Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Start.exe

Overview

General Information

Sample name:Start.exe
Analysis ID:1417120
MD5:27b6dfb711cd360ef2d2ddd84b2cc311
SHA1:5f496753903465593309b16ee48366824aaad255
SHA256:5e1d9d83870ff1c80a059f9feadf01426f4ad4d500c7f850f2d98ddc093ec32d
Infos:

Detection

Score:19
Range:0 - 100
Whitelisted:false
Confidence:40%

Signatures

Contains functionality to register a low level keyboard hook
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to retrieve information about pressed keystrokes
Detected potential crypto function
Found potential string decryption / allocating functions
Potential key logger detected (key state polling based)
Program does not show much activity (idle)
Sample file is different than original file name gathered from version info
Tries to load missing DLLs
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Analysis Advice

Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior
Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--")
Sample has functionality to log and monitor keystrokes, analyze it with the 'Simulates keyboard and window changes' cookbook

Process Tree

  • System is w10x64
  • Start.exe (PID: 3036 cmdline: "C:\Users\user\Desktop\Start.exe" MD5: 27B6DFB711CD360EF2D2DDD84B2CC311)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: Start.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: Start.exeStatic PE information: certificate valid
Source: Start.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: Z:\Development\Applications\FluxPlayer\build_win\Themes\FluxPlayer\FPStart\Release\Start.pdb source: Start.exe
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_00B09050 GetLongPathNameW,GetLongPathNameW,FindFirstFileW,FindClose,0_2_00B09050
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_00B0E410 FindFirstFileW,0_2_00B0E410
Source: Start.exeString found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
Source: Start.exeString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: Start.exeString found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
Source: Start.exeString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: Start.exeString found in binary or memory: http://jimmac.musichall.cz
Source: Start.exeString found in binary or memory: http://ocsp.sectigo.com0
Source: Start.exeString found in binary or memory: http://www.gimp.orgg
Source: Start.exeString found in binary or memory: https://sectigo.com/CPS0
Source: Start.exeString found in binary or memory: https://sectigo.com/CPS0D

Key, Mouse, Clipboard, Microphone and Screen Capturing

barindex
Contains functionality to register a low level keyboard hook
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_009DA120 SetWindowsHookExW 00000002,Function_00039F30,00000000,000000000_2_009DA120
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_009D9410 GetKeyState,GetSystemMetrics,GetAsyncKeyState,0_2_009D9410
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_009D4120 GetKeyState,GetKeyState,GetKeyState,GetMessageTime,0_2_009D4120
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_009D4A60 GetWindowLongW,GetWindowLongW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,SendMessageW,GetWindowLongW,SendMessageW,GetWindowLongW,GetWindowLongW,SendMessageW,SendMessageW,GetFocus,GetWindowLongW,GetWindowLongW,IsWindowEnabled,IsWindowVisible,IsWindowEnabled,IsWindowVisible,GetWindowLongW,GetParent,IsDialogMessageW,0_2_009D4A60
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_009CCB20 GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetCursorPos,GetMessagePos,0_2_009CCB20
Source: C:\Users\user\Desktop\Start.exeCode function: 0_3_011A65410_3_011A6541
Source: C:\Users\user\Desktop\Start.exeCode function: 0_3_011A65410_3_011A6541
Source: C:\Users\user\Desktop\Start.exeCode function: 0_3_011A65410_3_011A6541
Source: C:\Users\user\Desktop\Start.exeCode function: 0_3_0119C8600_3_0119C860
Source: C:\Users\user\Desktop\Start.exeCode function: 0_3_011A65410_3_011A6541
Source: C:\Users\user\Desktop\Start.exeCode function: 0_3_011A65410_3_011A6541
Source: C:\Users\user\Desktop\Start.exeCode function: 0_3_011A65410_3_011A6541
Source: C:\Users\user\Desktop\Start.exeCode function: 0_3_011A65410_3_011A6541
Source: C:\Users\user\Desktop\Start.exeCode function: 0_3_011A65410_3_011A6541
Source: C:\Users\user\Desktop\Start.exeCode function: 0_3_011A65410_3_011A6541
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_00B322500_2_00B32250
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_00BCF01A0_2_00BCF01A
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_00B090500_2_00B09050
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_00B6A1800_2_00B6A180
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_00B102E00_2_00B102E0
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_009B82E00_2_009B82E0
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_00A1B2100_2_00A1B210
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_00B393F00_2_00B393F0
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_00B253400_2_00B25340
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_009F83600_2_009F8360
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_00B0C4800_2_00B0C480
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_00A154700_2_00A15470
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_009E35900_2_009E3590
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_009D15C00_2_009D15C0
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_00A045400_2_00A04540
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_00A0F6A00_2_00A0F6A0
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_00B386F00_2_00B386F0
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_009BE6100_2_009BE610
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_00A016000_2_00A01600
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_00A0C8B00_2_00A0C8B0
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_009EC8E00_2_009EC8E0
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_009CE8000_2_009CE800
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_009FC8000_2_009FC800
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_00A059A00_2_00A059A0
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_00BA4AB10_2_00BA4AB1
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_00B0EA900_2_00B0EA90
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_00A96AF00_2_00A96AF0
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_00B23A600_2_00B23A60
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_009D7C000_2_009D7C00
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_00A87C400_2_00A87C40
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_00BACDC60_2_00BACDC6
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_009F6D400_2_009F6D40
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_00BCEEF60_2_00BCEEF6
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_00BAEE000_2_00BAEE00
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_00A75E600_2_00A75E60
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_00A02F100_2_00A02F10
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_009F4F400_2_009F4F40
Source: C:\Users\user\Desktop\Start.exeCode function: String function: 009B3450 appears 617 times
Source: C:\Users\user\Desktop\Start.exeCode function: String function: 009AFB30 appears 57 times
Source: C:\Users\user\Desktop\Start.exeCode function: String function: 009ACE30 appears 110 times
Source: C:\Users\user\Desktop\Start.exeCode function: String function: 00BA28F0 appears 37 times
Source: C:\Users\user\Desktop\Start.exeCode function: String function: 00AF0760 appears 33 times
Source: C:\Users\user\Desktop\Start.exeCode function: String function: 00AEEB90 appears 351 times
Source: C:\Users\user\Desktop\Start.exeCode function: String function: 009AE210 appears 119 times
Source: C:\Users\user\Desktop\Start.exeCode function: String function: 009DF8D0 appears 160 times
Source: C:\Users\user\Desktop\Start.exeCode function: String function: 00AEEA00 appears 412 times
Source: Start.exe, 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameFluxPlayer.exe6 vs Start.exe
Source: Start.exeBinary or memory string: OriginalFilenameFluxPlayer.exe6 vs Start.exe
Source: C:\Users\user\Desktop\Start.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\Start.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\Desktop\Start.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\Start.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\Desktop\Start.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\Start.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\Start.exeSection loaded: duser.dllJump to behavior
Source: C:\Users\user\Desktop\Start.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Users\user\Desktop\Start.exeSection loaded: atlthunk.dllJump to behavior
Source: C:\Users\user\Desktop\Start.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\Start.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\Start.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\Start.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\Start.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\Start.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Start.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Start.exeSection loaded: wintypes.dllJump to behavior
Source: Start.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engineClassification label: clean19.spyw.winEXE@1/0@0/0
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_00B09DB0 CoCreateInstance,MultiByteToWideChar,OleUninitialize,0_2_00B09DB0
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_00B2C250 FindResourceW,LoadResource,GetCurrentThreadId,GetCurrentThreadId,GetLastError,LockResource,GetLastError,SizeofResource,0_2_00B2C250
Source: C:\Users\user\Desktop\Start.exeMutant created: \Sessions\1\BaseNamedObjects\Start-user
Source: Start.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\Start.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: Start.exeString found in binary or memory: alnumalphaasciiblankcntrldigitgraphlowerprintpunctupperxdigitNULSOHSTXETXEOTENQACKBELalertBSbackspaceHTtabLFnewlineVTvertical-tabFFform-feedCRcarriage-returnSOSIDLEDC1DC2DC3DC4NAKSYNETBCANEMSUBESCIS4FSIS3GSIS2RSIS1USspaceexclamation-markquotation-marknumber-signdollar-signpercent-signampersandapostropheleft-parenthesisright-parenthesisasteriskplus-signcommahyphenhyphen-minusperiodfull-stopslashsoliduszeroonetwothreefourfivesixseveneightninecolonsemicolonless-than-signequals-signgreater-than-signquestion-markcommercial-atleft-square-bracketbackslashreverse-solidusright-square-bracketcircumflexcircumflex-accentunderscorelow-linegrave-accentleft-braceleft-curly-bracketvertical-lineright-braceright-curly-brackettildeDEL
Source: Start.exeStatic PE information: certificate valid
Source: Start.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
Source: Start.exeStatic file information: File size 4012936 > 1048576
Source: Start.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x263200
Source: Start.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: Start.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: Start.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: Start.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Start.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: Start.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: Start.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Start.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: Z:\Development\Applications\FluxPlayer\build_win\Themes\FluxPlayer\FPStart\Release\Start.pdb source: Start.exe
Source: Start.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: Start.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: Start.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: Start.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: Start.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\Start.exeCode function: 0_3_0119CA58 pushad ; iretd 0_3_0119CAAD
Source: C:\Users\user\Desktop\Start.exeCode function: 0_3_0119C860 pushad ; iretd 0_3_0119CAAD
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_009B3050 push ecx; mov dword ptr [esp], ecx0_2_009B3171
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_00A11580 push ecx; mov dword ptr [esp], ecx0_2_00A11581
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_00A29690 push ecx; mov dword ptr [esp], ecx0_2_00A29691
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_00A60690 push ecx; mov dword ptr [esp], ecx0_2_00A60691
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_00BA27F5 push ecx; ret 0_2_00BA2808
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_00B498C0 push ecx; mov dword ptr [esp], ecx0_2_00B498C1
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_00BA2936 push ecx; ret 0_2_00BA2949
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_00B49900 push ecx; mov dword ptr [esp], ecx0_2_00B49901
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_00B48BB0 push ecx; mov dword ptr [esp], ecx0_2_00B48BB1
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_00A0DB30 push ecx; mov dword ptr [esp], ecx0_2_00A0DB31
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_00A17DE0 push ecx; mov dword ptr [esp], ecx0_2_00A17DE1
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_00A10D40 push ecx; mov dword ptr [esp], ecx0_2_00A10D41
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_009E7910 IsIconic,0_2_009E7910
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_009E9D60 IsIconic,IsZoomed,IsIconic,BringWindowToTop,ShowWindow,0_2_009E9D60
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_009E9D60 IsIconic,IsZoomed,IsIconic,BringWindowToTop,ShowWindow,0_2_009E9D60
Source: C:\Users\user\Desktop\Start.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_00B09050 GetLongPathNameW,GetLongPathNameW,FindFirstFileW,FindClose,0_2_00B09050
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_00B0E410 FindFirstFileW,0_2_00B0E410
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_00BA7043 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00BA7043
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_00BA91C3 mov eax, dword ptr fs:[00000030h]0_2_00BA91C3
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_00BC5CB8 mov eax, dword ptr fs:[00000030h]0_2_00BC5CB8
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_00BA7043 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00BA7043
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_00BA2137 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00BA2137
Source: C:\Users\user\Desktop\Start.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_00B061D0
Source: C:\Users\user\Desktop\Start.exeCode function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,0_2_00BCB627
Source: C:\Users\user\Desktop\Start.exeCode function: EnumSystemLocalesW,0_2_00BCB8CD
Source: C:\Users\user\Desktop\Start.exeCode function: EnumSystemLocalesW,0_2_00BCB9B3
Source: C:\Users\user\Desktop\Start.exeCode function: EnumSystemLocalesW,0_2_00BCB918
Source: C:\Users\user\Desktop\Start.exeCode function: EnumSystemLocalesW,0_2_00BC4956
Source: C:\Users\user\Desktop\Start.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_00BCBDBB
Source: C:\Users\user\Desktop\Start.exeCode function: GetLocaleInfoW,0_2_00BC4EC9
Source: C:\Users\user\Desktop\Start.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_00BCBF96
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_00BA2B8F GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00BA2B8F
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_00B2BDC0 GetUserNameW,GetEnvironmentVariableW,0_2_00B2BDC0
Source: C:\Users\user\Desktop\Start.exeCode function: 0_2_00BBF0CB _free,GetTimeZoneInformation,_free,0_2_00BBF0CB

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter		1
DLL Side-Loading		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		121
Input Capture		2
System Time Discovery		Remote Services121
Input Capture		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts2
Obfuscated Files or Information		LSASS Memory1
Security Software Discovery		Remote Desktop Protocol1
Archive Collected Data		Junk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
DLL Side-Loading		Security Account Manager1
Application Window Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDS1
Account Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets1
System Owner/User Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials1
File and Directory Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync12
System Information Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Start.exe4%ReversingLabs
Start.exe1%VirustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t0%URL Reputationsafe
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t0%URL Reputationsafe
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s0%URL Reputationsafe
https://sectigo.com/CPS00%URL Reputationsafe
http://ocsp.sectigo.com00%URL Reputationsafe
http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#0%URL Reputationsafe
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#0%URL Reputationsafe
https://sectigo.com/CPS0D0%URL Reputationsafe
https://sectigo.com/CPS0D0%URL Reputationsafe
http://jimmac.musichall.cz0%Avira URL Cloudsafe
http://www.gimp.orgg0%Avira URL Cloudsafe
http://jimmac.musichall.cz0%VirustotalBrowse

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0tStart.exefalse
  • URL Reputation: safe
  • URL Reputation: safe
unknown
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0sStart.exefalse
  • URL Reputation: safe
unknown
https://sectigo.com/CPS0Start.exefalse
  • URL Reputation: safe
unknown
http://ocsp.sectigo.com0Start.exefalse
  • URL Reputation: safe
unknown
http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#Start.exefalse
  • URL Reputation: safe
unknown
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#Start.exefalse
  • URL Reputation: safe
unknown
http://www.gimp.orggStart.exefalse
  • Avira URL Cloud: safe
unknown
http://jimmac.musichall.czStart.exefalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://sectigo.com/CPS0DStart.exefalse
  • URL Reputation: safe
  • URL Reputation: safe
unknown

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1417120
Start date and time:2024-03-28 16:17:54 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 5m 59s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:17
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:Start.exe
Detection:CLEAN
Classification:clean19.spyw.winEXE@1/0@0/0
EGA Information:Failed
HCA Information:
  • Successful, ratio: 69%
  • Number of executed functions: 16
  • Number of non-executed functions: 170
Cookbook Comments:
  • Found application associated with file extension: .exe

Warnings

  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
  • Not all processes where analyzed, report is missing behavior information
  • Report size exceeded maximum capacity and may have missing disassembly code.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General

File type:PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):6.503601701101905
TrID:
  • Win32 Executable (generic) a (10002005/4) 98.81%
  • Windows ActiveX control (116523/4) 1.15%
  • Generic Win/DOS Executable (2004/3) 0.02%
  • DOS Executable Generic (2002/1) 0.02%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:Start.exe
File size:4'012'936 bytes
MD5:27b6dfb711cd360ef2d2ddd84b2cc311
SHA1:5f496753903465593309b16ee48366824aaad255
SHA256:5e1d9d83870ff1c80a059f9feadf01426f4ad4d500c7f850f2d98ddc093ec32d
SHA512:f6aa5abc168a8373d168936403e1c7edde9bf6d15890e4d63dd7eec4eda538092a4b19faef3b529c2655d26c26a83202cedf3ab11a4ef57beec63bb5c195b6c1
SSDEEP:49152:XlNP9rXCb+JkgOT4taw121scghQh4LVJN7FvuvFguucW5S43S42IExjLmz9T8xlP:VDkgk4tHzLXLINmzSus
TLSH:30067C217691853AE56152F144A8A7AB482DBEA81FB094C7C1DC3FED54316D32A33F3B
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........'...I...I...I...J...I...L.=.I...J...I...L...I...M...I...M...I...H...I...H...I.u.M...I.u.L...I.u.....I.......I.u.K...I.Rich..I

File Icon

Icon Hash:871351cccc791b96

Static PE Info

General

Entrypoint:0x601a8f
Entrypoint Section:.text
Digitally signed:true
Imagebase:0x400000
Subsystem:windows gui
Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:0x5FF6EC7E [Thu Jan 7 11:11:58 2021 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:6
OS Version Minor:0
File Version Major:6
File Version Minor:0
Subsystem Version Major:6
Subsystem Version Minor:0
Import Hash:aea52b20f0aa42e61df69b41053ac737

Authenticode Signature

Signature Valid:true
Signature Issuer:CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB
Signature Validation Error:The operation completed successfully
Error Number:0
Not Before, Not After
  • 16/12/2020 01:00:00 17/12/2023 00:59:59
Subject Chain
  • CN=ACE GmbH, O=ACE GmbH, STREET="Heinrich-Hertz-Str., 2", L=Dortmund, PostalCode=44227, C=DE
Version:3
Thumbprint MD5:1C07B155FF94D136273770BF4C507D1E
Thumbprint SHA-1:3F716B8E9BFF35DB063ACDAC2AA6561F0FEC70DB
Thumbprint SHA-256:122306479019C19B168FDAF48E5CA2E99A38A650A8D83406AA7C16DFA2E99413
Serial:00CA5C643F3AB93F1806A38C88B4D6BBC6

Entrypoint Preview

Instruction
call 00007F6A90901D3Dh
jmp 00007F6A90900A6Fh
call 00007F6A90900C17h
push 00000000h
call 00007F6A909007D0h
pop ecx
test al, al
je 00007F6A90900C00h
push 00601BAFh
call 00007F6A9090097Ah
pop ecx
xor eax, eax
ret
push 00000007h
call 00007F6A90901ADDh
int3
push ebp
mov ebp, esp
push FFFFFFFFh
push 00633910h
mov eax, dword ptr fs:[00000000h]
push eax
push ebx
push esi
push edi
mov eax, dword ptr [00735220h]
xor eax, ebp
push eax
lea eax, dword ptr [ebp-0Ch]
mov dword ptr fs:[00000000h], eax
push 00000FA0h
push 00769E8Ch
call dword ptr [0066528Ch]
push 006E22F8h
call dword ptr [00665228h]
mov esi, eax
test esi, esi
jne 00007F6A90900C07h
push 0067648Ch
call dword ptr [00665228h]
mov esi, eax
test esi, esi
je 00007F6A90900C82h
push 006E015Ch
push esi
call dword ptr [0066522Ch]
push 006E01ACh
push esi
mov ebx, eax
call dword ptr [0066522Ch]
push 006E0190h
push esi
mov edi, eax
call dword ptr [0066522Ch]
mov esi, eax
test ebx, ebx
je 00007F6A90900C2Ah
test edi, edi
je 00007F6A90900C26h
test esi, esi
je 00007F6A90900C22h
and dword ptr [00769EA8h], 00000000h

Data Directories

NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IMPORT0x32aebc0x12c.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE0x36b0000x5d638.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
IMAGE_DIRECTORY_ENTRY_SECURITY0x3d1a000x2188.reloc
IMAGE_DIRECTORY_ENTRY_BASERELOC0x3c90000x37d9c.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG0x2ed5300x54.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x2ed6280x18.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x2ed5880x40.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x2650000x804.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

Sections

NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
.text0x10000x2631da0x2632003235b258f95e0f9739950fac2969c4f7unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata0x2650000xc8afe0xc8c00150a1f0960bf7b4af7a6ad875f155696False0.3680570419520548data5.539326684939212IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data0x32e0000x3c9980x1020077fa26dde22dbf498dd7eeb8b31544c6False0.2519985465116279data5.464402407631IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc0x36b0000x5d6380x5d8000353241fb2d1dceeaf22f5d3989a4052False0.29081195688502676data4.968985207815535IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc0x3c90000x37d9c0x37e00e73e7f2eab817b968bd408a9c32419efFalse0.44863761884787473data6.594117831515835IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

NameRVASizeTypeLanguageCountryZLIB Complexity
RT_CURSOR0x3c38380x134dataEnglishUnited States0.37337662337662336
RT_CURSOR0x3c39880x134AmigaOS bitmap font "(", fc_YSize 4294959423, 3840 elements, 2nd "\340\237\362\017\360\307\306\037\360`\014\037\370\0300?\374\007\300\177\376", 3rdEnglishUnited States0.6558441558441559
RT_CURSOR0x3c3ad80x134Targa image data 64 x 65536 x 1 +32 "\001"EnglishUnited States0.36038961038961037
RT_CURSOR0x3c3c280x134Targa image data - RLE 64 x 65536 x 1 +32 "\001"EnglishUnited States0.5194805194805194
RT_CURSOR0x3c3d780x134dataEnglishUnited States0.4090909090909091
RT_CURSOR0x3c3ec80x134Targa image data - RLE 64 x 65536 x 1 +32 "\001"EnglishUnited States0.2662337662337662
RT_CURSOR0x3c40180x134dataEnglishUnited States0.36688311688311687
RT_CURSOR0x3c41680x134Targa image data - RGB - RLE 64 x 65536 x 1 +32 "\001"EnglishUnited States0.37337662337662336
RT_CURSOR0x3c42b80x134dataEnglishUnited States0.12012987012987013
RT_CURSOR0x3c44080x134Targa image data 64 x 65536 x 1 +32 "\001"EnglishUnited States0.1590909090909091
RT_BITMAP0x3c7f500xc0Device independent bitmap graphic, 12 x 11 x 4, image size 88, resolution 11811 x 11811 px/m, 16 important colorsEnglishUnited States0.734375
RT_BITMAP0x3c80100x6cDevice independent bitmap graphic, 4 x 1 x 4, image size 4EnglishUnited States0.5092592592592593
RT_ICON0x36bfb00xe769PNG image data, 256 x 256, 16-bit/color RGBA, non-interlacedEnglishUnited States0.9979237352509241
RT_ICON0x37a7200x25228Device independent bitmap graphic, 192 x 384 x 32, image size 147456, resolution 15118 x 15118 px/mEnglishUnited States0.09332430442328933
RT_ICON0x39f9480x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 15118 x 15118 px/mEnglishUnited States0.1399651011475216
RT_ICON0x3b01700x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 36864, resolution 15118 x 15118 px/mEnglishUnited States0.1913495900777801
RT_ICON0x3b96180x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 15118 x 15118 px/mEnglishUnited States0.29097779877184693
RT_ICON0x3bd8400x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 15118 x 15118 px/mEnglishUnited States0.38516597510373446
RT_ICON0x3bfde80x1a68Device independent bitmap graphic, 40 x 80 x 32, image size 6400, resolution 15118 x 15118 px/mEnglishUnited States0.454585798816568
RT_ICON0x3c18500x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 15118 x 15118 px/mEnglishUnited States0.5590994371482176
RT_ICON0x3c28f80x988Device independent bitmap graphic, 24 x 48 x 32, image size 2304, resolution 15118 x 15118 px/mEnglishUnited States0.6950819672131148
RT_ICON0x3c32800x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 15118 x 15118 px/mEnglishUnited States0.8537234042553191
RT_ICON0x3c45580x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishUnited States0.16666666666666666
RT_ICON0x3c48400x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishUnited States0.375
RT_ICON0x3c49900x568Device independent bitmap graphic, 16 x 32 x 8, image size 320EnglishUnited States0.4356936416184971
RT_ICON0x3c4ef80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishUnited States0.34459459459459457
RT_ICON0x3c50480x568Device independent bitmap graphic, 16 x 32 x 8, image size 320EnglishUnited States0.45447976878612717
RT_ICON0x3c55b00x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishUnited States0.3885135135135135
RT_ICON0x3c57000x568Device independent bitmap graphic, 16 x 32 x 8, image size 320EnglishUnited States0.4638728323699422
RT_ICON0x3c5c680x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishUnited States0.38513513513513514
RT_ICON0x3c5db80x568Device independent bitmap graphic, 16 x 32 x 8, image size 320EnglishUnited States0.4653179190751445
RT_ICON0x3c63200x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishUnited States0.38513513513513514
RT_ICON0x3c64700x568Device independent bitmap graphic, 16 x 32 x 8, image size 320EnglishUnited States0.4833815028901734
RT_ICON0x3c69d80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishUnited States0.46283783783783783
RT_ICON0x3c6b280x568Device independent bitmap graphic, 16 x 32 x 8, image size 320EnglishUnited States0.4949421965317919
RT_ICON0x3c70900x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishUnited States0.47297297297297297
RT_ICON0x3c71e00x568Device independent bitmap graphic, 16 x 32 x 8, image size 320EnglishUnited States0.4472543352601156
RT_ICON0x3c77480x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishUnited States0.42567567567567566
RT_ICON0x3c78980x568Device independent bitmap graphic, 16 x 32 x 8, image size 320EnglishUnited States0.4523121387283237
RT_ICON0x3c7e000x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishUnited States0.42567567567567566
RT_MENU0x3c37800xb4dataEnglishUnited States0.7111111111111111
RT_GROUP_CURSOR0x3c43f00x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
RT_GROUP_CURSOR0x3c3ac00x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
RT_GROUP_CURSOR0x3c45400x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
RT_GROUP_CURSOR0x3c39700x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
RT_GROUP_CURSOR0x3c3d600x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
RT_GROUP_CURSOR0x3c40000x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
RT_GROUP_CURSOR0x3c3c100x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
RT_GROUP_CURSOR0x3c41500x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
RT_GROUP_CURSOR0x3c42a00x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
RT_GROUP_CURSOR0x3c3eb00x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
RT_GROUP_ICON0x3c36e80x92dataEnglishUnited States0.7054794520547946
RT_GROUP_ICON0x3c49680x22dataEnglishUnited States1.0588235294117647
RT_GROUP_ICON0x3c71b80x22dataEnglishUnited States1.1176470588235294
RT_GROUP_ICON0x3c50200x22dataEnglishUnited States1.1176470588235294
RT_GROUP_ICON0x3c64480x22dataEnglishUnited States1.1176470588235294
RT_GROUP_ICON0x3c6b000x22dataEnglishUnited States1.1176470588235294
RT_GROUP_ICON0x3c5d900x22dataEnglishUnited States1.1176470588235294
RT_GROUP_ICON0x3c78700x22dataEnglishUnited States1.1176470588235294
RT_GROUP_ICON0x3c56d80x22dataEnglishUnited States1.1176470588235294
RT_GROUP_ICON0x3c7f280x22dataEnglishUnited States1.1176470588235294
RT_VERSION0x3c80800x2e8dataEnglishUnited States0.46236559139784944
RT_MANIFEST0x3c83680x2d0XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5027777777777778

Imports

DLLImport
COMCTL32.dllImageList_GetIconSize, ImageList_Replace, ImageList_Draw, ImageList_SetBkColor, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create, ImageList_GetImageInfo
OLEACC.dllLresultFromObject
UxTheme.dllOpenThemeData, CloseThemeData, DrawThemeBackground, GetThemeBackgroundContentRect, IsThemeBackgroundPartiallyTransparent, GetThemeColor, DrawThemeParentBackground, IsThemeActive, IsAppThemed, GetThemeMargins, GetThemeFont, GetThemeBackgroundExtent, SetWindowTheme, GetCurrentThemeName, GetThemePartSize, GetThemeInt, GetThemeSysColor, GetThemeSysFont, IsThemePartDefined
RPCRT4.dllUuidToStringW, RpcStringFreeW
SHLWAPI.dllSHAutoComplete
KERNEL32.dllIsValidCodePage, GetCPInfo, SetCurrentDirectoryW, GetFileType, CopyFileW, GetModuleHandleW, GetProcAddress, FindResourceW, ExpandEnvironmentStringsW, GetSystemTimeAsFileTime, QueryPerformanceCounter, QueryPerformanceFrequency, GetDriveTypeW, GetLogicalDriveStringsW, GetCurrentThread, RaiseException, IsBadReadPtr, IsBadStringPtrA, RtlUnwind, InitializeSListHead, GetStartupInfoW, IsProcessorFeaturePresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, WaitForSingleObjectEx, ResetEvent, GetStringTypeW, LCMapStringW, CompareStringW, SwitchToThread, InitializeCriticalSectionAndSpinCount, DecodePointer, EncodePointer, SizeofResource, LockResource, LoadResource, GetModuleFileNameW, GetVersionExW, TerminateProcess, GetCurrentProcessId, IsDebuggerPresent, GetEnvironmentVariableW, CreateProcessW, CreateThread, GetExitCodeProcess, WaitForMultipleObjects, CreateEventW, SetEvent, PeekNamedPipe, SetNamedPipeHandleState, CreatePipe, SetHandleInformation, WriteFile, ReadFile, FindNextFileW, GetTempPathW, GetTempFileNameW, GetLongPathNameW, GetFileAttributesW, FindFirstFileW, FindClose, CreateFileW, GetUserDefaultLCID, IsValidLocale, GetLocaleInfoW, GetACP, FormatMessageW, TlsFree, TlsSetValue, TlsGetValue, TlsAlloc, ResumeThread, GetCurrentProcess, Sleep, CreateMutexW, WaitForSingleObject, CloseHandle, WideCharToMultiByte, MultiByteToWideChar, SetErrorMode, GlobalFree, GlobalSize, GetProcessHeap, HeapSize, LoadLibraryW, FreeLibrary, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, GlobalLock, GlobalUnlock, GlobalAlloc, ReadConsoleOutputCharacterA, SetConsoleCursorPosition, GetConsoleScreenBufferInfo, FillConsoleOutputCharacterW, WriteConsoleW, WriteConsoleA, AttachConsole, FreeConsole, GetStdHandle, LocalFree, GetCommandLineW, GetCurrentThreadId, ExitProcess, SetLastError, GetLastError, MulDiv, LoadLibraryExW, GetModuleHandleExW, GetCommandLineA, SetStdHandle, GetFullPathNameW, MoveFileExW, DeleteFileW, FlushFileBuffers, GetConsoleMode, ReadConsoleW, GetConsoleCP, SetFilePointerEx, GetTimeZoneInformation, HeapFree, HeapReAlloc, GetDateFormatW, GetTimeFormatW, EnumSystemLocalesW, HeapAlloc, GetOEMCP, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableW, SetEndOfFile, GetCurrentDirectoryW, GetFileSizeEx, FindFirstFileExW, OutputDebugStringW
USER32.dllMsgWaitForMultipleObjects, SetTimer, KillTimer, DdeInitializeW, DdeUninitialize, DdeConnect, DdeDisconnect, DdePostAdvise, DdeNameService, DdeClientTransaction, DdeCreateDataHandle, DdeGetData, DdeFreeDataHandle, DdeGetLastError, DdeCreateStringHandleW, DdeQueryStringW, DdeFreeStringHandle, keybd_event, IsMenu, GetComboBoxInfo, OffsetRect, CopyRect, DrawStateW, GetDesktopWindow, UnionRect, EndPaint, BeginPaint, GetWindowDC, ValidateRect, PostThreadMessageW, GetMessageW, SetMenuItemInfoW, InsertMenuItemW, SetMenuInfo, RemoveMenu, ModifyMenuW, AppendMenuW, InsertMenuW, GetSubMenu, DestroyMenu, CreatePopupMenu, CreateMenu, GetMenuState, IsRectEmpty, SetRectEmpty, DrawIconEx, TranslateAcceleratorW, DestroyAcceleratorTable, CreateAcceleratorTableW, FindWindowExW, GetClassNameW, SetRect, MessageBeep, GetWindowTextLengthW, GetWindowTextW, DestroyCursor, CreateIconIndirect, SetMenu, WaitForInputIdle, RegisterWindowMessageW, DrawFocusRect, DrawTextW, SetForegroundWindow, EnableMenuItem, GetSystemMenu, DrawMenuBar, GetDialogBaseUnits, CreateDialogIndirectParamW, IsZoomed, BringWindowToTop, IsIconic, FlashWindowEx, SetLayeredWindowAttributes, ChangeDisplaySettingsExW, SetWindowRgn, LoadCursorW, GetProcessDefaultLayout, MessageBoxW, UnregisterClassW, RegisterClassW, DestroyIcon, GetDlgItem, CreateDialogParamW, GetCaretBlinkTime, GetDoubleClickTime, SystemParametersInfoW, GetScrollInfo, SetScrollInfo, IsDialogMessageW, CallNextHookEx, UnhookWindowsHookEx, SetWindowsHookExW, GetWindow, SetParent, GetParent, SetWindowLongW, GetWindowLongW, PtInRect, InflateRect, FillRect, GetSysColor, ChildWindowFromPointEx, WindowFromPoint, MapWindowPoints, ScreenToClient, ClientToScreen, GetCursorPos, SetCursor, SetCursorPos, GetWindowRect, GetClientRect, SetWindowTextW, EnableScrollBar, ScrollWindow, RedrawWindow, InvalidateRect, GetUpdateRgn, UpdateWindow, GetMenuItemInfoW, TrackPopupMenu, GetMenuItemCount, GetSystemMetrics, IsWindowEnabled, IsClipboardFormatAvailable, wsprintfW, GetClipboardFormatNameW, RegisterClipboardFormatW, CheckMenuRadioItem, GetSysColorBrush, GetMenuItemID, CheckMenuItem, DrawFrameControl, DrawEdge, EnumDisplayMonitors, GetMonitorInfoW, MonitorFromWindow, MonitorFromPoint, PostMessageW, EnumDisplaySettingsW, ChildWindowFromPoint, LoadBitmapW, LoadIconW, LoadImageW, GetIconInfo, GetDC, ReleaseDC, TranslateMessage, DispatchMessageW, PeekMessageW, RegisterHotKey, EnableWindow, ReleaseCapture, SetCapture, GetCapture, MapVirtualKeyW, VkKeyScanW, GetAsyncKeyState, GetKeyState, GetFocus, GetActiveWindow, SetFocus, IsWindowVisible, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, SetWindowPos, MoveWindow, AnimateWindow, ShowWindow, DestroyWindow, IsWindow, CreateWindowExW, GetWindowPlacement, HideCaret, CallWindowProcW, PostQuitMessage, DefWindowProcW, SendMessageW, GetMessageTime, GetMessagePos, UnregisterHotKey, ValidateRgn
GDI32.dllCreateBitmapIndirect, CreateCompatibleBitmap, CreateCompatibleDC, DeleteDC, StretchBlt, SetStretchBltMode, CreatePalette, GetNearestPaletteIndex, GetPaletteEntries, CreateHatchBrush, CreatePatternBrush, CreateSolidBrush, CreatePen, ExtCreatePen, CreateDIBitmap, GetDIBits, CreateDIBSection, GetDIBColorTable, GetBkColor, LineTo, MoveToEx, ExtTextOutW, CombineRgn, EqualRgn, GetRgnBox, PtInRegion, RectInRegion, GetTextExtentPoint32W, Arc, Ellipse, ExtFloodFill, GetClipBox, GetGraphicsMode, GetObjectType, GetStockObject, GetViewportExtEx, GetWindowExtEx, MaskBlt, Pie, PolyPolygon, Rectangle, CreateBitmap, SelectClipRgn, ExtSelectClipRgn, SetGraphicsMode, SetMapMode, SetLayout, GetLayout, SetPixel, SetPolyFillMode, StretchDIBits, SetROP2, GetWorldTransform, SetWorldTransform, ModifyWorldTransform, Polygon, Polyline, PolyBezier, SetViewportExtEx, SetViewportOrgEx, SetWindowExtEx, SetWindowOrgEx, CreateRectRgnIndirect, GetCharABCWidthsW, GetTextExtentExPointW, CreateICW, CreateDCW, EnumFontFamiliesExW, CloseEnhMetaFile, CreateEnhMetaFileW, DeleteEnhMetaFile, GetEnhMetaFileW, GetEnhMetaFileHeader, PlayEnhMetaFile, GetSystemPaletteEntries, SetAbortProc, StartDocW, EndDoc, StartPage, EndPage, BitBlt, SetTextColor, SetBkMode, SetBkColor, OffsetRgn, GetRegionData, RoundRect, GdiFlush, SetBrushOrgEx, SelectPalette, RealizePalette, ExcludeClipRect, CreateRectRgn, GetTextMetricsW, SelectObject, GetOutlineTextMetricsW, GetDeviceCaps, CreateFontIndirectW, GetObjectW, ExtCreateRegion, GetPixel, DeleteObject
WINSPOOL.DRVDocumentPropertiesW, ClosePrinter, OpenPrinterW
SHELL32.dllSHGetFileInfoW, DragAcceptFiles, DragFinish, DragQueryPoint, DragQueryFileW, ExtractIconExW, ExtractIconW, SHGetFolderPathW, CommandLineToArgvW
ole32.dllOleInitialize, OleUninitialize, CoLockObjectExternal, RegisterDragDrop, RevokeDragDrop, CoTaskMemAlloc, CoTaskMemFree, ReleaseStgMedium, OleSetClipboard, OleGetClipboard, OleFlushClipboard, CoCreateInstance, OleIsCurrentClipboard
COMDLG32.dllGetOpenFileNameW, PageSetupDlgW, PrintDlgW, CommDlgExtendedError, ChooseFontW, GetSaveFileNameW
ADVAPI32.dllGetUserNameW, RegCloseKey, RegCreateKeyExW, RegDeleteKeyW, RegDeleteValueW, RegEnumKeyW, RegEnumValueW, RegOpenKeyExW, RegQueryValueExW, RegSetValueExW
MSIMG32.dllAlphaBlend, GradientFill

Possible Origin

Language of compilation systemCountry where language is spokenMap
EnglishUnited States

Network Behavior

No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

System Behavior

General

Target ID:0
Start time:16:18:46
Start date:28/03/2024
Path:C:\Users\user\Desktop\Start.exe
Wow64 process (32bit):true
Commandline:"C:\Users\user\Desktop\Start.exe"
Imagebase:0x9a0000
File size:4'012'936 bytes
MD5 hash:27B6DFB711CD360EF2D2DDD84B2CC311
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low
Has exited:true

