Edit tour

Windows Analysis Report
PuranWipeDiskSetup.exe

Overview

General Information

Sample name:	PuranWipeDiskSetup.exe
Analysis ID:	1427673
MD5:	d16aa5ca552327616646485fc6bd5dea
SHA1:	d19640ae5776d7c3b244685fffc4019fae20556c
SHA256:	56c131b4d4db9a111b3d8a0e635bb35b8b75d77905fed299e150655ef90e05e5
Infos:

Detection

Score:	15
Range:	0 - 100
Whitelisted:	false
Confidence:	20%

Signatures

Contains functionality to infect the boot sector

Allocates memory with a write watch (potentially for evading sandboxes)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to communicate with device drivers

Contains functionality to dynamically determine API calls

Contains functionality to query locales information (e.g. system language)

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Drops PE files

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

PE file contains executable resources (Code or Archives)

PE file does not import any functions

Potential key logger detected (key state polling based)

Queries keyboard layouts

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Stores files to the Windows start menu directory

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Classification

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox

Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior

Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--")

Sample searches for specific file, try point organization specific fake files to the analysis machine

Process Tree

System is w10x64

PuranWipeDiskSetup.exe (PID: 5900 cmdline: "C:\Users\user\Desktop\PuranWipeDiskSetup.exe" MD5: D16AA5CA552327616646485FC6BD5DEA)

PuranWipeDiskSetup.tmp (PID: 6640 cmdline: "C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp" /SL5="$10450,952714,192000,C:\Users\user\Desktop\PuranWipeDiskSetup.exe" MD5: 659C4E56A4F543542525F51A8255901A)

Puran Wipe Disk.exe (PID: 7160 cmdline: "C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe" MD5: 05B0790DD0E18DA66B04A54B82D36F84)

hh.exe (PID: 2448 cmdline: "C:\Windows\hh.exe" C:\Program Files\Puran Wipe Disk\help\Wipe_Disk.chm MD5: 2C8FE78D53C8CA27523A71DFD2938241)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Source: PuranWipeDiskSetup.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Directory created: C:\Program Files\Puran Wipe Disk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Directory created: C:\Program Files\Puran Wipe Disk\unins000.dat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Directory created: C:\Program Files\Puran Wipe Disk\is-UDJ45.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Directory created: C:\Program Files\Puran Wipe Disk\is-7J9I7.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Directory created: C:\Program Files\Puran Wipe Disk\Help	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Directory created: C:\Program Files\Puran Wipe Disk\Help\is-JQLMN.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Directory created: C:\Program Files\Puran Wipe Disk\is-6S64H.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Directory created: C:\Program Files\Puran Wipe Disk\is-II2TT.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Directory created: C:\Program Files\Puran Wipe Disk\is-E3G21.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Directory created: C:\Program Files\Puran Wipe Disk\is-JRBGR.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Directory created: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.url	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Puran Wipe Disk_is1

Jump to behavior

Source:	Binary string: E:\New_Work\Refined_15-1-12-2015\Auto Maintain\Wipe Disk\Release\Wipe Disk.pdb source: PuranWipeDiskSetup.tmp, 00000001.00000003.2042232290.0000000006090000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\New_Work\Refined_15-1-12-2015\Auto Maintain\Wipe Disk\x64\Release\Wipe Disk.pdb source: PuranWipeDiskSetup.tmp, 00000001.00000003.2042232290.0000000006155000.00000004.00001000.00020000.00000000.sdmp, Puran Wipe Disk.exe, 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmp, Puran Wipe Disk.exe, 00000006.00000000.2034718356.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmp, is-7J9I7.tmp.1.dr

Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe

Code function: 6_2_00007FF6DF12B460 GetFullPathNameW,PathIsUNCW,GetVolumeInformationW,CharUpperW,FindFirstFileW,FindClose,lstrlenW,

