4fb7e7928e1c3e82f4
Opcode Fuzzy Hash: 9902535520e839ef24ee0495d87cf929a135d6cea27c4b1a160b0368d0602a5f
Instruction Fuzzy Hash: F212822000CBC289D332D63C584879FBFD11BA7228F584B9DF1F99A2E2D7A58146D767

Uniqueness

Uniqueness Score: -1.00%

Function 00422920 Relevance: 105.4, APIs: 1, Strings: 59, Instructions: 373COMMON

Download Yara Rule

APIs

_strncpy.LIBCMT ref: 00422DD1

Strings

T, xrefs: 0042294A
F, xrefs: 00422C8B
#, xrefs: 00422B78
v, xrefs: 00422BFC
", xrefs: 004229A7
Q, xrefs: 00422B40
X, xrefs: 00422BF4
\, xrefs: 00422C14
', xrefs: 00422CD4
;, xrefs: 004229DD
., xrefs: 00422B68
x, xrefs: 00422CED
/, xrefs: 00422A6D
?, xrefs: 00422AC8
e, xrefs: 00422CA3
E, xrefs: 00422989
1, xrefs: 00422CC1
x, xrefs: 00422CF4
W, xrefs: 00422C1C
R, xrefs: 00422A16
g, xrefs: 00422A77
}, xrefs: 00422A3E
P, xrefs: 00422967
], xrefs: 00422B50
u, xrefs: 00422A2F
{, xrefs: 00422A4C
Z, xrefs: 00422BDC
', xrefs: 004229D8
P, xrefs: 00422A81
8, xrefs: 00422C63
4, xrefs: 00422ABE
S, xrefs: 00422971
4, xrefs: 00422CDE
,, xrefs: 0042294F
N, xrefs: 00422AEA
<, xrefs: 00422CD9
W, xrefs: 00422AA6
K, xrefs: 00422AAF
G, xrefs: 00422998
4, xrefs: 00422CE3
~, xrefs: 00422B90
), xrefs: 00422976
9, xrefs: 00422B08
T, xrefs: 00422A8A
%, xrefs: 00422A0C
G, xrefs: 00422BE4
,, xrefs: 0042295D
!, xrefs: 00422B60
N, xrefs: 00422984
Q, xrefs: 00422C9B
S, xrefs: 00422AB4
c, xrefs: 00422C93
x, xrefs: 00422C0C
,, xrefs: 00422AA1
t, xrefs: 00422B58
B, xrefs: 00422B80
c, xrefs: 00422B70
6, xrefs: 00422A07
b, xrefs: 00422B30

Memory Dump Source

Source File: 00000000.00000002.2498990034.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2498952853.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000434000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000465000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_22w5dN070c.jbxd

Similarity

API ID: _strncpy
String ID: !$"$#$%$'$'$)$,$,$,$.$/$1$4$4$4$6$8$9$;$<$?$B$E$F$G$G$K$N$N$P$P$Q$Q$R$S$S$T$T$W$W$X$Z$\$]$b$c$c$e$g$t$u$v$x$x$x${$}$~
API String ID: 2961919466-2427493838
Opcode ID: 7337214d11a851bd4cf50340e085f9d80e812cb42cb0b2f6aa3fb40ca9b3f76c
Instruction ID: 4784c4b2e2af174b486d3fa0099c06b4624002471a15ad2e25fd25ecae521a18
Opcode Fuzzy Hash: 7337214d11a851bd4cf50340e085f9d80e812cb42cb0b2f6aa3fb40ca9b3f76c
Instruction Fuzzy Hash: 8002182120C7C19ED332C63C994879BBFD15BA7218F484A9DE1E85B3D2C7B98509C76B

Uniqueness

Uniqueness Score: -1.00%

Function 00423870 Relevance: 94.7, APIs: 1, Strings: 53, Instructions: 204COMMON

Download Yara Rule

APIs

754494D8.USER32(00431FF4,00000000,0000001D,00000074,000000ED,0000001F,0000000F,00000075,00000079,0000005C,000000A3,0000006C,00431FF4,00000000,00000020), ref: 00423AFC