Disassembly

Reset < >

    Executed Functions

    Function 00B32250 Relevance: 45.1, APIs: 8, Strings: 17, Instructions: 1347threadCOMMON
    Download Yara Rule
    APIs
    • GetCurrentThreadId.KERNEL32 ref: 00B322E1
    • GetCurrentThreadId.KERNEL32 ref: 00B325C3
    • GetCurrentThreadId.KERNEL32 ref: 00B32A78
    • GetCurrentThreadId.KERNEL32 ref: 00B32DF3
    • GetCurrentThreadId.KERNEL32 ref: 00B334A3
    • GetCurrentThreadId.KERNEL32 ref: 00B335AB
    • GetCurrentThreadId.KERNEL32 ref: 00B3337D
      • Part of subcall function 00BA7252: _free.LIBCMT ref: 00BA7265
    • GetCurrentThreadId.KERNEL32 ref: 00B32B0A
      • Part of subcall function 00AF1730: __Init_thread_footer.LIBCMT ref: 00AF1777
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentThread$Init_thread_footer_free
    • String ID: (argtype & (wxFormatStringSpecifier<T>::value)) == argtype$..\..\src\common\module.cpp$Circular dependency involving module "%s" detected.$Dependency "%s" of module "%s" doesn't exist.$Module "%s" initialization failed$Module "%s" initialized$Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/arrstr.h$Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/strvararg.h$Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/vector.h$format specifier doesn't match argument type$idx < m_size$module$nIndex < m_nCount$wxArgNormalizer<wchar_t const *>::wxArgNormalizer$wxArrayString: index out of bounds$wxArrayString::Item$wxVector<class wxClassInfo *>::at
    • API String ID: 804875219-2336475262
    • Opcode ID: a078949c3095dba99bff627fe5db811c3d8a381052bf065cbaf73d63a07a9241
    • Instruction ID: 996a05b8f0a409d4be6c3668b1ec28c4d0d72501c5eb3227aa706edca0e88cde
    • Opcode Fuzzy Hash: a078949c3095dba99bff627fe5db811c3d8a381052bf065cbaf73d63a07a9241
    • Instruction Fuzzy Hash: 65C2A2B1900288DFDF20DFA4CC457EE7BE0FF15304F2481A9E949AB292EB755A44CB91
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009DA120 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 235threadCOMMON
    Download Yara Rule
    APIs
    • GetCurrentThreadId.KERNEL32 ref: 009DA15E
    • SetWindowsHookExW.USER32(00000002,Function_00039F30,00000000,00000000), ref: 009DA16D
    • GetCurrentThreadId.KERNEL32 ref: 009DA1B4
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000000,00BD3371,000000FF), ref: 009DA28D
    • GetCurrentThreadId.KERNEL32 ref: 009DA2CB
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,00BD3371,000000FF), ref: 009DA2F8
    • UnhookWindowsHookEx.USER32(00010431), ref: 009DA40E
    Strings
    • ..\..\src\msw\window.cpp, xrefs: 009DA2AA, 009DA308
    • %s(%d): '%s' failed with error 0x%08lx (%s)., xrefs: 009DA265
    • SetWindowsHookEx(wxKeyboardHook), xrefs: 009DA2FE
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentThread$ErrorHookLastWindows$Unhook
    • String ID: %s(%d): '%s' failed with error 0x%08lx (%s).$..\..\src\msw\window.cpp$SetWindowsHookEx(wxKeyboardHook)
    • API String ID: 2067352100-2106985888
    • Opcode ID: b16df96d7c8ca57b03b5c05355d8ad8d9c2d19d88c7aa6e9c6df10f38deb7f82
    • Instruction ID: 63b420e12b6698e06bfb0f210eb462991592b1c461ed9a4eb85ca3e26b9752a1
    • Opcode Fuzzy Hash: b16df96d7c8ca57b03b5c05355d8ad8d9c2d19d88c7aa6e9c6df10f38deb7f82
    • Instruction Fuzzy Hash: E28104B1844348EFDF10EFA4CC457EEBBA4AF01314F148269F81967392E7799A54CB92
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00B2BDC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON
    Download Yara Rule
    APIs
    • GetUserNameW.ADVAPI32(4B020D8A,4B020D8A), ref: 00B2BDD2
    • GetEnvironmentVariableW.KERNEL32(username,?,4B020D8A), ref: 00B2BDE6
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: EnvironmentNameUserVariable
    • String ID: username
    • API String ID: 1647721819-4166911607
    • Opcode ID: d42202d2f31107fee1da15c9c1853c7d0344179ee8701f7c1b177eea14b2b44b
    • Instruction ID: 1bb8bce6e8949da495a0d50693a6d3a04e0d2dfe3ae1dbd28e22ab7ff07c54df
    • Opcode Fuzzy Hash: d42202d2f31107fee1da15c9c1853c7d0344179ee8701f7c1b177eea14b2b44b
    • Instruction Fuzzy Hash: 5CE08C31108222AFCA004F11B804BDF7BE8FF80768F058459F45882110D7309846DFA2
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00BA91C3 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • GetCurrentProcess.KERNEL32(?,?,00BA91C2,4B020D8A,00000401,?,4B020D8A,?,00BB2426), ref: 00BA91E5
    • TerminateProcess.KERNEL32(00000000,?,00BA91C2,4B020D8A,00000401,?,4B020D8A,?,00BB2426), ref: 00BA91EC
    • ExitProcess.KERNEL32 ref: 00BA91FE
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: Process$CurrentExitTerminate
    • String ID:
    • API String ID: 1703294689-0
    • Opcode ID: eb6d7bf26979df43ea178d1a716f434a9964e9d473ce63edd28561748a2d112b
    • Instruction ID: fc58d7860e08654c105f8bfa5cbe6cdfc9059df7f46ed8e4ada07334de414495
    • Opcode Fuzzy Hash: eb6d7bf26979df43ea178d1a716f434a9964e9d473ce63edd28561748a2d112b
    • Instruction Fuzzy Hash: BAE0B631005A49BFCF116F54DD4DF5E3BA9FB41781B024455F9059A131CB79ED82DE40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00B31DD0 Relevance: 21.3, APIs: 2, Strings: 10, Instructions: 321threadCOMMON
    Download Yara Rule
    APIs
    • GetCurrentThreadId.KERNEL32 ref: 00B31E4F
    • GetCurrentThreadId.KERNEL32 ref: 00B31FA0
    Strings
    • wxArgNormalizer<wchar_t const *>::wxArgNormalizer, xrefs: 00B31FFB
    • Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/strvararg.h, xrefs: 00B32005
    • wxModule::DoCleanUpModules, xrefs: 00B31F86, 00B321AF
    • not initialized module being cleaned up, xrefs: 00B321A5
    • format specifier doesn't match argument type, xrefs: 00B31FF1
    • Cleanup module %s, xrefs: 00B31F14
    • module, xrefs: 00B31F3B
    • module->m_state == State_Initialized, xrefs: 00B321AA
    • ..\..\src\common\module.cpp, xrefs: 00B31F7F, 00B321B9
    • (argtype & (wxFormatStringSpecifier<T>::value)) == argtype, xrefs: 00B31FF6
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentThread
    • String ID: (argtype & (wxFormatStringSpecifier<T>::value)) == argtype$..\..\src\common\module.cpp$Cleanup module %s$Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/strvararg.h$format specifier doesn't match argument type$module$module->m_state == State_Initialized$not initialized module being cleaned up$wxArgNormalizer<wchar_t const *>::wxArgNormalizer$wxModule::DoCleanUpModules
    • API String ID: 2882836952-3562938458
    • Opcode ID: 35f41c08f80713bc2fcbac3ec848e8144954979071408d3121aa0f8195abc372
    • Instruction ID: 2fdb921f1f10bd70fae5add43aa7c7b2e7f661f1fec01e747551e4883ac66717
    • Opcode Fuzzy Hash: 35f41c08f80713bc2fcbac3ec848e8144954979071408d3121aa0f8195abc372
    • Instruction Fuzzy Hash: 97C11371900248DBDF24DF68C945BAE7BF1FF44304F2481A8F919AB2D1EB35AA45CB91
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00B07A10 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 241threadsynchronizationCOMMON
    Download Yara Rule
    APIs
    • CreateMutexW.KERNELBASE(00000000,00000000,?,4B020D8A,?,?,00000000,?,?,00000000,00BD3371,000000FF), ref: 00B07A57
    • GetCurrentThreadId.KERNEL32 ref: 00B07A9D
    • GetLastError.KERNEL32(?,?,?,?,00000000,?,?,00000000,00BD3371,000000FF), ref: 00B07B76
    • GetCurrentThreadId.KERNEL32 ref: 00B07BB4
    • GetLastError.KERNEL32(?,?,?,?,?,?,00000000,?,?,00000000,00BD3371,000000FF), ref: 00B07BE1
    • GetLastError.KERNEL32(?,?,00000000,?,?,00000000,00BD3371,000000FF), ref: 00B07CEE
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: ErrorLast$CurrentThread$CreateMutex
    • String ID: %s(%d): '%s' failed with error 0x%08lx (%s).$..\..\src\msw\snglinst.cpp$CreateMutex
    • API String ID: 1918147691-526912097
    • Opcode ID: 27844f2e726c2b8626a2989a78862a8ae4cd0b99565b109013a3ba72319a47e8
    • Instruction ID: 9beb1842c31e024eb8626dd9ad9ddd466a23e045fefd029c2c964a9e2828f320
    • Opcode Fuzzy Hash: 27844f2e726c2b8626a2989a78862a8ae4cd0b99565b109013a3ba72319a47e8
    • Instruction Fuzzy Hash: 7991C2B1D48248DFDF20EF64C9457AEBBE0EF01354F1441A8F819672D2EB75AA04CBA1
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00A23630 Relevance: 16.0, APIs: 2, Strings: 7, Instructions: 225threadCOMMON
    Download Yara Rule
    APIs
    • GetCurrentThreadId.KERNEL32 ref: 00A2373D
    • GetCurrentThreadId.KERNEL32 ref: 00A2381E
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentThread
    • String ID: "taskDialogIndirect"$%s(%d): '%s' failed with error 0x%08lx (%s).$..\..\src\msw\msgdlg.cpp$TaskDialogIndirect$`$no task dialog?$wxMessageDialog::ShowModal
    • API String ID: 2882836952-2406892599
    • Opcode ID: f83bf0e2a777fca2776931240be5268cc5f7fb07d90b8e2ad4b58930c8f4c368
    • Instruction ID: ea66967f77659e1ad6bf556c5d2193da22c078122169b9b999f6a47ae62e6067
    • Opcode Fuzzy Hash: f83bf0e2a777fca2776931240be5268cc5f7fb07d90b8e2ad4b58930c8f4c368
    • Instruction Fuzzy Hash: 5E9193B1C052689ADF10EBA8DD55BEEB7B4AF12304F1441B9F40AA7282EB745F44CF91
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009E4240 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 412threadcomCOMMON
    Download Yara Rule
    APIs
    • OleInitialize.OLE32(00000000), ref: 009E427F
    • GetCurrentThreadId.KERNEL32 ref: 009E42CD
      • Part of subcall function 00BA7252: _free.LIBCMT ref: 00BA7265
    • GetCurrentThreadId.KERNEL32 ref: 009E456F
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentThread$Initialize_free
    • String ID: Cannot initialize OLE
    • API String ID: 238961113-461497301
    • Opcode ID: caba255b031297285815428d2e12ab6946c3370e0505ebfe1a53310b7d6731cb
    • Instruction ID: f8f9fd6890c32c17a6490a8f65185769d757d5bad06ad0201fb42408d39e2e4a
    • Opcode Fuzzy Hash: caba255b031297285815428d2e12ab6946c3370e0505ebfe1a53310b7d6731cb
    • Instruction Fuzzy Hash: FDF124B0900288DFDF21DF64CD457DE7BA5AF46304F148168F84DAB292EB359E44CB91
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00B36410 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 142COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00AFEFC0: GetCurrentThreadId.KERNEL32 ref: 00AFEFC9
    • GetModuleHandleW.KERNEL32(00000000,4B020D8A), ref: 00B3644C
      • Part of subcall function 00B35A80: GetCurrentThreadId.KERNEL32 ref: 00B35B02
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentThread$HandleModule
    • String ID: ..\..\src\common\init.cpp$m_ptr != 0$wxAppPtrBase::operator ->
    • API String ID: 487345390-3286623704
    • Opcode ID: bacb6859e5afb86e7a7a75557276b9d3aaa40da77221b3f57f9075fb9352028d
    • Instruction ID: c9f27f92bf0d05d5eb75a479b1e6ebc2b37e3363f81e51468bbc55cd7efc7aba
    • Opcode Fuzzy Hash: bacb6859e5afb86e7a7a75557276b9d3aaa40da77221b3f57f9075fb9352028d
    • Instruction Fuzzy Hash: 14411471A00714AFCB10DF68C855BAEBBE8FF54740F2181A9E94593392EB719904CBE1
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009DDC60 Relevance: 3.0, APIs: 2, Instructions: 15COMMON
    Download Yara Rule
    APIs
    • GetCommandLineW.KERNEL32(00CDE848), ref: 009DDC7A
    • CommandLineToArgvW.SHELL32(00000000), ref: 009DDC81
      • Part of subcall function 00B2CB10: __set_se_translator.LIBVCRUNTIME ref: 00B2CB48
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CommandLine$Argv__set_se_translator
    • String ID:
    • API String ID: 714143486-0
    • Opcode ID: 6c040cbf9c3e219360851b5457d02e9e002a1984567b1e25680086300fe1086e
    • Instruction ID: 2ee5f652ed7c45a079c253a5790ac7cf0e7f962ce1bcd400e088e5ccee6f7ccd
    • Opcode Fuzzy Hash: 6c040cbf9c3e219360851b5457d02e9e002a1984567b1e25680086300fe1086e
    • Instruction Fuzzy Hash: 79D09BB1D052405FEB007F64FD0FB2F3B95FA40705B48446DF50999261D6754514DF53
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00B0D4B0 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
    Download Yara Rule
    APIs
    • GetFileAttributesW.KERNELBASE(00000000,4B020D8A,4B020D8A,?,?,?,?,?,?,?,?,?,00000000,00BF6398,000000FF), ref: 00B0D581
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: AttributesFile
    • String ID:
    • API String ID: 3188754299-0
    • Opcode ID: d69292717583541bcb312ade5abaacdc6209dfd62f6c00b79a8023e75d33f344
    • Instruction ID: 9c565f9d697f36c133d7573a58cea3df46e59068db74956253310984b0e7f008
    • Opcode Fuzzy Hash: d69292717583541bcb312ade5abaacdc6209dfd62f6c00b79a8023e75d33f344
    • Instruction Fuzzy Hash: 0B314D75D002189ECB04DFA8E891BEDB7F4EF55314F544569E816672C1E735A904CB50
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00B2CB10 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
    Download Yara Rule
    APIs
    • __set_se_translator.LIBVCRUNTIME ref: 00B2CB48
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: __set_se_translator
    • String ID:
    • API String ID: 3419122812-0
    • Opcode ID: 3c5444f2b68dfee860c1fa4a339998df0a950debad3f8146fcbca01ddf3491f6
    • Instruction ID: a5421e295af5021076c9ae27053d62a44bd56f2ebca3501158b73ffa0171f7f0
    • Opcode Fuzzy Hash: 3c5444f2b68dfee860c1fa4a339998df0a950debad3f8146fcbca01ddf3491f6
    • Instruction Fuzzy Hash: FBF0C2B2904648BBCB11CF54ED42B8EBFB8FB45725F10826AF415A2690E33225148690
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00BC53B2 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • RtlAllocateHeap.NTDLL(00000000,?,00000004,?,00BC48F5,?,00000000,?,00BCDF30,?,00000004,00000000,?,?,?,00BC3497), ref: 00BC53E4
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: AllocateHeap
    • String ID:
    • API String ID: 1279760036-0
    • Opcode ID: 0f0aef91a74e62eb1bae2f0566b4e062c9253e1e3da9868825a33c719f2d2fe9
    • Instruction ID: 8cd21b968a8c717238c86ca60e8301b77afc17d54235bbfca11ab61d80602e51
    • Opcode Fuzzy Hash: 0f0aef91a74e62eb1bae2f0566b4e062c9253e1e3da9868825a33c719f2d2fe9
    • Instruction Fuzzy Hash: E1E0A031244AA197D63127699C04F5A36C8DB817E0B5202E8EC47E2090DBD4FC8189E9
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00BA1534 Relevance: 1.5, APIs: 1, Instructions: 32COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • __CxxThrowException@8.LIBVCRUNTIME ref: 00BA2995
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: Exception@8Throw
    • String ID:
    • API String ID: 2005118841-0
    • Opcode ID: 3f0cca890125824dfbc698900dd70d5894e26b03763fbc85ea40527c1f8844dc
    • Instruction ID: 4c159e5b471acbd36220eb7e6845a37db7c53f75bd68f402bda9c4feff60558e
    • Opcode Fuzzy Hash: 3f0cca890125824dfbc698900dd70d5894e26b03763fbc85ea40527c1f8844dc
    • Instruction Fuzzy Hash: 9AF0E53080830EA6CF00AB7CED56A5D73ED9F523A0F5085F5F815A50E0EB30DA51C991
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00BA7252 Relevance: 1.5, APIs: 1, Instructions: 12COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • _free.LIBCMT ref: 00BA7265
      • Part of subcall function 00BC48A6: RtlFreeHeap.NTDLL(00000000,00000000,?,00BCA4F5,?,00000000,?,?,?,00BCA79A,?,00000007,?,?,00BCADA1,?), ref: 00BC48BC
      • Part of subcall function 00BC48A6: GetLastError.KERNEL32(?,?,00BCA4F5,?,00000000,?,?,?,00BCA79A,?,00000007,?,?,00BCADA1,?,?), ref: 00BC48CE
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: ErrorFreeHeapLast_free
    • String ID:
    • API String ID: 1353095263-0
    • Opcode ID: df30b09e607a840fa8e0d41724fcc5277200d395a717e5762a1656de8f7d8a81
    • Instruction ID: bc459e7b0252c8c2e8d73b495de7bd8bb322b216dcb954e075bdaf2b35cba3b2
    • Opcode Fuzzy Hash: df30b09e607a840fa8e0d41724fcc5277200d395a717e5762a1656de8f7d8a81
    • Instruction Fuzzy Hash: 47C0123150420CBBCB10DA85E806E5ABBA8DB80320F200298F80817200DAB2AE109680
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00AED110 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
    Download Yara Rule
    APIs
    • SetErrorMode.KERNELBASE(00008001,009DE600,?,?,?,009E1F10,?,?,4B020D8A,?,?,00BD7298,000000FF), ref: 00AED115
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: ErrorMode
    • String ID:
    • API String ID: 2340568224-0
    • Opcode ID: bd5b5998da2d993435f09e733c69c229ec1e4f5c1c18c964f90f10c2c70554c8
    • Instruction ID: 3e8bb07ac581dd881271d82ec4c70cdca6e5db7f6c96a8ed7bdfb0bd153d1f3b
    • Opcode Fuzzy Hash: bd5b5998da2d993435f09e733c69c229ec1e4f5c1c18c964f90f10c2c70554c8
    • Instruction Fuzzy Hash: 40A0023D1406004BD3846B50681DB6A77107774B42BC5A441E595456A54993005DDF71
    Uniqueness