6_2_00007FF6DF12B460

Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe

Code function: 6_2_00007FF6DF1034D0 malloc,malloc,malloc,malloc,GetLogicalDriveStringsW,malloc,GetLogicalDriveStringsW,GetDriveTypeW,GetDriveTypeW,GetVolumeInformationW,GetDiskFreeSpaceExW,free,free,free,free,free,

6_2_00007FF6DF1034D0

Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Windows\History\desktop.ini	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Windows	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	File opened: C:\Users\user\AppData\Local\Microsoft	Jump to behavior

Source: global traffic	HTTP traffic detected: GET /npupage7.html HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.purannetworks.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /home.png HTTP/1.1Accept: /Referer: http://www.purannetworks.com/npupage7.htmlAccept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.purannetworks.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /fblike.jpg HTTP/1.1Accept: /Referer: http://www.purannetworks.com/npupage7.htmlAccept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.purannetworks.comConnection: Keep-Alive

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 17 Apr 2024 21:27:23 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, Keep-AliveLast-Modified: Tue, 24 May 2022 12:18:15 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 372Keep-Alive: timeout=5, max=75Content-Type: text/htmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 85 52 cb 4e 84 30 14 5d 4b c2 3f dc 90 98 d9 38 14 c6 1d c3 cc 37 b8 71 6d 0a 5c a0 4e a1 4d 7b 95 41 e3 bf db 16 88 31 31 e3 a6 bd cf 73 4e 4e 5b f6 34 c8 73 1c 95 3d f2 c6 dd 2e 22 41 12 5d f8 f4 66 f8 08 cf 24 a4 20 81 d6 75 d8 d6 72 b1 a5 59 22 d0 ac f1 94 10 5e 89 d5 d6 26 a1 45 bc 92 f8 00 d4 c4 d1 67 1c dd b5 6a a4 7d cb 07 21 e7 82 1b c1 e5 71 2b 5a f1 81 45 9e eb ab af 54 ca 34 68 f6 b5 92 92 6b 8b c5 16 1c 3d e4 97 3f 52 6a 3c 51 40 05 f8 0b 76 ad 2e b8 87 80 0b 70 03 18 40 f3 a6 11 63 b7 27 a5 8b c7 b0 10 a8 e2 a8 52 cd bc 30 0d dc 74 62 2c 32 3f bf 8e 87 24 0c 96 2c f8 e0 0d 64 3f 0e fa 65 b0 b5 71 4c a7 64 54 8b 2d de 59 ef 0c 4c a2 a1 1e 4e b0 cb b3 ec 7e 07 3d 8a ae 27 9f 1f f2 9d 07 22 13 ce 15 8b 43 6f b0 75 ed a4 27 d2 05 63 d3 34 a5 da 3f 8d 55 2d 4d dc 60 5a ab 21 01 72 32 d1 c3 24 2f 95 e4 e3 25 39 97 62 e8 c0 9a 3a ec aa 01 53 3d 76 c9 6a 87 ab 65 e7 92 f1 85 83 ad 64 81 16 b8 14 dd e8 06 4c d0 f5 be a5 ce a2 1b 8a 5a 5e 63 a5 d4 c5 8b 61 bf e4 fd 27 ad ad a4 b8 60 fa aa ff 11 e7 82 60 0c 0b 2e 6e 7a 99 f7 7a ed 87 af fc 0d 5e 9b de 5c d1 02 00 00 Data Ascii: RN0]K?87qm\NM{A11sNN[4s=."A]f$ urY"^&Egj}!q+ZET4hk=?Rj<Q@v.p@c'R0tb,2?$,d?eqLdT-YLN~='"Cou'c4?U-M`Z!r2$/%9b:S=vjedLZ^ca'``.nzz^\

Source: global traffic	HTTP traffic detected: GET /npupage7.html HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.purannetworks.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /home.png HTTP/1.1Accept: /Referer: http://www.purannetworks.com/npupage7.htmlAccept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.purannetworks.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /fblike.jpg HTTP/1.1Accept: /Referer: http://www.purannetworks.com/npupage7.htmlAccept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.purannetworks.comConnection: Keep-Alive