Strings

q, xrefs: 0042395E
q, xrefs: 0042393E
U, xrefs: 00423902
J, xrefs: 00423A12
y, xrefs: 00423A3E
C, xrefs: 004238B2
\, xrefs: 00423A42
V, xrefs: 004239B2
t, xrefs: 00423A2A
s, xrefs: 00423A16
b, xrefs: 004238CE
f, xrefs: 00423886
/, xrefs: 004238CA
), xrefs: 004239A2
], xrefs: 00423A0E
V, xrefs: 00423992
), xrefs: 00423982
j, xrefs: 00423A1E
), xrefs: 00423922
V, xrefs: 00423952
C, xrefs: 0042393A
C, xrefs: 0042395A
E, xrefs: 004238F6
{, xrefs: 004238A6
z, xrefs: 004238FA
<, xrefs: 0042392A
C, xrefs: 0042397A
), xrefs: 00423942
q, xrefs: 0042399E
q, xrefs: 0042397E
1, xrefs: 00423912
u, xrefs: 00423A3A
<, xrefs: 0042396A
<, xrefs: 0042398A
<, xrefs: 0042394A
), xrefs: 004239C2
K, xrefs: 004238EE
x, xrefs: 004238FE
C, xrefs: 004239BA
s, xrefs: 00423996
q, xrefs: 004239BE
C, xrefs: 0042399A
V, xrefs: 00423972
l, xrefs: 00423A4A
s, xrefs: 004239B6
c, xrefs: 00423906
V, xrefs: 00423932
<, xrefs: 004239AA
s, xrefs: 00423956
s, xrefs: 00423976
[, xrefs: 004238B6
), xrefs: 00423962
s, xrefs: 00423936

Memory Dump Source

Source File: 00000000.00000002.2498990034.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2498952853.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000434000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000465000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_22w5dN070c.jbxd

Similarity

API ID: 754494
String ID: )$)$)$)$)$)$/$1$<$<$<$<$<$C$C$C$C$C$C$E$J$K$U$V$V$V$V$V$[$\$]$b$c$f$j$l$q$q$q$q$q$s$s$s$s$s$s$t$u$x$y$z${
API String ID: 2993158901-877203839
Opcode ID: 00a432a5c1b93898b4d4b2f326498809a86ae49696c8e1ca09fda1d6ae5dae05
Instruction ID: b8cea7b21e1b0b0dd3eef741e46aff7ac42a2e861af7119df59345f413ed0d70
Opcode Fuzzy Hash: 00a432a5c1b93898b4d4b2f326498809a86ae49696c8e1ca09fda1d6ae5dae05
Instruction Fuzzy Hash: 2BB1E810D0C7D999EB22C2FC94587DEBFB50F27318F580299D5E47B2D2C2AA0249C77A

Uniqueness

Uniqueness Score: -1.00%

Function 0041F660 Relevance: 31.6, APIs: 2, Strings: 16, Instructions: 125COMMON

Download Yara Rule

APIs

76B84977.KERNEL32(00000000), ref: 0041F7B9
76B81222.KERNEL32(00000000,00000043), ref: 0041F7CF

Strings

;, xrefs: 0041F768
P, xrefs: 0041F6CA
), xrefs: 0041F701
o, xrefs: 0041F6D4
N, xrefs: 0041F710
P, xrefs: 0041F6F2
C, xrefs: 0041F6C0
c, xrefs: 0041F6D9
A, xrefs: 0041F723
h, xrefs: 0041F72D
', xrefs: 0041F763
S, xrefs: 0041F6FC
", xrefs: 0041F732
B, xrefs: 0041F6C5
E, xrefs: 0041F715
r, xrefs: 0041F6CF

Memory Dump Source

Source File: 00000000.00000002.2498990034.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2498952853.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000434000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000465000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_22w5dN070c.jbxd

Similarity

API ID: B81222B84977
String ID: "$'$)$;$A$B$C$E$N$P$P$S$c$h$o$r
API String ID: 3847112834-1035779198
Opcode ID: 4823f96c75be3553f992e83bc3aff9d51972fce662410e85ae0c499c227e9e0e
Instruction ID: d6bcc57e59aaaf67e7ff94e30ae49016207e17142ead068d2604868bf6eb43c5
Opcode Fuzzy Hash: 4823f96c75be3553f992e83bc3aff9d51972fce662410e85ae0c499c227e9e0e
Instruction Fuzzy Hash: D6514B2520C3C19AD311DB39984478BBFD15FA6318F484AADF0E9873D2D3A9C54AC76B