    Uniqueness Score: -1.00%

    Non-executed Functions

    Function 00B25340 Relevance: 177.7, APIs: 56, Strings: 44, Instructions: 2684threadCOMMON
    Download Yara Rule
    APIs
    • GetCurrentThreadId.KERNEL32 ref: 00B253A8
    • GetCurrentThreadId.KERNEL32 ref: 00B257F0
    • GetCurrentThreadId.KERNEL32 ref: 00B25959
    • GetLastError.KERNEL32(wx.sys_error,00000000), ref: 00B25986
      • Part of subcall function 00B233A0: CloseHandle.KERNEL32(00000000,?,00000000,FFFFFFFF,00B27CC5,?,?,00000000,00000000), ref: 00B233B9
    • SetHandleInformation.KERNEL32(?,00000001,00000000,WX_DDE#,?,00000007,4B020D8A), ref: 00B25A8A
    • GetCurrentThreadId.KERNEL32 ref: 00B25AC6
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentThread$Handle$CloseErrorInformationLast
    • String ID: "!cmd.empty()"$"Assert failure"$"traits"$%s(%d): '%s' failed with error 0x%08lx (%s).$(argtype & (wxFormatString::Arg_String)) == argtype$..\..\src\msw\utilsexc.cpp$CloseHandle(hThread)$CreateThread in wxExecute$D$Execution of command '%s' failed$Failed to redirect the child process IO$Failed to send DDE request to the process "%s".$ResumeThread in wxExecute$SetHandleInformation(pipeErr)$SetHandleInformation(pipeIn)$SetHandleInformation(pipeOut)$Timeout too small in WaitForInputIdle$WX_DDE#$WaitForInputIdle() in wxExecute$Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/buffer.h$Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/log.h$Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/strvararg.h$can only have one optional value$can't create a hidden window for wxExecute$can't extend shared buffer$cannot extend non-owned buffer$empty command in wxExecute$format specifier doesn't match argument type$hwnd$invalid WX_DDE command in wxExecute$invalid value of thread priority parameter$m$m_optKey.empty()$no wxAppTraits in wxExecute()?$this->m_data->m_owned$this->m_data->m_ref == 1$unexpected WaitForInputIdle() return code$wx.sys_error$wxArgNormalizerWchar<class wxCStrData const &>::wxArgNormalizerWchar$wxCharTypeBuffer<wchar_t>::extend$wxExecute$wxExecute() can be called only from the main thread$wxLogger::MaybeStore$wxThread::IsMain()
    • API String ID: 3840752745-2077573944
    • Opcode ID: 97a53a3523d00c546d778d83e9965d513af0c097756ef90d3580fef67a574985
    • Instruction ID: f801d95d8b3f6130f97c653d15e884e80d607c78e8468e1f1b15c63305428f07
    • Opcode Fuzzy Hash: 97a53a3523d00c546d778d83e9965d513af0c097756ef90d3580fef67a574985
    • Instruction Fuzzy Hash: E633BCB0D042689EDF21EBA4DC45BDDBBF0AF15304F1441E9E44DAB292EB745A84CFA1
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009B82E0 Relevance: 77.0, APIs: 19, Strings: 24, Instructions: 1712threadwindowCOMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00B2C250: FindResourceW.KERNEL32(?,?,?,4B020D8A,?,00000000), ref: 00B2C2D2
      • Part of subcall function 00B2C250: LoadResource.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00B2C2E4
      • Part of subcall function 00B2C250: GetCurrentThreadId.KERNEL32 ref: 00B2C327
    • GetCurrentThreadId.KERNEL32 ref: 009B8396
    • GetCurrentThreadId.KERNEL32 ref: 009B8597
    • GetCurrentThreadId.KERNEL32 ref: 009B87EC
    • GetCurrentThreadId.KERNEL32 ref: 009B8A20
      • Part of subcall function 00BA7252: _free.LIBCMT ref: 00BA7265
      • Part of subcall function 00AF1730: __Init_thread_footer.LIBCMT ref: 00AF1777
    • ExtractIconExW.SHELL32(?,00000000,?,00000000,00000001), ref: 009B8D91
    • GetCurrentThreadId.KERNEL32 ref: 009B8DCE
    • GetCurrentThreadId.KERNEL32 ref: 009B8EFB
    • ExtractIconExW.SHELL32(?,00000000,00000000,?,00000001), ref: 009B8FB8
    • GetCurrentThreadId.KERNEL32 ref: 009B8FFD
    • GetCurrentThreadId.KERNEL32 ref: 009B9124
    • ExtractIconW.SHELL32(00000000,?,00000000), ref: 009B91C9
    • GetCurrentThreadId.KERNEL32 ref: 009B9211
      • Part of subcall function 009D9920: GetSystemMetrics.USER32(?), ref: 009D9A0E
    • GetCurrentThreadId.KERNEL32 ref: 009B94A4
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 009B94D1
    • GetCurrentThreadId.KERNEL32 ref: 009B979D
    • GetCurrentThreadId.KERNEL32 ref: 009B98F7
    • LoadIconW.USER32(00000000,?), ref: 009B9C5D
    • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 009B9CCA
    • LoadIconW.USER32(00000000,00C0A77C), ref: 009B9D07
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentThread$Icon$Load$Extract$Resource$ErrorFindImageInit_thread_footerLastMetricsSystem_free
    • String ID: !hasSize || (desiredWidth != -1 && desiredHeight != -1)$(argtype & (wxFormatString::Arg_String)) == argtype$(argtype & (wxFormatStringSpecifier<T>::value)) == argtype$+$..\..\src\msw\gdiimage.cpp$Bitmap in PNG format "%s" not found, check that the resource file contains "RCDATA" resource with this name.$Couldn't load resource bitmap "%s" as a PNG. Have you registered PNG image handler?$Failed to load icon from the file '%s'$No large icons found in the file '%s'.$No small icons found in the file '%s'.$Returning false from wxICOFileHandler::Load because of the size mismatch: actual (%d, %d), requested (%d, %d)$Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/log.h$Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/strvararg.h$can only have one optional value$format specifier doesn't match argument type$iconload$m_optKey.empty()$width and height should be either both -1 or not$wx.sys_error$wxArgNormalizer<int>::wxArgNormalizer$wxArgNormalizerWchar<class wxCStrData const &>::wxArgNormalizerWchar$wxArgNormalizerWchar<class wxString const &>::wxArgNormalizerWchar$wxICOResourceHandler::LoadIcon$wxLogger::MaybeStore
    • API String ID: 2725974186-1426146963
    • Opcode ID: d62ccea54da1273bd4aafda4caa0e9ab3e3216c1fb81f1e533d754b43c61b21e
    • Instruction ID: 5ba5e40dcd612fbd1bbf487d904ba4cb62dce6e7e48309c22cb542249bbdf75a
    • Opcode Fuzzy Hash: d62ccea54da1273bd4aafda4caa0e9ab3e3216c1fb81f1e533d754b43c61b21e
    • Instruction Fuzzy Hash: DAE20170C10258DBDF20EFA4CD45BEEBBB8AF15314F1441A9E509A72C2EB755A84CFA1
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00B393F0 Relevance: 61.6, APIs: 1, Strings: 33, Instructions: 2130COMMON
    Download Yara Rule
    APIs
    • ___from_strstr_to_strchr.LIBCMT ref: 00B39699
      • Part of subcall function 00B38150: _wcschr.LIBVCRUNTIME ref: 00B381D8
      • Part of subcall function 00BA7252: _free.LIBCMT ref: 00BA7265
    Strings
    • no wxMessageOutput object?, xrefs: 00B3B4F6
    • "Assert failure", xrefs: 00B3A695, 00B3B4FB
    • unknown option type, xrefs: 00B3A690
    • Option '%s' requires a value., xrefs: 00B3A194
    • idx < m_size, xrefs: 00B3949E, 00B3AB4A
    • currentParam == countParam - 1, xrefs: 00B3A82B
    • Option '%s' can't be negated, xrefs: 00B39901
    • Unexpected characters following option '%s'., xrefs: 00B39FC1
    • _?-, xrefs: 00B39792
    • wxString::Last, xrefs: 00B39864
    • %s%s, xrefs: 00B3B3DB
    • Unknown option '%s', xrefs: 00B39B7D, 00B3AA07
    • wxString: index out of bounds, xrefs: 00B3985A
    • wxVector<struct wxCmdLineOption *>::at, xrefs: 00B394A3, 00B3AB4F
    • all parameters after the one with wxCMD_LINE_PARAM_MULTIPLE style are ignored, xrefs: 00B3A826
    • Unknown long option '%s', xrefs: 00B399C2
    • Separator expected after the option '%s'., xrefs: 00B3A0D1
    • '%s' is not a correct numeric value for option '%s'., xrefs: 00B3A35A, 00B3A453
    • nIndex < m_nCount, xrefs: 00B39554
    • wxArrayString: index out of bounds, xrefs: 00B3954F
    • wxCmdLineParser::Parse, xrefs: 00B3A69A, 00B3A830, 00B3B500
    • %s (or %s), xrefs: 00B3AC02
    • !empty(), xrefs: 00B3985F
    • wxArrayString::Item, xrefs: 00B39559
    • Unexpected parameter '%s', xrefs: 00B3A864
    • Option '%s': '%s' cannot be converted to a date., xrefs: 00B3A58E
    • Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/vector.h, xrefs: 00B394AD, 00B3AB59
    • Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/string.h, xrefs: 00B3986E
    • s, xrefs: 00B3B42B
    • ..\..\src\common\cmdline.cpp, xrefs: 00B3A6A4, 00B3A83A, 00B3B50A
    • Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/arrstr.h, xrefs: 00B39563
    • The value for the option '%s' must be specified., xrefs: 00B3AE46
    • The required parameter '%s' was not specified., xrefs: 00B3B0FB
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: ___from_strstr_to_strchr_free_wcschr
    • String ID: !empty()$"Assert failure"$%s (or %s)$%s%s$'%s' is not a correct numeric value for option '%s'.$..\..\src\common\cmdline.cpp$Option '%s' can't be negated$Option '%s' requires a value.$Option '%s': '%s' cannot be converted to a date.$Separator expected after the option '%s'.$The required parameter '%s' was not specified.$The value for the option '%s' must be specified.$Unexpected characters following option '%s'.$Unexpected parameter '%s'$Unknown long option '%s'$Unknown option '%s'$Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/arrstr.h$Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/string.h$Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/vector.h$_?-$all parameters after the one with wxCMD_LINE_PARAM_MULTIPLE style are ignored$currentParam == countParam - 1$idx < m_size$nIndex < m_nCount$no wxMessageOutput object?$s$unknown option type$wxArrayString: index out of bounds$wxArrayString::Item$wxCmdLineParser::Parse$wxString: index out of bounds$wxString::Last$wxVector<struct wxCmdLineOption *>::at
    • API String ID: 637346128-1345423984
    • Opcode ID: 9ee3c43f8d9bc7bdc0b666ee7b45280b042d6fb0e572f44baafedf65f9947e42
    • Instruction ID: 378465e526cca44cef10654d775316e95bb55d7ab21315274ab4a6e34ebf1f77
    • Opcode Fuzzy Hash: 9ee3c43f8d9bc7bdc0b666ee7b45280b042d6fb0e572f44baafedf65f9947e42
    • Instruction Fuzzy Hash: 3E235C71D102689EDB25DBA4CC95BEDBBF4BF15304F1400E9E40AA7292EB745B88CF91
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00A87C40 Relevance: 59.3, APIs: 12, Strings: 21, Instructions: 1599threadCOMMON
    Download Yara Rule
    APIs
    • GetCurrentThreadId.KERNEL32 ref: 00A87D5C
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentThread
    • String ID: %s at %lu.$'>' should be escaped as "&gt"; at %lu.$(argtype & (wxFormatString::Arg_String)) == argtype$(argtype & (wxFormatStringSpecifier<T>::value)) == argtype$5$=$Bad attributes for "%s" at %lu: %s.$Empty tag$Missing closing tag for "%s"$Unclosed tag starting$Unknown tag at %lu.$Unmatched closing tag "%s" at %lu.$Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/strvararg.h$Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/vector.h$format specifier doesn't match argument type$idx < m_size$wxArgNormalizer<int>::wxArgNormalizer$wxArgNormalizer<unsigned int>::wxArgNormalizer$wxArgNormalizerWchar<class wxString const &>::wxArgNormalizerWchar$wxArgNormalizerWithBuffer<wchar_t>::wxArgNormalizerWithBuffer$wxVector<struct wxMarkupParser::TagAndAttrs>::at
    • API String ID: 2882836952-3666112454
    • Opcode ID: 0ed816e466c9dd92622f268c4755baab2f87cf9e3d22c778fd3c5073ddca3385
    • Instruction ID: a6851b02e640e4fce357640af09764a8e941029f4a1ea813c89c4742113c1da0
    • Opcode Fuzzy Hash: 0ed816e466c9dd92622f268c4755baab2f87cf9e3d22c778fd3c5073ddca3385
    • Instruction Fuzzy Hash: F4F28970C04258DEDF24EBA4CC55BEDBBB0AF15308F5441E9E409A7292EF759A88CF91
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00A01600 Relevance: 56.6, APIs: 25, Strings: 7, Instructions: 552threadwindowCOMMON
    Download Yara Rule
    APIs
    • CreateBitmap.GDI32(?,?,00000001,00000000,00000000), ref: 00A01769
    • GetCurrentThreadId.KERNEL32 ref: 00A017B4
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000000), ref: 00A01857
    • GetCurrentThreadId.KERNEL32 ref: 00A01895
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000), ref: 00A018C2
    • CreateCompatibleDC.GDI32(00000000), ref: 00A01915
    • CreateCompatibleDC.GDI32(00000000), ref: 00A01921
    • SelectObject.GDI32(00000000,?), ref: 00A01938
    • SelectObject.GDI32(00000000,?), ref: 00A01951
    • BitBlt.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,?,00CC0020), ref: 00A0197C
    • GetCurrentThreadId.KERNEL32 ref: 00A019C7
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000000), ref: 00A01A6E
    • GetCurrentThreadId.KERNEL32 ref: 00A01AB1
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000), ref: 00A01ADE
    • BitBlt.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,?,00220326), ref: 00A01B41
    • GetCurrentThreadId.KERNEL32 ref: 00A01B88
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000000), ref: 00A01C2F
    • GetCurrentThreadId.KERNEL32 ref: 00A01C72
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000), ref: 00A01C9F
      • Part of subcall function 00A00D00: GetObjectW.GDI32(00A01DB0,00000018,?), ref: 00A00D32
    • SelectObject.GDI32(00000000,?), ref: 00A01CF2
    • SelectObject.GDI32(00000000,?), ref: 00A01D03
    • DeleteDC.GDI32(00000000), ref: 00A01D10
    • DeleteDC.GDI32(00000000), ref: 00A01D17
    • DeleteObject.GDI32(00000000), ref: 00A01E41
    • DeleteObject.GDI32(?), ref: 00A01E4E
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: Object$CurrentErrorLastThread$DeleteSelect$Create$Compatible$Bitmap
    • String ID: "Assert failure"$%s(%d): '%s' failed with error 0x%08lx (%s).$..\..\src\msw\bitmap.cpp$unknown wxBitmapTransparency value$wxBitmap::CopyFromIconOrCursor$wxBitmap::CopyFromIconOrCursor - BitBlt$wxBitmap::CopyFromIconOrCursor - CreateBitmap
    • API String ID: 3097591864-2773096614
    • Opcode ID: ba82ad6b5509277a03a5d9632b600b0358b4508ad630a3173fbc6768d23192d8
    • Instruction ID: 33714c1cbdbd12b0dc760ec80d915be94005267439fe098c12b48038c9acb68d
    • Opcode Fuzzy Hash: ba82ad6b5509277a03a5d9632b600b0358b4508ad630a3173fbc6768d23192d8
    • Instruction Fuzzy Hash: 42325870D0025CEEEB20DFA4D949BDEBBF4BF05308F144199E408A7292EB755A84DFA1
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009E3590 Relevance: 54.9, APIs: 21, Strings: 10, Instructions: 663threadCOMMON
    Download Yara Rule
    APIs
    • GetConsoleScreenBufferInfo.KERNEL32(000000FF,?,4B020D8A), ref: 009E3613
    • GetCurrentThreadId.KERNEL32 ref: 009E3658
    • GetLastError.KERNEL32 ref: 009E373D
    • GetCurrentThreadId.KERNEL32 ref: 009E377B
    • GetLastError.KERNEL32 ref: 009E37A8
    • SetConsoleCursorPosition.KERNEL32(000000FF,?), ref: 009E38D5
    • GetCurrentThreadId.KERNEL32 ref: 009E3920
    • GetLastError.KERNEL32 ref: 009E3A05
    • GetCurrentThreadId.KERNEL32 ref: 009E3A43
    • GetLastError.KERNEL32 ref: 009E3A70
    • FillConsoleOutputCharacterW.KERNEL32(000000FF,00000020,?,?,?), ref: 009E3B8E
    • GetCurrentThreadId.KERNEL32 ref: 009E3BD0
    • GetLastError.KERNEL32 ref: 009E3C78
    • GetCurrentThreadId.KERNEL32 ref: 009E3CB6
    • GetLastError.KERNEL32 ref: 009E3CE3
    • WriteConsoleW.KERNEL32(000000FF,?,?,?,00000000), ref: 009E3D47
    • GetCurrentThreadId.KERNEL32 ref: 009E3D87
    • GetLastError.KERNEL32 ref: 009E3E3E
    • GetCurrentThreadId.KERNEL32 ref: 009E3E8E
    • GetLastError.KERNEL32 ref: 009E3ED0
    • WriteConsoleA.KERNEL32(000000FF,00000008,?,?,00000000), ref: 009E3F3E
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentErrorLastThread$Console$Write$BufferCharacterCursorFillInfoOutputPositionScreen
    • String ID: !$%s(%d): '%s' failed with error 0x%08lx (%s).$..\..\src\msw\app.cpp$FillConsoleOutputCharacter$GetConsoleScreenBufferInfo$SetConsoleCursorPosition$WriteConsole$`anonymous-namespace'::wxConsoleStderr::Write$m_hStderr != ((HANDLE)(LONG_PTR)-1)$should only be called if Init() returned true
    • API String ID: 606784581-2642568408
    • Opcode ID: 2c084640525ccdca9d63fa73ca73a4d5da307c0f0d956b7521906f9288abfe6d
    • Instruction ID: d3ed6a58c8f8bed418a5e83f5df4e699226055cf79d6b8a1bf325d0199263553
    • Opcode Fuzzy Hash: 2c084640525ccdca9d63fa73ca73a4d5da307c0f0d956b7521906f9288abfe6d
    • Instruction Fuzzy Hash: 3842C3B0C00388EEDF21EFA5C9497EEBBB4AF11304F148299E41977292E7755E45CBA1
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00A04540 Relevance: 54.8, APIs: 22, Strings: 9, Instructions: 543windowthreadCOMMON
    Download Yara Rule
    APIs
    • CreateCompatibleDC.GDI32(00000000), ref: 00A0469A
    • CreateCompatibleDC.GDI32(00000000), ref: 00A046A3
    • SelectObject.GDI32(00000000,?), ref: 00A046B9
    • GetLastError.KERNEL32 ref: 00A04743
    • GetLastError.KERNEL32(00000006,..\..\src\msw\bitmap.cpp,0000049B,wxBitmap::GetSubBitmapOfHDC,00C09E34), ref: 00A0477A
    • BitBlt.GDI32(00000000,00000000,00000000,?,?,?,?,?,00CC0020), ref: 00A047DF
    • GetCurrentThreadId.KERNEL32 ref: 00A0481E
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,00C09E34), ref: 00A048B9
      • Part of subcall function 009B69E0: GetCurrentThreadId.KERNEL32 ref: 009B6A18
    • GetLastError.KERNEL32(00000006,..\..\src\msw\bitmap.cpp,000004A1,wxBitmap::GetSubBitmapOfHDC,00C09E34), ref: 00A048F0
    • SelectObject.GDI32(00000000,?), ref: 00A04942
    • CreateBitmap.GDI32(?,?,00000001,00000001,00000000), ref: 00A0496F
    • SelectObject.GDI32(00000000,?), ref: 00A04990
    • SelectObject.GDI32(00000000,?), ref: 00A049A0
    • BitBlt.GDI32(00000000,00000000,00000000,?,?,00000000,?,?,00CC0020), ref: 00A049C6
    • GetCurrentThreadId.KERNEL32 ref: 00A04A04
      • Part of subcall function 00AF1730: __Init_thread_footer.LIBCMT ref: 00AF1777
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000000), ref: 00A04A9F
    • GetCurrentThreadId.KERNEL32 ref: 00A04ADD
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000), ref: 00A04B0A
    • SelectObject.GDI32(00000000,?), ref: 00A04BAF
    • SelectObject.GDI32(00000000,?), ref: 00A04BB9
    • DeleteDC.GDI32(00000000), ref: 00A04BDE
    • DeleteDC.GDI32(00000000), ref: 00A04BE1
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: ErrorLastObjectSelect$CurrentThread$Create$CompatibleDelete$BitmapInit_thread_footer
    • String ID: "IsOk() && (rect.x >= 0) && (rect.y >= 0) && (rect.x+rect.width <= GetWidth()) && (rect.y+rect.height <= GetHeight())"$%s(%d): '%s' failed with error 0x%08lx (%s).$..\..\src\msw\bitmap.cpp$BitBlt$GetSubBitmap error$Invalid bitmap or bitmap region$SelectObject(destBitmap)$ret.IsOk()$wxBitmap::GetSubBitmapOfHDC
    • API String ID: 682418409-2896334824
    • Opcode ID: 40eaf91c198886f2c114eb5ac9dace2eac44d3785a7213c552bdf04588a905fb
    • Instruction ID: 3245623561fefac232d42170098580d94a09b2e1a279eedb96d55fe35b30b512
    • Opcode Fuzzy Hash: 40eaf91c198886f2c114eb5ac9dace2eac44d3785a7213c552bdf04588a905fb
    • Instruction Fuzzy Hash: 3B227BB0900348AFDF10DFA8D985BEEBBB4BF09344F148099FA05A72D2D7759944CBA1
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00A96AF0 Relevance: 52.9, APIs: 11, Strings: 18, Instructions: 2179threadCOMMON
    Download Yara Rule
    APIs
    • GetCurrentThreadId.KERNEL32 ref: 00A96DC5
    • GetCurrentThreadId.KERNEL32 ref: 00A9702D
    • GetCurrentThreadId.KERNEL32 ref: 00A9762C
    • GetCurrentThreadId.KERNEL32 ref: 00A97F4C
    • GetCurrentThreadId.KERNEL32 ref: 00A97288
      • Part of subcall function 00BA7252: _free.LIBCMT ref: 00BA7265
    • GetCurrentThreadId.KERNEL32 ref: 00A9866D
    • GetCurrentThreadId.KERNEL32 ref: 00A988AB
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentThread$_free
    • String ID: "chars_per_pixel < 64"$"xpm_data"$%u %u %u %u$(argtype & (wxFormatStringSpecifier<T>::value)) == argtype$..\..\src\common\xpmdecod.cpp$NULL XPM data$XPM colormaps this large not supported.$XPM: Malformed pixel data!$XPM: incorrect colour description in line %d$XPM: incorrect header format!$XPM: malformed colour definition '%s' at line %d!$XPM: no colors left to use for mask!$XPM: truncated image data at line %d!$Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/strvararg.h$format specifier doesn't match argument type$i == colors_cnt$wxArgNormalizer<int>::wxArgNormalizer$wxXPMDecoder::ReadData
    • API String ID: 2780227361-3154861821
    • Opcode ID: b657735e61ec49647791a44b6950382256dcd3a52d10c9855b415bf52c5c31ac
    • Instruction ID: 7653baad165ea57d7edebbebaf7b632d41f84492ac96d2328ac1ebda9b013fa9
    • Opcode Fuzzy Hash: b657735e61ec49647791a44b6950382256dcd3a52d10c9855b415bf52c5c31ac
    • Instruction Fuzzy Hash: 4013D2B0914288DFDF24DFA4CD41BDD7BF0BF15304F148169E949AB292EB759A08CBA1
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009CE800 Relevance: 49.8, APIs: 12, Strings: 16, Instructions: 842threadCOMMON
    Download Yara Rule
    APIs
    • CreateRectRgn.GDI32(00000000,00000000,00000000,00000000), ref: 009CE83E
    • GetCurrentThreadId.KERNEL32 ref: 009CE87E
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,CreateRectRgn,00000000), ref: 009CE96B
    • GetCurrentThreadId.KERNEL32 ref: 009CE9A9
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,CreateRectRgn,00000000), ref: 009CE9D6
    • GetUpdateRgn.USER32(?,00000000,00000000), ref: 009CEAFA
    • GetCurrentThreadId.KERNEL32 ref: 009CEB3D
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,GetUpdateRgn,00000000), ref: 009CEC2A
    • GetCurrentThreadId.KERNEL32 ref: 009CEC68
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,GetUpdateRgn,00000000), ref: 009CEC95
    Strings
    • dest < source, xrefs: 009CEFCE
    • %s(%d): '%s' failed with error 0x%08lx (%s)., xrefs: 009CE943, 009CEC02
    • GetUpdateRgn, xrefs: 009CEC9B
    • idx < m_size, xrefs: 009CEEBA
    • Unknown WM_POWERBROADCAST(%d) event, xrefs: 009CF234
    • CreateRectRgn, xrefs: 009CE9DC
    • wxArgNormalizer<unsigned int>::wxArgNormalizer, xrefs: 009CF2D5
    • ..\..\src\msw\window.cpp, xrefs: 009CE988, 009CE9E6, 009CEC47, 009CECA5, 009CF261
    • Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/strvararg.h, xrefs: 009CF2DF
    • wxVector<struct wxMSWImpl::PaintData>::at, xrefs: 009CEEBF
    • Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/vector.h, xrefs: 009CEEC9, 009CEF79, 009CEFDA
    • wxVector<struct wxMSWImpl::PaintData>::erase, xrefs: 009CEF6F
    • format specifier doesn't match argument type, xrefs: 009CF2CB
    • wxPrivate::wxVectorMemOpsGeneric<struct wxMSWImpl::PaintData>::MemmoveBackward, xrefs: 009CEFD3
    • (argtype & (wxFormatStringSpecifier<T>::value)) == argtype, xrefs: 009CF2D0
    • first < end() && last <= end(), xrefs: 009CEF6A
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentErrorLastThread$CreateRectUpdate
    • String ID: %s(%d): '%s' failed with error 0x%08lx (%s).$(argtype & (wxFormatStringSpecifier<T>::value)) == argtype$..\..\src\msw\window.cpp$CreateRectRgn$GetUpdateRgn$Unknown WM_POWERBROADCAST(%d) event$Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/strvararg.h$Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/vector.h$dest < source$first < end() && last <= end()$format specifier doesn't match argument type$idx < m_size$wxArgNormalizer<unsigned int>::wxArgNormalizer$wxPrivate::wxVectorMemOpsGeneric<struct wxMSWImpl::PaintData>::MemmoveBackward$wxVector<struct wxMSWImpl::PaintData>::at$wxVector<struct wxMSWImpl::PaintData>::erase
    • API String ID: 1448780034-904497375
    • Opcode ID: b39287d496eba9369b48a7ba99b8b3fd68edbb9a582ade9473c84e35993e7a70
    • Instruction ID: c948e73dfe9f7359ed53e566806d12b77d96bd4cf18c9630205f0434b89df23b
    • Opcode Fuzzy Hash: b39287d496eba9369b48a7ba99b8b3fd68edbb9a582ade9473c84e35993e7a70
    • Instruction Fuzzy Hash: 3872D071D00348EFDF20EF64C945BAE7BA5AF01304F14816DF81A6B2D2EB759A45CB92
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009F6D40 Relevance: 46.4, APIs: 11, Strings: 15, Instructions: 934threadwindowCOMMON
    Download Yara Rule
    APIs
    • LoadBitmapW.USER32(00000000,4B020D8A), ref: 009F6DC7
    • GetCurrentThreadId.KERNEL32 ref: 009F6E19
    • GetCurrentThreadId.KERNEL32 ref: 009F7219
    • LoadIconW.USER32(00000000,4B020D8A), ref: 009F7513
    • GetCurrentThreadId.KERNEL32 ref: 009F755C
    • GetCurrentThreadId.KERNEL32 ref: 009F76CA
    • DeleteObject.GDI32(00000000), ref: 009F779A
    • DeleteObject.GDI32(?), ref: 009F77AB
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentThread$DeleteLoadObject$BitmapIcon
    • String ID: "Assert failure"$"IsOk()"$(argtype & (wxFormatString::Arg_String)) == argtype$-$..\..\src\common\image.cpp$Failed to load bitmap "%s" from resources.$Failed to load icon "%s" from resources.$Invalid bitmap resource type.$LoadImageFromResource$Loading cursors from resources is not implemented.$Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/strvararg.h$format specifier doesn't match argument type$invalid image$wxArgNormalizerWchar<class wxString const &>::wxArgNormalizerWchar$wxImage::GetAlpha
    • API String ID: 3589626675-1063437074
    • Opcode ID: 6a1abb0506d2353fb88d355616a7c2c04c57e13258affe17c47576512ea7b16c
    • Instruction ID: a88ecebfc92bbe266c52e1017c16d6eae79aff137dddacc2bbb7d292eb023e23
    • Opcode Fuzzy Hash: 6a1abb0506d2353fb88d355616a7c2c04c57e13258affe17c47576512ea7b16c
    • Instruction Fuzzy Hash: 1B928870C0525CDAEF20DFA4CD45BEDBBB4AF15304F1481E9E509A7282EB755A88CFA1
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009EC8E0 Relevance: 42.8, APIs: 19, Strings: 5, Instructions: 825threadwindowCOMMON
    Download Yara Rule
    APIs
    • GetWindowLongW.USER32(?,000000F0), ref: 009EC937
    • FillRect.USER32(?,?,00000000), ref: 009ECB66
    • DrawTextW.USER32(?,?,?,?,-00000100), ref: 009ECCAB
    • GetCurrentThreadId.KERNEL32 ref: 009ECCF6
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?), ref: 009ECDA6
    • GetCurrentThreadId.KERNEL32 ref: 009ECDE4
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 009ECE11
    • GetSysColor.USER32(00000011), ref: 009ECE8D
    • SetTextColor.GDI32(?,00000000), ref: 009ECE9A
    • DrawTextW.USER32(?,?,?,?,-00000100), ref: 009ECEC7
    • GetCurrentThreadId.KERNEL32 ref: 009ECF1C
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?), ref: 009ED018
    • GetCurrentThreadId.KERNEL32 ref: 009ED056
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 009ED083
    • DrawFocusRect.USER32(?,00000000), ref: 009ED1B9
    • GetCurrentThreadId.KERNEL32 ref: 009ED20C
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?), ref: 009ED308
    • GetCurrentThreadId.KERNEL32 ref: 009ED346
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 009ED373
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentErrorLastThread$DrawText$ColorRect$FillFocusLongWindow
    • String ID: %s(%d): '%s' failed with error 0x%08lx (%s).$..\..\src\msw\control.cpp$DrawFocusRect()$DrawText()$DrawText(DT_CALCRECT)
    • API String ID: 108464670-3326513000
    • Opcode ID: cc1334d3ff7cb0d718098f2fa82ab8ed4b4f01cb964b6e49fb658d3964b92087
    • Instruction ID: 3dec04384e258f4f5eee27bcdc9c9ef3abb3e1cf013becadf6fece4f6eaae3c1
    • Opcode Fuzzy Hash: cc1334d3ff7cb0d718098f2fa82ab8ed4b4f01cb964b6e49fb658d3964b92087
    • Instruction Fuzzy Hash: 657289B0D042989FDF21DBA8C945BEDBBB5AF15304F1481E9E449A7282EB309E85CF51
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00B0C480 Relevance: 41.4, APIs: 10, Strings: 13, Instructions: 1130threadCOMMON
    Download Yara Rule
    APIs
    • GetTempFileNameW.KERNEL32(?,?,00000000,?,?,00000105,?,4B020D8A,0000000E,00000000), ref: 00B0C623
    • GetCurrentThreadId.KERNEL32 ref: 00B0C66D
    • GetLastError.KERNEL32(?,?,?,?,00000105,?,4B020D8A,0000000E,00000000), ref: 00B0C769
    • GetCurrentThreadId.KERNEL32 ref: 00B0C7B9
    • GetLastError.KERNEL32(?,?,?,?,?,?,00000105,?,4B020D8A,0000000E,00000000), ref: 00B0C7FB
    • GetCurrentThreadId.KERNEL32 ref: 00B0C96D
    • GetCurrentThreadId.KERNEL32 ref: 00B0CC8A
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000105,?,4B020D8A,0000000E,00000000), ref: 00B0CCCC
    • GetCurrentThreadId.KERNEL32 ref: 00B0D084
    • GetCurrentThreadId.KERNEL32 ref: 00B0D2CC
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentThread$ErrorLast$FileNameTemp
    • String ID: %s(%d): '%s' failed with error 0x%08lx (%s).$..\..\src\common\filename.cpp$Failed to create a temporary file name$Failed to open temporary file.$GetTempFileName$Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/log.h$can only have one optional value$fileTemp == 0 || ffileTemp == 0$m_optKey.empty()$w+b$wx.sys_error$wxCreateTempImpl$wxLogger::MaybeStore
    • API String ID: 3629232751-1694643029
    • Opcode ID: 3b49e6fdd2f8cafa256ef787db9cbe2a9b60ffc54faa4436fe7dba886a3541f4
    • Instruction ID: 590bf884aa06531a238bfc66eb29211218eacbdbf6fb3c86253b91b5da68d572
    • Opcode Fuzzy Hash: 3b49e6fdd2f8cafa256ef787db9cbe2a9b60ffc54faa4436fe7dba886a3541f4
    • Instruction Fuzzy Hash: 94A2C671904288DFDF21DFA4CC457DE7FE1AF15304F1482A8E849AB2D2EB359A49CB91
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00B0EA90 Relevance: 40.8, APIs: 9, Strings: 14, Instructions: 547threadCOMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • GetLastError.KERNEL32(?,00000048,?,00000000,?,?,?,?,?,?,?,?,?,00BF66B6,000000FF), ref: 00B0EB7C
    • GetCurrentThreadId.KERNEL32 ref: 00B0EBD0
    • GetCurrentThreadId.KERNEL32 ref: 00B0ED69
    • GetLastError.KERNEL32(wx.sys_error,Cannot enumerate files in directory '%s',?,00000048,?,00000000,?,?,?,?,?,?,?,?,?,00BF66B6), ref: 00B0EDAB
    • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,?,?,00BF66B6,000000FF), ref: 00B0EFD6
    • GetCurrentThreadId.KERNEL32 ref: 00B0F020
      • Part of subcall function 00AF1730: __Init_thread_footer.LIBCMT ref: 00AF1777
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000000), ref: 00B0F102
    • GetCurrentThreadId.KERNEL32 ref: 00B0F152
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000), ref: 00B0F194
    Strings
    • %s(%d): '%s' failed with error 0x%08lx (%s)., xrefs: 00B0F0DA
    • wxLogger::MaybeStore, xrefs: 00B0EDCE
    • wx.sys_error, xrefs: 00B0ED03
    • Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/log.h, xrefs: 00B0EDD8
    • Cannot enumerate files in directory '%s', xrefs: 00B0EC27
    • ..\..\src\msw\dir.cpp, xrefs: 00B0ED39, 00B0F122, 00B0F1A4
    • wxArgNormalizerWchar<class wxCStrData const &>::wxArgNormalizerWchar, xrefs: 00B0EE62
    • m_optKey.empty(), xrefs: 00B0EDC9
    • Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/strvararg.h, xrefs: 00B0EE6C
    • can only have one optional value, xrefs: 00B0EDC4
    • (argtype & (wxFormatString::Arg_String)) == argtype, xrefs: 00B0EE5D
    • *.*, xrefs: 00B0EB27
    • format specifier doesn't match argument type, xrefs: 00B0EE58
    • FindNext, xrefs: 00B0F19A
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: ErrorLast$CurrentThread$Init_thread_footer
    • String ID: %s(%d): '%s' failed with error 0x%08lx (%s).$(argtype & (wxFormatString::Arg_String)) == argtype$*.*$..\..\src\msw\dir.cpp$Cannot enumerate files in directory '%s'$FindNext$Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/log.h$Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/strvararg.h$can only have one optional value$format specifier doesn't match argument type$m_optKey.empty()$wx.sys_error$wxArgNormalizerWchar<class wxCStrData const &>::wxArgNormalizerWchar$wxLogger::MaybeStore
    • API String ID: 1212805627-4103876413
    • Opcode ID: 697c9ee085f52446816ccf77e31fdd61fff3bffde2ed4d2129b4257e51d176d5
    • Instruction ID: 0b66dcc7d29524019e986b6c70c468a00fe5b8149064eeb050b74b362aefba46
    • Opcode Fuzzy Hash: 697c9ee085f52446816ccf77e31fdd61fff3bffde2ed4d2129b4257e51d176d5
    • Instruction Fuzzy Hash: 4C22C0719002899FDF31EFA4C9897EE7BE4AF15304F1441A9F8196B2C2EB719B44CB91
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00A059A0 Relevance: 38.9, APIs: 19, Strings: 3, Instructions: 367windowCOMMON
    Download Yara Rule
    APIs
    • CreateBitmap.GDI32(?,00A07D3B,00000001,00000001,00000000), ref: 00A05AC5
    • CreateIconIndirect.USER32(00000000), ref: 00A05AFB
    • DeleteObject.GDI32(00000000), ref: 00A05B0F
    • DeleteObject.GDI32(?), ref: 00A05B16
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CreateDeleteObject$BitmapIconIndirect
    • String ID: %s(%d): '%s' failed with error 0x%08lx (%s).$..\..\src\msw\bitmap.cpp$BitBlt
    • API String ID: 4133387700-2634947290
    • Opcode ID: 03a05771a744987646e45030bde2bae521362c17c713e8fd184f13f0d9704b64
    • Instruction ID: 7057bc7457375a231168f5799fcbd8d92408754667be4086100028b0344beed4
    • Opcode Fuzzy Hash: 03a05771a744987646e45030bde2bae521362c17c713e8fd184f13f0d9704b64
    • Instruction Fuzzy Hash: 99E136B0D01748DFEB20DFA4D984BEEBBF4AF09704F148159E805AB291E7749A44CFA1
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00B23A60 Relevance: 34.0, APIs: 9, Strings: 10, Instructions: 710threadpipeCOMMON
    Download Yara Rule
    APIs
    • CreatePipe.KERNEL32(?,?,?,00000000,4B020D8A,00000000,00000000,00000000), ref: 00B23ABC
    • GetCurrentThreadId.KERNEL32 ref: 00B23B01
    • GetCurrentThreadId.KERNEL32 ref: 00B23E16
    • GetLastError.KERNEL32 ref: 00B23E43
    • CloseHandle.KERNEL32(?,4B020D8A,0000FFFF,00000000,00000001), ref: 00B241A7
    • GetCurrentThreadId.KERNEL32 ref: 00B241ED
      • Part of subcall function 00AF1730: __Init_thread_footer.LIBCMT ref: 00AF1777
    • GetLastError.KERNEL32(?,?,0000FFFF,00000000,00000001), ref: 00B242C6
    • GetCurrentThreadId.KERNEL32 ref: 00B24304
    • GetLastError.KERNEL32(?,?,?,?,0000FFFF,00000000,00000001), ref: 00B24331
    Strings
    • CloseHandle, xrefs: 00B24337
    • m_optKey.empty(), xrefs: 00B23E5E
    • can only have one optional value, xrefs: 00B23E59
    • %s(%d): '%s' failed with error 0x%08lx (%s)., xrefs: 00B2429E
    • ..\..\src\msw\utilsexc.cpp, xrefs: 00B23DF5
    • wxLogger::MaybeStore, xrefs: 00B23E63
    • Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/msw/private.h, xrefs: 00B242E3, 00B24341
    • wx.sys_error, xrefs: 00B23D3F
    • Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/log.h, xrefs: 00B23E6D
    • Failed to create an anonymous pipe, xrefs: 00B23BBE
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentThread$ErrorLast$CloseCreateHandleInit_thread_footerPipe
    • String ID: %s(%d): '%s' failed with error 0x%08lx (%s).$..\..\src\msw\utilsexc.cpp$CloseHandle$Failed to create an anonymous pipe$Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/log.h$Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/msw/private.h$can only have one optional value$m_optKey.empty()$wx.sys_error$wxLogger::MaybeStore