Source: Puran Wipe Disk.exe, 00000006.00000002.2913647617.0000000004A80000.00000004.00000800.00020000.00000000.sdmp, Puran Wipe Disk.exe, 00000006.00000002.2910915408.0000000000986000.00000004.00000020.00020000.00000000.sdmp, Puran Wipe Disk.exe, 00000006.00000002.2911980379.0000000004716000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: <a href = "http://www.facebook.com/puransoftware" target = "_blank"><img src = "fblike.jpg" border = 0></a> equals www.facebook.com (Facebook)
Source: Puran Wipe Disk.exe, 00000006.00000002.2911980379.0000000004803000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Jhttp://www.facebook.com/puransoftware equals www.facebook.com (Facebook)
Source: Puran Wipe Disk.exe, 00000006.00000002.2911980379.00000000047AD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Jhttp://www.facebook.com/puransoftwarentlows\INetCache equals www.facebook.com (Facebook)
Source: Puran Wipe Disk.exe, 00000006.00000002.2911980379.000000000476A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Jhttp://www.facebook.com/puransoftwarewarp.dll5 equals www.facebook.com (Facebook)
Source: Puran Wipe Disk.exe, 00000006.00000002.2911980379.0000000004716000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.facebook.com/puransoftware equals www.facebook.com (Facebook)
Source: Puran Wipe Disk.exe, 00000006.00000002.2911980379.00000000047C7000.00000004.00000020.00020000.00000000.sdmp, Puran Wipe Disk.exe, 00000006.00000002.2911980379.0000000004803000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.facebook.com/puransoftware equals www.facebook.com (Facebook)
Source: Puran Wipe Disk.exe, 00000006.00000002.2911980379.0000000004803000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.facebook.com/puransoftwareXZ equals www.facebook.com (Facebook)
Source: Puran Wipe Disk.exe, 00000006.00000002.2911980379.00000000047C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.facebook.com/puransoftware~ equals www.facebook.com (Facebook)
Source: Puran Wipe Disk.exe, 00000006.00000002.2911980379.00000000047AD000.00000004.00000020.00020000.00000000.sdmp, Puran Wipe Disk.exe, 00000006.00000002.2911980379.00000000047FC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: Puran Wipe Disk.exe, 00000006.00000002.2911980379.00000000047FC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: www.facebook.com: equals www.facebook.com (Facebook)