Uniqueness

Uniqueness Score: -1.00%

Function 0041DA67 Relevance: 29.8, APIs: 1, Strings: 16, Instructions: 55COMMON

Download Yara Rule

APIs

76B81222.KERNEL32(00000000,0000008A), ref: 0041DA87

Strings

', xrefs: 0041DB1A
~, xrefs: 0041DAA8
g, xrefs: 0041DB47
A, xrefs: 0041DB38
o, xrefs: 0041DB51
&, xrefs: 0041DAFD
T, xrefs: 0041DADA
H, xrefs: 0041DAE9
:, xrefs: 0041DB0B
", xrefs: 0041DABC
1, xrefs: 0041DAB7
&, xrefs: 0041DAF8
I, xrefs: 0041DAC1
&, xrefs: 0041DB33
T, xrefs: 0041DB3D
+, xrefs: 0041DAA3

Memory Dump Source

Source File: 00000000.00000002.2498990034.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2498952853.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000434000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000465000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_22w5dN070c.jbxd

Similarity

API ID: B81222
String ID: "$&$&$&$'$+$1$:$A$H$I$T$T$g$o$~
API String ID: 685527624-337257859
Opcode ID: 993060f5cd6ac700ac2c29d7291e5636e24fca16dfe49f0f602a4fe29a211871
Instruction ID: 3aea69e4e827956fd5f49ad1ef6b110586881577c68340c369aecabb28ec68b7
Opcode Fuzzy Hash: 993060f5cd6ac700ac2c29d7291e5636e24fca16dfe49f0f602a4fe29a211871
Instruction Fuzzy Hash: 3331522000C7C1C9D322C27D584864FFFE11BA7368F484B9DB2E54A6E2D3AA854AD767

Uniqueness

Uniqueness Score: -1.00%

Function 004120C0 Relevance: 28.2, APIs: 2, Strings: 14, Instructions: 150COMMON

Download Yara Rule

APIs

76B84977.KERNEL32(?), ref: 00412252
76B81222.KERNEL32(00000000,0042E3F0), ref: 004122AC

Strings

', xrefs: 00412100
F, xrefs: 00412177
:, xrefs: 004120E3
t, xrefs: 00412172
4, xrefs: 00412105
^, xrefs: 00412137
z, xrefs: 00412114
{, xrefs: 004120DE
x, xrefs: 004120F2
h, xrefs: 0041215E
m, xrefs: 0041213C
<, xrefs: 0041214A
0, xrefs: 0041211E
Y, xrefs: 004120E8

Memory Dump Source

Source File: 00000000.00000002.2498990034.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2498952853.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000434000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000465000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_22w5dN070c.jbxd

Similarity

API ID: B81222B84977
String ID: '$0$4$:$<$F$Y$^$h$m$t$x$z${
API String ID: 3847112834-1073058172
Opcode ID: a5adacd716e7baf1de6d2d6eeedb44ef2450c3eec67df30879bac43f7646a4fd
Instruction ID: 95e2059b24e6b08625558fafe1d9927b9274d35295d34d11aa50597a438a658b
Opcode Fuzzy Hash: a5adacd716e7baf1de6d2d6eeedb44ef2450c3eec67df30879bac43f7646a4fd
Instruction Fuzzy Hash: C651631010C3D19AD311DB39989579BBFD45BA7328F485A9DF4E8472D3C269820DC76B

Uniqueness

Uniqueness Score: -1.00%

Function 004056D7 Relevance: 26.4, APIs: 1, Strings: 14, Instructions: 135COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 00405900

Strings

l, xrefs: 00405817
s, xrefs: 00405820
8, xrefs: 00405869
t, xrefs: 0040582A
h, xrefs: 00405825
p, xrefs: 004057FF
h, xrefs: 00405804
s, xrefs: 00405833
p, xrefs: 00405812
I, xrefs: 0040585F
h, xrefs: 0040583B
m, xrefs: 0040584B
t, xrefs: 00405843
p, xrefs: 00405809

Memory Dump Source

Source File: 00000000.00000002.2498990034.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2498952853.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000434000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000465000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_22w5dN070c.jbxd