    • API String ID: 1200473614-2960441502
    • Opcode ID: 5c24f1db4964aeeab96f5f7825ff021b15adf51e3b4a3011c83e7ea368c65225
    • Instruction ID: 727b00af58a2685e9127042cebbce817e48f91fab8a2d878588a6d8602a63c3b
    • Opcode Fuzzy Hash: 5c24f1db4964aeeab96f5f7825ff021b15adf51e3b4a3011c83e7ea368c65225
    • Instruction Fuzzy Hash: 5052D171900258DBDF20EFA4D845BDE7BE0EF55304F1481A8F81DAB292EB399A45CB91
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009BE610 Relevance: 33.8, APIs: 15, Strings: 4, Instructions: 544threadCOMMON
    Download Yara Rule
    APIs
    • GetDC.USER32(00000000), ref: 009BE651
    • SelectObject.GDI32(00000000,00000000), ref: 009BE675
    • GetOutlineTextMetricsW.GDI32(00000000,00000000,00000000,?,?,?,?,?,?,?,?,00BD405A,000000FF), ref: 009BE687
    • GetCurrentThreadId.KERNEL32 ref: 009BE6CA
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00BD405A,000000FF), ref: 009BE79D
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00BD405A), ref: 009BE808
    • ReleaseDC.USER32(00000000,00000000), ref: 009BE942
    • GetOutlineTextMetricsW.GDI32(00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00BD405A,000000FF), ref: 009BE974
    • GetCurrentThreadId.KERNEL32 ref: 009BE9AE
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00BD405A,000000FF), ref: 009BEA81
    • GetCurrentThreadId.KERNEL32 ref: 009BEABF
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 009BEAEC
    • ReleaseDC.USER32(00000000,00000000), ref: 009BEC36
    • ReleaseDC.USER32(00000000,00000000), ref: 009BEC78
    • GetCurrentThreadId.KERNEL32 ref: 009BE7DB
      • Part of subcall function 009BD820: CreateFontIndirectW.GDI32(00000010), ref: 009BD85B
      • Part of subcall function 009BD820: GetCurrentThreadId.KERNEL32 ref: 009BD8A0
      • Part of subcall function 009BD820: GetLastError.KERNEL32(?,?,?,?,?,?,?,00000000,00BD3371,000000FF), ref: 009BD979
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentErrorLastThread$Release$MetricsOutlineText$CreateFontIndirectObjectSelect
    • String ID: %s(%d): '%s' failed with error 0x%08lx (%s).$..\..\src\msw\font.cpp$GetOutlineTextMetrics()$GetOutlineTextMetrics(NULL)
    • API String ID: 128549758-2391980572
    • Opcode ID: dc2ef0d36f54610a27b1722237686095c04c9aec6474deb05f0a069b4edc938f
    • Instruction ID: 39e8c44ec6c555db001b80e7b94103071d0a38d7bc48b8968593cac826fc223a
    • Opcode Fuzzy Hash: dc2ef0d36f54610a27b1722237686095c04c9aec6474deb05f0a069b4edc938f
    • Instruction Fuzzy Hash: 1C22F470904248DFDF10EFB8CA457EE7BE8AF55314F144169F819AB282EB75DA04CBA1
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00A15470 Relevance: 31.9, APIs: 11, Strings: 7, Instructions: 432threadCOMMON
    Download Yara Rule
    APIs
    • CreateDIBSection.GDI32(00000000,?,00000000,00000004,00000000,00000000), ref: 00A15565
    • GetCurrentThreadId.KERNEL32 ref: 00A155AD
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00BDB9B1,000000FF), ref: 00A15686
    • GetCurrentThreadId.KERNEL32 ref: 00A156C4
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00BDB9B1,000000FF), ref: 00A156F1
    • GetObjectW.GDI32(?,00000054,?), ref: 00A15895
    • GetObjectW.GDI32(?,00000018,?), ref: 00A158D0
    • GetCurrentThreadId.KERNEL32 ref: 00A1590D
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000000), ref: 00A159A9
    • GetCurrentThreadId.KERNEL32 ref: 00A159F3
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000), ref: 00A15A35
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentErrorLastThread$Object$CreateSection
    • String ID: %s(%d): '%s' failed with error 0x%08lx (%s).$..\..\src\msw\dib.cpp$CreateDIBSection$GetObject(bitmap)$depth$invalid image depth in wxDIB::Create()$wxDIB::Create
    • API String ID: 2822811632-1919864725
    • Opcode ID: 90df921948ea85f3d5c9c5ddc33f2f86a5c29ebc7ea53ba4fc2a9b4b20b165c6
    • Instruction ID: 69fa3bf62bcd1cfd34373050e40e7117e5d54c844d4049a40e627c9c23beaaf2
    • Opcode Fuzzy Hash: 90df921948ea85f3d5c9c5ddc33f2f86a5c29ebc7ea53ba4fc2a9b4b20b165c6
    • Instruction Fuzzy Hash: F402EFB1D00748DFDB20DFB4C945BDEBBA4AF45314F148169F819AB282E7749A84CBA1
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00B061D0 Relevance: 28.3, APIs: 3, Strings: 13, Instructions: 333COMMON
    Download Yara Rule
    APIs
    • GetLocaleInfoW.KERNEL32(00000001,0000000F,?,00000100,4B020D8A,00AF1397,?,00000000,?,00BF5988,000000FF), ref: 00B0625E
    • GetLocaleInfoW.KERNEL32(00000001,00000000,?,00000100,?,?), ref: 00B062B1
    • GetLocaleInfoW.KERNEL32(?,0000001F,?,00000100,?,?,?,?,?,?,?,?,?,?,00000001), ref: 00B064D5
    Strings
    • "Assert failure", xrefs: 00B06486, 00B065DC
    • `anonymous-namespace'::GetLCTYPEFormatFromLocalInfo, xrefs: 00B0648B
    • ..\..\src\common\intl.cpp, xrefs: 00B06495, 00B065EB
    • no matching LCTYPE, xrefs: 00B06481
    • `anonymous-namespace'::GetInfoFromLCID, xrefs: 00B0641F, 00B065E1
    • unknown wxLocaleInfo, xrefs: 00B065D7
    • Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/strvararg.h, xrefs: 00B0634E
    • wxArgNormalizer<double>::wxArgNormalizer, xrefs: 00B06344
    • wxString::Format("%.3f", 1.23).find(str) != wxString::npos, xrefs: 00B0641A
    • %.3f, xrefs: 00B062F2
    • Decimal separator mismatch -- did you use setlocale()?If so, use wxLocale to change the locale instead., xrefs: 00B06415
    • format specifier doesn't match argument type, xrefs: 00B0633A
    • (argtype & (wxFormatStringSpecifier<T>::value)) == argtype, xrefs: 00B0633F
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: InfoLocale
    • String ID: "Assert failure"$%.3f$(argtype & (wxFormatStringSpecifier<T>::value)) == argtype$..\..\src\common\intl.cpp$Decimal separator mismatch -- did you use setlocale()?If so, use wxLocale to change the locale instead.$Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/strvararg.h$`anonymous-namespace'::GetInfoFromLCID$`anonymous-namespace'::GetLCTYPEFormatFromLocalInfo$format specifier doesn't match argument type$no matching LCTYPE$unknown wxLocaleInfo$wxArgNormalizer<double>::wxArgNormalizer$wxString::Format("%.3f", 1.23).find(str) != wxString::npos
    • API String ID: 2299586839-2889670784
    • Opcode ID: e0d1202c2815922954a54ee3d4e018f2790cb02fff56cb5c58b11e84c2a98e8e
    • Instruction ID: 4a3df9d6a4d83d94bbdd38aa92f607d2e11b8b41cb62d58afa96d6f11937056a
    • Opcode Fuzzy Hash: e0d1202c2815922954a54ee3d4e018f2790cb02fff56cb5c58b11e84c2a98e8e
    • Instruction Fuzzy Hash: FED1AE71500288DBDB24DF68CC5ABEE3BE4FF14304F540269F906972D1EBB59A58CBA1
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009D15C0 Relevance: 27.1, APIs: 14, Strings: 1, Instructions: 890COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID:
    • String ID: E
    • API String ID: 0-3568589458
    • Opcode ID: 73c205810428c227599beb315af6e4b78fd009747483de3a812619b7aadd5368
    • Instruction ID: bd78f2fb35562992a2127ff7881476b31686624b32128229a2282df13776e9f8
    • Opcode Fuzzy Hash: 73c205810428c227599beb315af6e4b78fd009747483de3a812619b7aadd5368
    • Instruction Fuzzy Hash: C0827970A012699FDB25DF24C854BEEBBB9AF45304F1480DAE449A7392CB749F84CF91
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00B2C250 Relevance: 26.6, APIs: 8, Strings: 7, Instructions: 345threadCOMMON
    Download Yara Rule
    APIs
    • FindResourceW.KERNEL32(?,?,?,4B020D8A,?,00000000), ref: 00B2C2D2
    • LoadResource.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00B2C2E4
    • GetCurrentThreadId.KERNEL32 ref: 00B2C327
    • GetCurrentThreadId.KERNEL32 ref: 00B2C4AF
    • GetLastError.KERNEL32(?,?), ref: 00B2C4F5
    • LockResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00BF978A), ref: 00B2C56B
    • GetLastError.KERNEL32(?,00000001,..\..\src\msw\utils.cpp,000003C0,wxLoadUserResource,00C09E34,?), ref: 00B2C6EA
      • Part of subcall function 009B7960: GetCurrentThreadId.KERNEL32 ref: 009B7969
    • SizeofResource.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00B2C757
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: Resource$CurrentThread$ErrorLast$FindLoadLockSizeof
    • String ID: "outData && outLen"$..\..\src\msw\utils.cpp$Failed to load resource "%s".$Failed to lock resource "%s".$output pointers can't be NULL$wx.sys_error$wxLoadUserResource
    • API String ID: 3415336682-3750224980
    • Opcode ID: 5c7102e94f61079fd8842319c576d681ab87ae8893fb6293c557ea0a5c8330a9
    • Instruction ID: cf8fb5e80bcdebc0ccdd68137c981597e8e0d3e4be41a4b58c5d52c515c3fcc5
    • Opcode Fuzzy Hash: 5c7102e94f61079fd8842319c576d681ab87ae8893fb6293c557ea0a5c8330a9
    • Instruction Fuzzy Hash: 70E19D70811388DEDF31EFA4D955BEE7BE4AF59304F104169E80DAB281EB745B48CBA1
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00B6A180 Relevance: 24.9, APIs: 3, Strings: 11, Instructions: 430COMMON
    Download Yara Rule
    APIs
    • __allrem.LIBCMT ref: 00B6A2AD
    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B6A3BD
    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B6A405
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$__allrem
    • String ID: (0 < month) && (month <= 12)$(1 <= day) && (day < 32)$..\..\src\common\datetime.cpp$IsValid()$JDN out of range$gfff$invalid day$invalid month$invalid wxDateTime$jdn > -2$wxDateTime::GetTm
    • API String ID: 632788072-535222866
    • Opcode ID: c19181b7da84ea646956158ed6e725f70ddd0e734e4de036889a89d9ba9936c1
    • Instruction ID: 64b20485c4bb8dfd1a3618572df134ac05ebcc9341c2ebeaf14509c5e5364ee8
    • Opcode Fuzzy Hash: c19181b7da84ea646956158ed6e725f70ddd0e734e4de036889a89d9ba9936c1
    • Instruction Fuzzy Hash: 08E1F172A043404BCB18DF2C8C5171ABAD1AFD8704F49866EF999EB3D1EB74D904CB86
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009D4A60 Relevance: 22.9, APIs: 15, Instructions: 379windowkeyboardCOMMON
    Download Yara Rule
    APIs
    • GetWindowLongW.USER32(?,000000EC), ref: 009D4AB5
    • GetKeyState.USER32(00000011), ref: 009D4ADA
    • GetKeyState.USER32(00000010), ref: 009D4AE4
    • SendMessageW.USER32(?,?,00000087,00000000), ref: 009D4AFE
    • SendMessageW.USER32(?,00000127,00010002,00000000), ref: 009D4C24
    • GetWindowLongW.USER32(?,000000F0), ref: 009D4C83
    • SendMessageW.USER32(?,00000087,00000000,00000000), ref: 009D4CEB
    • GetFocus.USER32 ref: 009D4E01
    • GetWindowLongW.USER32(00000000,000000EC), ref: 009D4E0C
    • GetWindowLongW.USER32(?,000000EC), ref: 009D4E4E
    • IsWindowEnabled.USER32(00000000), ref: 009D4EB1
    • IsWindowVisible.USER32(00000000), ref: 009D4EB8
    • GetWindowLongW.USER32(00000000,000000F0), ref: 009D4EC1
    • GetParent.USER32(00000000), ref: 009D4ECF
    • IsDialogMessageW.USER32(?,?), ref: 009D4EE8
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: Window$Long$Message$Send$State$DialogEnabledFocusParentVisible
    • String ID:
    • API String ID: 2250518932-0
    • Opcode ID: dd544fcf1ef636706b6dacc9bf28dcad054c3ce14725c3ef183921c6ba05c7ca
    • Instruction ID: c0e70d2788ba7b55a85b2c50bb542830ce682cf3a85ef185d9e05ba5f53de864
    • Opcode Fuzzy Hash: dd544fcf1ef636706b6dacc9bf28dcad054c3ce14725c3ef183921c6ba05c7ca
    • Instruction Fuzzy Hash: 98D10131A806049FDF20DF68D845BEEB7A9AF95750F18856BE941AB3D1CB35ED00CB90
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00B386F0 Relevance: 19.6, Strings: 15, Instructions: 802COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID:
    • String ID: "Assert failure"$*$-$...$..\..\src\common\cmdline.cpp$<$Usage: %s$Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/vector.h$[-]$]$idx < m_size$option with only a long name while long options are disabled$option without neither short nor long name$wxCmdLineParser::GetUsageString$wxVector<struct wxCmdLineOption *>::at
    • API String ID: 0-3624711114
    • Opcode ID: 39631f35e0d0eb73e97b035471989b81ce7ebc98acb1d94c9664228195d9c351
    • Instruction ID: 3c83e03faf369f09e803d0e7b339f9373174c9657b8565a375422d0a0759a713
    • Opcode Fuzzy Hash: 39631f35e0d0eb73e97b035471989b81ce7ebc98acb1d94c9664228195d9c351
    • Instruction Fuzzy Hash: D3725B70A003589FDB24DFA4CC95BEEB7F5AF55304F1040ADE50AA7292DBB46A84CF91
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00A0F6A0 Relevance: 15.8, Strings: 12, Instructions: 763COMMON
    Download Yara Rule
    Strings
    • ..\..\src\common\colourcmn.cpp, xrefs: 00A0F7E2
    • Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/strvararg.h, xrefs: 00A0FA9C
    • wxColourVariantData::Eq, xrefs: 00A0F7DB
    • GetType() == data.GetType(), xrefs: 00A0F7D6
    • ( %d , %d , %d , %, xrefs: 00A0FA1E
    • %lx, xrefs: 00A0FEDF
    • format specifier doesn't match argument type, xrefs: 00A0FA88
    • RGB, xrefs: 00A0F8B4
    • wxArgNormalizer<unsigned int>::wxArgNormalizer, xrefs: 00A0FA92
    • ( %d , %d , %d ), xrefs: 00A0FE48
    • [^)] ), xrefs: 00A0FB0A
    • (argtype & (wxFormatStringSpecifier<T>::value)) == argtype, xrefs: 00A0FA8D
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID:
    • String ID: %lx$( %d , %d , %d )$( %d , %d , %d , %$(argtype & (wxFormatStringSpecifier<T>::value)) == argtype$..\..\src\common\colourcmn.cpp$GetType() == data.GetType()$RGB$Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/strvararg.h$[^)] )$format specifier doesn't match argument type$wxArgNormalizer<unsigned int>::wxArgNormalizer$wxColourVariantData::Eq
    • API String ID: 0-3633759720
    • Opcode ID: 1ead98bee2845a3fdd056c91911e4fee3c17e421247dc762f455cebebfc0f953
    • Instruction ID: 1b1f8d5783153507d0fbd52c084cf31c7a78a1e13cc812a661f3be7d2f5b6fe5
    • Opcode Fuzzy Hash: 1ead98bee2845a3fdd056c91911e4fee3c17e421247dc762f455cebebfc0f953
    • Instruction Fuzzy Hash: 38520F7190024CAFDF24DFA4D851BEEBBB5AF45304F148139F906A76D2EB349A04CBA1
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009FC800 Relevance: 15.5, Strings: 12, Instructions: 474COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID:
    • String ID: "(old_height > 0) && (old_width > 0)"$"(xFactor > 0) && (yFactor > 0)"$"IsOk()"$"data"$..\..\src\common\image.cpp$HotSpotX$HotSpotY$invalid image$invalid new image size$invalid old image size$unable to create image$wxImage::ShrinkBy
    • API String ID: 0-1421343131
    • Opcode ID: ddde4e1a6229842918e13eae342c98232bb869606ebd8c38016d26593fca5270
    • Instruction ID: edd0167035015675fe9303742ead0d77aa65b54b121a3058c51d94004cebae17
    • Opcode Fuzzy Hash: ddde4e1a6229842918e13eae342c98232bb869606ebd8c38016d26593fca5270
    • Instruction Fuzzy Hash: B9128AB4A0128DDFCF18CF58C5507EDBBF4AF49308F288169E949A7382D774A945CB91
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00B102E0 Relevance: 15.4, APIs: 2, Strings: 6, Instructions: 1417threadCOMMON
    Download Yara Rule
    APIs
    • GetCurrentThreadId.KERNEL32 ref: 00B10FF6
      • Part of subcall function 00AF1730: __Init_thread_footer.LIBCMT ref: 00AF1777
    • GetCurrentThreadId.KERNEL32 ref: 00B10C9F
      • Part of subcall function 00BA7252: _free.LIBCMT ref: 00BA7265
    Strings
    • Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/strvararg.h, xrefs: 00B11077
    • ), xrefs: 00B10449
    • (argtype & (wxFormatString::Arg_String)) == argtype, xrefs: 00B11068
    • format specifier doesn't match argument type, xrefs: 00B11063
    • wxArgNormalizerWchar<class wxString const &>::wxArgNormalizerWchar, xrefs: 00B1106D
    • '%s' has extra '..', ignored., xrefs: 00B10D72
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentThread$Init_thread_footer_free
    • String ID: '%s' has extra '..', ignored.$(argtype & (wxFormatString::Arg_String)) == argtype$)$Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/strvararg.h$format specifier doesn't match argument type$wxArgNormalizerWchar<class wxString const &>::wxArgNormalizerWchar
    • API String ID: 804875219-1871677368
    • Opcode ID: 2b9da90641af7f9232e4c3654c7f60b581ac9b5bb58d757d67c7a3dba173b020
    • Instruction ID: 9015d3dcf828c8a10c53d6348d3d3a37b8afb12547f287297dff3df51254ca63
    • Opcode Fuzzy Hash: 2b9da90641af7f9232e4c3654c7f60b581ac9b5bb58d757d67c7a3dba173b020
    • Instruction Fuzzy Hash: D3D28870910258DFDB24DF68C885BEDB7F1AF45304F5085E9E50AAB292DB74AAC4CF90
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00B09050 Relevance: 14.7, APIs: 4, Strings: 4, Instructions: 702COMMON
    Download Yara Rule
    APIs
    • GetLongPathNameW.KERNEL32(?,00000000,00000000), ref: 00B090DB
    • GetLongPathNameW.KERNEL32(?,?,00000000), ref: 00B0910F
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: LongNamePath
    • String ID: Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/arrstr.h$nIndex < m_nCount$wxArrayString: index out of bounds$wxArrayString::Item
    • API String ID: 82841172-912602460
    • Opcode ID: 7f2277b72aadc930cfb804d057e30efc51827f66ff94edcea9226602f69e037a
    • Instruction ID: ce8400820bd660a1e24b2d1be8dfc07d06f9887bded2e5d90d088eb0b3d67395
    • Opcode Fuzzy Hash: 7f2277b72aadc930cfb804d057e30efc51827f66ff94edcea9226602f69e037a
    • Instruction Fuzzy Hash: BC527E71D002189FDF25DFA4CC95BEEBBF4BF49304F1441A9E41AA7292EB709A44CB90
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00B09DB0 Relevance: 14.3, APIs: 3, Strings: 5, Instructions: 265comCOMMON
    Download Yara Rule
    APIs
      • Part of subcall function 009E4240: OleInitialize.OLE32(00000000), ref: 009E427F
      • Part of subcall function 009E4240: GetCurrentThreadId.KERNEL32 ref: 009E42CD
    • CoCreateInstance.OLE32(00C7F0C8,00000000,00000001,00C7F0B8,?,?,lnk,00000003,?,4B020D8A,?,?,00000000,00000000,?,?), ref: 00B09F24
    • MultiByteToWideChar.KERNEL32(00000000,00000001,?,000000FF,?,00000104,?,00CCFA64,?,4B020D8A,?,?,00000000,00000000,?,?), ref: 00B09F8E
    • OleUninitialize.OLE32(?,4B020D8A,?,?,00000000,00000000,?,?,4B020D8A,00000000,00000000), ref: 00B0A0ED
    Strings
    • Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/msw/private/comptr.h, xrefs: 00B09EF4
    • lnk, xrefs: 00B09E73
    • Can't get direct access to initialized pointer, xrefs: 00B09EE3
    • !m_ptr, xrefs: 00B09EE8
    • wxCOMPtr<struct IShellLinkW>::operator &, xrefs: 00B09EED
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: ByteCharCreateCurrentInitializeInstanceMultiThreadUninitializeWide
    • String ID: !m_ptr$Can't get direct access to initialized pointer$Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/msw/private/comptr.h$lnk$wxCOMPtr<struct IShellLinkW>::operator &
    • API String ID: 3138671691-2249963413
    • Opcode ID: 5f6e99fae06de7ae72505afc99e184b56721d801a10fd4e31d6f42fd29968227
    • Instruction ID: 84aa20a13f2b14eabd84aff0db4cb6d5304910e937f18c9d187db5cc920a4c55
    • Opcode Fuzzy Hash: 5f6e99fae06de7ae72505afc99e184b56721d801a10fd4e31d6f42fd29968227
    • Instruction Fuzzy Hash: 4BB128709102889FDB24DFA4C855BEE7BF8FF45308F144159F809DB291EB75AA08CBA1
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009D9410 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 62keyboardCOMMON
    Download Yara Rule
    APIs
    • GetKeyState.USER32(?), ref: 009D9490
    • GetSystemMetrics.USER32(00000017), ref: 009D9F03
    • GetAsyncKeyState.USER32(00000000), ref: 009D9F1D
    Strings
    • ..\..\src\msw\window.cpp, xrefs: 009D9441
    • can't use wxGetKeyState() for mouse buttons, xrefs: 009D942D
    • key != 0x01 && key != 0x02 && key != 0x04, xrefs: 009D9432
    • wxGetKeyState, xrefs: 009D9437
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: State$AsyncMetricsSystem
    • String ID: ..\..\src\msw\window.cpp$can't use wxGetKeyState() for mouse buttons$key != 0x01 && key != 0x02 && key != 0x04$wxGetKeyState
    • API String ID: 3318434938-1787826681
    • Opcode ID: 9120e2110b194e0547c67127627517563eb586100bf271d93cb480b5054fa3a4
    • Instruction ID: fc9073f3820907012716df9d3dfc4ccc44da6186ed7a106051669de271533bb9
    • Opcode Fuzzy Hash: 9120e2110b194e0547c67127627517563eb586100bf271d93cb480b5054fa3a4
    • Instruction Fuzzy Hash: A0110636E8423056CB34372CAC0D7EA66895B11741F468477F54DAB2F2C6644CC2D6A2
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00BCB627 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 253COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00BC4654: GetLastError.KERNEL32(?,00000001,?,00BA861B,00000001,00000401,00000001,?,00BB2426,00C06416,00000401,4B020D8A,00000000), ref: 00BC4659
      • Part of subcall function 00BC4654: SetLastError.KERNEL32(00000000,00000006,000000FF,?,00BB2426,00C06416,00000401,4B020D8A,00000000), ref: 00BC46F7
    • GetACP.KERNEL32(00000055,?,?,?,?,?,00BC1131,?,?,?,?,00000000,?,00000004), ref: 00BCB6E8
    • IsValidCodePage.KERNEL32(00000000,00000055,?,?,?,?,?,00BC1131,?,?,?,?,00000000,?,00000004), ref: 00BCB713
    • _wcschr.LIBVCRUNTIME ref: 00BCB7A7
    • _wcschr.LIBVCRUNTIME ref: 00BCB7B5
    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,00BC1131,00000000,00BC1251), ref: 00BCB878
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: ErrorLast_wcschr$CodeInfoLocalePageValid
    • String ID: utf8
    • API String ID: 4147378913-905460609
    • Opcode ID: 763413523440b4dc034b17d4d6ee4edcbe5cd8df0954a4d75bdd126d5687fcb4
    • Instruction ID: eb293b7407f03328680d35c43f1cb056259cb2e227cd6cdfd37495ffa000e629
    • Opcode Fuzzy Hash: 763413523440b4dc034b17d4d6ee4edcbe5cd8df0954a4d75bdd126d5687fcb4
    • Instruction Fuzzy Hash: F9718F71A00206AAEB24AB35DC87FBF73ECEF45740F1544BEE94597181EB70E94087A5
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009CCB20 Relevance: 10.6, APIs: 7, Instructions: 102keyboardwindowCOMMON
    Download Yara Rule
    APIs
    • GetKeyState.USER32(00000010), ref: 009CCB5D
    • GetKeyState.USER32(00000011), ref: 009CCB6C
    • GetKeyState.USER32(00000001), ref: 009CCB78
    • GetKeyState.USER32(00000004), ref: 009CCB8C
    • GetKeyState.USER32(00000002), ref: 009CCBA4
    • GetCursorPos.USER32(?), ref: 009CCBC4
    • GetMessagePos.USER32 ref: 009CCBCE
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: State$CursorMessage
    • String ID:
    • API String ID: 837575935-0
    • Opcode ID: cd092354974e5d847ad555cbc4277bcf5ef42b2b343a1f2d918862943add7709
    • Instruction ID: 911c48b3044686dad9662ff06521611e00bc2d00b119a76e4110ec6a079243c7
    • Opcode Fuzzy Hash: cd092354974e5d847ad555cbc4277bcf5ef42b2b343a1f2d918862943add7709
    • Instruction Fuzzy Hash: C4310475E0061A9BCF10AFA4CD05BEEBBB5EB84710F00416AEA49E3281EF755A41CF90
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00BCBDBB Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 86COMMON
    Download Yara Rule
    APIs
    • GetLocaleInfoW.KERNEL32(51CEB70F,2000000B,00000000,00000002,00000000,?,?,?,00BCC0E1,?,00000000), ref: 00BCBE54
    • GetLocaleInfoW.KERNEL32(51CEB70F,20001004,00000000,00000002,00000000,?,?,?,00BCC0E1,?,00000000), ref: 00BCBE7D
    • GetACP.KERNEL32(?,?,00BCC0E1,?,00000000), ref: 00BCBE92
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: InfoLocale
    • String ID: ACP$OCP
    • API String ID: 2299586839-711371036
    • Opcode ID: fe9c926f4baf5051c609471c7343c2310f05d4e874ff380d0c65e9ab4356fe84
    • Instruction ID: 032a30270ebd597bbb7439fc572a41e4a1163449704337300afc56d34b0cfcbb
    • Opcode Fuzzy Hash: fe9c926f4baf5051c609471c7343c2310f05d4e874ff380d0c65e9ab4356fe84
    • Instruction Fuzzy Hash: 4E21A162A00106AAEB34DF64C942FDFB3E6EB54F65F5648ACEA09D7120E732DD41C790
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00BBF0CB Relevance: 4.7, APIs: 3, Instructions: 173timeCOMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00C83FC0), ref: 00BBF135
    • _free.LIBCMT ref: 00BBF123
      • Part of subcall function 00BC48A6: RtlFreeHeap.NTDLL(00000000,00000000,?,00BCA4F5,?,00000000,?,?,?,00BCA79A,?,00000007,?,?,00BCADA1,?), ref: 00BC48BC
      • Part of subcall function 00BC48A6: GetLastError.KERNEL32(?,?,00BCA4F5,?,00000000,?,?,?,00BCA79A,?,00000007,?,?,00BCADA1,?,?), ref: 00BC48CE
    • _free.LIBCMT ref: 00BBF2F1
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: _free$ErrorFreeHeapInformationLastTimeZone
    • String ID:
    • API String ID: 2155170405-0
    • Opcode ID: 3df17ae142e531cfe8ad0491dc9934e4080f34f02affba2baee2b7829596cdcf
    • Instruction ID: 4f126e1675204d038d9c047c7c261e2db2b73ddbe98900af41e2e36456f149fd
    • Opcode Fuzzy Hash: 3df17ae142e531cfe8ad0491dc9934e4080f34f02affba2baee2b7829596cdcf
    • Instruction Fuzzy Hash: F6518371D04306EBCB10EF69DD82AFE77E8EB45350B5006FAE424A72A1E7B19E408B55
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00A0C8B0 Relevance: 4.6, Strings: 3, Instructions: 832COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID:
    • String ID: Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/vector.h$idx < m_size$wxVector<int>::at
    • API String ID: 0-2013482211
    • Opcode ID: 413229746c4c35c0be84c7ccaaf38e7690e17ce9f708f409a7d3be1fbdecae9b
    • Instruction ID: 9e4062e021141cddd5aa285873ade2f92234141b079599d7f79e08aa5c8f4a94
    • Opcode Fuzzy Hash: 413229746c4c35c0be84c7ccaaf38e7690e17ce9f708f409a7d3be1fbdecae9b
    • Instruction Fuzzy Hash: A9727B76A003099FCB24CF98D885BAEB7F1BF49724F144629E85AA72D1D770EC45CB90
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00BA7043 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 00BA713B
    • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 00BA7145
    • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 00BA7152
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: ExceptionFilterUnhandled$DebuggerPresent
    • String ID:
    • API String ID: 3906539128-0
    • Opcode ID: ffde5208c1edceeb32a7b9e922c74e78cd2dc3a994f14ae55e88ee54ed87d93a
    • Instruction ID: e16d27242de21a79b18d9d30b1a6657aa8bda9e12ea02f47cdcbc1101b4b7c75
    • Opcode Fuzzy Hash: ffde5208c1edceeb32a7b9e922c74e78cd2dc3a994f14ae55e88ee54ed87d93a
    • Instruction Fuzzy Hash: BA31B3749452199BCB21DF68DC8978DBBF8BF08310F5041DAE41CA7251EB709F858F54
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009D4120 Relevance: 4.5, APIs: 3, Instructions: 48keyboardwindowtimeCOMMON
    Download Yara Rule
    APIs
    • GetKeyState.USER32(00000010), ref: 009D4144
    • GetKeyState.USER32(00000011), ref: 009D415E
    • GetMessageTime.USER32 ref: 009D4198
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: State$MessageTime
    • String ID:
    • API String ID: 2637895911-0
    • Opcode ID: 45b42918bea5aba7bb9f20828666c84e3d8ad0d58a20111e5c4c4b65d8dc183c
    • Instruction ID: 2ea9e2aee605c8b9391aea876a6ce16d447bc4fa46387ad49d4dd67a92c9450c
    • Opcode Fuzzy Hash: 45b42918bea5aba7bb9f20828666c84e3d8ad0d58a20111e5c4c4b65d8dc183c
    • Instruction Fuzzy Hash: B401C036604662AFD710CF75D4127E6BFA0FF19350F084A4AE6A487B81C364E415DFA0
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009F8360 Relevance: 4.2, Strings: 3, Instructions: 422COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID:
    • String ID: Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/vector.h$idx < m_size$wxVector<struct `anonymous namespace'::BicubicPrecalc>::at
    • API String ID: 0-2341376874
    • Opcode ID: eaf75412e64541f96529f7fe3257e9a1d060e18504ad7f137710574e4297409e
    • Instruction ID: 5d2805b5f122b2344b05e16af65fe5f840bb5d9b4f882bba2e308c4522e55724
    • Opcode Fuzzy Hash: eaf75412e64541f96529f7fe3257e9a1d060e18504ad7f137710574e4297409e
    • Instruction Fuzzy Hash: D902E530D24B598EC753CB79C490B7AFBB5AF5A384F14835BF816B7A52D73098828B50
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00A1B210 Relevance: 1.8, Strings: 1, Instructions: 531COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID:
    • String ID: button
    • API String ID: 0-973515837
    • Opcode ID: b41e6f6fcd3ce4fd58ebebd581d2b4db36454b5b94cfa35b0a7738d87b15002b
    • Instruction ID: d4f26f965caed2a5d5dd9eb2b57fcdddfb41833b033099dc0b1f1796935346e9
    • Opcode Fuzzy Hash: b41e6f6fcd3ce4fd58ebebd581d2b4db36454b5b94cfa35b0a7738d87b15002b
    • Instruction Fuzzy Hash: 4F228DB09013489FEB21DFA4CD96BEE7BB0BF19310F140168E9197B2D1DBB45A44CBA1
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009D7C00 Relevance: 1.7, APIs: 1, Instructions: 190keyboardCOMMON
    Download Yara Rule
    APIs
    • MapVirtualKeyW.USER32(0000007F,00000002), ref: 009D7C42
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: Virtual
    • String ID:
    • API String ID: 4278518827-0
    • Opcode ID: eb748d1870c97ab9055ea560e24c989afac87f00247a1ed57422699264adec8b
    • Instruction ID: b54c3f661da583a25f733852559843ef540f3d09f5468c83938c7671c030086e
    • Opcode Fuzzy Hash: eb748d1870c97ab9055ea560e24c989afac87f00247a1ed57422699264adec8b
    • Instruction Fuzzy Hash: 405140703592054BFB1C8AA9C85077AA2DADF84341F58887DF58BCBBE0EB64CC51E710
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00BCB918 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00BC4654: GetLastError.KERNEL32(?,00000001,?,00BA861B,00000001,00000401,00000001,?,00BB2426,00C06416,00000401,4B020D8A,00000000), ref: 00BC4659
      • Part of subcall function 00BC4654: SetLastError.KERNEL32(00000000,00000006,000000FF,?,00BB2426,00C06416,00000401,4B020D8A,00000000), ref: 00BC46F7
    • EnumSystemLocalesW.KERNEL32(00BCBA3E,00000001,00000000,?,00BC112A,?,00BCC076,00000000,00000055,?,?), ref: 00BCB98A
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: ErrorLast$EnumLocalesSystem
    • String ID:
    • API String ID: 2417226690-0
    • Opcode ID: c4fdd760e7d3a5a3916eb7e49120e90cabb06ff88d0e48c70af66dde02b8b64f
    • Instruction ID: 06dddead82dda6591e0a15be321b2944045eada6ab5af8dc216732b21bd2a7df
    • Opcode Fuzzy Hash: c4fdd760e7d3a5a3916eb7e49120e90cabb06ff88d0e48c70af66dde02b8b64f
    • Instruction Fuzzy Hash: B511C2372047059FDB189F398892FBEB7E1FB80358F15456DEA8687A40E7B1A942CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009E7910 Relevance: 1.6, APIs: 1, Instructions: 58windowCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: Iconic
    • String ID:
    • API String ID: 110040809-0
    • Opcode ID: 867161659e25ba97a92631bc62dfdf31df3c13c67a99be54ec7959d9c223a19b
    • Instruction ID: fa3240181c70c06df4e06597de9b100c756a6beafff3dd14ca04ea4d45002d64
    • Opcode Fuzzy Hash: 867161659e25ba97a92631bc62dfdf31df3c13c67a99be54ec7959d9c223a19b
    • Instruction Fuzzy Hash: 69114CB1A00609AFDF04DF95D805BAEFBF9EF85714F10466EE815A3291EB761A04CB90
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00BCB9B3 Relevance: 1.5, APIs: 1, Instructions: 41COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00BC4654: GetLastError.KERNEL32(?,00000001,?,00BA861B,00000001,00000401,00000001,?,00BB2426,00C06416,00000401,4B020D8A,00000000), ref: 00BC4659
      • Part of subcall function 00BC4654: SetLastError.KERNEL32(00000000,00000006,000000FF,?,00BB2426,00C06416,00000401,4B020D8A,00000000), ref: 00BC46F7
    • EnumSystemLocalesW.KERNEL32(00BCBC93,00000001,?,?,00BC112A,?,00BCC03A,00BC112A,00000055,?,?,?,?,00BC112A,?,?), ref: 00BCB9FD
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: ErrorLast$EnumLocalesSystem
    • String ID:
    • API String ID: 2417226690-0
    • Opcode ID: 84a7e2497e93f006860b30854c9ba7fb687b1c69d94f2303ccc8e512209dfc7e
    • Instruction ID: 5b3984299b2de3d84ce7b5e57baae13095bfb47fa6351d59ad70768cb32deed9
    • Opcode Fuzzy Hash: 84a7e2497e93f006860b30854c9ba7fb687b1c69d94f2303ccc8e512209dfc7e
    • Instruction Fuzzy Hash: 71F0C2362003045FDB149F799892F6EBBD1EF80368F1584ADFA458B690DBB19C42DA50
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00B0E410 Relevance: 1.5, APIs: 1, Instructions: 37fileCOMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • FindFirstFileW.KERNEL32(?,?,00000024,00000048,00B0EB56,?,00000048,00000000,00000048,?,00000000), ref: 00B0E424
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: FileFindFirst
    • String ID:
    • API String ID: 1974802433-0
    • Opcode ID: b4edee4c8f9d22c63827bbae8adb6eaab1fbe48a4d0243644822f920e854ac99
    • Instruction ID: ba8b30f0ef1d50bab62bc91c6506f1d33a571a57b1266e0a4f57c2e232909793
    • Opcode Fuzzy Hash: b4edee4c8f9d22c63827bbae8adb6eaab1fbe48a4d0243644822f920e854ac99
    • Instruction Fuzzy Hash: 5FF082329052506BC9106E59BC4995FBFE89ED6735B050EE8F874A32E2D321CD1A86B3
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00BCB8CD Relevance: 1.5, APIs: 1, Instructions: 31COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00BC4654: GetLastError.KERNEL32(?,00000001,?,00BA861B,00000001,00000401,00000001,?,00BB2426,00C06416,00000401,4B020D8A,00000000), ref: 00BC4659
      • Part of subcall function 00BC4654: SetLastError.KERNEL32(00000000,00000006,000000FF,?,00BB2426,00C06416,00000401,4B020D8A,00000000), ref: 00BC46F7
    • EnumSystemLocalesW.KERNEL32(00BCB824,00000001,?,?,?,00BCC098,00BC112A,00000055,?,?,?,?,00BC112A,?,?,?), ref: 00BCB904
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: ErrorLast$EnumLocalesSystem
    • String ID:
    • API String ID: 2417226690-0
    • Opcode ID: 41e11bf935ff01a143a109bd8683e583ab1cd191b78e144bc994e56b5978f0b4
    • Instruction ID: 43ddcbedee14811ba95f0f46b824f921e4236d9aba28dfc7693e8ad251a996ef
    • Opcode Fuzzy Hash: 41e11bf935ff01a143a109bd8683e583ab1cd191b78e144bc994e56b5978f0b4
    • Instruction Fuzzy Hash: E1F0A03A30024557CF149B75D856F6EBBD4EB81711F0A409DEA098B250C7719942DBA0
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00BC4956 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00BC2601: EnterCriticalSection.KERNEL32(-00D0A398,?,00BC33D7,?,00CCACA0,0000000C,00BC36B4,?), ref: 00BC2610
    • EnumSystemLocalesW.KERNEL32(00BC4949,00000001,00CCAD60,0000000C,00BC4D6C,00000000), ref: 00BC498E
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CriticalEnterEnumLocalesSectionSystem
    • String ID:
    • API String ID: 1272433827-0
    • Opcode ID: e9d786a02eaa739d9a20095fe0eef32b14e3d3a500748bc841448dbd0d2f9b44
    • Instruction ID: 5894c7a67db367127a8f97c046a89716dfc05a6c03115db60da780434d00f6f0
    • Opcode Fuzzy Hash: e9d786a02eaa739d9a20095fe0eef32b14e3d3a500748bc841448dbd0d2f9b44
    • Instruction Fuzzy Hash: FBF01231A00214EFDB10EFA8D842F9E77F0EB49721F00819AF9149B2A1CBB44A059F95
    Uniqueness