Source: unknown

DNS traffic detected: queries for: www.purannetworks.com

Source: PuranWipeDiskSetup.exe, 00000000.00000003.1636103041.00000000023D0000.00000004.00001000.00020000.00000000.sdmp, PuranWipeDiskSetup.exe, 00000000.00000003.1636351274.000000007FD10000.00000004.00001000.00020000.00000000.sdmp, PuranWipeDiskSetup.tmp, 00000001.00000000.1637056297.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-UDJ45.tmp.1.dr, PuranWipeDiskSetup.tmp.0.dr	String found in binary or memory: http://www.innosetup.com/
Source: PuranWipeDiskSetup.exe	String found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: Puran Wipe Disk.exe, 00000006.00000002.2911980379.00000000047C7000.00000004.00000020.00020000.00000000.sdmp, Puran Wipe Disk.exe, 00000006.00000002.2911980379.0000000004716000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.purannetworks.com/fblike.jpg
Source: Puran Wipe Disk.exe, 00000006.00000002.2911980379.00000000047AD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.purannetworks.com/fblike.jpg...
Source: Puran Wipe Disk.exe, 00000006.00000002.2911980379.0000000004710000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.purannetworks.com/fblike.jpgF
Source: Puran Wipe Disk.exe, 00000006.00000002.2911980379.0000000004716000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.purannetworks.com/fblike.jpgH
Source: Puran Wipe Disk.exe, 00000006.00000002.2911980379.00000000047C7000.00000004.00000020.00020000.00000000.sdmp, Puran Wipe Disk.exe, 00000006.00000002.2911980379.0000000004716000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.purannetworks.com/home.png
Source: Puran Wipe Disk.exe, 00000006.00000002.2911980379.00000000047AD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.purannetworks.com/home.png...nb
Source: Puran Wipe Disk.exe, 00000006.00000002.2911980379.00000000047C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.purannetworks.com/home.pngB
Source: Puran Wipe Disk.exe, 00000006.00000002.2911980379.0000000004710000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.purannetworks.com/home.pngnational)
Source: Puran Wipe Disk.exe, 00000006.00000002.2910915408.0000000000922000.00000004.00000020.00020000.00000000.sdmp, Puran Wipe Disk.exe, 00000006.00000002.2910915408.0000000000908000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.purannetworks.com/npupage7.html
Source: Puran Wipe Disk.exe, 00000006.00000002.2910915408.0000000000962000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.purannetworks.com/npupage7.html.dll
Source: Puran Wipe Disk.exe, 00000006.00000002.2910915408.0000000000962000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.purannetworks.com/npupage7.html4Q
Source: Puran Wipe Disk.exe, 00000006.00000002.2910915408.0000000000986000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.purannetworks.com/npupage7.html6v
Source: Puran Wipe Disk.exe, 00000006.00000002.2911980379.0000000004716000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.purannetworks.com/npupage7.htmlC:
Source: Puran Wipe Disk.exe, 00000006.00000002.2911980379.00000000047AD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.purannetworks.com/npupage7.htmlLMEMx
Source: Puran Wipe Disk.exe, 00000006.00000002.2911980379.00000000047DA000.00000004.00000020.00020000.00000000.sdmp, Puran Wipe Disk.exe, 00000006.00000002.2911980379.0000000004716000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.purannetworks.com/npupage7.htmlPuran
Source: Puran Wipe Disk.exe, 00000006.00000002.2910915408.0000000000922000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.purannetworks.com/npupage7.htmlS
Source: Puran Wipe Disk.exe, 00000006.00000002.2911980379.0000000004716000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.purannetworks.com/npupage7.htmlUUC:
Source: Puran Wipe Disk.exe, 00000006.00000002.2911980379.0000000004716000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.purannetworks.com/npupage7.htmlannetworks.com/npupage7.html
Source: Puran Wipe Disk.exe, 00000006.00000002.2910915408.0000000000962000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.purannetworks.com/npupage7.htmlil.imgmll...e7.htmlent
Source: Puran Wipe Disk.exe, 00000006.00000002.2911980379.0000000004710000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.purannetworks.com/npupage7.htmlowsh
Source: Puran Wipe Disk.exe, 00000006.00000002.2911980379.0000000004710000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.purannetworks.com/npupage7.htmlq
Source: Puran Wipe Disk.exe, 00000006.00000002.2910915408.0000000000922000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.purannetworks.com/npupage7.htmls