Similarity

API ID: _strrchr
String ID: 8$I$h$h$h$l$m$p$p$p$s$s$t$t
API String ID: 3213747228-836531014
Opcode ID: 3f6f4d00302a2750cb098f24f5e8b9487e36c90152ba499324c3b1297c567f42
Instruction ID: 3f20e5aee60d72e1d420386b93ed5b1cec2b7467db128eb5dee041a04ac3d7e4
Opcode Fuzzy Hash: 3f6f4d00302a2750cb098f24f5e8b9487e36c90152ba499324c3b1297c567f42
Instruction Fuzzy Hash: B771C07540D3C28AD326CB288040B9BFBE1ABD6204F448E6EE5D947391E7B59109CB67

Uniqueness

Uniqueness Score: -1.00%

Function 00426501 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 100COMMON

Download Yara Rule

APIs

_strcat.LIBCMT ref: 00426598
_strlen.LIBCMT ref: 004265A8
_strlen.LIBCMT ref: 004265B9
_strncpy.LIBCMT ref: 004265D3
_strlen.LIBCMT ref: 004265DC
_strcat.LIBCMT ref: 004265F8

Strings

Buffer overrun detected!, xrefs: 0042655E, 004265F6
Microsoft Visual C++ Runtime Library, xrefs: 00426633
A security error of unknown cause has been detected which hascorrupted the program's internal state. The program cannot safelycontinue execution and must now be terminated., xrefs: 0042654D
..., xrefs: 004265CD
A buffer overrun has been detected which has corrupted the program'sinternal state. The program cannot safely continue execution and mustnow be terminated., xrefs: 00426563
Program: , xrefs: 00426609
<program name unknown>, xrefs: 0042658C
Unknown security failure detected!, xrefs: 00426548

Memory Dump Source

Source File: 00000000.00000002.2498990034.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2498952853.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000434000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000465000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_22w5dN070c.jbxd

Similarity

API ID: _strlen$_strcat$_strncpy
String ID: ...$<program name unknown>$A buffer overrun has been detected which has corrupted the program'sinternal state. The program cannot safely continue execution and mustnow be terminated.$A security error of unknown cause has been detected which hascorrupted the program's internal state. The program cannot safelycontinue execution and must now be terminated.$Buffer overrun detected!$Microsoft Visual C++ Runtime Library$Program: $Unknown security failure detected!
API String ID: 1532334349-1010210193
Opcode ID: 274350b4db4e198dff4838cdcdb7cca60fbc00610526af31027a2127c74c29a7
Instruction ID: 89b9faee52e55a897ce7ba6d50dd28e9919cf87c3f188bd51213c475bd47c2d4
Opcode Fuzzy Hash: 274350b4db4e198dff4838cdcdb7cca60fbc00610526af31027a2127c74c29a7
Instruction Fuzzy Hash: C331C732B012347BD715ABA6BC42FDE37689F09318FD4045BF904A6282DB7CDA918B5D

Uniqueness

Uniqueness Score: -1.00%

Function 0042ADD1 Relevance: 22.8, APIs: 6, Strings: 7, Instructions: 90COMMON

Download Yara Rule

APIs

76B84977.KERNEL32(user32.dll,0042E5E8,?,?), ref: 0042ADE9
76B81222.KERNEL32(00000000,MessageBoxA,?,?), ref: 0042AE05
76B81222.KERNEL32(00000000,GetActiveWindow,?,?), ref: 0042AE16
76B81222.KERNEL32(00000000,GetLastActivePopup,?,?), ref: 0042AE23
76B81222.KERNEL32(00000000,GetUserObjectInformationA,?,?), ref: 0042AE39
76B81222.KERNEL32(00000000,GetProcessWindowStation,?,?), ref: 0042AE4A

Strings

GetProcessWindowStation, xrefs: 0042AE44
, xrefs: 0042AE86
user32.dll, xrefs: 0042ADE4
GetActiveWindow, xrefs: 0042AE10
MessageBoxA, xrefs: 0042ADFF
GetUserObjectInformationA, xrefs: 0042AE33
GetLastActivePopup, xrefs: 0042AE18