    Uniqueness Score: -1.00%

    Function 011A6541 Relevance: .7, Instructions: 672COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000003.1284134474.00000000011A3000.00000004.00000020.00020000.00000000.sdmp, Offset: 0119A000, based on PE: false
    • Associated: 00000000.00000003.1284057707.000000000119A000.00000004.00000020.00020000.00000000.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_3_119a000_Start.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 7a54956bbbeff2bebf879ecce26822c1ec1d4abe4a680c269e4bed87faa564d3
    • Instruction ID: c2f80a959e16ffd2a1de47e1a7bc162853843f1f7fbd3c547cbf5a9562ce2c56
    • Opcode Fuzzy Hash: 7a54956bbbeff2bebf879ecce26822c1ec1d4abe4a680c269e4bed87faa564d3
    • Instruction Fuzzy Hash: 6BD175A244E7C14FD3534B7498386957FB09F17624B0E09EBD0C4CF4A3E26E5A9AD722
    Uniqueness

    Uniqueness Score: -1.00%

    Function 011A6541 Relevance: .7, Instructions: 672COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000003.1284134474.00000000011A3000.00000004.00000020.00020000.00000000.sdmp, Offset: 011A3000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_3_119a000_Start.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: ef0e694f7aded55be5af91b79c8f9576bfa8876c0cfcab5273d53d16a98e8e13
    • Instruction ID: c2f80a959e16ffd2a1de47e1a7bc162853843f1f7fbd3c547cbf5a9562ce2c56
    • Opcode Fuzzy Hash: ef0e694f7aded55be5af91b79c8f9576bfa8876c0cfcab5273d53d16a98e8e13
    • Instruction Fuzzy Hash: 6BD175A244E7C14FD3534B7498386957FB09F17624B0E09EBD0C4CF4A3E26E5A9AD722
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0119C860 Relevance: .3, Instructions: 282COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000003.1284057707.000000000119A000.00000004.00000020.00020000.00000000.sdmp, Offset: 0119A000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_3_119a000_Start.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 784a5a554056a70f36e0e3ac66e9a59fccfb0a7daa5a4a7aca2d730612da50c3
    • Instruction ID: 217c317de74c6f93789321f1054090fa5d68099472ce5e64e551f6881dcfc8b8
    • Opcode Fuzzy Hash: 784a5a554056a70f36e0e3ac66e9a59fccfb0a7daa5a4a7aca2d730612da50c3
    • Instruction Fuzzy Hash: A5B1C96544E3C08FDB1B8B7448696827FB09E13624B1F41DBC4E5CF4A3E26A181ED7A7
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00BACDC6 Relevance: .2, Instructions: 160COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 59f48128bd2d1159d272e3c2f1f1c391912598af926ef173736e0041047b5522
    • Instruction ID: 90d0048c4f44140c0ff1a2364db614692bc240464f291a41784d858b29f75814
    • Opcode Fuzzy Hash: 59f48128bd2d1159d272e3c2f1f1c391912598af926ef173736e0041047b5522
    • Instruction Fuzzy Hash: 8D517F71E04119EFDF04CF99C980AAEBFB2EF89300F5980A9E415AB241C735AE51CB90
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00BCF01A Relevance: .1, Instructions: 105COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 8e3d2ddef58efc51921a693ada6d46d54f4da7d7cb6e6594133e79dd4c5b0aeb
    • Instruction ID: d928a6d92685bca28b024cab838a7d58369156a43a57b8c6f4ca956e246f4a30
    • Opcode Fuzzy Hash: 8e3d2ddef58efc51921a693ada6d46d54f4da7d7cb6e6594133e79dd4c5b0aeb
    • Instruction Fuzzy Hash: B321A473F2053947770CC47E8C5327DB6E1C68C601745427AE8A6EA3C1D968D927E2E4
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00BC5CB8 Relevance: .0, Instructions: 23COMMONLIBRARYCODE
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: f285608e126ec62533536f66878eabdf7e15afcd63f8a70c85e49f2def17c645
    • Instruction ID: 9f61160a87bf48a9036bd888f15b64f85f0a0981a7f3852d05a337c0fcadbcd1
    • Opcode Fuzzy Hash: f285608e126ec62533536f66878eabdf7e15afcd63f8a70c85e49f2def17c645
    • Instruction Fuzzy Hash: EAE04632A12628EBC724DB888944E9AF3ECFB49B11B1145DAF904D3210C6B0EE90D7D0
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009E0300 Relevance: 45.9, APIs: 11, Strings: 15, Instructions: 437COMMON
    Download Yara Rule
    APIs
    • GetStdHandle.KERNEL32(000000F4,4B020D8A,00000000,00000000,00CDE864,?,?,?,?,?,?,?,?,?,00BD72D0,00BD7093), ref: 009E0345
    • AttachConsole.KERNEL32(000000FF,?,00000002,kernel32.dll,0000000C,?,?,?,?,?,?,?,?,?,00BD72D0,00BD7093), ref: 009E03D9
    • GetConsoleScreenBufferInfo.KERNEL32(FFFFFFFF,?,00CDE870,?,GetConsoleCommandHistoryLength,?,GetConsoleCommandHistory), ref: 009E0497
    • GetLastError.KERNEL32 ref: 009E052C
    • GetLastError.KERNEL32(00000006,..\..\src\msw\app.cpp,000001CB,`anonymous-namespace'::wxConsoleStderr::DoInit,00C09E34), ref: 009E0563
    • ReadConsoleOutputCharacterA.KERNEL32(FFFFFFFF,?,00000004,?,?,?,?,?,?,?,?,?,?,?,00BD72D0,00BD7093), ref: 009E05E0
    • ReadConsoleOutputCharacterA.KERNEL32(FFFFFFFF,00CCFA50,00000000,?,?), ref: 009E0734
    • GetLastError.KERNEL32(00000006,..\..\src\msw\app.cpp,000001EB,`anonymous-namespace'::wxConsoleStderr::DoInit,00C09E34), ref: 009E07F7
    • GetLastError.KERNEL32 ref: 009E07C0
      • Part of subcall function 009B69E0: GetCurrentThreadId.KERNEL32 ref: 009B6A18
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: ConsoleErrorLast$CharacterOutputRead$AttachBufferCurrentHandleInfoScreenThread
    • String ID: $%s(%d): '%s' failed with error 0x%08lx (%s).$..\..\src\msw\app.cpp$GetConsoleCommandHistory$GetConsoleCommandHistoryLength$GetConsoleScreenBufferInfo$ReadConsoleOutputCharacterA$Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/buffer.h$`anonymous-namespace'::wxConsoleStderr::DoInit$can't extend shared buffer$cannot extend non-owned buffer$kernel32.dll$this->m_data->m_owned$this->m_data->m_ref == 1$wxCharTypeBuffer<char>::extend
    • API String ID: 1568369688-5526898
    • Opcode ID: 75ec4aa9d726ac43f10ce3b199cd4abe362dd88c8e260dff9b25f45097dd43e1
    • Instruction ID: a86b72cd12624157706d3b805642ce895934b19a9b74ba15205506ebb569f4ca
    • Opcode Fuzzy Hash: 75ec4aa9d726ac43f10ce3b199cd4abe362dd88c8e260dff9b25f45097dd43e1
    • Instruction Fuzzy Hash: FA02F970901384EFEB21EF64CD45BED77B4AF46314F048258F859672D2DBB49A84CBA1
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00A2C1A0 Relevance: 44.2, APIs: 6, Strings: 19, Instructions: 430threadwindowCOMMON
    Download Yara Rule
    APIs
    • SendMessageW.USER32(00000000,00000432,00000000,?), ref: 00A2C22F
    • SendMessageW.USER32(00000000,00000432,00000000,?), ref: 00A2C2FF
    • GetCurrentThreadId.KERNEL32 ref: 00A2C43F
    • GetCurrentThreadId.KERNEL32 ref: 00A2C4E6
    • GetCurrentThreadId.KERNEL32 ref: 00A2C340
      • Part of subcall function 00AF1730: __Init_thread_footer.LIBCMT ref: 00AF1777
    • GetCurrentThreadId.KERNEL32 ref: 00A2C62F
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentThread$MessageSend$Init_thread_footer
    • String ID: !$%s(%d): '%s' failed with error 0x%08lx (%s).$(argtype & (wxFormatString::Arg_String)) == argtype$(argtype & (wxFormatStringSpecifier<T>::value)) == argtype$..\..\src\msw\tooltip.cpp$CreateCompatibleDC(NULL)$Failed to create the tooltip '%s'$GetStockObject(DEFAULT_GUI_FONT)$GetTextExtentPoint32$SelectObject(hfont)$Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/strvararg.h$format specifier doesn't match argument type$tooltips_class32$wxArgNormalizer<int>::wxArgNormalizer$wxArgNormalizer<long>::wxArgNormalizer$wxArgNormalizer<wchar_t const *>::wxArgNormalizer$wxArgNormalizerWchar<class wxCStrData const &>::wxArgNormalizerWchar$wxArgNormalizerWchar<class wxString const &>::wxArgNormalizerWchar$wxArgNormalizerWithBuffer<wchar_t>::wxArgNormalizerWithBuffer
    • API String ID: 4039666740-2881662286
    • Opcode ID: 7a2f2c25e7e7fa7c258f0e3024d2226c9111a153d41eebfcc1a76325dfdb3dad
    • Instruction ID: cd73e911b285516044fac0b2875e8321c655a056486fb1b47e9ed95b045ec8ea
    • Opcode Fuzzy Hash: 7a2f2c25e7e7fa7c258f0e3024d2226c9111a153d41eebfcc1a76325dfdb3dad
    • Instruction Fuzzy Hash: F002B070D00368DADF24DFA8DD45BEDBBB0AF01314F1481A9E5097B282EB755A84CF91
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00B2B5D0 Relevance: 38.9, APIs: 1, Strings: 21, Instructions: 412COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00B34610: GetProcAddress.KERNEL32(4B020D8A,?), ref: 00B3464A
    • GetCurrentProcess.KERNEL32(00000029,00C68B48,00000002,?,?,00000001,Windows XP,00000000), ref: 00B2BAEE
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: AddressCurrentProcProcess
    • String ID: (argtype & (wxFormatStringSpecifier<T>::value)) == argtype$, 64-bit edition$IsWow64Process$Windows %lu.%lu$Windows 10$Windows 7$Windows 8$Windows 8.1$Windows Server 2003$Windows Server 2008$Windows Server 2008 R2$Windows Server 2012$Windows Server 2012 R2$Windows Server 2016$Windows Vista$Windows XP$Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/strvararg.h$build %lu$format specifier doesn't match argument type$kernel32.dll$wxArgNormalizer<unsigned long>::wxArgNormalizer
    • API String ID: 3217270580-3057639826
    • Opcode ID: db86149f89111236d3f64cf98dfd45a49c2bf37c77375ffa44049f000c0269d4
    • Instruction ID: 827b907d9e0cf2f6e2c77ca27c06978c2ba138bce73d920837f9f5715715a677
    • Opcode Fuzzy Hash: db86149f89111236d3f64cf98dfd45a49c2bf37c77375ffa44049f000c0269d4
    • Instruction Fuzzy Hash: 66F16CB0D002589FDF24DFA4DC95BEEBBF4AF55304F1401A9E40AA7292EB745E48CB91
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00A006C0 Relevance: 31.7, APIs: 11, Strings: 7, Instructions: 224windowCOMMON
    Download Yara Rule
    APIs
    • CreateCompatibleDC.GDI32(00000000), ref: 00A008F0
    • CreateCompatibleDC.GDI32(00000000), ref: 00A008F7
    • GetObjectW.GDI32(?,00000018,?), ref: 00A00908
    • CreateCompatibleBitmap.GDI32(?,?,?), ref: 00A0095E
    • SelectObject.GDI32(?,?), ref: 00A00977
    • SelectObject.GDI32(00C09274,?), ref: 00A00982
    • BitBlt.GDI32(00C09274,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 00A0099A
    • SelectObject.GDI32(?,00000000), ref: 00A009A6
    • DeleteDC.GDI32(?), ref: 00A009AF
    • SelectObject.GDI32(00C09274,00000000), ref: 00A009B4
    • DeleteDC.GDI32(00C09274), ref: 00A009B7
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: Object$Select$CompatibleCreate$Delete$Bitmap
    • String ID: !data.m_dib$"Assert failure"$..\..\src\msw\bitmap.cpp$Cannot retrieve the dimensions of the wxMask to copy$can't copy bitmap locked for raw access!$wxBitmapRefData::wxBitmapRefData$wxMask::wxMask
    • API String ID: 2621522887-4193725216
    • Opcode ID: 511d7955dadd99c40d182372d0ab85a198fae9958170b11619c2fc57b6f88728
    • Instruction ID: 1d16428de8ba74fb05303741900f5e53575c06eda88bcc6df5dbeea729b2d6a3
    • Opcode Fuzzy Hash: 511d7955dadd99c40d182372d0ab85a198fae9958170b11619c2fc57b6f88728
    • Instruction Fuzzy Hash: AD916D71901248EFDB10DFA4D985BDEBFF4AF09314F158059E808AB2D2C7B5AA45CFA1
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00A15B20 Relevance: 28.3, APIs: 10, Strings: 6, Instructions: 314threadCOMMON
    Download Yara Rule
    APIs
    • GetObjectW.GDI32(?,00000054,?), ref: 00A15B7B
    • CreateCompatibleDC.GDI32(00000000), ref: 00A15BFA
    • SelectObject.GDI32(00000000,?), ref: 00A15C17
    • GetDIBColorTable.GDI32(00000000,00000000,?,00000000), ref: 00A15C2F
    • SelectObject.GDI32(00000000,?), ref: 00A15C6A
    • DeleteDC.GDI32(00000000), ref: 00A15C71
    • GetCurrentThreadId.KERNEL32 ref: 00A15CC0
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,GetObject(hDIB),00000000), ref: 00A15DA5
    • GetCurrentThreadId.KERNEL32 ref: 00A15DE3
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,GetObject(hDIB),00000000), ref: 00A15E10
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: Object$CurrentErrorLastSelectThread$ColorCompatibleCreateDeleteTable
    • String ID: "m_handle"$%s(%d): '%s' failed with error 0x%08lx (%s).$..\..\src\msw\dib.cpp$GetObject(hDIB)$wxDIB::CreateDDB$wxDIB::CreateDDB(): invalid object
    • API String ID: 1131945438-248245726
    • Opcode ID: e678caf404ed62cb94eaac7105b5ce96a8d7c45b75b05d08b01329a2989e06dc
    • Instruction ID: 59126b386535f50c792a28b8d3bd9c5cf4762a9d57361d95d9cad7003bf3711f
    • Opcode Fuzzy Hash: e678caf404ed62cb94eaac7105b5ce96a8d7c45b75b05d08b01329a2989e06dc
    • Instruction Fuzzy Hash: E4C1DDB1D00618DBDB20EFB4CD45BEEBBB0AF45304F1441A9E509BB281EB755E85CBA1
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00A0DDF0 Relevance: 26.6, APIs: 6, Strings: 9, Instructions: 331threadwindowCOMMON
    Download Yara Rule
    APIs
    • LoadCursorW.USER32(00000000,?), ref: 00A0DE6A
    • CreateIconIndirect.USER32(?), ref: 00A0E04C
    • GetCurrentThreadId.KERNEL32 ref: 00A0E116
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000000), ref: 00A0E1CF
    • GetCurrentThreadId.KERNEL32 ref: 00A0E20D
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000), ref: 00A0E23A
      • Part of subcall function 009B74D0: GetIconInfo.USER32(?,?), ref: 009B750A
      • Part of subcall function 009B74D0: GetCurrentThreadId.KERNEL32 ref: 009B754D
      • Part of subcall function 009B74D0: GetLastError.KERNEL32(?,?,?,?,?,?,?,00000000,00BD3371,000000FF), ref: 009B7626
    Strings
    • "Assert failure", xrefs: 00A0E0AB
    • %s(%d): '%s' failed with error 0x%08lx (%s)., xrefs: 00A0E19E
    • LoadCursor, xrefs: 00A0E240
    • Loading a cursor defined by wxWidgets failed, did you include include/wx/msw/wx.rc file from your resource file?, xrefs: 00A0E0A6
    • wxCursor::InitFromStock, xrefs: 00A0E0B0, 00A0E1F3, 00A0E2E6
    • ..\..\src\msw\cursor.cpp, xrefs: 00A0E0BA, 00A0E1EC, 00A0E24A, 00A0E2F0
    • invalid cursor id in wxCursor() ctor, xrefs: 00A0E2DC
    • "idCursor > 0 && (size_t)idCursor < (sizeof(stdCursors)/sizeof(stdCursors[0]))", xrefs: 00A0E2E1
    • WXCURSOR_HAND, xrefs: 00A0DE80
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentErrorLastThread$Icon$CreateCursorIndirectInfoLoad
    • String ID: "Assert failure"$"idCursor > 0 && (size_t)idCursor < (sizeof(stdCursors)/sizeof(stdCursors[0]))"$%s(%d): '%s' failed with error 0x%08lx (%s).$..\..\src\msw\cursor.cpp$LoadCursor$Loading a cursor defined by wxWidgets failed, did you include include/wx/msw/wx.rc file from your resource file?$WXCURSOR_HAND$invalid cursor id in wxCursor() ctor$wxCursor::InitFromStock
    • API String ID: 4056377637-2678284524
    • Opcode ID: 1842afe573dcfb3849a283280890278058d8dd4b40eb4acdac56ae901772a0f0
    • Instruction ID: 56e6a11c6cc30f7c9c7c72a433f2e17240391bab394194819f4d598ae4ce65ce
    • Opcode Fuzzy Hash: 1842afe573dcfb3849a283280890278058d8dd4b40eb4acdac56ae901772a0f0
    • Instruction Fuzzy Hash: E7D19D71D0021C9EDF20DFB4DD05B9EBBB4AF1A304F1086A9E459B7282EB709A84DF51
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00A03610 Relevance: 26.6, APIs: 8, Strings: 7, Instructions: 305COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentThread$DeleteErrorLastObject
    • String ID: "w > 0 && h > 0"$%s(%d): '%s' failed with error 0x%08lx (%s).$..\..\src\msw\bitmap.cpp$CreateBitmap$CreateCompatibleBitmap$invalid bitmap size$wxBitmap::DoCreate
    • API String ID: 3447824651-3833775881
    • Opcode ID: 5099f86ca190185d76f67080403481b3e054b344540daa3cbc0163785cf24ab3
    • Instruction ID: 85133be2ba32cf77c0b1601bd80cbc4b1c1119b1950abe4db890c23003482407
    • Opcode Fuzzy Hash: 5099f86ca190185d76f67080403481b3e054b344540daa3cbc0163785cf24ab3
    • Instruction Fuzzy Hash: 81C1A0B1900348EFDF20DF64D945BEEBBB8AF45354F148199E8196B2D2DB709B04CBA1
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009E7C40 Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 370threadregistryCOMMON
    Download Yara Rule
    APIs
    • RegisterClassW.USER32(4B020D8A), ref: 009E7CD5
    • GetCurrentThreadId.KERNEL32 ref: 009E7D1C
    • GetLastError.KERNEL32 ref: 009E7DCF
    • GetCurrentThreadId.KERNEL32 ref: 009E7E0D
    • GetLastError.KERNEL32 ref: 009E7E3A
    • CreateWindowExW.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,4B020D8A), ref: 009E7EB9
    • GetCurrentThreadId.KERNEL32 ref: 009E7F0F
    • GetLastError.KERNEL32 ref: 009E800E
    • GetCurrentThreadId.KERNEL32 ref: 009E805E
    • GetLastError.KERNEL32 ref: 009E809A
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentErrorLastThread$ClassCreateRegisterWindow
    • String ID: %s(%d): '%s' failed with error 0x%08lx (%s).$..\..\src\msw\toplevel.cpp$CreateWindow(hidden TLW parent)$RegisterClass("wxTLWHiddenParent")
    • API String ID: 2192023827-108781334
    • Opcode ID: 06dbbf9c8fd060c5ee8ef0d8dadc6dc328b4e3ccf26775b3085cfa0953fd6bcb
    • Instruction ID: 1d7243053b915fb3f44ece732af2734642109714f21ae2e94cc6a62cff812dff
    • Opcode Fuzzy Hash: 06dbbf9c8fd060c5ee8ef0d8dadc6dc328b4e3ccf26775b3085cfa0953fd6bcb
    • Instruction Fuzzy Hash: EAE19F70C09298DAEB21EFA4CD45BAEBBB4AF05304F1042D9E40977281EB755E85CF91
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00B0E6B0 Relevance: 24.8, APIs: 5, Strings: 9, Instructions: 289threadCOMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • FindClose.KERNEL32(?,4B020D8A,?,?,?,?,?,?,00BD3371,000000FF), ref: 00B0E6E9
    • GetCurrentThreadId.KERNEL32 ref: 00B0E72D
      • Part of subcall function 00B0EA90: GetLastError.KERNEL32(?,00000048,?,00000000,?,?,?,?,?,?,?,?,?,00BF66B6,000000FF), ref: 00B0EB7C
      • Part of subcall function 00B0EA90: GetCurrentThreadId.KERNEL32 ref: 00B0EBD0
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00BD3371,000000FF), ref: 00B0E806
    • GetCurrentThreadId.KERNEL32 ref: 00B0E844
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00BD3371,000000FF), ref: 00B0E871
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentErrorLastThread$CloseFind
    • String ID: "IsOpened()"$"filename"$%s(%d): '%s' failed with error 0x%08lx (%s).$..\..\src\msw\dir.cpp$FindClose$bad pointer in wxDir::GetNext()$must wxDir::Open() first$wxDir::GetFirst$wxDir::GetNext
    • API String ID: 3386376005-1333453299
    • Opcode ID: e2cab4e4459cfe194446ce8eaf980f7de7d0bdc15bae30daa0ee9fe52393efd9
    • Instruction ID: eb6ac55921b1a124d82342fbda0a300167f838c33d8159812b2429e85352c8c2
    • Opcode Fuzzy Hash: e2cab4e4459cfe194446ce8eaf980f7de7d0bdc15bae30daa0ee9fe52393efd9
    • Instruction Fuzzy Hash: D2B1C071900348EBDB20EF64C846BAE7FE0EF01354F1449A9F829672D2E775DA45CB91
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00B2C7D0 Relevance: 24.7, APIs: 7, Strings: 7, Instructions: 221registrythreadCOMMON
    Download Yara Rule
    APIs
    • RegisterClassW.USER32(?), ref: 00B2C84C
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,RegisterClass() in wxCreateHiddenWindow,00000000), ref: 00B2C8BE
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,RegisterClass() in wxCreateHiddenWindow,00000000), ref: 00B2C8CD
    • CreateWindowExW.USER32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00B2C953
    • GetCurrentThreadId.KERNEL32 ref: 00B2C98C
    • GetLastError.KERNEL32 ref: 00B2CA38
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 00B2CA47
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: ErrorLast$ClassCreateCurrentRegisterThreadWindow
    • String ID: "classname && pclassname && wndproc"$%s(%d): '%s' failed with error 0x%08lx (%s).$..\..\src\msw\utils.cpp$CreateWindow() in wxCreateHiddenWindow$NULL parameter in wxCreateHiddenWindow$RegisterClass() in wxCreateHiddenWindow$wxCreateHiddenWindow
    • API String ID: 1334629325-1521975635
    • Opcode ID: 80f4f012acaf7a4fcb65026beea4f20cf0d5ef618d26e493b221372d935dc030
    • Instruction ID: 65f0f79d9c7e3f67483dca76254bdd0058f5503c51bd64badddcd82dd648bd24
    • Opcode Fuzzy Hash: 80f4f012acaf7a4fcb65026beea4f20cf0d5ef618d26e493b221372d935dc030
    • Instruction Fuzzy Hash: 3C7103719483409EE721EB34D982BAF7BD0AF92304F44096DF589972D2EF719848CB97
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00A19A10 Relevance: 23.2, APIs: 2, Strings: 11, Instructions: 461threadCOMMON
    Download Yara Rule
    APIs
    • GetCurrentThreadId.KERNEL32 ref: 00A19CC0
    • GetCurrentThreadId.KERNEL32 ref: 00A19E2C
    Strings
    • wxSetFocusToChild(): invalid window, xrefs: 00A1A060
    • Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/strvararg.h, xrefs: 00A19EA1
    • wxSetFocusToChild, xrefs: 00A19B7F, 00A19E12, 00A1A06A
    • "win", xrefs: 00A1A065
    • wxArgNormalizer<struct HWND__ *>::wxArgNormalizer, xrefs: 00A19E97
    • format specifier doesn't match argument type, xrefs: 00A19E8D
    • SetFocusToChild() => last child (0x%p)., xrefs: 00A19B23
    • focus, xrefs: 00A19B3B, 00A19DBE
    • SetFocusToChild() => first child (0x%p)., xrefs: 00A19D97
    • (argtype & (wxFormatStringSpecifier<T>::value)) == argtype, xrefs: 00A19E92
    • ..\..\src\common\containr.cpp, xrefs: 00A19B89, 00A19E0B, 00A1A074
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentThread
    • String ID: "win"$(argtype & (wxFormatStringSpecifier<T>::value)) == argtype$..\..\src\common\containr.cpp$SetFocusToChild() => first child (0x%p).$SetFocusToChild() => last child (0x%p).$Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/strvararg.h$focus$format specifier doesn't match argument type$wxArgNormalizer<struct HWND__ *>::wxArgNormalizer$wxSetFocusToChild$wxSetFocusToChild(): invalid window
    • API String ID: 2882836952-1009666617
    • Opcode ID: 865358eb8a7bedf641920de2dc0d257f532fadd410c9919ae39217dab2f4aa1c
    • Instruction ID: ca0ad1d2deb99f62dd66f7a72a64af88723efb4138aefb84cde852c6e67ab70b
    • Opcode Fuzzy Hash: 865358eb8a7bedf641920de2dc0d257f532fadd410c9919ae39217dab2f4aa1c
    • Instruction Fuzzy Hash: 37020170A01348DFDF20DFA4C855BEEB7E1BF56304F148168E809AB2D2DB759A85CB91
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009D41B0 Relevance: 23.2, APIs: 7, Strings: 6, Instructions: 427threadCOMMON
    Download Yara Rule
    APIs
    • ScrollWindow.USER32(00BD5E31,?,?,00000000,00000000), ref: 009D422C
    • MoveWindow.USER32(00000000,?,?,?,?,4B020D8A,4B020D8A,?,?,?,?,?,?,?,?,?), ref: 009D4264
    • GetCurrentThreadId.KERNEL32 ref: 009D42A1
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00BD5E31,000000FF), ref: 009D437A
    • GetCurrentThreadId.KERNEL32 ref: 009D43B8
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00BD5E31,000000FF), ref: 009D43E5
    • ScrollWindow.USER32(00BD5E31,?,?,00000000,00000000), ref: 009D451A
    Strings
    • wxWindow::MSWOnDrawItem, xrefs: 009D4629
    • MoveWindow, xrefs: 009D43EB
    • ..\..\src\msw\window.cpp, xrefs: 009D4397, 009D43F5, 009D4633
    • %s(%d): '%s' failed with error 0x%08lx (%s)., xrefs: 009D4352
    • MSWOnDrawItem: bad wxMenuItem pointer, xrefs: 009D461F
    • "((wxMenuItem *) wxCheckDynamicCast( const_cast<wxObject *>(static_cast<const wxObject *>( const_cast<wxMenuItem *>(static_cast<const wxMenuItem *>(pMenuItem)))), &wxMenuItem::ms_classInfo))", xrefs: 009D4624
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: Window$CurrentErrorLastScrollThread$Move
    • String ID: "((wxMenuItem *) wxCheckDynamicCast( const_cast<wxObject *>(static_cast<const wxObject *>( const_cast<wxMenuItem *>(static_cast<const wxMenuItem *>(pMenuItem)))), &wxMenuItem::ms_classInfo))"$%s(%d): '%s' failed with error 0x%08lx (%s).$..\..\src\msw\window.cpp$MSWOnDrawItem: bad wxMenuItem pointer$MoveWindow$wxWindow::MSWOnDrawItem
    • API String ID: 35056878-2993198000
    • Opcode ID: 710d8d2fb2c98a841648eda072520fd4f4af95f5d61e5b7204f5bb46656d558c
    • Instruction ID: 7cc0a637c79184f2953be921e7000d6560e37aa6dd5589d36250fc7300186324
    • Opcode Fuzzy Hash: 710d8d2fb2c98a841648eda072520fd4f4af95f5d61e5b7204f5bb46656d558c
    • Instruction Fuzzy Hash: EFF1F171A402089FDF20DFA8C845BEEBBF8EF55310F14816AF919A7391E735A944CB90
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00A4D630 Relevance: 23.1, APIs: 6, Strings: 7, Instructions: 303threadCOMMON
    Download Yara Rule
    APIs
    • RevokeDragDrop.OLE32(?), ref: 00A4D66B
    • GetCurrentThreadId.KERNEL32 ref: 00A4D6AD
    • GetCurrentThreadId.KERNEL32 ref: 00A4D7C2
    • CoLockObjectExternal.OLE32(?,00000000,00000001,?,?,?,?,?,?,00000001,00BD5071,000000FF), ref: 00A4D90C
    • GetDC.USER32(428D0824), ref: 00A4D9AE
    • SetBkMode.GDI32(00000000,00000001), ref: 00A4D9BD
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentThread$DragDropExternalLockModeObjectRevoke
    • String ID: "window"$%s(%d): '%s' failed with error 0x%08lx (%s).$..\..\src\msw\dcclient.cpp$..\..\src\msw\ole\droptgt.cpp$RevokeDragDrop$invalid window in wxClientDCImpl$wxClientDCImpl::wxClientDCImpl
    • API String ID: 2215160907-3507817944
    • Opcode ID: c98ef6726f7462f6ea503d7670b266de09816d0a1cc5919d4c6de69d7c350816
    • Instruction ID: 0b166297b6bcbe36e0b7051d4716cfd43fe919c504d357cfb0e8562ff592203a
    • Opcode Fuzzy Hash: c98ef6726f7462f6ea503d7670b266de09816d0a1cc5919d4c6de69d7c350816
    • Instruction Fuzzy Hash: A3B10375904348EFDB10EFA8D805BAEBBB0FF45304F148269F819A7682EB759904CB91
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00A147A0 Relevance: 23.0, APIs: 7, Strings: 6, Instructions: 286threadwindowCOMMON
    Download Yara Rule
    APIs
    • GetDC.USER32(00000000), ref: 00A14834
    • CreateDIBitmap.GDI32(00000000,?,00000004,?,?,00000000), ref: 00A1484D
    • ReleaseDC.USER32(00000000,00000000), ref: 00A14860
    • GetCurrentThreadId.KERNEL32 ref: 00A1489D
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00BDB8A1,000000FF), ref: 00A14976
    • GetCurrentThreadId.KERNEL32 ref: 00A149B4
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00BDB8A1,000000FF), ref: 00A149E1
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentErrorLastThread$BitmapCreateRelease
    • String ID: "pbmi"$%s(%d): '%s' failed with error 0x%08lx (%s).$..\..\src\msw\dib.cpp$CreateDIBitmap$invalid DIB in ConvertToBitmap$wxDIB::ConvertToBitmap
    • API String ID: 2404329425-3720500207
    • Opcode ID: e795bab46df59c9d3eac19b9b43f2366f18a03178a217200771a6acf31e34c5a
    • Instruction ID: 7f3a274a6940b12cabc93282f9ecb3a5904a2f72fb5692749bd289d21a3023a3
    • Opcode Fuzzy Hash: e795bab46df59c9d3eac19b9b43f2366f18a03178a217200771a6acf31e34c5a
    • Instruction Fuzzy Hash: 0BB10471D04348DBDF20EFA8C945BEEBBF0AF49354F144168F919AB281E7359984CBA1
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00B07660 Relevance: 23.0, APIs: 5, Strings: 8, Instructions: 281threadCOMMON
    Download Yara Rule
    APIs
    • CloseHandle.KERNEL32(?,4B020D8A,?,?,?,?,?,?,?,00000000,00BD4FC0,000000FF), ref: 00B076A1
    • GetCurrentThreadId.KERNEL32 ref: 00B076D9
    • GetCurrentThreadId.KERNEL32 ref: 00B077E3
    • GetLastError.KERNEL32 ref: 00B07811
    • GetLastError.KERNEL32 ref: 00B07820
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentErrorLastThread$CloseHandle
    • String ID: !m_impl$!name.empty()$%s(%d): '%s' failed with error 0x%08lx (%s).$..\..\src\msw\snglinst.cpp$CloseHandle(mutex)$calling wxSingleInstanceChecker::Create() twice?$mutex name can't be empty$wxSingleInstanceChecker::Create
    • API String ID: 524227624-25858104
    • Opcode ID: 9420ee259ef4771da76000225a242fcadbb40a19c584ca179a4d3aa466312580
    • Instruction ID: 948da037354b8c80ccfe2a28ff87ffbcf82409ce0fbf822c6ca778d713c55d09
    • Opcode Fuzzy Hash: 9420ee259ef4771da76000225a242fcadbb40a19c584ca179a4d3aa466312580
    • Instruction Fuzzy Hash: 5FA10671D48308AFDB20EF68C8457AEBFE0EF51344F1441A8F449A72D2EB75A945CBA1
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00A03A80 Relevance: 23.0, APIs: 5, Strings: 8, Instructions: 264threadCOMMON
    Download Yara Rule
    APIs
    • DeleteObject.GDI32(?), ref: 00A03B3D
    • GetCurrentThreadId.KERNEL32 ref: 00A03B7D
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00BD3371,000000FF), ref: 00A03C56
    • GetCurrentThreadId.KERNEL32 ref: 00A03C94
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00BD3371,000000FF), ref: 00A03CC1
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentErrorLastThread$DeleteObject
    • String ID: !m_dib$!m_selectedInto$%s(%d): '%s' failed with error 0x%08lx (%s).$..\..\src\msw\bitmap.cpp$DeleteObject(hbitmap)$deleting bitmap still selected into wxMemoryDC$forgot to call wxBitmap::UngetRawData()!$wxBitmapRefData::Free
    • API String ID: 3565261088-624236620
    • Opcode ID: 930eaa363e9a16f1d546252c788880d20377615726ea536f53ef7af022476b25
    • Instruction ID: 3bfb2ca07e73187c9aa1a6682ddbe053c1ff045b3f607a0e55155e5a618eb4ad
    • Opcode Fuzzy Hash: 930eaa363e9a16f1d546252c788880d20377615726ea536f53ef7af022476b25
    • Instruction Fuzzy Hash: FFA1D57290434CEFDF20EFA4D8467EE7BA8AF02704F144669F909672C2E7759A44CB91
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00A01340 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 179threadCOMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00A15B20: GetObjectW.GDI32(?,00000054,?), ref: 00A15B7B
    • GetObjectW.GDI32(00000000,00000018,?), ref: 00A013B7
    • GetCurrentThreadId.KERNEL32 ref: 00A013F5
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00BDA1C1,000000FF), ref: 00A01491
    • GetCurrentThreadId.KERNEL32 ref: 00A014CF
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00A014FC
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentErrorLastObjectThread
    • String ID: "!IsOk()"$"dib.IsOk()"$%s(%d): '%s' failed with error 0x%08lx (%s).$..\..\src\msw\bitmap.cpp$GetObject (@wxBitmapRefData::CopyFromDIB)$bitmap already initialized$invalid DIB in CopyFromDIB$wxBitmapRefData::CopyFromDIB
    • API String ID: 4002681911-357335564
    • Opcode ID: 0a02e4c1222d45a0806c72909de81fd721e36e66badb8b7b333618762596cf6b
    • Instruction ID: ef5bf04b7dc9dbe20f3ff4edef7eafd19e449c525fd826ae81450eab19ba30a6
    • Opcode Fuzzy Hash: 0a02e4c1222d45a0806c72909de81fd721e36e66badb8b7b333618762596cf6b
    • Instruction Fuzzy Hash: AD61BFB190034CAFDB10DFA4DC85BEE7BB4AF05304F504229F919AB2D2E7759A45CBA1
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009BCA20 Relevance: 21.5, APIs: 2, Strings: 10, Instructions: 481threadCOMMON
    Download Yara Rule
    APIs
    • GetCurrentThreadId.KERNEL32 ref: 009BCD43
    • GetCurrentThreadId.KERNEL32 ref: 009BCE80
    Strings
    • flags, xrefs: 009BCA80
    • Invalid menu string '%s', xrefs: 009BCE0C
    • Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/strvararg.h, xrefs: 009BCEFE
    • ..\..\src\common\utilscmn.cpp, xrefs: 009BCA8F, 009BCE50
    • (argtype & (wxFormatString::Arg_String)) == argtype, xrefs: 009BCEEF
    • this is useless to call without any flags, xrefs: 009BCA7B
    • format specifier doesn't match argument type, xrefs: 009BCEEA
    • wxStripMenuCodes, xrefs: 009BCA85, 009BCE5A
    • ?*(&?), xrefs: 009BCBA5
    • wxArgNormalizerWchar<class wxCStrData const &>::wxArgNormalizerWchar, xrefs: 009BCEF4
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentThread
    • String ID: (argtype & (wxFormatString::Arg_String)) == argtype$..\..\src\common\utilscmn.cpp$?*(&?)$Invalid menu string '%s'$Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/strvararg.h$flags$format specifier doesn't match argument type$this is useless to call without any flags$wxArgNormalizerWchar<class wxCStrData const &>::wxArgNormalizerWchar$wxStripMenuCodes
    • API String ID: 2882836952-1913611657
    • Opcode ID: c276cbff96b97a8a16445f479d3d3318507d3669fa7142f3575ed790b5dd1e7e
    • Instruction ID: 3b7567fa1e5e235a493c3741c033cc71656579b08f663f7a757973d95e1dc61f
    • Opcode Fuzzy Hash: c276cbff96b97a8a16445f479d3d3318507d3669fa7142f3575ed790b5dd1e7e
    • Instruction Fuzzy Hash: 6512DFB0D00258DFDF24EFA4CD55BEEBBB4BF51314F0445A9E40AA7282EB745A44CBA1
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00B53270 Relevance: 21.2, APIs: 3, Strings: 9, Instructions: 224threadCOMMON
    Download Yara Rule
    APIs
    • GetCurrentThreadId.KERNEL32 ref: 00B5332D
    • GetCurrentThreadId.KERNEL32 ref: 00B53473
    • GetLastError.KERNEL32(wx.sys_error,can't write to file descriptor %d,?,?,00000000,?,?,?,?,?,?,00BFCB5C,000000FF), ref: 00B534B7
    Strings
    • wxFile::Write, xrefs: 00B5344D, 00B5358D
    • Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/strvararg.h, xrefs: 00B534FE
    • ..\..\src\common\file.cpp, xrefs: 00B53443, 00B53597
    • can't write to file descriptor %d, xrefs: 00B53381
    • "(pBuf != 0) && IsOpened()", xrefs: 00B53588
    • wx.sys_error, xrefs: 00B53421
    • format specifier doesn't match argument type, xrefs: 00B534EA
    • wxArgNormalizer<int>::wxArgNormalizer, xrefs: 00B534F4
    • (argtype & (wxFormatStringSpecifier<T>::value)) == argtype, xrefs: 00B534EF
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentThread$ErrorLast
    • String ID: "(pBuf != 0) && IsOpened()"$(argtype & (wxFormatStringSpecifier<T>::value)) == argtype$..\..\src\common\file.cpp$Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/strvararg.h$can't write to file descriptor %d$format specifier doesn't match argument type$wx.sys_error$wxArgNormalizer<int>::wxArgNormalizer$wxFile::Write
    • API String ID: 4172138867-4100103848
    • Opcode ID: d38e9bff7b98b5f0340009e3502032ab05863aa5ea77ac881572b189333f4b83
    • Instruction ID: e3a9e94ec92f8fb687eea88e9bb2382b51b4d5dc004da650d091cfc1b1203649
    • Opcode Fuzzy Hash: d38e9bff7b98b5f0340009e3502032ab05863aa5ea77ac881572b189333f4b83
    • Instruction Fuzzy Hash: 8A91A171800288DFDB20DFB4DC55BED7BE4BF15744F1441A9F91AA7282EB749A08CBA1
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00A15840 Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 190threadCOMMON
    Download Yara Rule
    APIs
    • GetObjectW.GDI32(?,00000054,?), ref: 00A15895
    • GetObjectW.GDI32(?,00000018,?), ref: 00A158D0
    • GetCurrentThreadId.KERNEL32 ref: 00A1590D
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000000), ref: 00A159A9
    • GetCurrentThreadId.KERNEL32 ref: 00A159F3
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000), ref: 00A15A35
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentErrorLastObjectThread
    • String ID: "hbmp"$%s(%d): '%s' failed with error 0x%08lx (%s).$..\..\src\msw\dib.cpp$GetObject(bitmap)$wxDIB::Create$wxDIB::Create(): invalid bitmap
    • API String ID: 4002681911-4152019967
    • Opcode ID: 1580a71b5fe594856401c017fdc124d997341be03882a4e415cfcb61c06ce8d8
    • Instruction ID: 7e95840a96a34784b6d9a41d97278f524460558312a7dc8c11a7dcaf4ea422f9
    • Opcode Fuzzy Hash: 1580a71b5fe594856401c017fdc124d997341be03882a4e415cfcb61c06ce8d8
    • Instruction Fuzzy Hash: 4371D170C40748DEDF20EFB4C955BEEBBB4AF45314F404269F819A7282E7705A48DB61
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00AA4460 Relevance: 19.7, APIs: 4, Strings: 7, Instructions: 474threadCOMMON
    Download Yara Rule
    APIs
    • ChooseFontW.COMDLG32(?,?,00000068,user32.dll), ref: 00AA46E6
    • CommDlgExtendedError.COMDLG32 ref: 00AA479D
    • GetCurrentThreadId.KERNEL32 ref: 00AA47E2
    • GetCurrentThreadId.KERNEL32 ref: 00AA4940
    Strings
    • Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/strvararg.h, xrefs: 00AA49B2
    • Common dialog failed with error code %0lx., xrefs: 00AA4839
    • format specifier doesn't match argument type, xrefs: 00AA499E
    • SetThreadDpiAwarenessContext, xrefs: 00AA469B
    • user32.dll, xrefs: 00AA465F
    • (argtype & (wxFormatStringSpecifier<T>::value)) == argtype, xrefs: 00AA49A3
    • wxArgNormalizer<unsigned long>::wxArgNormalizer, xrefs: 00AA49A8