Source: Puran Wipe Disk.exe, 00000006.00000002.2911980379.000000000479D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.purannetworks.com/npupage7.htmlttp://www.purannetworks.com/fblike.jpg...
Source: Puran Wipe Disk.exe	String found in binary or memory: http://www.purannetworks.com/npupage7c.html
Source: PuranWipeDiskSetup.tmp, 00000001.00000003.2042232290.0000000006090000.00000004.00001000.00020000.00000000.sdmp, PuranWipeDiskSetup.tmp, 00000001.00000003.2042232290.0000000006155000.00000004.00001000.00020000.00000000.sdmp, Puran Wipe Disk.exe, 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmp, Puran Wipe Disk.exe, 00000006.00000000.2034718356.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmp, is-7J9I7.tmp.1.dr	String found in binary or memory: http://www.purannetworks.com/npupage7c.htmlhttp://www.purannetworks.com/npupage7ty.htmlhttp://www.pu
Source: Puran Wipe Disk.exe	String found in binary or memory: http://www.purannetworks.com/npupage7ty.html
Source: Puran Wipe Disk.exe	String found in binary or memory: http://www.purannetworks.com/pupage7.html
Source: Puran Wipe Disk.exe	String found in binary or memory: http://www.purannetworks.com/pupage7c.html
Source: Puran Wipe Disk.exe	String found in binary or memory: http://www.purannetworks.com/pupage7ty.html
Source: Puran Wipe Disk.exe, 00000006.00000002.2910915408.0000000000922000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.purannetworks.com/rentVersion
Source: Puran Wipe Disk.exe, 00000006.00000002.2911980379.0000000004716000.00000004.00000020.00020000.00000000.sdmp, Puran Wipe Disk.url.1.dr, npupage7[1].htm.6.dr	String found in binary or memory: http://www.puransoftware.com
Source: PuranWipeDiskSetup.tmp, 00000001.00000003.2042232290.0000000006245000.00000004.00001000.00020000.00000000.sdmp, is-E3G21.tmp.1.dr	String found in binary or memory: http://www.puransoftware.com-default-browser-puran
Source: Puran Wipe Disk.exe, 00000006.00000002.2910915408.0000000000922000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.puransoftware.com/
Source: Puran Wipe Disk.exe, 00000006.00000002.2911980379.00000000047C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.puransoftware.com/L
Source: PuranWipeDiskSetup.exe, 00000000.00000003.1635262910.00000000023D0000.00000004.00001000.00020000.00000000.sdmp, PuranWipeDiskSetup.tmp, 00000001.00000003.1638444311.00000000032F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.puransoftware.com8http://www.puransoftware.com8http://www.puransoftware.com(
Source: Puran Wipe Disk.exe, 00000006.00000002.2911980379.00000000047AD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.puransoftware.comD~
Source: PuranWipeDiskSetup.exe, 00000000.00000003.2055970608.000000000227A000.00000004.00001000.00020000.00000000.sdmp, PuranWipeDiskSetup.tmp, 00000001.00000003.2046969701.00000000025CA000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.puransoftware.comq
Source: PuranWipeDiskSetup.exe, 00000000.00000003.1636103041.00000000023D0000.00000004.00001000.00020000.00000000.sdmp, PuranWipeDiskSetup.exe, 00000000.00000003.1636351274.000000007FD10000.00000004.00001000.00020000.00000000.sdmp, PuranWipeDiskSetup.tmp, 00000001.00000000.1637056297.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-UDJ45.tmp.1.dr, PuranWipeDiskSetup.tmp.0.dr	String found in binary or memory: http://www.remobjects.com/ps
Source: Puran Wipe Disk.exe, 00000006.00000002.2911980379.0000000004710000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com
Source: Puran Wipe Disk.exe, 00000006.00000002.2910915408.0000000000986000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
Source: Puran Wipe Disk.exe, 00000006.00000002.2911980379.0000000004716000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf
Source: Puran Wipe Disk.exe, 00000006.00000002.2911980379.0000000004750000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf&lw=1&f
Source: Puran Wipe Disk.exe, 00000006.00000002.2911980379.00000000047C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2
Source: Puran Wipe Disk.exe, 00000006.00000002.2911980379.0000000004710000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
Source: Puran Wipe Disk.exe, 00000006.00000002.2911980379.0000000004716000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033l3LMEM
Source: Puran Wipe Disk.exe, 00000006.00000002.2911980379.0000000004763000.00000004.00000020.00020000.00000000.sdmp, Puran Wipe Disk.exe, 00000006.00000002.2911980379.00000000047AD000.00000004.00000020.00020000.00000000.sdmp, Puran Wipe Disk.exe, 00000006.00000002.2910915408.000000000093C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live

Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe

Code function: 6_2_00007FF6DF10BF28 GetKeyState,GetKeyState,GetKeyState,SendMessageW,

6_2_00007FF6DF10BF28

Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe

Code function: 6_2_00007FF6DF103FE0: GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,malloc,CreateFileW,free,DeviceIoControl,GetLastError,CloseHandle,DeviceIoControl,DeviceIoControl,

6_2_00007FF6DF103FE0

Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF147EF0	6_2_00007FF6DF147EF0
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF14BAC0	6_2_00007FF6DF14BAC0
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF16B9D0	6_2_00007FF6DF16B9D0
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF103A30	6_2_00007FF6DF103A30
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF15B610	6_2_00007FF6DF15B610
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF1034D0	6_2_00007FF6DF1034D0
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF10B220	6_2_00007FF6DF10B220
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF102EE0	6_2_00007FF6DF102EE0
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF15C920	6_2_00007FF6DF15C920
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF15C5F0	6_2_00007FF6DF15C5F0
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF178520	6_2_00007FF6DF178520
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF10E294	6_2_00007FF6DF10E294
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF18A060	6_2_00007FF6DF18A060
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF1860F0	6_2_00007FF6DF1860F0
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF146128	6_2_00007FF6DF146128
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF13DF44	6_2_00007FF6DF13DF44
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF103FE0	6_2_00007FF6DF103FE0
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF13C014	6_2_00007FF6DF13C014
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF18BEC0	6_2_00007FF6DF18BEC0
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF165D60	6_2_00007FF6DF165D60
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF185DA0	6_2_00007FF6DF185DA0
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF17DD90	6_2_00007FF6DF17DD90
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF17FD2D	6_2_00007FF6DF17FD2D
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF17FB9E	6_2_00007FF6DF17FB9E
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF13FBF8	6_2_00007FF6DF13FBF8
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF105970	6_2_00007FF6DF105970
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF1899D0	6_2_00007FF6DF1899D0
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF1698B0	6_2_00007FF6DF1698B0
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF171720	6_2_00007FF6DF171720
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF13D49C	6_2_00007FF6DF13D49C
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF17D500	6_2_00007FF6DF17D500
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF15D510	6_2_00007FF6DF15D510
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF13F3B0	6_2_00007FF6DF13F3B0
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF169400	6_2_00007FF6DF169400
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF105300	6_2_00007FF6DF105300
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF139330	6_2_00007FF6DF139330
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF13F18C	6_2_00007FF6DF13F18C
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF17F190	6_2_00007FF6DF17F190
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF13CFFC	6_2_00007FF6DF13CFFC
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF165000	6_2_00007FF6DF165000
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF17AE90	6_2_00007FF6DF17AE90
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF17CEC0	6_2_00007FF6DF17CEC0
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF18AF14	6_2_00007FF6DF18AF14
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF14AD50	6_2_00007FF6DF14AD50
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF13CC50	6_2_00007FF6DF13CC50
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF104D10	6_2_00007FF6DF104D10
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF136D34	6_2_00007FF6DF136D34
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF144C34	6_2_00007FF6DF144C34
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF134A3C	6_2_00007FF6DF134A3C
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF140AC8	6_2_00007FF6DF140AC8
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF1208F0	6_2_00007FF6DF1208F0
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF17C770	6_2_00007FF6DF17C770
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF16E7F0	6_2_00007FF6DF16E7F0
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF18A824	6_2_00007FF6DF18A824
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF1346B0	6_2_00007FF6DF1346B0
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF182590	6_2_00007FF6DF182590
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF1385E8	6_2_00007FF6DF1385E8
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF12C4A4	6_2_00007FF6DF12C4A4
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF18A520	6_2_00007FF6DF18A520
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF14652C	6_2_00007FF6DF14652C
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF144338	6_2_00007FF6DF144338
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF13C378	6_2_00007FF6DF13C378
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF1343DC	6_2_00007FF6DF1343DC
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF180417	6_2_00007FF6DF180417
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF16E250	6_2_00007FF6DF16E250
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF1662B0	6_2_00007FF6DF1662B0
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF16A280	6_2_00007FF6DF16A280
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF182280	6_2_00007FF6DF182280
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF1801CE	6_2_00007FF6DF1801CE

Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: String function: 00007FF6DF181B00 appears 73 times
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: String function: 00007FF6DF189930 appears 530 times
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: String function: 00007FF6DF181BD0 appears 106 times

Source: PuranWipeDiskSetup.tmp.0.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: PuranWipeDiskSetup.tmp.0.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: is-UDJ45.tmp.1.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-UDJ45.tmp.1.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: is-7J9I7.tmp.1.dr	Static PE information: Resource name: None type: DOS executable (COM)

Source: is-6S64H.tmp.1.dr

Static PE information: No import functions for PE file found

Source: PuranWipeDiskSetup.exe, 00000000.00000003.1636351274.000000007FE33000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameshfolder.dll~/ vs PuranWipeDiskSetup.exe
Source: PuranWipeDiskSetup.exe, 00000000.00000003.1636103041.00000000024F7000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameshfolder.dll~/ vs PuranWipeDiskSetup.exe

Source: PuranWipeDiskSetup.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: is-6S64H.tmp.1.dr

Static PE information: Section .rsrc

Source: classification engine

Classification label: clean15.winEXE@7/31@1/1

Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF103FE0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,malloc,CreateFileW,free,DeviceIoControl,GetLastError,CloseHandle,DeviceIoControl,DeviceIoControl,		6_2_00007FF6DF103FE0
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF101D20 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,GetVolumePathNameW,malloc,malloc,GetVolumeNameForVolumeMountPointW,free,free,free,CreateFileW,free,free,free,		6_2_00007FF6DF101D20

Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe

6_2_00007FF6DF1034D0

Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe

Code function: 6_2_00007FF6DF127B44 VariantClear,SysAllocStringByteLen,CoCreateInstance,CoCreateInstance,

6_2_00007FF6DF127B44

Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe

Code function: 6_2_00007FF6DF10FC44 FindResourceW,LoadResource,LockResource,FreeResource,

6_2_00007FF6DF10FC44

Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp

File created: C:\Program Files\Puran Wipe Disk

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp

File created: C:\Users\user\AppData\Local\Programs

Jump to behavior

Source: C:\Users\user\Desktop\PuranWipeDiskSetup.exe

File created: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp

Jump to behavior

Source: C:\Users\user\Desktop\PuranWipeDiskSetup.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp

File read: C:\Program Files\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\PuranWipeDiskSetup.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization

Jump to behavior

Source: Puran Wipe Disk.exe	String found in binary or memory: Help not found. Please re-install
Source: PuranWipeDiskSetup.exe	String found in binary or memory: /LOADINF="filename"

Source: C:\Users\user\Desktop\PuranWipeDiskSetup.exe

File read: C:\Users\user\Desktop\PuranWipeDiskSetup.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\PuranWipeDiskSetup.exe "C:\Users\user\Desktop\PuranWipeDiskSetup.exe"
Source: C:\Users\user\Desktop\PuranWipeDiskSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp "C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp" /SL5="$10450,952714,192000,C:\Users\user\Desktop\PuranWipeDiskSetup.exe"
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Process created: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe "C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe"
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Process created: C:\Windows\hh.exe "C:\Windows\hh.exe" C:\Program Files\Puran Wipe Disk\help\Wipe_Disk.chm
Source: C:\Users\user\Desktop\PuranWipeDiskSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp "C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp" /SL5="$10450,952714,192000,C:\Users\user\Desktop\PuranWipeDiskSetup.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Process created: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe "C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Process created: C:\Windows\hh.exe "C:\Windows\hh.exe" C:\Program Files\Puran Wipe Disk\help\Wipe_Disk.chm	Jump to behavior