Memory Dump Source

Source File: 00000000.00000002.2498990034.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2498952853.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000434000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000465000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_22w5dN070c.jbxd

Similarity

API ID: B81222$B84977
String ID: $GetActiveWindow$GetLastActivePopup$GetProcessWindowStation$GetUserObjectInformationA$MessageBoxA$user32.dll
API String ID: 372746600-752805172
Opcode ID: 1e07f3a9dedf5d83c3b40c4b76d854943183329d44e916a5c801173aea8fc7a5
Instruction ID: 70b5fa524dff6b7417458b24b0bac14766b51569b5ba9c55d5771b2b321c63c1
Opcode Fuzzy Hash: 1e07f3a9dedf5d83c3b40c4b76d854943183329d44e916a5c801173aea8fc7a5
Instruction Fuzzy Hash: 6B21A730740326ABDB119F75BE84B6B3BE8AB04740B51143BED01D6190D7BCC81ADB6E

Uniqueness

Uniqueness Score: -1.00%

Function 0042A3E3 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 115COMMON

Download Yara Rule

APIs

_strcat.LIBCMT ref: 0042A477
_strlen.LIBCMT ref: 0042A484
_strlen.LIBCMT ref: 0042A493
_strncpy.LIBCMT ref: 0042A4AA
_strlen.LIBCMT ref: 0042A4B3
_strlen.LIBCMT ref: 0042A4C0
_strcat.LIBCMT ref: 0042A4DE
_strlen.LIBCMT ref: 0042A526

Strings

Microsoft Visual C++ Runtime Library, xrefs: 0042A506
Runtime Error!Program: , xrefs: 0042A4D8
..., xrefs: 0042A4A4
<program name unknown>, xrefs: 0042A471

Memory Dump Source

Source File: 00000000.00000002.2498990034.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2498952853.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000434000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000465000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_22w5dN070c.jbxd

Similarity

API ID: _strlen$_strcat$_strncpy
String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
API String ID: 1532334349-4022980321
Opcode ID: 7ae787c9bd6dc9f2ed0bb9397e4716a41ad1fd8d6d862ee3aa50583de2541cc3
Instruction ID: 74c76adfd133b4e9a18e4e1925237b71ce4d4ae5635836e3a3127bb511270d61
Opcode Fuzzy Hash: 7ae787c9bd6dc9f2ed0bb9397e4716a41ad1fd8d6d862ee3aa50583de2541cc3
Instruction Fuzzy Hash: 763128327401246BD720BBB6BC86EAB73A8EB44308F94042FFD15D3152EA7C9595C72D

Uniqueness

Uniqueness Score: -1.00%

Function 00427120 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 71COMMON

Download Yara Rule

APIs

76B81222.KERNEL32(00000000,FlsAlloc,?,0042E598,00000060), ref: 00427150
76B81222.KERNEL32(00000000,FlsGetValue,?,0042E598,00000060), ref: 0042715D
76B81222.KERNEL32(00000000,FlsSetValue,?,0042E598,00000060), ref: 0042716A
76B81222.KERNEL32(00000000,FlsFree,?,0042E598,00000060), ref: 00427177

Strings

FlsAlloc, xrefs: 0042714A
FlsFree, xrefs: 0042716C
FlsSetValue, xrefs: 0042715F
kernel32.dll, xrefs: 00427133
FlsGetValue, xrefs: 00427152

Memory Dump Source

Source File: 00000000.00000002.2498990034.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2498952853.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000434000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000465000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_22w5dN070c.jbxd

Similarity

API ID: B81222
String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$kernel32.dll
API String ID: 685527624-282957996
Opcode ID: b87ad60a131d164c28d5f70f0fad35323593ccf2417c63438c26ed16432ab973
Instruction ID: 86349d13d9d697d1a2059cccb8833edb385c7957e5e4b5f87f3c94e81b02547f
Opcode Fuzzy Hash: b87ad60a131d164c28d5f70f0fad35323593ccf2417c63438c26ed16432ab973
Instruction Fuzzy Hash: 1B2180707042619AD724AF37BE09A667FB5EB467103A1113BF644C32A0DBB8840ACF6C