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentThread$ChooseCommErrorExtendedFont
    • String ID: (argtype & (wxFormatStringSpecifier<T>::value)) == argtype$Common dialog failed with error code %0lx.$SetThreadDpiAwarenessContext$Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/strvararg.h$format specifier doesn't match argument type$user32.dll$wxArgNormalizer<unsigned long>::wxArgNormalizer
    • API String ID: 3667411181-1014149194
    • Opcode ID: 8eda4f1a20d2ceb16b3b646ba93464c748c93b4605553a86c613f4b31291aaf6
    • Instruction ID: 9e3c1c6037b97eee850bf95d13e97f6152d6b40430c712347bdf6aed07a673a2
    • Opcode Fuzzy Hash: 8eda4f1a20d2ceb16b3b646ba93464c748c93b4605553a86c613f4b31291aaf6
    • Instruction Fuzzy Hash: D512A371900289DFDF20DFA4C945BEEBBF5AF99304F144169F819A72C1EB749A04CB61
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00B0A150 Relevance: 19.7, APIs: 5, Strings: 6, Instructions: 438threadCOMMON
    Download Yara Rule
    APIs
    • GetTempPathW.KERNEL32(00000104,?,00B0C5BF,00000105,?,00000000,?,?,00000000,?,?,00000000,00000000), ref: 00B0A2D7
    • GetCurrentThreadId.KERNEL32 ref: 00B0A324
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000), ref: 00B0A40F
    • GetCurrentThreadId.KERNEL32 ref: 00B0A45C
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000), ref: 00B0A489
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentErrorLastThread$PathTemp
    • String ID: %s(%d): '%s' failed with error 0x%08lx (%s).$..\..\src\common\filename.cpp$GetTempPath$TEMP$TMP$TMPDIR
    • API String ID: 3582472168-385932262
    • Opcode ID: 06ff77353766a92736a01b6ec1ef67712a5ed7e939b9f97eefbe419731e59c35
    • Instruction ID: 4f2bdad57522886553fa0856a5ce2d991001294ae8ed33ed0cb5d229aefc99c6
    • Opcode Fuzzy Hash: 06ff77353766a92736a01b6ec1ef67712a5ed7e939b9f97eefbe419731e59c35
    • Instruction Fuzzy Hash: 46F1BF71D003189BDB20EBA4C845BEEBBF5BF56304F1445E9E405AB2C2EB759E44CB92
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00A21490 Relevance: 19.6, APIs: 7, Strings: 4, Instructions: 368COMMON
    Download Yara Rule
    APIs
    • GetDlgItem.USER32(?,00000006), ref: 00A2151F
    • SetWindowTextW.USER32(?,?), ref: 00A2174D
    • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00A2185E
    • GetDlgItem.USER32(?,00000006), ref: 00A218CC
    • GetParent.USER32(00000000), ref: 00A218E4
    • MapWindowPoints.USER32(00000000,00000000,?,00000002), ref: 00A218F3
    • MoveWindow.USER32(00000000,?,?,?,?,00000000), ref: 00A21910
    Strings
    • all buttons are supposed to be of same width, xrefs: 00A216E8
    • ..\..\src\msw\msgdlg.cpp, xrefs: 00A216FC
    • wBtnOld == rc.right - rc.left, xrefs: 00A216ED
    • wxMessageDialog::AdjustButtonLabels, xrefs: 00A216F2
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: Window$ItemMove$ParentPointsText
    • String ID: ..\..\src\msw\msgdlg.cpp$all buttons are supposed to be of same width$wBtnOld == rc.right - rc.left$wxMessageDialog::AdjustButtonLabels
    • API String ID: 415616396-2446351938
    • Opcode ID: dbcb30d1b3d64451659e9cdf90313b80dcae3ede16c48501920e5fc7958f27a5
    • Instruction ID: 31dca3993d7b2692176f7da5232a95cc8d77f77c284f22f238d73130392d0341
    • Opcode Fuzzy Hash: dbcb30d1b3d64451659e9cdf90313b80dcae3ede16c48501920e5fc7958f27a5
    • Instruction Fuzzy Hash: 3DE13871D002289FDB14CFA8DD45BEDBBB5FF99314F148269E419A7291EB30AA84CF50
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00BCAC08 Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • ___free_lconv_mon.LIBCMT ref: 00BCAC4C
      • Part of subcall function 00BC9D9A: _free.LIBCMT ref: 00BC9DB7
      • Part of subcall function 00BC9D9A: _free.LIBCMT ref: 00BC9DC9
      • Part of subcall function 00BC9D9A: _free.LIBCMT ref: 00BC9DDB
      • Part of subcall function 00BC9D9A: _free.LIBCMT ref: 00BC9DED
      • Part of subcall function 00BC9D9A: _free.LIBCMT ref: 00BC9DFF
      • Part of subcall function 00BC9D9A: _free.LIBCMT ref: 00BC9E11
      • Part of subcall function 00BC9D9A: _free.LIBCMT ref: 00BC9E23
      • Part of subcall function 00BC9D9A: _free.LIBCMT ref: 00BC9E35
      • Part of subcall function 00BC9D9A: _free.LIBCMT ref: 00BC9E47
      • Part of subcall function 00BC9D9A: _free.LIBCMT ref: 00BC9E59
      • Part of subcall function 00BC9D9A: _free.LIBCMT ref: 00BC9E6B
      • Part of subcall function 00BC9D9A: _free.LIBCMT ref: 00BC9E7D
      • Part of subcall function 00BC9D9A: _free.LIBCMT ref: 00BC9E8F
    • _free.LIBCMT ref: 00BCAC41
      • Part of subcall function 00BC48A6: RtlFreeHeap.NTDLL(00000000,00000000,?,00BCA4F5,?,00000000,?,?,?,00BCA79A,?,00000007,?,?,00BCADA1,?), ref: 00BC48BC
      • Part of subcall function 00BC48A6: GetLastError.KERNEL32(?,?,00BCA4F5,?,00000000,?,?,?,00BCA79A,?,00000007,?,?,00BCADA1,?,?), ref: 00BC48CE
    • _free.LIBCMT ref: 00BCAC63
    • _free.LIBCMT ref: 00BCAC78
    • _free.LIBCMT ref: 00BCAC83
    • _free.LIBCMT ref: 00BCACA5
    • _free.LIBCMT ref: 00BCACB8
    • _free.LIBCMT ref: 00BCACC6
    • _free.LIBCMT ref: 00BCACD1
    • _free.LIBCMT ref: 00BCAD09
    • _free.LIBCMT ref: 00BCAD10
    • _free.LIBCMT ref: 00BCAD2D
    • _free.LIBCMT ref: 00BCAD45
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
    • String ID:
    • API String ID: 161543041-0
    • Opcode ID: 836921a1d9bda5729e778411f17573c8d49adc54c51c77217826628032a4d60b
    • Instruction ID: 9b32a219cf474b087965bf5eb89a030256f29b6ea56ed720f717129f28f428af
    • Opcode Fuzzy Hash: 836921a1d9bda5729e778411f17573c8d49adc54c51c77217826628032a4d60b
    • Instruction Fuzzy Hash: 45316932A00709AFEB30AA78DC45F56B3E8EF40354F1445AEF099E7255DF71AD848B22
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00A99920 Relevance: 19.5, APIs: 5, Strings: 6, Instructions: 281threadCOMMON
    Download Yara Rule
    APIs
    • EnumDisplayMonitors.USER32(00000000,00000000,00A9AA00,00000000,00000000,?,?,00000000,00BD3371,000000FF), ref: 00A99973
    • GetCurrentThreadId.KERNEL32 ref: 00A999B5
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000,00BD3371,000000FF), ref: 00A99A8E
    • GetCurrentThreadId.KERNEL32 ref: 00A99ACC
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00BD3371,000000FF), ref: 00A99AF9
    Strings
    • ..\..\src\msw\display.cpp, xrefs: 00A99AAB, 00A99B09
    • %s(%d): '%s' failed with error 0x%08lx (%s)., xrefs: 00A99A66
    • idx < m_size, xrefs: 00A99C60
    • Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/vector.h, xrefs: 00A99C6F
    • EnumDisplayMonitors, xrefs: 00A99AFF
    • wxVector<struct `anonymous namespace'::wxDisplayInfo>::at, xrefs: 00A99C65
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentErrorLastThread$DisplayEnumMonitors
    • String ID: %s(%d): '%s' failed with error 0x%08lx (%s).$..\..\src\msw\display.cpp$EnumDisplayMonitors$Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/vector.h$idx < m_size$wxVector<struct `anonymous namespace'::wxDisplayInfo>::at
    • API String ID: 3300646404-4113809051
    • Opcode ID: c2fdf7f2516fdf0bd70bd2a4e9bc4cf05a586eabe48f3679adb5aa119f28040a
    • Instruction ID: 5be91c9553ab4cb0d8cb743a3af293618ec85f3bf10a556e74d6113f8746b654
    • Opcode Fuzzy Hash: c2fdf7f2516fdf0bd70bd2a4e9bc4cf05a586eabe48f3679adb5aa119f28040a
    • Instruction Fuzzy Hash: 13A1E2B1A00348AFDF20EF68CC467AFBBE4AF11314F14426DF91967292E7759944CB91
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009D5740 Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 224threadCOMMON
    Download Yara Rule
    APIs
    • SetWindowLongW.USER32(?,000000F0,?), ref: 009D5802
    • SetWindowLongW.USER32(?,000000EC,?), ref: 009D5856
    • SetWindowPos.USER32(?,-00000002,00000000,00000000,00000000,00000000,00000033,?,?,?,?,?,?,?,00000000,00BD5FD9), ref: 009D588C
    • GetCurrentThreadId.KERNEL32 ref: 009D58CA
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00BD5FD9,000000FF), ref: 009D5960
    • GetCurrentThreadId.KERNEL32 ref: 009D599E
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00BD5FD9), ref: 009D59CB
    • SetWindowLongW.USER32(?,000000EC,?), ref: 009D5A20
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: Window$Long$CurrentErrorLastThread
    • String ID: %s(%d): '%s' failed with error 0x%08lx (%s).$..\..\src\msw\window.cpp$SetWindowPos
    • API String ID: 192021570-1774706326
    • Opcode ID: 6be2378f80117318fe0f683524081d4e4b524e9cd473d8deb4aac963b5b81c1f
    • Instruction ID: b405138c817bdf2f5b9cf505806935cdc30403b6f06868612767973d2dd9d022
    • Opcode Fuzzy Hash: 6be2378f80117318fe0f683524081d4e4b524e9cd473d8deb4aac963b5b81c1f
    • Instruction Fuzzy Hash: 5491AC71D40648EFDF10DFA8C945BEEBBB8AF09350F15826AF819A7381D7745A44CBA0
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009D9630 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 194threadCOMMON
    Download Yara Rule
    APIs
    • GetCurrentThreadId.KERNEL32 ref: 009D967E
    • GetCurrentThreadId.KERNEL32 ref: 009D9877
    • GetSysColor.USER32(00000012), ref: 009D98B2
    • GetSysColor.USER32(00000010), ref: 009D98C5
    • GetSysColor.USER32(0000000F), ref: 009D98D8
    • GetSysColor.USER32(00000014), ref: 009D98EB
    Strings
    • wxGetStdColourMap, xrefs: 009D9739
    • ..\..\src\msw\window.cpp, xrefs: 009D9743
    • wxBITMAP_STD_COLOURS, xrefs: 009D96B4
    • forgot to update wxBITMAP_STD_COLOURS!, xrefs: 009D972F
    • stdColourBitmap.GetWidth() == wxSTD_COL_MAX, xrefs: 009D9734
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: Color$CurrentThread
    • String ID: ..\..\src\msw\window.cpp$forgot to update wxBITMAP_STD_COLOURS!$stdColourBitmap.GetWidth() == wxSTD_COL_MAX$wxBITMAP_STD_COLOURS$wxGetStdColourMap
    • API String ID: 2852542864-2287409837
    • Opcode ID: a6aeb003e29a0a3303c1c5f43f96a7f0383cbc7526d8d00e94a68f8b964f3fe5
    • Instruction ID: cf2283fbd09a296214a0ea534d7d8f153b73681bf64e98ca4dcfa959300ef4c6
    • Opcode Fuzzy Hash: a6aeb003e29a0a3303c1c5f43f96a7f0383cbc7526d8d00e94a68f8b964f3fe5
    • Instruction Fuzzy Hash: E4819D70905248EFDB10EFE8D894BADBBF4FB05708F04816AE405AB3E2D7B59909CB51
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009D70E0 Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 125COMMON
    Download Yara Rule
    APIs
    • IsWindow.USER32(?), ref: 009D7158
    • GetWindowLongW.USER32(?,000000FC), ref: 009D7179
    • SetWindowLongW.USER32(?,000000FC,009DA620), ref: 009D71D8
    • GetWindowLongW.USER32(?,000000EC), ref: 009D71E6
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: Window$Long
    • String ID: !m_oldWndProc$"::IsWindow(hwnd)"$..\..\src\msw\window.cpp$invalid HWND in SubclassWin$subclassing window twice?$wxTLWHiddenParent$wxWindow::SubclassWin
    • API String ID: 847901565-2146498898
    • Opcode ID: 73e02502f10aa1366269168d2361e5864f6820a962d89bd321baf4623836341d
    • Instruction ID: 0d9478de7601fcb85e1cb359537d3343771920362861720509d36c5c5dffac05
    • Opcode Fuzzy Hash: 73e02502f10aa1366269168d2361e5864f6820a962d89bd321baf4623836341d
    • Instruction Fuzzy Hash: F3412870988244ABDB24EB64DC06FAFFBB8BB01700F00426EF516A37D2EB711545CB61
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00A87A30 Relevance: 18.0, APIs: 2, Strings: 8, Instructions: 476threadCOMMON
    Download Yara Rule
    APIs
    • GetCurrentThreadId.KERNEL32 ref: 00A87D5C
    • GetCurrentThreadId.KERNEL32 ref: 00A87E9B
    Strings
    • 5, xrefs: 00A87ECC
    • Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/strvararg.h, xrefs: 00A87F1D
    • format specifier doesn't match argument type, xrefs: 00A87F09
    • '>' should be escaped as "&gt"; at %lu., xrefs: 00A87E3B
    • wxArgNormalizer<int>::wxArgNormalizer, xrefs: 00A87F13
    • (argtype & (wxFormatStringSpecifier<T>::value)) == argtype, xrefs: 00A87F0E
    • tag "%s" can't have attributes, xrefs: 00A89793
    • span, xrefs: 00A87A66, 00A8971A
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentThread
    • String ID: '>' should be escaped as "&gt"; at %lu.$(argtype & (wxFormatStringSpecifier<T>::value)) == argtype$5$Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/strvararg.h$format specifier doesn't match argument type$span$tag "%s" can't have attributes$wxArgNormalizer<int>::wxArgNormalizer
    • API String ID: 2882836952-967979371
    • Opcode ID: 9942793a142c6e3d9c2cfe5a766fd9321aaa55f53fc0637d7bee260fd5c225be
    • Instruction ID: ffcdfbe043a873ada3812c2e3d48fa0cd135834991ea9705245285883c3e02ae
    • Opcode Fuzzy Hash: 9942793a142c6e3d9c2cfe5a766fd9321aaa55f53fc0637d7bee260fd5c225be
    • Instruction Fuzzy Hash: 3C12AFB0D04258DFDB14EFA8CC45BEEBBB5BF45304F2441A9E419AB281EB749A44CF91
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009B2A90 Relevance: 17.9, APIs: 2, Strings: 8, Instructions: 408threadCOMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00AF1730: __Init_thread_footer.LIBCMT ref: 00AF1777
      • Part of subcall function 009B03D0: GetCurrentThreadId.KERNEL32 ref: 009B04AE
    • GetCurrentThreadId.KERNEL32 ref: 009B2D2E
    • GetCurrentThreadId.KERNEL32 ref: 009B2E6F
      • Part of subcall function 00B25340: GetCurrentThreadId.KERNEL32 ref: 00B253A8
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentThread$Init_thread_footer
    • String ID: -s$"%s" %s$(argtype & (wxFormatString::Arg_String)) == argtype$3$Command Line: %s$Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/strvararg.h$format specifier doesn't match argument type$wxArgNormalizerWchar<class wxString const &>::wxArgNormalizerWchar
    • API String ID: 131138946-3786298508
    • Opcode ID: cb3e30fd4ddd202e113f8b570c9213c043d77032699e9c8eb637fb6d42add78e
    • Instruction ID: bec17c7b6ce74192f039b69b33047e5873415d8b1cd3dd95456ff78f98d369f0
    • Opcode Fuzzy Hash: cb3e30fd4ddd202e113f8b570c9213c043d77032699e9c8eb637fb6d42add78e
    • Instruction Fuzzy Hash: 3CF1E170D04358DADF24EBA4CD46BEEBBB8AF11314F0441A8F40A772D2EB755A44CBA1
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00B2B0B0 Relevance: 17.8, APIs: 5, Strings: 5, Instructions: 327threadCOMMON
    Download Yara Rule
    APIs
    • GetModuleFileNameW.KERNEL32(00B2B586,?,00000104,?,00000104,4B020D8A,00000000,00000000,00000001), ref: 00B2B131
    • GetCurrentThreadId.KERNEL32 ref: 00B2B17D
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,GetModuleFileName,00000000), ref: 00B2B25C
    • GetCurrentThreadId.KERNEL32 ref: 00B2B29A
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,GetModuleFileName,00000000), ref: 00B2B2C7
    Strings
    • %s(%d): '%s' failed with error 0x%08lx (%s)., xrefs: 00B2B231
    • Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/msw/private.h, xrefs: 00B2B279, 00B2B2D7
    • GetModuleFileName, xrefs: 00B2B2CD
    • HOME, xrefs: 00B2B440
    • USERPROFILE, xrefs: 00B2B529
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentErrorLastThread$FileModuleName
    • String ID: %s(%d): '%s' failed with error 0x%08lx (%s).$GetModuleFileName$HOME$USERPROFILE$Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/msw/private.h
    • API String ID: 1548465708-43940900
    • Opcode ID: 19baf17fd7eb719fa497a6d846a6a9ed6a71c5885c6daab44da4cdae6c1eb4ad
    • Instruction ID: 39aacf3135fdcff289dae2755a6bb5aead9d2a49d07bec7331cb46ef127490c3
    • Opcode Fuzzy Hash: 19baf17fd7eb719fa497a6d846a6a9ed6a71c5885c6daab44da4cdae6c1eb4ad
    • Instruction Fuzzy Hash: DAC1E1B1D00218DBDF20EFA4D855BAEBBF4FF15304F1441ADE409AB282EB759A44CB91
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009CE430 Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 290threadCOMMON
    Download Yara Rule
    APIs
    • ScreenToClient.USER32(?,?), ref: 009CE486
      • Part of subcall function 009CFA20: GetKeyState.USER32(00000012), ref: 009CFAB2
      • Part of subcall function 009CFA20: GetMessageTime.USER32 ref: 009CFACC
    • SystemParametersInfoW.USER32(00000068,00000000,00CCE160,00000000), ref: 009CE4E7
    • GetCurrentThreadId.KERNEL32 ref: 009CE51D
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,SystemParametersInfo(GETWHEELSCROLLLINES),00000000), ref: 009CE5F0
    • GetCurrentThreadId.KERNEL32 ref: 009CE62E
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,SystemParametersInfo(GETWHEELSCROLLLINES),00000000), ref: 009CE65B
    • SystemParametersInfoW.USER32(0000006C,00000000,00CCE164,00000000), ref: 009CE787
    Strings
    • ..\..\src\msw\window.cpp, xrefs: 009CE60D, 009CE66B
    • %s(%d): '%s' failed with error 0x%08lx (%s)., xrefs: 009CE5CB
    • SystemParametersInfo(GETWHEELSCROLLLINES), xrefs: 009CE661
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentErrorInfoLastParametersSystemThread$ClientMessageScreenStateTime
    • String ID: %s(%d): '%s' failed with error 0x%08lx (%s).$..\..\src\msw\window.cpp$SystemParametersInfo(GETWHEELSCROLLLINES)
    • API String ID: 1166061003-3911829709
    • Opcode ID: 256e7d5e7863a0ff5e092aa743d77f498b20de4db5745e36faa25cdb38db9c7a
    • Instruction ID: bb6c6d16533c25e2da6b66f512a0d91ab6f89a29439575d5c5b80c87621c75a1
    • Opcode Fuzzy Hash: 256e7d5e7863a0ff5e092aa743d77f498b20de4db5745e36faa25cdb38db9c7a
    • Instruction Fuzzy Hash: F1B1F471D04348DFDF10EFA4C945BEE7BA8AF11304F14416DF81AA7292E7759A04CBA2
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009D9BE0 Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 254threadkeyboardCOMMON
    Download Yara Rule
    APIs
    • GetWindowRect.USER32(00A08447,00000000), ref: 009D9C1B
    • GetCurrentThreadId.KERNEL32 ref: 009D9C5D
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00BD61C1,000000FF), ref: 009D9D36
    • GetCurrentThreadId.KERNEL32 ref: 009D9D74
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00BD61C1,000000FF), ref: 009D9DA1
    • GetSystemMetrics.USER32(00000017), ref: 009D9F03
    • GetAsyncKeyState.USER32(00000000), ref: 009D9F1D
    Strings
    • %s(%d): '%s' failed with error 0x%08lx (%s)., xrefs: 009D9D0E
    • GetWindowRect, xrefs: 009D9DA7
    • Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/msw/private.h, xrefs: 009D9D53, 009D9DB1
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentErrorLastThread$AsyncMetricsRectStateSystemWindow
    • String ID: %s(%d): '%s' failed with error 0x%08lx (%s).$GetWindowRect$Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/msw/private.h
    • API String ID: 3841773877-3000221001
    • Opcode ID: 06d73a550238d22533faeba62bc1b7abf2430e32674b4bb8260d029cbe26daac
    • Instruction ID: a719c3c7346f210543b386616ddefe0f7c1b984163cd28e0eebed9ac89ed3b3c
    • Opcode Fuzzy Hash: 06d73a550238d22533faeba62bc1b7abf2430e32674b4bb8260d029cbe26daac
    • Instruction Fuzzy Hash: 1F91E071944248DBDF20EFA8C9057EE7BE4AF05314F14816AF809BB382E7359E44CBA1
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009D5130 Relevance: 17.7, APIs: 3, Strings: 7, Instructions: 196COMMON
    Download Yara Rule
    APIs
    • AnimateWindow.USER32(?,000000C8), ref: 009D5221
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00BD5F31,000000FF), ref: 009D52D0
    • GetLastError.KERNEL32(00000006,..\..\src\msw\window.cpp,000002FB,wxWindow::MSWShowWithEffect,00C09E34), ref: 009D5307
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: ErrorLast$AnimateWindow
    • String ID: "Assert failure"$%s(%d): '%s' failed with error 0x%08lx (%s).$..\..\src\msw\window.cpp$AnimateWindow$invalid window show effect$unknown window show effect$wxWindow::MSWShowWithEffect
    • API String ID: 1867785911-1630882869
    • Opcode ID: 642d273b34f3db5d174e146b9d92e8a7e5d10577fc758f1c6dc4a1e086005a37
    • Instruction ID: f7f75191b85d5e7c521bb5d2c87e2cfdff699fa01adaff7ba8bcee3cdc8d31af
    • Opcode Fuzzy Hash: 642d273b34f3db5d174e146b9d92e8a7e5d10577fc758f1c6dc4a1e086005a37
    • Instruction Fuzzy Hash: 4E612530A84744EFDB24DFA8C801FAE7BA4AB04340F14817AF916A77C2DB759D45CBA1
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009B03D0 Relevance: 16.1, APIs: 2, Strings: 7, Instructions: 361threadCOMMON
    Download Yara Rule
    APIs
    • GetCurrentThreadId.KERNEL32 ref: 009B04AE
    • GetCurrentThreadId.KERNEL32 ref: 009B05EC
    Strings
    • Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/strvararg.h, xrefs: 009B0655, 009B0817
    • (argtype & (wxFormatString::Arg_String)) == argtype, xrefs: 009B0646, 009B0808
    • Content path: %s, xrefs: 009B0579
    • Content, xrefs: 009B0418
    • format specifier doesn't match argument type, xrefs: 009B0641, 009B0803
    • wxArgNormalizerWchar<class wxString const &>::wxArgNormalizerWchar, xrefs: 009B064B, 009B080D
    • -contentdisc:"%s", xrefs: 009B0797
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentThread
    • String ID: (argtype & (wxFormatString::Arg_String)) == argtype$-contentdisc:"%s"$Content$Content path: %s$Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/strvararg.h$format specifier doesn't match argument type$wxArgNormalizerWchar<class wxString const &>::wxArgNormalizerWchar
    • API String ID: 2882836952-4003198661
    • Opcode ID: 221cbb6ea60fbb8c8ad824ad9e8459d7486375de885025fcfcbd4830af8dd348
    • Instruction ID: 8aab7a8d2216c0abb01cd7fb74e7b38a3038d083d014fa897e1c15272f9ed1d4
    • Opcode Fuzzy Hash: 221cbb6ea60fbb8c8ad824ad9e8459d7486375de885025fcfcbd4830af8dd348
    • Instruction Fuzzy Hash: B4E1D270D00258DADF20EBA4CD46BEEBBB4AF51314F1441A9F40AB72D2EB755A44CFA1
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009B25E0 Relevance: 16.1, APIs: 2, Strings: 7, Instructions: 330threadCOMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00AF1730: __Init_thread_footer.LIBCMT ref: 00AF1777
    • GetCurrentThreadId.KERNEL32 ref: 009B276E
    • GetCurrentThreadId.KERNEL32 ref: 009B28B5
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentThread$Init_thread_footer
    • String ID: "%s" /S$(argtype & (wxFormatString::Arg_String)) == argtype$C$Commmand line: %s$Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/strvararg.h$format specifier doesn't match argument type$wxArgNormalizerWchar<class wxString const &>::wxArgNormalizerWchar
    • API String ID: 131138946-4019964539
    • Opcode ID: e6536e381c9388b5d72b091eb007f53517c1603b3c63f1aadb5aaacf48cce4f0
    • Instruction ID: 8dbe4f413c60d0cf26c692e4d1e00e5cd29d7435e06f9d0537dec6867ca06171
    • Opcode Fuzzy Hash: e6536e381c9388b5d72b091eb007f53517c1603b3c63f1aadb5aaacf48cce4f0
    • Instruction Fuzzy Hash: 09D1D071D04248DEDF20EFA4CE45BEEBBB4BF11314F1441A9E409B7282EB755A44CBA1
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00B33760 Relevance: 16.1, APIs: 2, Strings: 7, Instructions: 324threadCOMMON
    Download Yara Rule
    APIs
    • GetCurrentThreadId.KERNEL32 ref: 00B3383D
    • GetCurrentThreadId.KERNEL32 ref: 00B3398B
    Strings
    • Registering module %s, xrefs: 00B33902
    • wxArgNormalizer<wchar_t const *>::wxArgNormalizer, xrefs: 00B339E0
    • Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/strvararg.h, xrefs: 00B339EA
    • format specifier doesn't match argument type, xrefs: 00B339D6
    • module, xrefs: 00B33929
    • ..\..\src\common\module.cpp, xrefs: 00B3396A
    • (argtype & (wxFormatStringSpecifier<T>::value)) == argtype, xrefs: 00B339DB
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentThread
    • String ID: (argtype & (wxFormatStringSpecifier<T>::value)) == argtype$..\..\src\common\module.cpp$Registering module %s$Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/strvararg.h$format specifier doesn't match argument type$module$wxArgNormalizer<wchar_t const *>::wxArgNormalizer
    • API String ID: 2882836952-273038921
    • Opcode ID: c14b7be588c7ddae8ce4dc6b22d413ffb8e8bb58c94c548ea85d07ba5bceff5d
    • Instruction ID: 681830dd01fc8f6e52e8950a8560e845c56c6b9276be7645a4b4fd83778ece06
    • Opcode Fuzzy Hash: c14b7be588c7ddae8ce4dc6b22d413ffb8e8bb58c94c548ea85d07ba5bceff5d
    • Instruction Fuzzy Hash: EEC1D771900248DBDF24EFA4C845BEEBBE0FF45704F2481A8F859A72D1E7359A45CBA1
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009BD820 Relevance: 16.0, APIs: 5, Strings: 4, Instructions: 298threadCOMMON
    Download Yara Rule
    APIs
    • CreateFontIndirectW.GDI32(00000010), ref: 009BD85B
    • GetCurrentThreadId.KERNEL32 ref: 009BD8A0
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000000,00BD3371,000000FF), ref: 009BD979
    • GetCurrentThreadId.KERNEL32 ref: 009BD9B7
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,00BD3371,000000FF), ref: 009BD9E4
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentErrorLastThread$CreateFontIndirect
    • String ID: %s(%d): '%s' failed with error 0x%08lx (%s).$..\..\src\msw\font.cpp$CreateFont$msw.font.no-proof-quality
    • API String ID: 3660048965-1279774351
    • Opcode ID: c32e0c2d7f9d6a56d3c63b880d080a58e3f0e51822734dc7685b8b460df71fa4
    • Instruction ID: 5f4b20eaa34177db68708ce45a8358e37288ebd0af7fcaa2a9203a4fcab154f0
    • Opcode Fuzzy Hash: c32e0c2d7f9d6a56d3c63b880d080a58e3f0e51822734dc7685b8b460df71fa4
    • Instruction Fuzzy Hash: D9B1D4B1D05248EFDF10EFA4C9457EE7BF4AF05314F148269F81967282E7799A04CB91
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00B3C750 Relevance: 16.0, APIs: 5, Strings: 4, Instructions: 232threadCOMMON
    Download Yara Rule
    APIs
    • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,4B020D8A,00000000,00C15B2C,00000000), ref: 00B3C7A3
    • GetCurrentThreadId.KERNEL32 ref: 00B3C7E0
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,CreateEvent(wake),00000000), ref: 00B3C8B3
    • GetCurrentThreadId.KERNEL32 ref: 00B3C8F1
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,CreateEvent(wake),00000000), ref: 00B3C91E
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentErrorLastThread$CreateEvent
    • String ID: %s(%d): '%s' failed with error 0x%08lx (%s).$..\..\src\msw\evtloopconsole.cpp$1$CreateEvent(wake)
    • API String ID: 266028762-2099678416
    • Opcode ID: 9c69a860c9951a08acd49431eadeb5389c04cf883339555a3207227c74621f45
    • Instruction ID: 67830384e419d73964919fe06c590ef8f85bcb5e0af18e26d5a770024ae5914a
    • Opcode Fuzzy Hash: 9c69a860c9951a08acd49431eadeb5389c04cf883339555a3207227c74621f45
    • Instruction Fuzzy Hash: 86818FB1D04248DADF11EFE8C9457AEBFF4AF15304F2441A9E405BB282EB755A05CBA1
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00A2CC50 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 146COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00A2C1A0: SendMessageW.USER32(00000000,00000432,00000000,?), ref: 00A2C22F
      • Part of subcall function 00A2C1A0: SendMessageW.USER32(00000000,00000432,00000000,?), ref: 00A2C2FF
    • GetDlgItem.USER32(?,?), ref: 00A2CD43
    • GetDlgItem.USER32(?,?), ref: 00A2CD58
    Strings
    • hwnd, xrefs: 00A2CD6D
    • idx < m_size, xrefs: 00A2CD03
    • Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/vector.h, xrefs: 00A2CD12
    • ..\..\src\msw\tooltip.cpp, xrefs: 00A2CD7C
    • wxVector<long>::at, xrefs: 00A2CD08
    • wxToolTip::SetWindow, xrefs: 00A2CD72
    • no hwnd for subcontrol?, xrefs: 00A2CD68
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: ItemMessageSend
    • String ID: ..\..\src\msw\tooltip.cpp$Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/vector.h$hwnd$idx < m_size$no hwnd for subcontrol?$wxToolTip::SetWindow$wxVector<long>::at
    • API String ID: 3015471070-185459741
    • Opcode ID: a80de5979dc55de35e7351a73ffaa0ef4787dfa522d66cdc7d1d89fb4ee288d2
    • Instruction ID: b2f143bb8fde9e7df3de9d24a4486d788c6b5f7a8fe004afc14055b5a255d517
    • Opcode Fuzzy Hash: a80de5979dc55de35e7351a73ffaa0ef4787dfa522d66cdc7d1d89fb4ee288d2
    • Instruction Fuzzy Hash: C151D271A403259FCB20AF2CE941B6EBBE1AF45720F15497DE88A57392DB74EC01CB91
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00B2D900 Relevance: 15.8, APIs: 1, Strings: 8, Instructions: 67COMMON
    Download Yara Rule
    APIs
    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B2D963
    Strings
    • wxDateTime::GetTicks, xrefs: 00B2D922
    • Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/longlong.h, xrefs: 00B2D9A4
    • (m_ll >= (-2147483647L - 1)) && (m_ll <= 2147483647L), xrefs: 00B2D995
    • IsValid(), xrefs: 00B2D91D
    • wxLongLong to long conversion loss of precision, xrefs: 00B2D990
    • invalid wxDateTime, xrefs: 00B2D918
    • wxLongLongNative::ToLong, xrefs: 00B2D99A
    • Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/datetime.h, xrefs: 00B2D92C
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
    • String ID: (m_ll >= (-2147483647L - 1)) && (m_ll <= 2147483647L)$IsValid()$Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/datetime.h$Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/longlong.h$invalid wxDateTime$wxDateTime::GetTicks$wxLongLong to long conversion loss of precision$wxLongLongNative::ToLong
    • API String ID: 885266447-3529489927
    • Opcode ID: 010c1a3f7434fd736a7b1eb34b600e6e217a54c665a12565ef8f9b58b29acc6f
    • Instruction ID: 599a0ff52ff009f1aca1b983d112940b2b625d8e1745ca5b1deaea4facde499e
    • Opcode Fuzzy Hash: 010c1a3f7434fd736a7b1eb34b600e6e217a54c665a12565ef8f9b58b29acc6f
    • Instruction Fuzzy Hash: C4115971B407702AEB34A22C7C26B5676C1EB50B28F5847E5F8ADD21D6D7F54CC4C2A2
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009D7930 Relevance: 15.2, APIs: 10, Instructions: 196COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: __floor_pentium4
    • String ID:
    • API String ID: 4168288129-0
    • Opcode ID: 18abba509837db52610d0988af33420efa8abdea06729fe1ca22c35779b8ec35
    • Instruction ID: be170f916abf09513ef3727921983cb3cde276407bdd0139b029fe9a21b72a1c
    • Opcode Fuzzy Hash: 18abba509837db52610d0988af33420efa8abdea06729fe1ca22c35779b8ec35
    • Instruction Fuzzy Hash: A2816D31918B488BC302EF79C48141AF7F4BF9A354F148B1AF88976290FB31E995CB46
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009F0B30 Relevance: 14.3, APIs: 2, Strings: 6, Instructions: 268threadCOMMON
    Download Yara Rule
    APIs
    • GetCurrentThreadId.KERNEL32 ref: 009F0BDD
    • GetCurrentThreadId.KERNEL32 ref: 009F0D05
    Strings
    • Adding duplicate image handler for '%s', xrefs: 009F0CA2
    • Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/strvararg.h, xrefs: 009F0D68
    • (argtype & (wxFormatString::Arg_String)) == argtype, xrefs: 009F0D59
    • ..\..\src\common\image.cpp, xrefs: 009F0CE4
    • format specifier doesn't match argument type, xrefs: 009F0D54
    • wxArgNormalizerWchar<class wxCStrData const &>::wxArgNormalizerWchar, xrefs: 009F0D5E
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentThread
    • String ID: (argtype & (wxFormatString::Arg_String)) == argtype$..\..\src\common\image.cpp$Adding duplicate image handler for '%s'$Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/strvararg.h$format specifier doesn't match argument type$wxArgNormalizerWchar<class wxCStrData const &>::wxArgNormalizerWchar
    • API String ID: 2882836952-3677945102
    • Opcode ID: fa5db62a858be29eaf6a8b48b3951d2c11bb61413664cc81b904f1ca5ed0dce5
    • Instruction ID: 5e687c7263f74e494b032cc1b76e94e21a13fd100842b5d9afba12b4a0cb7909
    • Opcode Fuzzy Hash: fa5db62a858be29eaf6a8b48b3951d2c11bb61413664cc81b904f1ca5ed0dce5
    • Instruction Fuzzy Hash: A1A1E271D0034CDBDF20EFA4C8457EEBBA8AF85314F144568F919A72C2EB759944CB91
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00B3CA50 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 255threadCOMMON
    Download Yara Rule
    APIs
    • CloseHandle.KERNEL32(?,4B020D8A,00000000,00C15B2C,00C15D38,?,?,?,?,00000000,00BD4FC0,000000FF), ref: 00B3CA99
    • GetCurrentThreadId.KERNEL32 ref: 00B3CAD3
    • GetCurrentThreadId.KERNEL32 ref: 00B3CBDD
    • GetLastError.KERNEL32 ref: 00B3CC0B
    • GetLastError.KERNEL32 ref: 00B3CC1A
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentErrorLastThread$CloseHandle
    • String ID: %s(%d): '%s' failed with error 0x%08lx (%s).$..\..\src\msw\evtloopconsole.cpp$CloseHandle(wake)
    • API String ID: 524227624-901497501
    • Opcode ID: b55b9cc29f717a2280eb19f4b3a2233cc0042526cbccb2b9ed14900c3e920877
    • Instruction ID: 61f8586214f713bf59f15b50e77dd1154a029435309fd25ee3ae35810001d1dd
    • Opcode Fuzzy Hash: b55b9cc29f717a2280eb19f4b3a2233cc0042526cbccb2b9ed14900c3e920877
    • Instruction Fuzzy Hash: 1991C271D042089BDB20EFB8C9467AE7FE4EF05314F6441A9F809B7292E7359944CB91
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00A16C00 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 238threadCOMMON
    Download Yara Rule
    APIs
    • LoadImageW.USER32(00000000,?,00000000,00000000,00000000,00002010), ref: 00A16C54
    • GetCurrentThreadId.KERNEL32 ref: 00A16C9D
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00BD3371,000000FF), ref: 00A16D76
    • GetCurrentThreadId.KERNEL32 ref: 00A16DB4
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00BD3371,000000FF), ref: 00A16DE1
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentErrorLastThread$ImageLoad
    • String ID: %s(%d): '%s' failed with error 0x%08lx (%s).$..\..\src\msw\dib.cpp$Loading DIB from file
    • API String ID: 3028536972-2918942223
    • Opcode ID: 725410b31973b8bee84c58481ed54f954cb9be53c09987944cb389874047ef2f
    • Instruction ID: 33a701f748abb7890744a3e4dc1d02286e9ab1805695c3f61c771afa0a8fa474
    • Opcode Fuzzy Hash: 725410b31973b8bee84c58481ed54f954cb9be53c09987944cb389874047ef2f
    • Instruction Fuzzy Hash: 2191C2B5D04248DBDF20EF64C9467EE7BA0AF05354F144268F819AB2C2E7759984CB91
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009B74D0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 234threadwindowCOMMON
    Download Yara Rule
    APIs
    • GetIconInfo.USER32(?,?), ref: 009B750A
    • GetCurrentThreadId.KERNEL32 ref: 009B754D
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000000,00BD3371,000000FF), ref: 009B7626
    • GetCurrentThreadId.KERNEL32 ref: 009B7664
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,00BD3371,000000FF), ref: 009B7691
    Strings
    • %s(%d): '%s' failed with error 0x%08lx (%s)., xrefs: 009B75FE
    • Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/msw/private.h, xrefs: 009B7643, 009B76A1
    • GetIconInfo, xrefs: 009B7697
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentErrorLastThread$IconInfo
    • String ID: %s(%d): '%s' failed with error 0x%08lx (%s).$GetIconInfo$Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/msw/private.h
    • API String ID: 124299172-933881422
    • Opcode ID: 1d21bbacc4b51d3328d2ba11a796669a3fb9ca36b06cf5f04310d41bccd17126
    • Instruction ID: 04d4831499fb5f6985bc5869f55d0f0d7d63447530010966c08c703016b30067
    • Opcode Fuzzy Hash: 1d21bbacc4b51d3328d2ba11a796669a3fb9ca36b06cf5f04310d41bccd17126
    • Instruction Fuzzy Hash: 1D81D7B1D08248DFDF20EFA4C9457EEBBA4AF51324F144268F819672C2EB759A05CB91
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009D90D0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 233threadCOMMON
    Download Yara Rule
    APIs
    • GetClientRect.USER32(?,?), ref: 009D910B
    • GetCurrentThreadId.KERNEL32 ref: 009D914D
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00BD61C1,000000FF), ref: 009D9226
    • GetCurrentThreadId.KERNEL32 ref: 009D9264
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00BD61C1,000000FF), ref: 009D9291
    Strings