Uniqueness

Uniqueness Score: -1.00%

Function 00423FDF Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 297COMMON

Download Yara Rule

APIs

754494D8.USER32(-000000EF,[%d] %s,00000000,00000015,0000007A), ref: 004243AA

Strings

Description, xrefs: 004242D2
Title, xrefs: 00424362
[%d] %s, xrefs: 004243A4
ServiceName, xrefs: 00424255

Memory Dump Source

Source File: 00000000.00000002.2498990034.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2498952853.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000434000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000465000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_22w5dN070c.jbxd

Similarity

API ID: 754494
String ID: Description$ServiceName$Title$[%d] %s
API String ID: 2993158901-1473919770
Opcode ID: d8ff51026944c7f12691f0784216f2c4e887938fa566d74994dd72e4dff7bf4b
Instruction ID: 50b48e229a94bbbaf40ab9f963702833861e6e57dc731b51fdf7295a7017bae1
Opcode Fuzzy Hash: d8ff51026944c7f12691f0784216f2c4e887938fa566d74994dd72e4dff7bf4b
Instruction Fuzzy Hash: 0CE123205087CEDDDF22CB7C98486CD7F955B27328F484389F9E45A2E2C3A9854AC776

Uniqueness

Uniqueness Score: -1.00%

Function 00404840 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 95COMMON

Download Yara Rule

APIs

76B81222.KERNEL32(00000000), ref: 004048F2

Strings

LoadLibraryA, xrefs: 004048E1
(, xrefs: 0040492B
Kernel32, xrefs: 004048E6

Memory Dump Source

Source File: 00000000.00000002.2498990034.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2498952853.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000434000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000465000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_22w5dN070c.jbxd

Similarity

API ID: B81222
String ID: ($Kernel32$LoadLibraryA
API String ID: 685527624-1094976956
Opcode ID: 1048440a6fa2ba31e54d9434ac68688d651942ad3db7224efd2e259a51c0311f
Instruction ID: b8c2f0deb781411a5cbda0f33fd6846fbbcdfb44d071191cfa48344f537f40e7
Opcode Fuzzy Hash: 1048440a6fa2ba31e54d9434ac68688d651942ad3db7224efd2e259a51c0311f
Instruction Fuzzy Hash: A831B3B0A40394EFEB208BA98C48B9FBFB9AB96714F14016AF550B62C1C7B44501C7B8

Uniqueness

Uniqueness Score: -1.00%

Function 0042B4DF Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 29COMMON

Download Yara Rule

APIs

76B81222.KERNEL32(00000000,InitializeCriticalSectionAndSpinCount,?,?,00429267,00000008,0042EAB8,00000008,00429335,00000000,00000001,00000000,00426648,00000003), ref: 0042B512

Strings

HfB, xrefs: 0042B532
kernel32.dll, xrefs: 0042B4FD
InitializeCriticalSectionAndSpinCount, xrefs: 0042B50C

Memory Dump Source

Source File: 00000000.00000002.2498990034.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2498952853.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000434000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000465000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_22w5dN070c.jbxd

Similarity

API ID: B81222
String ID: HfB$InitializeCriticalSectionAndSpinCount$kernel32.dll
API String ID: 685527624-898363180
Opcode ID: 0793463775682b851faa0cc23e1d04a50290d736f157ca9dcbf621787e10acfd
Instruction ID: be9b0aabb06fe80ffec501557c266caa5c5a139848c1c9192b9c21e126a2179c
Opcode Fuzzy Hash: 0793463775682b851faa0cc23e1d04a50290d736f157ca9dcbf621787e10acfd
Instruction Fuzzy Hash: EBF05470741335FACB10AFB2FD457593BA0EB04748F94452AE814D52A0D77C86819A6D

Uniqueness

Uniqueness Score: -1.00%

Function 00429190 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 14COMMON

Download Yara Rule

APIs

76B81222.KERNEL32(00000000,CorExitProcess), ref: 004291A5
76B879B0.KERNEL32(?), ref: 004291B9

Strings

mscoree.dll, xrefs: 00429190
CorExitProcess, xrefs: 0042919F

Memory Dump Source

Source File: 00000000.00000002.2498990034.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2498952853.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000434000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000465000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_22w5dN070c.jbxd

Similarity

API ID: B81222B879
String ID: CorExitProcess$mscoree.dll
API String ID: 3699604315-1276376045
Opcode ID: 4a85548d8ab9ee867a05da53093017c0efb30c7bc6663312f7a756fc9e57b91f
Instruction ID: 96badb10a6f4c7f0fc9f0f90ee249a252e680e37f2627bcb5ee645d4e37b0209
Opcode Fuzzy Hash: 4a85548d8ab9ee867a05da53093017c0efb30c7bc6663312f7a756fc9e57b91f
Instruction Fuzzy Hash: 9AD0C730300322EBE7101B73EC0D77B3A65BF40B01B944439B805D0160DB74CC22991D

Uniqueness

Uniqueness Score: -1.00%

Function 0042A754 Relevance: 6.1, APIs: 4, Instructions: 74COMMON

Download Yara Rule

APIs

___initmbctable.LIBCMT ref: 0042A761
_strlen.LIBCMT ref: 0042A77A
_strlen.LIBCMT ref: 0042A7B3
_strcat.LIBCMT ref: 0042A7D0

Memory Dump Source

Source File: 00000000.00000002.2498990034.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2498952853.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000434000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000465000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_22w5dN070c.jbxd

Similarity

API ID: _strlen$___initmbctable_strcat
String ID:
API String ID: 109824703-0
Opcode ID: 25bf7d570d627d8591f5dbaa471d7b5acdbd6715a19f961057285dd63cfa7f5a
Instruction ID: 5385ac430a30b69aec2053d85f27ee94e75532dfac9a54d499d343a2729e6959
Opcode Fuzzy Hash: 25bf7d570d627d8591f5dbaa471d7b5acdbd6715a19f961057285dd63cfa7f5a
Instruction Fuzzy Hash: EC1189726064309FD728BF247D4062B7BA5FB403347A4017FED8183262DB3D9855D68E

Uniqueness

Uniqueness Score: -1.00%

Function 0042CB30 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 120COMMON

Download Yara Rule

APIs

__lock.LIBCMT ref: 0042CBE4

Strings

$C, xrefs: 0042CB6B
$$C, xrefs: 0042CB85

Memory Dump Source

Source File: 00000000.00000002.2498990034.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2498952853.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000434000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000465000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_22w5dN070c.jbxd

Similarity

API ID: __lock
String ID: $C$$$C
API String ID: 1351747465-3751191682
Opcode ID: d925a9cd45980cd0013d670c3233b66b803b263b007b769b98d9570aa02e32bd
Instruction ID: b1263411a33c7abb084cf6b3ba1c38a65e28a18038912d737f562992e4ca65ea
Opcode Fuzzy Hash: d925a9cd45980cd0013d670c3233b66b803b263b007b769b98d9570aa02e32bd
Instruction Fuzzy Hash: 1B41A031F002248BCF28DF2AF8C556D3BA1EB59310BA5806BD809EB355C73CAD418B9D

Uniqueness

Uniqueness Score: -1.00%

Function 004247E1 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 40COMMON

Download Yara Rule

APIs

76B879B0.KERNEL32(00000003,0042E4C0,00000008,00401823), ref: 0042486C

Part of subcall function 004250E9: _strlen.LIBCMT ref: 004250F9
Part of subcall function 004250E9: _strcat.LIBCMT ref: 00425111

Strings

0 C, xrefs: 00424801
bad allocation, xrefs: 00424806

Memory Dump Source

Source File: 00000000.00000002.2498990034.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2498952853.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000434000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000465000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_22w5dN070c.jbxd

Similarity

API ID: B879_strcat_strlen
String ID: 0 C$bad allocation
API String ID: 2045221161-2474826697
Opcode ID: 49b73679f5367c8e5c8b464e1d18d940e77765d1725eb3d2e43f6928852edeeb
Instruction ID: bcdaacc36b2257f7a80b7b99fe7cc3dcc22ad94da542e2571e3521e2eda128be
Opcode Fuzzy Hash: 49b73679f5367c8e5c8b464e1d18d940e77765d1725eb3d2e43f6928852edeeb
Instruction Fuzzy Hash: CE01A230B51234AAD718FB92BE46B9E7674AB04718FA0551FF310A11C1CBF81609869D

Uniqueness

Uniqueness Score: -1.00%

Function 00425126 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 00425141
_strcat.LIBCMT ref: 0042515A