    • %s(%d): '%s' failed with error 0x%08lx (%s)., xrefs: 009D91FE
    • Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/msw/private.h, xrefs: 009D9243, 009D92A1
    • GetClientRect, xrefs: 009D9297
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentErrorLastThread$ClientRect
    • String ID: %s(%d): '%s' failed with error 0x%08lx (%s).$GetClientRect$Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/msw/private.h
    • API String ID: 2490140056-3917627150
    • Opcode ID: f9e413867424a6cccc95ba35c10603bdcdfc96520b51c30695e4d40c02f93e70
    • Instruction ID: 38c1bccb6287a97dec2aa690d13c01887c87793db92eb98c953123249526e8df
    • Opcode Fuzzy Hash: f9e413867424a6cccc95ba35c10603bdcdfc96520b51c30695e4d40c02f93e70
    • Instruction Fuzzy Hash: B981BEB1D44248DBDF20EFA4C9467EEBBA4AF05314F148269F819673C2E7359A44CBA1
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00B22DA0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 231threadpipeCOMMON
    Download Yara Rule
    APIs
    • SetNamedPipeHandleState.KERNEL32(00B26D76,00000000,00000000,00000000,4B020D8A,00000000), ref: 00B22E03
    • GetCurrentThreadId.KERNEL32 ref: 00B22E3D
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,SetNamedPipeHandleState(PIPE_NOWAIT),00000000), ref: 00B22F10
    • GetCurrentThreadId.KERNEL32 ref: 00B22F4E
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,SetNamedPipeHandleState(PIPE_NOWAIT),00000000), ref: 00B22F7B
    Strings
    • %s(%d): '%s' failed with error 0x%08lx (%s)., xrefs: 00B22EEB
    • ..\..\src\msw\utilsexc.cpp, xrefs: 00B22F2D, 00B22F8B
    • SetNamedPipeHandleState(PIPE_NOWAIT), xrefs: 00B22F81
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentErrorLastThread$HandleNamedPipeState
    • String ID: %s(%d): '%s' failed with error 0x%08lx (%s).$..\..\src\msw\utilsexc.cpp$SetNamedPipeHandleState(PIPE_NOWAIT)
    • API String ID: 3883121690-2665511766
    • Opcode ID: 277834460b8ff30f5d06b3f5b72fa1ea4c8e34c201ea702ddbb38bed18c661eb
    • Instruction ID: 64b576e46464691a2359b618017f4fa3801eff05830e37972c92a33d5e3a36a6
    • Opcode Fuzzy Hash: 277834460b8ff30f5d06b3f5b72fa1ea4c8e34c201ea702ddbb38bed18c661eb
    • Instruction Fuzzy Hash: F191E470D04258EBDF21EFA4D9457AEBBF0EF11704F1441A9F409AB282EB795A05CBA1
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00B230B0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 229threadCOMMON
    Download Yara Rule
    APIs
    • CloseHandle.KERNEL32(00000004,4B020D8A,?,00000000,?,?,?,?,?,?,00BD4FC0,000000FF), ref: 00B230E8
    • GetCurrentThreadId.KERNEL32 ref: 00B23123
    • GetCurrentThreadId.KERNEL32 ref: 00B2322D
    • GetLastError.KERNEL32 ref: 00B2325B
    • GetLastError.KERNEL32 ref: 00B2326A
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentErrorLastThread$CloseHandle
    • String ID: %s(%d): '%s' failed with error 0x%08lx (%s).$..\..\src\msw\utilsexc.cpp$CloseHandle(hProcess)
    • API String ID: 524227624-3964426232
    • Opcode ID: 47b240fe3e0c8b8893b8065e88bd5d6ccfa735737dfef350b946ae72de31a0a9
    • Instruction ID: 1498ec75398a1e1523b54915e46f6f28d291ee2b6a37025cf9cfd9b53d4ddbd9
    • Opcode Fuzzy Hash: 47b240fe3e0c8b8893b8065e88bd5d6ccfa735737dfef350b946ae72de31a0a9
    • Instruction Fuzzy Hash: 2281E0B1D04218DBDF20EFA4D9467EE7BE0EF05704F1445A8F80D67282EB3A9A45CB95
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00B35330 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 219threadCOMMON
    Download Yara Rule
    APIs
    • FreeLibrary.KERNEL32(?,4B020D8A,?,00000000,?,?,?,00000000,00BD3371,000000FF), ref: 00B35369
    • GetCurrentThreadId.KERNEL32 ref: 00B353AD
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000000,00BD3371,000000FF), ref: 00B35486
    • GetCurrentThreadId.KERNEL32 ref: 00B354C4
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,00BD3371,000000FF), ref: 00B354F1
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentErrorLastThread$FreeLibrary
    • String ID: %s(%d): '%s' failed with error 0x%08lx (%s).$..\..\src\msw\dlmsw.cpp$FreeLibrary
    • API String ID: 1975788115-1614004960
    • Opcode ID: 38b2d5b59d68ab11ada7a6847271674bf95547dfac399e64a0ef5e7f62444282
    • Instruction ID: f8f4f7a61285718152f4683cbe7e0675aea1f2e32f91110c7f56cdd6f484cbf7
    • Opcode Fuzzy Hash: 38b2d5b59d68ab11ada7a6847271674bf95547dfac399e64a0ef5e7f62444282
    • Instruction Fuzzy Hash: 7481C0B1C10648EFDF20EF64C8457EE7BE1EF11354F6482A8F8196B282E7759A44CB91
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00A166B0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 149threadCOMMON
    Download Yara Rule
    APIs
    • GetObjectW.GDI32(?,00000054,00000000), ref: 00A16701
    • GetCurrentThreadId.KERNEL32 ref: 00A1677D
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,00BDBC11,000000FF), ref: 00A16819
    • GetCurrentThreadId.KERNEL32 ref: 00A16863
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00BDBC11,000000FF), ref: 00A168A5
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentErrorLastThread$Object
    • String ID: %s(%d): '%s' failed with error 0x%08lx (%s).$..\..\src\msw\dib.cpp$GetObject(hDIB)
    • API String ID: 1152580322-4118331169
    • Opcode ID: a9e4e9583eae98d912253ef981a9883202450a1e0e0aff5daa54583464437112
    • Instruction ID: 66b7077674641028e3765dee75b938d5d0c4098f5336c408fc5f8d8ed3899ab9
    • Opcode Fuzzy Hash: a9e4e9583eae98d912253ef981a9883202450a1e0e0aff5daa54583464437112
    • Instruction Fuzzy Hash: 66513D70805348DEDF20DFA4C945BEEBBF4AF05318F54825DE819A72C1E7745A48CB61
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00A042A0 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 145COMMON
    Download Yara Rule
    APIs
    • GetObjectW.GDI32(?,00000054,?), ref: 00A0439E
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: Object
    • String ID: "!GetBitmapData()->m_dib"$"Assert failure"$..\..\src\msw\bitmap.cpp$GetRawData() may be called only once$failed to get DIBSECTION from a DIB?$incorrect bitmap type in wxBitmap::GetRawData()$wxBitmap::GetRawData
    • API String ID: 2936123098-842280972
    • Opcode ID: d6717e1c9320f026297ee6f26ff38080bee3562eb1fbf2eed0a9d1a81024ef77
    • Instruction ID: 1af6e2709dae2787c550bcd5483b1b070f2bbd146f1c8d231587e8785405a14d
    • Opcode Fuzzy Hash: d6717e1c9320f026297ee6f26ff38080bee3562eb1fbf2eed0a9d1a81024ef77
    • Instruction Fuzzy Hash: 7151D1B0A44348AFDB28CF68EC46BA9B7E4BB09700F044669F506DB2D1D7749D44CF62
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009B7230 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 144threadCOMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • DeleteObject.GDI32(?), ref: 009B727B
    • GetCurrentThreadId.KERNEL32 ref: 009B72BD
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000000,00BD3301,000000FF), ref: 009B7359
    • GetCurrentThreadId.KERNEL32 ref: 009B7397
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,00BD3301,000000FF), ref: 009B73C4
    Strings
    • %s(%d): '%s' failed with error 0x%08lx (%s)., xrefs: 009B7331
    • Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/msw/dib.h, xrefs: 009B7376, 009B73D4
    • DeleteObject(hDIB), xrefs: 009B73CA
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentErrorLastThread$DeleteObject
    • String ID: %s(%d): '%s' failed with error 0x%08lx (%s).$DeleteObject(hDIB)$Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/msw/dib.h
    • API String ID: 3565261088-539599607
    • Opcode ID: 324f3b7417464c5101f7c018f2bf7527aae54dac2d10087ce1a3886b3b88782d
    • Instruction ID: 4af703b861a642f3ea792252c9318f2e10a4c7f23041083524499921ffe76253
    • Opcode Fuzzy Hash: 324f3b7417464c5101f7c018f2bf7527aae54dac2d10087ce1a3886b3b88782d
    • Instruction Fuzzy Hash: 575170B1804388EFDF10DFB4C9457DEBBA4BF05318F508269F825A7282E7759648CBA1
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009D6C70 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 61COMMON
    Download Yara Rule
    APIs
    • GetWindowLongW.USER32(?,000000EC), ref: 009D6C81
    • SetWindowLongW.USER32(?,000000EC,00000000), ref: 009D6CB8
    Strings
    • "Assert failure", xrefs: 009D6CEB
    • Invalid layout direction, xrefs: 009D6CE6
    • "hWnd", xrefs: 009D6D0A
    • Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/msw/private.h, xrefs: 009D6D19
    • Can't set layout direction for invalid window, xrefs: 009D6D05
    • wxUpdateExStyleForLayoutDirection, xrefs: 009D6CF0, 009D6D0F
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: LongWindow
    • String ID: "Assert failure"$"hWnd"$Can't set layout direction for invalid window$Invalid layout direction$Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/msw/private.h$wxUpdateExStyleForLayoutDirection
    • API String ID: 1378638983-2084548400
    • Opcode ID: 27845e646d2922cafdc87f0e2e874d2ff8a417f5b82872d2746611591f2e6195
    • Instruction ID: 3fa943ce6396a7c22ac132cb12db82a2c7b6608ae3ec775feef10aa2ea2b85a7
    • Opcode Fuzzy Hash: 27845e646d2922cafdc87f0e2e874d2ff8a417f5b82872d2746611591f2e6195
    • Instruction Fuzzy Hash: 8F110A713C420067D7245B2CEC0DF77AA55D790B10F148A3FF6A5A23D1C7B10841C525
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00A2A490 Relevance: 12.7, APIs: 2, Strings: 5, Instructions: 482threadCOMMON
    Download Yara Rule
    APIs
    • GetCurrentThreadId.KERNEL32 ref: 00A2A60D
    • GetCurrentThreadId.KERNEL32 ref: 00A2A8AF
      • Part of subcall function 00AF1730: __Init_thread_footer.LIBCMT ref: 00AF1777
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentThread$Init_thread_footer
    • String ID: ..\..\src\common\windowid.cpp$Out of window IDs. Recommend shutting down application.$can't allocate less than 1 id$count > 0$wxIdManager::ReserveId
    • API String ID: 131138946-3590567649
    • Opcode ID: 437d1be609723551edc37a0c0d843b618f3fb9e187fb6a78416a710ad0c4cd35
    • Instruction ID: 78ef7ebb719e7d88dcc1317460377ed396535421261f073d1119bddf98f6b655
    • Opcode Fuzzy Hash: 437d1be609723551edc37a0c0d843b618f3fb9e187fb6a78416a710ad0c4cd35
    • Instruction Fuzzy Hash: 370216B1D00258DFDF20DF68ED41BEE7BA1AF25304F148179E849A7292E7359A44CB92
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00A24AB0 Relevance: 12.7, APIs: 2, Strings: 5, Instructions: 471COMMON
    Download Yara Rule
    Strings
    • Failed to remember the encoding for the charset '%s'., xrefs: 00A24FD0
    • Charsets, xrefs: 00A24E7E
    • : unknown charset, xrefs: 00A24B4C
    • The charset '%s' is unknown. You may selectanother charset to replace it with or choose[Cancel] if it cannot be replaced, xrefs: 00A24C3C
    • ..\..\src\common\fontmap.cpp, xrefs: 00A2509E
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID:
    • String ID: ..\..\src\common\fontmap.cpp$: unknown charset$Charsets$Failed to remember the encoding for the charset '%s'.$The charset '%s' is unknown. You may selectanother charset to replace it with or choose[Cancel] if it cannot be replaced
    • API String ID: 0-839905914
    • Opcode ID: 811c78e72cf17929c4b501dd7b064593b6bf69f242d72ac7f9f4c5cd1ab6f870
    • Instruction ID: 27947a10b64f37c278f9c302bd53584d13341921af2412b6c350ae86a9309eda
    • Opcode Fuzzy Hash: 811c78e72cf17929c4b501dd7b064593b6bf69f242d72ac7f9f4c5cd1ab6f870
    • Instruction Fuzzy Hash: 3D127C70D112689EDF24DFA8DD45BEEBBB4BF59304F1041E9E00AA7281EB705A48CF91
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00A77100 Relevance: 12.6, APIs: 2, Strings: 5, Instructions: 315threadCOMMON
    Download Yara Rule
    APIs
    • GetCurrentThreadId.KERNEL32 ref: 00A772D1
    • GetCurrentThreadId.KERNEL32 ref: 00A773B2
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentThread
    • String ID: %s(%d): '%s' failed with error 0x%08lx (%s).$..\..\src\msw\richmsgdlg.cpp$TaskDialogIndirect$\$`
    • API String ID: 2882836952-4020902046
    • Opcode ID: a386dd02b2b73752a9e65306a450b7a1d8ea4e8ac117ea1d3ea9d4ae9977106e
    • Instruction ID: 6bcc00e364602199e71db0f159e508107d5e3c84095d522c26939dbb3676b915
    • Opcode Fuzzy Hash: a386dd02b2b73752a9e65306a450b7a1d8ea4e8ac117ea1d3ea9d4ae9977106e
    • Instruction Fuzzy Hash: B3D1D170D08218DFDF20EBA4CD55BEDBBB4AF12304F1481A9E41DA7282EB755E48CB91
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009DB100 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 298threadCOMMON
    Download Yara Rule
    APIs
    Strings
    • %s(%d): '%s' failed with error 0x%08lx (%s)., xrefs: 009DB298
    • ..\..\src\msw\settings.cpp, xrefs: 009DB2E6, 009DB344
    • SystemParametersInfo(SPI_GETICONTITLELOGFONT, xrefs: 009DB33A
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentErrorLastThread
    • String ID: %s(%d): '%s' failed with error 0x%08lx (%s).$..\..\src\msw\settings.cpp$SystemParametersInfo(SPI_GETICONTITLELOGFONT
    • API String ID: 1800743499-1780175078
    • Opcode ID: 430003174242cf60fa3c3754723db06860e514eb24e7450513030e7b894aad7b
    • Instruction ID: dd6550c2ae5f7aa73b5544f5cd8f19d736b86ca6d15d1b5422392d31a02005fc
    • Opcode Fuzzy Hash: 430003174242cf60fa3c3754723db06860e514eb24e7450513030e7b894aad7b
    • Instruction Fuzzy Hash: BDB111B1D04248DBDB20EFA4CC45BEEBBB4AF41304F1481AAE4196B392E7755E44CB91
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009DAB80 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 254threadCOMMON
    Download Yara Rule
    APIs
      • Part of subcall function 009DA440: SystemParametersInfoW.USER32(00000000,?,4B020D8A,000001F4), ref: 009DA549
    • GetCurrentThreadId.KERNEL32 ref: 009DAC51
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,4B020D8A,?), ref: 009DAD45
    • GetCurrentThreadId.KERNEL32 ref: 009DAD83
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,SystemParametersInfo(SPI_GETNONCLIENTMETRICS),00000000), ref: 009DADB0
    Strings
    • %s(%d): '%s' failed with error 0x%08lx (%s)., xrefs: 009DAD14
    • SystemParametersInfo(SPI_GETNONCLIENTMETRICS), xrefs: 009DADB6
    • Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/msw/private/metrics.h, xrefs: 009DAD62, 009DADBD
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentErrorLastThread$InfoParametersSystem
    • String ID: %s(%d): '%s' failed with error 0x%08lx (%s).$SystemParametersInfo(SPI_GETNONCLIENTMETRICS)$Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/msw/private/metrics.h
    • API String ID: 4000227285-1079943890
    • Opcode ID: ebf4f08040a10c6ec9514a80d7f040b2aa0a230ebdda7ae12a6b2b8df81ab9a2
    • Instruction ID: cecfaa5402e6e7145bda376d4dd115c84c0679f082db32636f4759187a4d607f
    • Opcode Fuzzy Hash: ebf4f08040a10c6ec9514a80d7f040b2aa0a230ebdda7ae12a6b2b8df81ab9a2
    • Instruction Fuzzy Hash: 4CA1F1B0C45218DBDF20EFA4CC49BAEBBB4AF01314F1481A9E40967381EB755E55CBA2
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009DED10 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 244threadCOMMON
    Download Yara Rule
    APIs
    • GetCurrentThreadId.KERNEL32 ref: 009DED92
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000,00BD3371,000000FF), ref: 009DEE6B
    • GetCurrentThreadId.KERNEL32 ref: 009DEEA9
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00BD3371,000000FF), ref: 009DEED6
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentErrorLastThread
    • String ID: %s(%d): '%s' failed with error 0x%08lx (%s).$..\..\src\msw\icon.cpp$CreateIconIndirect
    • API String ID: 1800743499-100963525
    • Opcode ID: f73648127d550f8aa947ad9343e9d6a322c75723a9cba0b8dfd94565be35497d
    • Instruction ID: f225d2b8939f13d958b5ad4860936803aed8029df5bc6b139879fcdac015d6cc
    • Opcode Fuzzy Hash: f73648127d550f8aa947ad9343e9d6a322c75723a9cba0b8dfd94565be35497d
    • Instruction Fuzzy Hash: 1391F2B1D40248DFDF20EF68C945BDEBBE5AF05314F14816AF8196B382EB359A04CB91
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009BD350 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 184COMMON
    Download Yara Rule
    APIs
    • GetDC.USER32(00000000), ref: 009BD42F
    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 009BD43A
    • ReleaseDC.USER32(00000000,00000000), ref: 009BD445
    • GetDC.USER32(00000000), ref: 009BD4AF
    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 009BD4BA
    • ReleaseDC.USER32(00000000,00000000), ref: 009BD4C5
    Strings
    • msw.font.no-proof-quality, xrefs: 009BD3B6
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CapsDeviceRelease
    • String ID: msw.font.no-proof-quality
    • API String ID: 127614599-2147794330
    • Opcode ID: 3468059cdf01b09d8b17b0be993c1483aabbe966acb240eace8cbea549f7f089
    • Instruction ID: 4ca4ee5216381f06223d11e5bbc52579061a9001a1d834a44d3ec852e3cc6dfa
    • Opcode Fuzzy Hash: 3468059cdf01b09d8b17b0be993c1483aabbe966acb240eace8cbea549f7f089
    • Instruction Fuzzy Hash: 6B61C371A11B04EFCB11DF68D981B9EBBB5FF49310F004629F406AB791EB74A941CB90
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009C3610 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 149COMMON
    Download Yara Rule
    APIs
    • __Init_thread_footer.LIBCMT ref: 009C3820
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: Init_thread_footer
    • String ID: "parent"$..\..\src\common\wincmn.cpp$GetDpiForWindow$Must have TLW parent$user32.dll$wxWindowBase::GetDlgUnitBase
    • API String ID: 1385522511-2646998719
    • Opcode ID: 8006edad6b7223a00652616af79e1dae79e106aa80ddaaa02f0f4cdf6b4b6d0f
    • Instruction ID: 10132aa41b2271a066b6539dc0b4b100e062be818f913faa4d368e4ed455153a
    • Opcode Fuzzy Hash: 8006edad6b7223a00652616af79e1dae79e106aa80ddaaa02f0f4cdf6b4b6d0f
    • Instruction Fuzzy Hash: A851CEB0D05244AFCB14DF98D955F9DBBB8BB55700F10866EE406AB391DB706A04CB92
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009D5480 Relevance: 12.2, APIs: 8, Instructions: 206COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: __floor_pentium4
    • String ID:
    • API String ID: 4168288129-0
    • Opcode ID: 2acd9d9e5e24440b074d692d059176fc80bfcac1708fe318f5eaa8fa8568a550
    • Instruction ID: 363d07a9737d207c4a8aa18a3ad40a18cb541f910fa28252ff4efa15dcece2c3
    • Opcode Fuzzy Hash: 2acd9d9e5e24440b074d692d059176fc80bfcac1708fe318f5eaa8fa8568a550
    • Instruction Fuzzy Hash: 30818C31D04A09CACB02EFB9D4815AEF7B5FF0A340F548766E8557A291EB3598A5CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009E09D0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 150threadCOMMON
    Download Yara Rule
    APIs
    • GetCurrentThreadId.KERNEL32 ref: 009E0A11
    • GetCurrentThreadId.KERNEL32 ref: 009E0AC3
    • GetCurrentThreadId.KERNEL32 ref: 009E0BD3
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentThread
    • String ID: InitCommonControlsEx$InitializeFlatSB$comctl32.dll
    • API String ID: 2882836952-3188224203
    • Opcode ID: 37321fbd9c8b3b8bf657fe14600d9ac3040454482c14f53f0754d16bec1b8844
    • Instruction ID: 869587d5c23d33e42b68b610a154b930f9562c152ecccd612cf8eb05763c13d1
    • Opcode Fuzzy Hash: 37321fbd9c8b3b8bf657fe14600d9ac3040454482c14f53f0754d16bec1b8844
    • Instruction Fuzzy Hash: BE51AC70C55388EADF11DBE4DD55BEEBBB4BB11308F144129E406AB282E7B85A48CB91
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009CCD90 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 98COMMON
    Download Yara Rule
    APIs
    • GetDC.USER32(?), ref: 009CCE80
    • GetDeviceCaps.GDI32(00000000,00000058), ref: 009CCE8C
    • GetDeviceCaps.GDI32(0000005A,0000005A), ref: 009CCE99
    • ReleaseDC.USER32(?,?), ref: 009CCEAF
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CapsDevice$Release
    • String ID: GetDpiForWindow$user32.dll
    • API String ID: 1035833867-1345785904
    • Opcode ID: ba7b8da477e66e339a20aca43a61ad5a2aacdb7a91d5eff6175376a3011285d9
    • Instruction ID: 5964334d481e8785eb03cdd29fd90b12412a29e2aad4f3c91ae11e1d21642f19
    • Opcode Fuzzy Hash: ba7b8da477e66e339a20aca43a61ad5a2aacdb7a91d5eff6175376a3011285d9
    • Instruction Fuzzy Hash: 3C3173B0D01745AFDB10DFA4DD45FAEBBB8FF15700F104569E806AB281EB75A908CB91
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00B7D070 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 94COMMON
    Download Yara Rule
    APIs
    • DdeCreateStringHandleW.USER32(?,000004B0,4B020D8A), ref: 00B7D0F4
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CreateHandleString
    • String ID: ..\..\src\msw\dde.cpp$DDE not initialized$DDEAtomFromString$DDEIdInst$Failed to create DDE string
    • API String ID: 3235122021-955408029
    • Opcode ID: 24385fc758587458509264316c19cad828601e4545d9c6b247adf816fdd48d12
    • Instruction ID: 1b51f6f74467aa14cd40ef57eeecfdc11f11b360b8e338ece76a74c9aab0ad20
    • Opcode Fuzzy Hash: 24385fc758587458509264316c19cad828601e4545d9c6b247adf816fdd48d12
    • Instruction Fuzzy Hash: E3319EB1D10258AECB24EFA4DC56B9EBBF4FF04744F00416EF41AA7681EB74A904CB90
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00BA2D86 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 88COMMON
    Download Yara Rule
    APIs
    • std::__non_rtti_object::__construct_from_string_literal.LIBVCRUNTIME ref: 00BA2DC9
    • std::__non_rtti_object::__construct_from_string_literal.LIBVCRUNTIME ref: 00BA2DFD
    • __CxxThrowException@8.LIBVCRUNTIME ref: 00BA2E0D
    Strings
    • csm, xrefs: 00BA2E26
    • Attempted a typeid of nullptr pointer!, xrefs: 00BA2DF4
    • Bad read pointer - no RTTI data!, xrefs: 00BA2DC0
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: std::__non_rtti_object::__construct_from_string_literal$Exception@8Throw
    • String ID: Attempted a typeid of nullptr pointer!$Bad read pointer - no RTTI data!$csm
    • API String ID: 3406231999-4046477577
    • Opcode ID: 3596a3868b84179974cd741856478b70f0dd5f5f5537254114e330b3a2d51f17
    • Instruction ID: 240e53562daa2f1b029afbd2cfd171a523ae00b89c571af354f0f287772ced2b
    • Opcode Fuzzy Hash: 3596a3868b84179974cd741856478b70f0dd5f5f5537254114e330b3a2d51f17
    • Instruction Fuzzy Hash: 97316B31608304DFDB28DF68D94AB6DB3E4EF46725F1480EAE4019B2A1D775ED41CB51
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00BC4B15 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 78COMMONLIBRARYCODE
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID:
    • String ID: api-ms-$ext-ms-
    • API String ID: 0-537541572
    • Opcode ID: 3d101e1debb473a51f9fd86acd3337110a6dcdf89f64230e5b7baa48af7baa33
    • Instruction ID: e22021300065ff1e7b5bbd7d2794ee6b2ec586e6da7a24913d70a09806984303
    • Opcode Fuzzy Hash: 3d101e1debb473a51f9fd86acd3337110a6dcdf89f64230e5b7baa48af7baa33
    • Instruction Fuzzy Hash: 7D21DB31A01724A7DB218B289C95F5F77E8DB01B70F150698FC59A72D1D770DE00C6E0
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00A0E330 Relevance: 10.6, APIs: 7, Instructions: 74windowCOMMON
    Download Yara Rule
    APIs
    • GetObjectW.GDI32(?,00000018,?), ref: 00A0E341
    • CreateCompatibleDC.GDI32(00000000), ref: 00A0E38F
    • SelectObject.GDI32(00000000,?), ref: 00A0E39A
    • SetStretchBltMode.GDI32(00000000,00000004), ref: 00A0E3BA
    • StretchBlt.GDI32(00000000,?,00000000,?,?,00000000,00000000,00000000,?,?,00CC0020), ref: 00A0E3E2
    • SelectObject.GDI32(00000000,?), ref: 00A0E3FE
    • DeleteDC.GDI32(00000000), ref: 00A0E405
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: Object$SelectStretch$CompatibleCreateDeleteMode
    • String ID:
    • API String ID: 401286896-0
    • Opcode ID: dfffa308377416c90687b9d93548d0670b168ebaf9d95a05cc04c3166ee661ec
    • Instruction ID: f302d8880406918715b97b8c3d2a3abb01b0c6dbe10e7f0483e83e7cff50b3ca
    • Opcode Fuzzy Hash: dfffa308377416c90687b9d93548d0670b168ebaf9d95a05cc04c3166ee661ec
    • Instruction Fuzzy Hash: C121BD71605701AFD7028F24DC08B6FFBA8FF89754F558A19FA84A7260E331A945CF92
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00BCA781 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
    Download Yara Rule
    APIs
      • Part of subcall function 00BCA4CB: _free.LIBCMT ref: 00BCA4F0
    • _free.LIBCMT ref: 00BCA7CF
      • Part of subcall function 00BC48A6: RtlFreeHeap.NTDLL(00000000,00000000,?,00BCA4F5,?,00000000,?,?,?,00BCA79A,?,00000007,?,?,00BCADA1,?), ref: 00BC48BC
      • Part of subcall function 00BC48A6: GetLastError.KERNEL32(?,?,00BCA4F5,?,00000000,?,?,?,00BCA79A,?,00000007,?,?,00BCADA1,?,?), ref: 00BC48CE
    • _free.LIBCMT ref: 00BCA7DA
    • _free.LIBCMT ref: 00BCA7E5
    • _free.LIBCMT ref: 00BCA839
    • _free.LIBCMT ref: 00BCA844
    • _free.LIBCMT ref: 00BCA84F
    • _free.LIBCMT ref: 00BCA85A
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: _free$ErrorFreeHeapLast
    • String ID:
    • API String ID: 776569668-0
    • Opcode ID: 77652eea8fae5878b2a3f91c66f6aa001e68641c337e0f6331fea065fa80c172
    • Instruction ID: 9e28b006e16ad2ef48421990292e91fbb6c859eb83bf059dd44d307597e6d433
    • Opcode Fuzzy Hash: 77652eea8fae5878b2a3f91c66f6aa001e68641c337e0f6331fea065fa80c172
    • Instruction Fuzzy Hash: 43115171A40B08AAD530FBB0CC4BFCB77DC9F04708F80496DB2DD66196DBA9B5054651
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00A1D6F0 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 32COMMON
    Download Yara Rule
    APIs
    • GetWindow.USER32(009C47D0,00000002), ref: 00A1D712
    • DestroyWindow.USER32(009C47D0,?,009BC8A0,00000204,00000000,00000204,00000000,000000FF,4B020D8A,00000000), ref: 00A1D75D
    Strings
    • !IsShown() || ::GetWindow((HWND)m_hGripper, 2) == 0, xrefs: 00A1D72A
    • Bug in wxWidgets: gripper should be at the bottom of Z-order, xrefs: 00A1D725
    • ..\..\src\msw\dialog.cpp, xrefs: 00A1D739
    • wxDialog::DestroyGripper, xrefs: 00A1D72F
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: Window$Destroy
    • String ID: !IsShown() || ::GetWindow((HWND)m_hGripper, 2) == 0$..\..\src\msw\dialog.cpp$Bug in wxWidgets: gripper should be at the bottom of Z-order$wxDialog::DestroyGripper
    • API String ID: 3707531092-973548478
    • Opcode ID: d42b4c82921d65f5bcf06edd7feeab1940ec8ab84a35ff544ab9bf5fec86dadb
    • Instruction ID: c94d3897b4cc384bc9f539ba2023ce484cf4eb1bd30ca1d3e45a15e32fabc496
    • Opcode Fuzzy Hash: d42b4c82921d65f5bcf06edd7feeab1940ec8ab84a35ff544ab9bf5fec86dadb
    • Instruction Fuzzy Hash: 8DF054305407509BDB759B28EC0DBD6BBE16B10704F098978B4AD966F3CBB158C5CB11
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00BC1A76 Relevance: 9.4, APIs: 6, Instructions: 448COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00BC4654: GetLastError.KERNEL32(?,00000001,?,00BA861B,00000001,00000401,00000001,?,00BB2426,00C06416,00000401,4B020D8A,00000000), ref: 00BC4659
      • Part of subcall function 00BC4654: SetLastError.KERNEL32(00000000,00000006,000000FF,?,00BB2426,00C06416,00000401,4B020D8A,00000000), ref: 00BC46F7
    • _memcmp.LIBVCRUNTIME ref: 00BC1D0F
    • _free.LIBCMT ref: 00BC1D83
    • _free.LIBCMT ref: 00BC1D9C
      • Part of subcall function 00BC5675: DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,00BA8CAA), ref: 00BC568E
    • _free.LIBCMT ref: 00BC1DDC
    • _free.LIBCMT ref: 00BC1DE5
    • _free.LIBCMT ref: 00BC1DF1
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: _free$ErrorLast$DecodePointer_memcmp
    • String ID:
    • API String ID: 1231353719-0
    • Opcode ID: a8c8b90b2e4c5faa64412398286210c7925b28eb08d41fe38810d82f1b65de74
    • Instruction ID: 1988995cc3569f00a1e5553a814296c4e1f39dbb62a39d5fadf60e0cafe17a96
    • Opcode Fuzzy Hash: a8c8b90b2e4c5faa64412398286210c7925b28eb08d41fe38810d82f1b65de74
    • Instruction Fuzzy Hash: 2B02B271901619DBDB24DF28D885BADB7F4FF55300F108AEEE889A7251EB30AD90CB41
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00BBD398 Relevance: 9.3, APIs: 6, Instructions: 319fileCOMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • GetConsoleCP.KERNEL32(00000010,00000000,00000000), ref: 00BBD3E0
    • __fassign.LIBCMT ref: 00BBD5BF
    • __fassign.LIBCMT ref: 00BBD5DC
    • WriteFile.KERNEL32(?,00BBF610,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00BBD624
    • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00BBD664
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 00BBD710
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: FileWrite__fassign$ConsoleErrorLast
    • String ID:
    • API String ID: 4031098158-0
    • Opcode ID: d49184dc7e915be82a60c49c0f41f631628965fe69b616db9b3c68778381cd03
    • Instruction ID: 27e117c8a2bda04bb60229ade29229ce3ee612fc110e5e76b7ee32f73b7080cc
    • Opcode Fuzzy Hash: d49184dc7e915be82a60c49c0f41f631628965fe69b616db9b3c68778381cd03
    • Instruction Fuzzy Hash: AFD16D75D002589FCB15CFA8C880AEDBBF5FF49314F2841AAE859BB341E674AD46CB50
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00BBE3F6 Relevance: 9.3, APIs: 6, Instructions: 285COMMON
    Download Yara Rule
    APIs
    • __allrem.LIBCMT ref: 00BBE580
    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00BBE59C
    • __allrem.LIBCMT ref: 00BBE5B3
    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00BBE5D1
    • __allrem.LIBCMT ref: 00BBE5E8
    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00BBE606
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
    • String ID:
    • API String ID: 1992179935-0
    • Opcode ID: 8a2f6104a7dd1416007f697649b5cc46d72b986faf5ac186ee48c52f163e878b
    • Instruction ID: 37500620d2539567742d4b8ea6b7f490f7e64bbd857e48c37ce3bce88f3dec8c
    • Opcode Fuzzy Hash: 8a2f6104a7dd1416007f697649b5cc46d72b986faf5ac186ee48c52f163e878b
    • Instruction Fuzzy Hash: 9781E772A00706ABE7209F28CC41BFA73E9EF55764F1445AAF421D77A1EBF4D9048790
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00B7E050 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 468threadCOMMON
    Download Yara Rule
    APIs
    • DdeGetLastError.USER32(4B020D8A), ref: 00B7E0A7
      • Part of subcall function 00AF1730: __Init_thread_footer.LIBCMT ref: 00AF1777
    • GetCurrentThreadId.KERNEL32 ref: 00B7E0DD
    • GetCurrentThreadId.KERNEL32 ref: 00B7E215
    • DdeQueryStringW.USER32(?,00000000,00000100,000004B0,?), ref: 00B7E611
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentThread$ErrorInit_thread_footerLastQueryString
    • String ID: ..\..\src\msw\dde.cpp
    • API String ID: 869795498-2986801307
    • Opcode ID: b24de66e0483a14f266ea9058ce0de44a775363a1d375981f4fa76964247706f
    • Instruction ID: 6367ca3e979b51d82090733f4f21cec80c76a4c2f2b90bed65ff7d59495a906a
    • Opcode Fuzzy Hash: b24de66e0483a14f266ea9058ce0de44a775363a1d375981f4fa76964247706f
    • Instruction Fuzzy Hash: A702B571904248DFDB20DFA4C845BEE7BF1EF59304F1481A9E82DAB292E735DA44CB91
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00A08450 Relevance: 9.2, APIs: 6, Instructions: 218windowCOMMON
    Download Yara Rule
    APIs
    • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 00A08519
    • GetWindowLongW.USER32(?,000000F0), ref: 00A0863D
    • SetWindowLongW.USER32(?,000000F0,00000003), ref: 00A08673
    • SendMessageW.USER32(?,00000172,00000000,?), ref: 00A08693
    • DeleteObject.GDI32(?), ref: 00A086A6
    • InvalidateRect.USER32(?,?,00000001), ref: 00A0871D
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: LongMessageSendWindow$DeleteInvalidateObjectRect
    • String ID:
    • API String ID: 1497784298-0
    • Opcode ID: fef9657e719422922f8ed9d095e3641a34df6f2ed7c84d64ea8b2ba9132a8680
    • Instruction ID: 9e2e6ce57d19fc8bb920e8f1bfaf83563468e8f5904a96cfd7f345286582f386
    • Opcode Fuzzy Hash: fef9657e719422922f8ed9d095e3641a34df6f2ed7c84d64ea8b2ba9132a8680
    • Instruction Fuzzy Hash: 65917A70A00608DFDB14CFA8D894BDEBBF5EF09310F148559E8AAA7391DB35A904CF54
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009D64D0 Relevance: 9.1, APIs: 6, Instructions: 109COMMON
    Download Yara Rule
    APIs
    • PtInRect.USER32(?,?,?), ref: 009D6565
    • SetCursor.USER32(?,?,?,?,?,?,?,009DD5F2,?,4B020D8A), ref: 009D657F
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CursorRect
    • String ID:
    • API String ID: 1406550935-0
    • Opcode ID: 8078c803d15a2781f796e909bef8fa3b2a85e22300dd480a838a265a1d886017
    • Instruction ID: c2b4627e1792b64c3e28280758dd0d1210ab0a88d960e3a80337713c35789891
    • Opcode Fuzzy Hash: 8078c803d15a2781f796e909bef8fa3b2a85e22300dd480a838a265a1d886017
    • Instruction Fuzzy Hash: 783172B56047019BCB04DF28D885B5FB7E8BFA8344F44891AF849D7311EB31E945CB52
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00BA5AD2 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • GetLastError.KERNEL32(?,?,00BA5AC9,00BA49DA,?,?,00B2CB4D,00B2CC60,4B020D8A,?,?,?,00CDE848,00000000), ref: 00BA5AE0
    • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00BA5AEE
    • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00BA5B07
    • SetLastError.KERNEL32(00000000,?,00BA5AC9,00BA49DA,?,?,00B2CB4D,00B2CC60,4B020D8A,?,?,?,00CDE848,00000000), ref: 00BA5B59
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: ErrorLastValue___vcrt_
    • String ID:
    • API String ID: 3852720340-0
    • Opcode ID: f873655402105fb2b9f56cbb87046efa1d2e84021eb69ee279ce8d3c3b04748c
    • Instruction ID: 447dae93432844c423bbf147ac6c01038c407671b20ef0f070cc122ed1651bc2
    • Opcode Fuzzy Hash: f873655402105fb2b9f56cbb87046efa1d2e84021eb69ee279ce8d3c3b04748c
    • Instruction Fuzzy Hash: ED01D47220EF116EE7382E74AC85B2F27C4EB5377777002AAF620910E5EF514C0995A0
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00A967E0 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 266COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: ___from_strstr_to_strchr$_strstr
    • String ID: grey$none
    • API String ID: 2668852316-2940733298
    • Opcode ID: 0cce56686276e1f598b9555c201d77cb096d7c31e45ae999acd73bcb89d48091
    • Instruction ID: 1a1b7df3ea16d82500b3d68500e45b89780eb7cd69dd03ff19b39c351ba195e4
    • Opcode Fuzzy Hash: 0cce56686276e1f598b9555c201d77cb096d7c31e45ae999acd73bcb89d48091
    • Instruction Fuzzy Hash: 5781597530C2814FDF1A4F3894A57FABBE28F53384F488099D9C58B353D226D94AC362
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00B38150 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 194COMMON
    Download Yara Rule
    APIs
    Strings
    • ..\..\src\common\cmdline.cpp, xrefs: 00B38369
    • kind == wxCMD_LINE_OPTION || kind == wxCMD_LINE_SWITCH, xrefs: 00B3835D
    • kind mismatch in wxCmdLineArg, xrefs: 00B38358
    • wxCmdLineArgImpl::GetShortName, xrefs: 00B38362
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: _wcschr
    • String ID: ..\..\src\common\cmdline.cpp$kind == wxCMD_LINE_OPTION || kind == wxCMD_LINE_SWITCH$kind mismatch in wxCmdLineArg$wxCmdLineArgImpl::GetShortName
    • API String ID: 2691759472-1041940358
    • Opcode ID: c973d5b60e9c529ce7d879aecc86bc9a9b5ab48c84307b99470c3ab6c5ace06f
    • Instruction ID: ce8d96fc7843ed50e6a2084713754c9ce3f8ca7c71fc40c0f7e3f0c2f1164afc
    • Opcode Fuzzy Hash: c973d5b60e9c529ce7d879aecc86bc9a9b5ab48c84307b99470c3ab6c5ace06f
    • Instruction Fuzzy Hash: F3718E71A043059FCB14DF68D881AAEB7F5FF49700F24456AF81AE7351EB30A944CBA5
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009DE900 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 177threadCOMMON
    Download Yara Rule
    APIs
    • GetCurrentThreadId.KERNEL32 ref: 009DE93C
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentThread
    • String ID: A debugging check in this application has failed.$Continue$Don't show this dialog again$Stop
    • API String ID: 2882836952-1940664292
    • Opcode ID: 212a264cbddf8ea1bcdda14612f9f9463a3d4887293ced1717e80a5fdf85a4de
    • Instruction ID: 633e8b365fc916ff3bcd1c70b17c2e2969de4ea62871a7ee7e4296eedc899fd4
    • Opcode Fuzzy Hash: 212a264cbddf8ea1bcdda14612f9f9463a3d4887293ced1717e80a5fdf85a4de
    • Instruction Fuzzy Hash: 0771AE70901119DFCB24EBA4CC55BEDB7B8EF56304F4041A9E10AA7291EB346B89CFA1
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009CD6B0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 175COMMON
    Download Yara Rule
    APIs
    • FillRect.USER32(?,?,00000000), ref: 009CD88C
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: FillRect
    • String ID: "Assert failure"$..\..\src\msw\window.cpp$unknown background style$wxWindow::HandleEraseBkgnd
    • API String ID: 2175405051-3228619896
    • Opcode ID: 26d96406cdc618f561b41ebbac9a49a2d17decf9b07fe55623b23cba83895c0e
    • Instruction ID: 3bce65918a08d27682721fb39a23742332d4547f8e3098a1b88e043491d3f634
    • Opcode Fuzzy Hash: 26d96406cdc618f561b41ebbac9a49a2d17decf9b07fe55623b23cba83895c0e
    • Instruction Fuzzy Hash: AC713671E012089FCB25DFA8C894BEDBBF8BF58300F24416EE556A7291DB716A05CF51
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00AF1120 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 149COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • __Init_thread_footer.LIBCMT ref: 00AF1316
    Strings
    • wxString::FromAscii, xrefs: 00AF11C1
    • Non-ASCII value passed to FromAscii()., xrefs: 00AF11B7
    • ..\..\src\common\string.cpp, xrefs: 00AF11CB
    • c < 0x80, xrefs: 00AF11BC
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: Init_thread_footer
    • String ID: ..\..\src\common\string.cpp$Non-ASCII value passed to FromAscii().$c < 0x80$wxString::FromAscii
    • API String ID: 1385522511-2416659931
    • Opcode ID: 0ef767aaa5ef13ff9ff2b866aaaa703adc6f9b4c764d70948e119ad1b73ff55d
    • Instruction ID: 3f37df09156dc12fa8bda5fde5d7a30a40667534c04417ecaeb085acdb1ae1d6
    • Opcode Fuzzy Hash: 0ef767aaa5ef13ff9ff2b866aaaa703adc6f9b4c764d70948e119ad1b73ff55d
    • Instruction Fuzzy Hash: 7F51CC71E00248EFCB14DFE8D891BEEB7B5AF55300F14412AF90AA7291E735AA05CB91
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009DA740 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 89COMMON
    Download Yara Rule
    APIs
    • GetSysColor.USER32(009EC0D8), ref: 009DA7C1
    Strings
    • ret.IsOk(), xrefs: 009DA81F
    • wxSystemSettingsNative::GetColour, xrefs: 009DA824
    • ..\..\src\msw\settings.cpp, xrefs: 009DA82E
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: Color
    • String ID: ..\..\src\msw\settings.cpp$ret.IsOk()$wxSystemSettingsNative::GetColour
    • API String ID: 2811717613-3359149993
    • Opcode ID: 94f50c07a8aa37c5c507d677b4fad66cf9fe28ffe5796e820e49d2396212ea76
    • Instruction ID: 658fd20bef7cb80163599f4e5db1a8a1a091300db1eeb5b2c06eea3f06d3c469
    • Opcode Fuzzy Hash: 94f50c07a8aa37c5c507d677b4fad66cf9fe28ffe5796e820e49d2396212ea76
    • Instruction Fuzzy Hash: 4631D571E84654ABEB208B18CC09BAAB7BCEB01720F158167F855973C1C7B89D91CBD2
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00B6C2A0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 87COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: _strftime
    • String ID: "Assert failure"$..\..\src\common\datetime.cpp$strftime() failed$wxCallStrftime
    • API String ID: 1867682108-1842681759
    • Opcode ID: c7f68a3280bef078964b5fa531e8cc0a9a5e58bd25e0208e48fb489704a768fc
    • Instruction ID: d651ac2faf779135c48a238bb53ee44f14660076bc85a6755ed050ab801a22d3
    • Opcode Fuzzy Hash: c7f68a3280bef078964b5fa531e8cc0a9a5e58bd25e0208e48fb489704a768fc
    • Instruction Fuzzy Hash: 3131B571A003049FDB24DF28CC15BAAB7F4FB08704F0046AEE849D7781E774AA54CBA5
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009DAAE0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 52COMMON
    Download Yara Rule
    Strings
    • wxSystemSettingsNative::GetMetric, xrefs: 009DAB50
    • invalid metric, xrefs: 009DAB46
    • "index > 0 && (size_t)index < (sizeof(gs_metricsMap)/sizeof(gs_metricsMap[0]))", xrefs: 009DAB4B
    • ..\..\src\msw\settings.cpp, xrefs: 009DAB5A
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID:
    • String ID: "index > 0 && (size_t)index < (sizeof(gs_metricsMap)/sizeof(gs_metricsMap[0]))"$..\..\src\msw\settings.cpp$invalid metric$wxSystemSettingsNative::GetMetric
    • API String ID: 0-2989801190
    • Opcode ID: 684ef9fcb47257b14dedc356e968a59ba6957f3905e03c6b8de230c0920ce45a
    • Instruction ID: 77df1cdfbd2f108f4ff2d4e0edffdb7f31173d1a31afef54ffda22166f0a5906
    • Opcode Fuzzy Hash: 684ef9fcb47257b14dedc356e968a59ba6957f3905e03c6b8de230c0920ce45a
    • Instruction Fuzzy Hash: 430128329C4310AACA34626CBC95BDD660A1742330F158B17F4A5913E5D3E84CE3CA83
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00B6BAF0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 38COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: __allrem
    • String ID: ..\..\src\common\datetime.cpp$IsValid()$invalid wxDateTime$wxDateTime::SetMillisecond
    • API String ID: 2933888876-44157806
    • Opcode ID: e0f05123ab8ae4d627f197c25d764d729dc5f4da8fcd7f43a859ff89d12eea2b
    • Instruction ID: 8703743a23bef684a073e1e2fb1eaff394dda7f6cbf293b1e0a449ec7a1cce6c
    • Opcode Fuzzy Hash: e0f05123ab8ae4d627f197c25d764d729dc5f4da8fcd7f43a859ff89d12eea2b
    • Instruction Fuzzy Hash: 6CF0C232640348BBDB28DF2CDC02F997BE1EB50708F08C265B84CDA2D2D7B58904D762
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00BA9205 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 31libraryloaderCOMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,00BA91FA,?,?,00BA91C2,4B020D8A,00000401,?), ref: 00BA921A
    • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00BA922D
    • FreeLibrary.KERNEL32(00000000,?,?,00BA91FA,?,?,00BA91C2,4B020D8A,00000401,?), ref: 00BA9250
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: AddressFreeHandleLibraryModuleProc
    • String ID: CorExitProcess$mscoree.dll
    • API String ID: 4061214504-1276376045
    • Opcode ID: 5075fa766495afa2489465505efd2ab774fe799c3543c109e03709a3db3f9d5a
    • Instruction ID: d326858bc7060a2bf0a255ba2b0c3007d2cdcd89c3fa96ea3d2ca6a22a5b08ee
    • Opcode Fuzzy Hash: 5075fa766495afa2489465505efd2ab774fe799c3543c109e03709a3db3f9d5a
    • Instruction Fuzzy Hash: F1F05E31941718BBCB119B91DC09B9EBEA8EF45755F0540A5ED04A11A0CB744E00EB90
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00A17A90 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 24COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • SetCursor.USER32(009BA9F7,4B020D8A,?,00BD1B00,000000FF), ref: 00A17AA9
    Strings
    • "gs_wxBusyCursorCount > 0", xrefs: 00A17AC8
    • ..\..\src\msw\utilsgui.cpp, xrefs: 00A17AD4
    • no matching wxBeginBusyCursor() for wxEndBusyCursor(), xrefs: 00A17AC3
    • wxEndBusyCursor, xrefs: 00A17ACD
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: Cursor
    • String ID: "gs_wxBusyCursorCount > 0"$..\..\src\msw\utilsgui.cpp$no matching wxBeginBusyCursor() for wxEndBusyCursor()$wxEndBusyCursor
    • API String ID: 3268636600-722668476
    • Opcode ID: 4986b8913521da454a4ab120bed88c2951c93343ac543b8f59c21b6b18396316
    • Instruction ID: 70b6584058d93c3e78a586d4195f0a0f7ea06a70aa5c8add5fdb8e74b3f4e9dd
    • Opcode Fuzzy Hash: 4986b8913521da454a4ab120bed88c2951c93343ac543b8f59c21b6b18396316
    • Instruction Fuzzy Hash: D6F06D712492416BE725AB28EC19F9CBA607B01748F448067F806D96E2E7B45AC2DF14
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009CD380 Relevance: 7.8, APIs: 5, Instructions: 265fileCOMMON
    Download Yara Rule
    APIs
    • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 009CD3B5
    • DragQueryFileW.SHELL32(?,00000000,00000000,00000000), ref: 009CD436
    • DragQueryFileW.SHELL32(?,00000000,?,00000001), ref: 009CD546
    • DragQueryPoint.SHELL32(?,?), ref: 009CD622
    • DragFinish.SHELL32(?), ref: 009CD635
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: Drag$Query$File$FinishPoint
    • String ID:
    • API String ID: 4226567005-0
    • Opcode ID: 5ca163c906d69afb087ccf54218a0647f92a50fc51ee2244b7aaa03be5f1c600
    • Instruction ID: 2320a9a7571cd4e986da476e3990f696679de93d6c8af0e6febc0ecd4396fc96
    • Opcode Fuzzy Hash: 5ca163c906d69afb087ccf54218a0647f92a50fc51ee2244b7aaa03be5f1c600
    • Instruction Fuzzy Hash: 6BA18DB1D01209EFDB10DFA8C845BAEBBF8EF49704F144169F905B7291E735AA05CBA1
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00BC15ED Relevance: 7.7, APIs: 5, Instructions: 188COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00BC53B2: RtlAllocateHeap.NTDLL(00000000,?,00000004,?,00BC48F5,?,00000000,?,00BCDF30,?,00000004,00000000,?,?,?,00BC3497), ref: 00BC53E4
    • _free.LIBCMT ref: 00BC16FC
    • _free.LIBCMT ref: 00BC1713
    • _free.LIBCMT ref: 00BC1732
    • _free.LIBCMT ref: 00BC174D
    • _free.LIBCMT ref: 00BC1764
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: _free$AllocateHeap
    • String ID:
    • API String ID: 3033488037-0
    • Opcode ID: d55c2cd62167be755e828828b13b6ae357a492322245a7993827d7b8f75b2694
    • Instruction ID: 96eec2ca028295ccfd4c8a69f2dc6ad1b2e82c321f4cf998131ef397c9edac11
    • Opcode Fuzzy Hash: d55c2cd62167be755e828828b13b6ae357a492322245a7993827d7b8f75b2694
    • Instruction Fuzzy Hash: B451A172A00605AFDB20DF29DC81F6A77F4EF56714F1449AEE849E7252E731DD018B80
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00BC340E Relevance: 7.6, APIs: 5, Instructions: 120COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • _free.LIBCMT ref: 00BC347C
    • _free.LIBCMT ref: 00BC349C
    • __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00BC34FD
    • __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00BC350F
    • __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00BC351C
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: __crt_fast_encode_pointer$_free
    • String ID:
    • API String ID: 366466260-0
    • Opcode ID: cf82cc53efe52aad111bf01e9334ba55a41c1ed3786c579d95cd1a0654fef710
    • Instruction ID: a8c3b6d21de96103ea9689984f094972cfb2cdcf35db90c87872d8d88f26e8a0
    • Opcode Fuzzy Hash: cf82cc53efe52aad111bf01e9334ba55a41c1ed3786c579d95cd1a0654fef710
    • Instruction Fuzzy Hash: 97417F76A002049FCB24DF68C881B6AB7F6EF89714F5585ADE516EB351E731EE01CB80
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009E9C70 Relevance: 7.6, APIs: 5, Instructions: 83COMMON
    Download Yara Rule
    APIs
    • GetWindowLongW.USER32(?,000000EC), ref: 009E9CB0
    • SetWindowLongW.USER32(?,000000EC,00000000), ref: 009E9CDB
    • SetWindowLongW.USER32(?,000000EC,00000000), ref: 009E9D07
    • SetLayeredWindowAttributes.USER32(?,00000000,000000FF,00000002), ref: 009E9D1F
    • SetWindowLongW.USER32(?,000000EC,00000000), ref: 009E9D3C
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: Window$Long$AttributesLayered
    • String ID:
    • API String ID: 2169480361-0
    • Opcode ID: 30dc1bed92864142620d0e7fe43fd7d7948f5b43e0c542b5354877c90f7da931
    • Instruction ID: 164be624f739d4d73e4a588368f18460a3bff0ded9ed25618042f67d6375704a
    • Opcode Fuzzy Hash: 30dc1bed92864142620d0e7fe43fd7d7948f5b43e0c542b5354877c90f7da931
    • Instruction Fuzzy Hash: 502171B1904664ABCB119F598C48BAFFFA8EB4A720F25436AF925A73D1C7314940CB90
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009D9A30 Relevance: 7.6, APIs: 5, Instructions: 72COMMON
    Download Yara Rule
    APIs
    • GetDC.USER32(?), ref: 009D9A67
    • SelectObject.GDI32(00000000,00000000), ref: 009D9A91
    • GetTextMetricsW.GDI32(00000000,?), ref: 009D9A9E
    • SelectObject.GDI32(00000000,00000000), ref: 009D9AAA
    • ReleaseDC.USER32(?,00000000), ref: 009D9AB4
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: ObjectSelect$MetricsReleaseText
    • String ID:
    • API String ID: 594571999-0
    • Opcode ID: 0c061899948cba6a035fa19da1f9a8f56fcf57c3aa76d83dfa24e6e4a7881455
    • Instruction ID: 5ed4358f9c0e2b4ec4797fe5415ea08cbd1629b1cb9cc4a9f5cfde264ad3f895
    • Opcode Fuzzy Hash: 0c061899948cba6a035fa19da1f9a8f56fcf57c3aa76d83dfa24e6e4a7881455
    • Instruction Fuzzy Hash: AA216072D00A589BCB11DFA4D944BEFBBB8FF89714F01861AEC16A7241EB306944CB90
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00BCA251 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • _free.LIBCMT ref: 00BCA269
      • Part of subcall function 00BC48A6: RtlFreeHeap.NTDLL(00000000,00000000,?,00BCA4F5,?,00000000,?,?,?,00BCA79A,?,00000007,?,?,00BCADA1,?), ref: 00BC48BC
      • Part of subcall function 00BC48A6: GetLastError.KERNEL32(?,?,00BCA4F5,?,00000000,?,?,?,00BCA79A,?,00000007,?,?,00BCADA1,?,?), ref: 00BC48CE
    • _free.LIBCMT ref: 00BCA27B
    • _free.LIBCMT ref: 00BCA28D
    • _free.LIBCMT ref: 00BCA29F
    • _free.LIBCMT ref: 00BCA2B1
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: _free$ErrorFreeHeapLast
    • String ID:
    • API String ID: 776569668-0
    • Opcode ID: b1d755ff873a72bfd5305198e666099940a7db18313844b07c214fe7460f734d
    • Instruction ID: e7e22648fea9f308247240bb041175b3e89a82174987e905aaee86e567dceb56
    • Opcode Fuzzy Hash: b1d755ff873a72bfd5305198e666099940a7db18313844b07c214fe7460f734d
    • Instruction Fuzzy Hash: A1F0BB32606654ABC630DB54F4C6F1E73D9FA50754B54089EF088EF658C771FC808660
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00B35A80 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 400threadCOMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00B33760: GetCurrentThreadId.KERNEL32 ref: 00B3383D
    • GetCurrentThreadId.KERNEL32 ref: 00B35B02
      • Part of subcall function 00BA7252: _free.LIBCMT ref: 00BA7265
    • GetCurrentThreadId.KERNEL32 ref: 00B35DA8
    Strings
    • ..\..\src\common\init.cpp, xrefs: 00B35D87
    • Initialization failed in post init, aborting., xrefs: 00B35BBA
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentThread$_free
    • String ID: ..\..\src\common\init.cpp$Initialization failed in post init, aborting.
    • API String ID: 2780227361-2619394299
    • Opcode ID: 4f435a5f34f287ec173cdf5c5644ca6e81c7d7322e727f4a86b3da68ef982412
    • Instruction ID: 75b09cf7c1ff15913b1044169b6f8e95cbcfe0f999fd22202840200b0f0ab740
    • Opcode Fuzzy Hash: 4f435a5f34f287ec173cdf5c5644ca6e81c7d7322e727f4a86b3da68ef982412
    • Instruction Fuzzy Hash: 14F1C3B1904288DFDF30DF64CD457EE7BE1EF55304F2481A8E849AB291EB359A44CB91
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00BB18E6 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 376COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: __freea
    • String ID: a/p$am/pm
    • API String ID: 240046367-3206640213
    • Opcode ID: e218f4c8c6647602a2f59c24eeb00c9cb1eec1b295878dedb04003550773dc68
    • Instruction ID: 784d358333cd4f10789673f94bf2587f94af1c392f6cd122cdb13aff1dafd437
    • Opcode Fuzzy Hash: e218f4c8c6647602a2f59c24eeb00c9cb1eec1b295878dedb04003550773dc68
    • Instruction Fuzzy Hash: C1C1AB359442069BCB248FACC8B8AFABBF4FF05710FA449D9E405AB254D3B1AD41CB65
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00AEC570 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 240threadCOMMON
    Download Yara Rule
    APIs
    • GetCurrentThreadId.KERNEL32 ref: 00AEC7F8
    Strings
    • 3.1.4 (wchar_t,Visual C++ 1900,wx containers,compatible with 3.0), xrefs: 00AEC5AE, 00AEC5F0, 00AEC5F5
    • Mismatch between the program and library build versions detected.The library used %s,and %s used %s., xrefs: 00AEC664
    • ..\..\src\common\appbase.cpp, xrefs: 00AEC7D7
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CurrentThread
    • String ID: ..\..\src\common\appbase.cpp$3.1.4 (wchar_t,Visual C++ 1900,wx containers,compatible with 3.0)$Mismatch between the program and library build versions detected.The library used %s,and %s used %s.
    • API String ID: 2882836952-3369823335
    • Opcode ID: c804dfa7d574c3a15830e6206e9110f4c30f8ea8ee3acbf7e8f3951a1b9109ff
    • Instruction ID: 71954c48f3831d307120a26f5f52b7a07abb4e9dd8c4f4592710ec77970cddcd
    • Opcode Fuzzy Hash: c804dfa7d574c3a15830e6206e9110f4c30f8ea8ee3acbf7e8f3951a1b9109ff
    • Instruction Fuzzy Hash: 39A18071D0128CDEDF21EFA4C945BEE7BF8AF15304F044159E909AB281EB756A09CBE1
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009EBDC0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 196COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: Color$ParentText
    • String ID:
    • API String ID: 3447874738-3916222277
    • Opcode ID: 67d73264d6e40db4da40b98a5570fd8fa8d3b34a12f04b6d07ee0335ba81ad49
    • Instruction ID: 0c892e881f7eded60d72f0ef3ba3537c5b0ccbfbfcf950e3ed76d0bb0f8c7b6d
    • Opcode Fuzzy Hash: 67d73264d6e40db4da40b98a5570fd8fa8d3b34a12f04b6d07ee0335ba81ad49
    • Instruction Fuzzy Hash: 6A719131A042999FCB12DF69C844BEEBFE5AF58350F054099E855AB392CB34DE04CBA1
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00B06910 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 112COMMON
    Download Yara Rule
    APIs
    • GetUserDefaultLCID.KERNEL32(00000000,?,?,00C0BA24,?,00A23023,00B027C0,00000000), ref: 00B0695A
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: DefaultUser
    • String ID: Z:\Development\Applications\FluxPlayer\3rdparty\bin\vs2017\wxwidgets\include\wx/vector.h$idx < m_size$wxVector<struct wxLanguageInfo *>::at
    • API String ID: 3358694519-3841119071
    • Opcode ID: 1862c745fec5133549f91bf240f65f2ab6ba40d6f45e6fe6617b1597ed2f4226
    • Instruction ID: 9eea059b73f2300efbbdb3e922b75eb6411b95c320e9d4c3e7035f780dce887d
    • Opcode Fuzzy Hash: 1862c745fec5133549f91bf240f65f2ab6ba40d6f45e6fe6617b1597ed2f4226
    • Instruction Fuzzy Hash: 7541C2727003409FD720AB1DECA9B19BBD0FB04324F1585A9F089AB6E2C7B0E855CB61
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00A408E0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106windowCOMMON
    Download Yara Rule
    APIs
    • SendMessageW.USER32(?,0000041E,00000014,00000000), ref: 00A409AF
    • SendMessageW.USER32(?,00000454,00000000,00000001), ref: 00A409C0
    • SendMessageW.USER32(?,00000456,00000000,00000000), ref: 00A409DE
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: MessageSend
    • String ID: ToolbarWindow32
    • API String ID: 3850602802-4104838417
    • Opcode ID: 874b83e59e93486aa5e96297ed73aceb026ea57f0d2a0dfaed7a08d164fa4a97
    • Instruction ID: b568922ef552a6ac8ce80bb555f5520dd5ce6f7570d6e75bfcf693f2631f353a
    • Opcode Fuzzy Hash: 874b83e59e93486aa5e96297ed73aceb026ea57f0d2a0dfaed7a08d164fa4a97
    • Instruction Fuzzy Hash: F631BA75A00208ABDB14DF68DC41FEEB7F9EF85750F10422AF916AB2C1EB7469049B94
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00B7D2D0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 19COMMON
    Download Yara Rule
    APIs
    • DdeFreeStringHandle.USER32(00B7EF51,00B7EF51), ref: 00B7D2DA
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: FreeHandleString
    • String ID: ..\..\src\msw\dde.cpp$DDEFreeString$Failed to free DDE string handle
    • API String ID: 1000512360-2609908482
    • Opcode ID: 329ab1a98199d7ebdaf3099518849354c52d389fcf1a8485d937ebb8a47bfb37
    • Instruction ID: 2cd7e118a1b5b26bd20de11d46e5329353c4c7ffeac7925a9ad92b5b80bed3de
    • Opcode Fuzzy Hash: 329ab1a98199d7ebdaf3099518849354c52d389fcf1a8485d937ebb8a47bfb37
    • Instruction Fuzzy Hash: C3E0CD61540B81A6DF275720AD16F057DA0EB11B45F09C4B4F0AC901E3DB728800DF27
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00BBE17F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: f18751651cf55f819aa9f841b990490cbf1575869a55e8c3cf957994a148c89f
    • Instruction ID: 64eefa5160c134d5b29b6759f9f4c244559609c806761e4b2dee1820e6be333c
    • Opcode Fuzzy Hash: f18751651cf55f819aa9f841b990490cbf1575869a55e8c3cf957994a148c89f
    • Instruction Fuzzy Hash: 4741E871A04704AFDB249F7CCC41BFABBE8EF45710F1045AAF025EB2A1D6B5E9408780
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00BC898D Relevance: 6.1, APIs: 4, Instructions: 133fileCOMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • _free.LIBCMT ref: 00BC8A5D
    • _free.LIBCMT ref: 00BC8A86
    • SetEndOfFile.KERNEL32(00000000,00BB9F8C,00000000,00BC9AB4,?,?,?,?,?,?,?,00BB9F8C,00BC9AB4,00000000), ref: 00BC8AB8
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,00BB9F8C,00BC9AB4,00000000,?,?,?,?,00000000,4B020D8A), ref: 00BC8AD4
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: _free$ErrorFileLast
    • String ID:
    • API String ID: 1547350101-0
    • Opcode ID: 68ae9d20681f9be7fab2d70183766caf5b1ce09316b017c25e1995c6dc5140c8
    • Instruction ID: 1eea6f4048b899eadc80ae3e7d12c83ca412b852c83f941ee32b8a654a7c0c83
    • Opcode Fuzzy Hash: 68ae9d20681f9be7fab2d70183766caf5b1ce09316b017c25e1995c6dc5140c8
    • Instruction Fuzzy Hash: 1041F932A00605ABDB21ABB8CC42FAE37E5EF44320F1505EAF414EB291EE74CD518761
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00B0D800 Relevance: 6.1, APIs: 4, Instructions: 102fileCOMMON
    Download Yara Rule
    APIs
    • CreateFileW.KERNEL32(00000105,C0000000,00000000,00000000,00000004,04000100,00000000,00B0D005,?,?,?,00000000,?,?,00000105), ref: 00B0D828
    • GetFileType.KERNEL32(?,00CCA8B0,00000010,?,00000000), ref: 00BBAE06
    • GetLastError.KERNEL32(?,00000000), ref: 00BBAE10
    • __dosmaperr.LIBCMT ref: 00BBAE17
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: File$CreateErrorLastType__dosmaperr
    • String ID:
    • API String ID: 756031763-0
    • Opcode ID: 7bb69823684a8eab5011d2cff1a5e0eca78f3f3f9ef7a386e72eef0f8dbbc436
    • Instruction ID: a9d4313fdd263a18c32be2e29bc2540bbef7e2b34e1400662fa18b6d7660e7ed
    • Opcode Fuzzy Hash: 7bb69823684a8eab5011d2cff1a5e0eca78f3f3f9ef7a386e72eef0f8dbbc436
    • Instruction Fuzzy Hash: 40312830A05340AFDB119B68CC06BED3BE1AF45324F248688F1959F2E2C7F4D841DB5A
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00BC4654 Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • GetLastError.KERNEL32(?,00000001,?,00BA861B,00000001,00000401,00000001,?,00BB2426,00C06416,00000401,4B020D8A,00000000), ref: 00BC4659
    • _free.LIBCMT ref: 00BC46B6
    • _free.LIBCMT ref: 00BC46EC
    • SetLastError.KERNEL32(00000000,00000006,000000FF,?,00BB2426,00C06416,00000401,4B020D8A,00000000), ref: 00BC46F7
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: ErrorLast_free
    • String ID:
    • API String ID: 2283115069-0
    • Opcode ID: e37158bc0d2d38325d2bf18aaaaa5fc40fe74adc50f88a4a496ed0f9dec39d45
    • Instruction ID: 5ce53756404ca1c22e4e70f2a0e0c3618f02367761605858c4a09a600d08becd
    • Opcode Fuzzy Hash: e37158bc0d2d38325d2bf18aaaaa5fc40fe74adc50f88a4a496ed0f9dec39d45
    • Instruction Fuzzy Hash: 5F110632201A412BD61626F86CA5F2F27DAEBC2371B2603FDF210D21EDFFA18E014120
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00BC47AB Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • GetLastError.KERNEL32(?,?,?,00BB6900,00BC4913,?,00BCDF30,?,00000004,00000000,?,?,?,00BC3497,?,00000000), ref: 00BC47B0
    • _free.LIBCMT ref: 00BC480D
    • _free.LIBCMT ref: 00BC4843
    • SetLastError.KERNEL32(00000000,00000006,000000FF,?,00BCDF30,?,00000004,00000000,?,?,?,00BC3497,?,00000000,00000004), ref: 00BC484E
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: ErrorLast_free
    • String ID:
    • API String ID: 2283115069-0
    • Opcode ID: f1581c68bee71b519c05566f89d869bf6aa8b1c54f71033bee30a529420168f9
    • Instruction ID: 6c97f2ad2ef5dbcfa8b46f476127f67e93d5d26ec0d954b0f396e7193dd02b22
    • Opcode Fuzzy Hash: f1581c68bee71b519c05566f89d869bf6aa8b1c54f71033bee30a529420168f9
    • Instruction Fuzzy Hash: 6B11C232211A416BD61627F86CE5F2F27EAEBC1775B2503ADF114D21E9FB608E014110
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00A044A0 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
    Download Yara Rule
    APIs
    • CreateCompatibleDC.GDI32(00000000), ref: 00A044CB
    • SelectObject.GDI32(00000000,?), ref: 00A044EC
    • SelectObject.GDI32(00000000,?), ref: 00A0450F
    • DeleteDC.GDI32(00000000), ref: 00A04516
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: ObjectSelect$CompatibleCreateDelete
    • String ID:
    • API String ID: 488333989-0
    • Opcode ID: efd85ed8469a3c17c6150476e920df476e0b45ed3cf7a4cd026c8ab8dea3d6be
    • Instruction ID: 670b26e98ed9c7c936b1b8449af139bbdb1c95dc14dc762fde31ec48816f0886
    • Opcode Fuzzy Hash: efd85ed8469a3c17c6150476e920df476e0b45ed3cf7a4cd026c8ab8dea3d6be
    • Instruction Fuzzy Hash: 7C112775901618AFCB119F98E908BAEBBB8FB09724F01415AF90197390EB759A00CBE1
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009CFB80 Relevance: 6.0, APIs: 4, Instructions: 36windowCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CursorFromMessageParentPointWindow
    • String ID:
    • API String ID: 4288395648-0
    • Opcode ID: 1ac08063d7fcddd0feaa1f1453989191c211a27bb42f4bfceac4a5b5910fe3a9
    • Instruction ID: 9d5470e4fccf1a7316a92fb0dd802e0411f25f6d050bcc22bdfcc9eac6d75773
    • Opcode Fuzzy Hash: 1ac08063d7fcddd0feaa1f1453989191c211a27bb42f4bfceac4a5b5910fe3a9
    • Instruction Fuzzy Hash: 8FF05471905702ABD7109B28DCA4F5F77EDAE44751F45493DF889C3610E735DC40DA62
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00BD0CEA Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • WriteConsoleW.KERNEL32(00000000,?,4B020D8A,00000000,00000000,?,00BC99A1,00000000,00000001,00000000,00000000,?,00BBD76F,00000000,00000010,00000000), ref: 00BD0D01
    • GetLastError.KERNEL32(?,00BC99A1,00000000,00000001,00000000,00000000,?,00BBD76F,00000000,00000010,00000000,00000000,00000000,?,00BBDCC3,00BBF610), ref: 00BD0D0D
      • Part of subcall function 00BD0CD3: CloseHandle.KERNEL32(FFFFFFFE,00BD0D1D,?,00BC99A1,00000000,00000001,00000000,00000000,?,00BBD76F,00000000,00000010,00000000,00000000,00000000), ref: 00BD0CE3
    • ___initconout.LIBCMT ref: 00BD0D1D
      • Part of subcall function 00BD0C95: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00BD0CC4,00BC998E,00000000,?,00BBD76F,00000000,00000010,00000000,00000000), ref: 00BD0CA8
    • WriteConsoleW.KERNEL32(00000000,?,4B020D8A,00000000,?,00BC99A1,00000000,00000001,00000000,00000000,?,00BBD76F,00000000,00000010,00000000,00000000), ref: 00BD0D32
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
    • String ID:
    • API String ID: 2744216297-0
    • Opcode ID: 487196a16dad742c91fcbd05773e534666c9725fef1eb5dcf82896b72443a8d4
    • Instruction ID: 2e259f92d3e9762b75d5a3bf0391d63d8dcb9305dbb6d8985681b83bb7c6a060
    • Opcode Fuzzy Hash: 487196a16dad742c91fcbd05773e534666c9725fef1eb5dcf82896b72443a8d4
    • Instruction Fuzzy Hash: 35F01C7A110A19BBCF222FD5DC08B8E7F66FB497A1F054052FA0D95230D6328820DF90
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00B0E470 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 171fileCOMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • FindNextFileW.KERNEL32(00000000,4B020D8A,4B020D8A,00000024,?,00000000), ref: 00B0E4BB
    • FindNextFileW.KERNEL32(?,00C06414,?,00000000,?,00C06414,00C06412), ref: 00B0E670
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: FileFindNext
    • String ID: *?.
    • API String ID: 2029273394-1318272471
    • Opcode ID: 0462bbbd2a32ccf84ad8cabe78e6bc708237fddd3f8d8e101e10de2a88133d74
    • Instruction ID: a312d17351b765e5e92f5a2269bb23d4488935e00cdbaebcd62c7dda1fc26579
    • Opcode Fuzzy Hash: 0462bbbd2a32ccf84ad8cabe78e6bc708237fddd3f8d8e101e10de2a88133d74
    • Instruction Fuzzy Hash: F551AB319042148BCB14DF64DC95BFEBBF4FF65314F9409A9E92AA72C0EB719A04CB90
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00A0AB20 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMON
    Download Yara Rule
    APIs
    • __Init_thread_footer.LIBCMT ref: 00A0ACBC
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: Init_thread_footer
    • String ID: GetDpiForWindow$user32.dll
    • API String ID: 1385522511-1345785904
    • Opcode ID: ab9898f9bf5136f562d780fe172c74fa705da3ce27067301e5a43f4c2298424d
    • Instruction ID: 5de3ce42afb2a2526cea2714c065756b62d1f2e51c143fabfb0cd43a2f2682ed
    • Opcode Fuzzy Hash: ab9898f9bf5136f562d780fe172c74fa705da3ce27067301e5a43f4c2298424d
    • Instruction Fuzzy Hash: FB41D23190535CDFCB11EFA8EC45BADBBB5BB16700F14425AE40AAB3D0EB746944DB42
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009DA440 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 94COMMON
    Download Yara Rule
    APIs
    • SystemParametersInfoW.USER32(00000000,?,4B020D8A,000001F4), ref: 009DA549
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: InfoParametersSystem
    • String ID: SystemParametersInfoForDpi$user32.dll
    • API String ID: 3098949447-1516300067
    • Opcode ID: a606dd447fc3e924cfec8464c0e741f2ed1102d89b38d9083b7e05020af65965
    • Instruction ID: 2eb99c36b0aa8b0817d12ad5db75b1f84276e0b5aab7a6d2a99bfaa1c3ec2d50
    • Opcode Fuzzy Hash: a606dd447fc3e924cfec8464c0e741f2ed1102d89b38d9083b7e05020af65965
    • Instruction Fuzzy Hash: 8E319E35901258AFCB11DF94EC49BEE7BB8FF45710F10416AF806AB390DB70AA14CB91
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00B2C0D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 86COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00B34610: GetProcAddress.KERNEL32(4B020D8A,?), ref: 00B3464A
    • GetCurrentProcess.KERNEL32(?), ref: 00B2C1B2
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: AddressCurrentProcProcess
    • String ID: IsWow64Process$kernel32.dll
    • API String ID: 3217270580-3024904723
    • Opcode ID: dd50b8bcdc8d5cef6cb50effbfd413b90e493cb0daf3ab08f5bf87448b5c5045
    • Instruction ID: ddc5b0c2b32b503ab6a9bf0f7bec49a162b47e71afb7076647ed5cf50c99fbad
    • Opcode Fuzzy Hash: dd50b8bcdc8d5cef6cb50effbfd413b90e493cb0daf3ab08f5bf87448b5c5045
    • Instruction Fuzzy Hash: 91318D74D11258ABDF04DFE0D85ABEEBBB8FF05304F500559E802B7281DBB86A08CB94
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009D9920 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 78COMMON
    Download Yara Rule
    APIs
    • GetSystemMetrics.USER32(?), ref: 009D9A0E
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: MetricsSystem
    • String ID: GetSystemMetricsForDpi$user32.dll
    • API String ID: 4116985748-3334186595
    • Opcode ID: 9f2b042786837a828dd603dd32f99998fa6b5ef32bb1c7654c83add6ecd89549
    • Instruction ID: a0918661fc2b4726d96ef59dfb001c26f095fd8ea0a06d79e5b94b119816148c
    • Opcode Fuzzy Hash: 9f2b042786837a828dd603dd32f99998fa6b5ef32bb1c7654c83add6ecd89549
    • Instruction Fuzzy Hash: C6319F31911258DFCF15EF94DC45BAEBBB8FF05710F10826AE806AB391DB746A04CB90
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00AECB80 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
    Download Yara Rule
    APIs
    • MessageBoxW.USER32(00000000,?,wxWidgets Debug Alert,00000113), ref: 00AECBE3
    Strings
    • Do you want to stop the program?You can also choose [Cancel] to suppress further warnings., xrefs: 00AECBB7
    • wxWidgets Debug Alert, xrefs: 00AECBDB
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: Message
    • String ID: Do you want to stop the program?You can also choose [Cancel] to suppress further warnings.$wxWidgets Debug Alert
    • API String ID: 2030045667-3099621527
    • Opcode ID: 71c03e502f978c8234d434b2d59b0ef5185a2e1604b6033a275bd168919a7709
    • Instruction ID: beec00d0130af1b818c5936bc3816e08eb0f4ce2c62715b1939fffae93741bf2
    • Opcode Fuzzy Hash: 71c03e502f978c8234d434b2d59b0ef5185a2e1604b6033a275bd168919a7709
    • Instruction Fuzzy Hash: 6E117C31A44248EFDB14DFA8DD66FEEB7B8FB05714F404529F412A7280DB346505CB90
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00A2C9B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 009E2230: GetProcessDefaultLayout.USER32(00B027C0), ref: 009E2263
    • CreateWindowExW.USER32(00000000,tooltips_class32,00000000,00000003,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00A2C9FA
    • SetWindowPos.USER32(00000000,000000FF,00000000,00000000,00000000,00000000,00000013), ref: 00A2CA17
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: Window$CreateDefaultLayoutProcess
    • String ID: tooltips_class32
    • API String ID: 2390726395-1918224756
    • Opcode ID: 1eb1bb21598ffc9c8ce6c0ad253d3f312e3044449489b64a481193e0bfb7189e
    • Instruction ID: 7411d79fc0165a8a6c59cb71dc970ac48795f339539779c2d8b2e8fd97c41da0
    • Opcode Fuzzy Hash: 1eb1bb21598ffc9c8ce6c0ad253d3f312e3044449489b64a481193e0bfb7189e
    • Instruction Fuzzy Hash: 3FF01C70794361B6FA309724AC47F5E2658DB04FB0F300225BB15BD5D0E6A4B900C9A9
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00A1D6A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24COMMON
    Download Yara Rule
    APIs
    • CreateWindowExW.USER32(00000000,SCROLLBAR,00C06414,4400001C,00000000,00000000,jjj,00000000,009C7A00,00000000,00000000,00000000), ref: 00A1D6D7
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: CreateWindow
    • String ID: SCROLLBAR$jjj
    • API String ID: 716092398-4162337666
    • Opcode ID: 14399505c1046bb1fd68943fb0385c8377c2b85f97f1da4241f5d772305758cd
    • Instruction ID: cc6e6ec4b03d3c204464d1e21a9a3effb06a766f4ab8b5b49b339cdcd6d37f98
    • Opcode Fuzzy Hash: 14399505c1046bb1fd68943fb0385c8377c2b85f97f1da4241f5d772305758cd
    • Instruction Fuzzy Hash: 2DE012313D4710BBF3645768BC07FC6E658EF51F25F304226B6287A1D286F0789096D8
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00B346B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16libraryCOMMON
    Download Yara Rule
    APIs
    • GetModuleHandleW.KERNEL32(00000001,00B343E7,?,00000028,?,4B020D8A,?), ref: 00B346C6
    • LoadLibraryW.KERNEL32(00000001,00B343E7,?,00000028,?,4B020D8A,?), ref: 00B346D5
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1284586091.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
    • Associated: 00000000.00000002.1284533610.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284795985.0000000000C05000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284875514.0000000000CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284895054.0000000000CD1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284913729.0000000000CD5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284933797.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000CE6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1284953012.0000000000D09000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D0B000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D1C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_9a0000_Start.jbxd
    Similarity
    • API ID: HandleLibraryLoadModule
    • String ID: @
    • API String ID: 4133054770-2766056989
    • Opcode ID: 7fbf0a14427d161fcd75f8472dce1eefe70ba176e3e8079efd6887b8b546a6e3
    • Instruction ID: 3076884114ee3b3a50afc6ac74e772378bb230fecbde20aa10c556c9d6116f09
    • Opcode Fuzzy Hash: 7fbf0a14427d161fcd75f8472dce1eefe70ba176e3e8079efd6887b8b546a6e3
    • Instruction Fuzzy Hash: 3DD04270604640ABCE08DF54DAA9B1A7BE5AB86305F2549C8E5458B571C738EC44CF25
    Uniqueness

    Uniqueness Score: -1.00%