Strings

0HB0 C, xrefs: 0042512A

Memory Dump Source

Source File: 00000000.00000002.2498990034.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2498952853.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000434000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000465000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_22w5dN070c.jbxd

Similarity

API ID: _strcat_strlen
String ID: 0HB0 C
API String ID: 432593777-2988241960
Opcode ID: 1bbe31142ae6c97b524d72296d171f2a47dbf443b2f99840150dcae00a98a1f6
Instruction ID: 9fe6b21284e11fe8b106e4abcab2246397d320da1757041de7a1a3a2de4bc466
Opcode Fuzzy Hash: 1bbe31142ae6c97b524d72296d171f2a47dbf443b2f99840150dcae00a98a1f6
Instruction Fuzzy Hash: 1FF01CB2708A21AF97149B6AF941913F7E8EF54720354882FA868C3651EB74FC20C798

Uniqueness

Uniqueness Score: -1.00%

Function 00424762 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00424767

Strings

`'@, xrefs: 00424795
string too long, xrefs: 0042476F

Memory Dump Source

Source File: 00000000.00000002.2498990034.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2498952853.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000434000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000465000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_22w5dN070c.jbxd

Similarity

API ID: H_prolog
String ID: `'@$string too long
API String ID: 3519838083-3693725657
Opcode ID: 4a1b1e4cb4d1a58f37b1271341b6f14b9d8befd1e1a2c2c1923a7a6bae39caf8
Instruction ID: a6fae499552c7f69fbfb376713fba05a9d07774f3acb4cf029888a425ff688e0
Opcode Fuzzy Hash: 4a1b1e4cb4d1a58f37b1271341b6f14b9d8befd1e1a2c2c1923a7a6bae39caf8
Instruction Fuzzy Hash: 05E0E671B101389AC700F7D5E945ADD7774AB18319FD0412BE101B5085DBF85608CA6D

Uniqueness

Uniqueness Score: -1.00%

Function 00424722 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00424727

Strings

`'@, xrefs: 00424755
invalid string position, xrefs: 0042472F

Memory Dump Source

Source File: 00000000.00000002.2498990034.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2498952853.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000434000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2498990034.0000000000465000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2499179400.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_22w5dN070c.jbxd

Similarity

API ID: H_prolog
String ID: `'@$invalid string position
API String ID: 3519838083-1715864398
Opcode ID: d0512d036a608dbee667a4baaab92861378b65ee20b35f47ce27b3888569bcbe
Instruction ID: 2489418ca38d434b9c0987c82ab7b493393a2ac2d3075844811189824a6a3f17
Opcode Fuzzy Hash: d0512d036a608dbee667a4baaab92861378b65ee20b35f47ce27b3888569bcbe
Instruction Fuzzy Hash: E6E086B2B101389BC700F7D1E905BDDB7746B08309FC0006BE141B1085DBF85608CB9D

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 22w5dN070c.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

System Summary

Data Obfuscation

Malware Analysis System Evasion

Anti Debugging

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Possible Origin

Network Behavior

Statistics

CPU Usage

Memory Usage

System Behavior

Analysis Process: 22w5dN070c.exePID: 5112, Parent PID: 2592

General

Chronological Activities

Disassembly

Analysis Process: 22w5dN070c.exePID: 5112, Parent PID: 2592COMMON

Non-executed Functions

Function 00408BC0 Relevance: 300.7, APIs: 1, Strings: 170, Instructions: 1478COMMON

Function 00409119 Relevance: 187.4, Strings: 149, Instructions: 1189COMMON

Function 0040EDE0 Relevance: 187.0, Strings: 149, Instructions: 703COMMON

Function 004091A7 Relevance: 184.9, Strings: 147, Instructions: 1169COMMON

Function 00409436 Relevance: 171.1, Strings: 136, Instructions: 1070COMMON

Function 0040EF78 Relevance: 168.1, Strings: 134, Instructions: 635COMMON

Function 0040F0E9 Relevance: 165.6, Strings: 132, Instructions: 572COMMON

Function 0040F1C7 Relevance: 164.3, Strings: 131, Instructions: 534COMMON

Function 0040C8E0 Relevance: 157.2, Strings: 125, Instructions: 925COMMON

Windows Analysis Report
22w5dN070c.exe