Source: C:\Users\user\Desktop\PuranWipeDiskSetup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\PuranWipeDiskSetup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Section loaded: msftedit.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Section loaded: windows.globalization.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Section loaded: bcp47mrm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Section loaded: globinputhost.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Section loaded: windows.ui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Section loaded: windowmanagementapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Section loaded: inputhost.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Section loaded: oledlg.dll	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Section loaded: msiso.dll	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Section loaded: mshtml.dll	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Section loaded: srpapi.dll	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Section loaded: d2d1.dll	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Section loaded: msimtf.dll	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Section loaded: profext.dll	Jump to behavior
Source: C:\Windows\hh.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\hh.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\hh.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\hh.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\hh.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\hh.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\hh.exe	Section loaded: itss.dll	Jump to behavior
Source: C:\Windows\hh.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\hh.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\hh.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\hh.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\hh.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\hh.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\hh.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\hh.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\hh.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\hh.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\hh.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\hh.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Windows\hh.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Windows\hh.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Windows\hh.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Windows\hh.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Windows\hh.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\hh.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\hh.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\hh.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\hh.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\hh.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\hh.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\hh.exe	Section loaded: msiso.dll	Jump to behavior
Source: C:\Windows\hh.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\hh.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\hh.exe	Section loaded: mshtml.dll	Jump to behavior
Source: C:\Windows\hh.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\hh.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\hh.exe	Section loaded: srpapi.dll	Jump to behavior
Source: C:\Windows\hh.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Windows\hh.exe	Section loaded: msimtf.dll	Jump to behavior
Source: C:\Windows\hh.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Windows\hh.exe	Section loaded: d2d1.dll	Jump to behavior
Source: C:\Windows\hh.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Windows\hh.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Windows\hh.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\hh.exe	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Windows\hh.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\hh.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Windows\hh.exe	Section loaded: textshaping.dll	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32

Jump to behavior

Source: Puran Wipe Disk.lnk.1.dr	LNK file: ..\..\..\..\..\..\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe
Source: Puran Wipe Disk.lnk0.1.dr	LNK file: ..\..\..\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe
Source: Puran Wipe Disk on the Web.lnk.1.dr	LNK file: ..\..\..\..\..\..\Program Files\Puran Wipe Disk\Puran Wipe Disk.url

Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp

Window found: window name: TMainForm

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Automated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Automated click: I accept the agreement
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Automated click: OK
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Automated click: OK
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Automated click: OK
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Automated click: OK
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Automated click: OK
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Automated click: OK

Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp

File opened: C:\Windows\SysWOW64\MSFTEDIT.DLL

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\hh.exe

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\16.0\Access\Capabilities\UrlAssociations

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Directory created: C:\Program Files\Puran Wipe Disk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Directory created: C:\Program Files\Puran Wipe Disk\unins000.dat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Directory created: C:\Program Files\Puran Wipe Disk\is-UDJ45.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Directory created: C:\Program Files\Puran Wipe Disk\is-7J9I7.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Directory created: C:\Program Files\Puran Wipe Disk\Help	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Directory created: C:\Program Files\Puran Wipe Disk\Help\is-JQLMN.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Directory created: C:\Program Files\Puran Wipe Disk\is-6S64H.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Directory created: C:\Program Files\Puran Wipe Disk\is-II2TT.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Directory created: C:\Program Files\Puran Wipe Disk\is-E3G21.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Directory created: C:\Program Files\Puran Wipe Disk\is-JRBGR.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Directory created: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.url	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Puran Wipe Disk_is1

Jump to behavior

Source: PuranWipeDiskSetup.exe

Static file information: File size 1438603 > 1048576

Source:	Binary string: E:\New_Work\Refined_15-1-12-2015\Auto Maintain\Wipe Disk\Release\Wipe Disk.pdb source: PuranWipeDiskSetup.tmp, 00000001.00000003.2042232290.0000000006090000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\New_Work\Refined_15-1-12-2015\Auto Maintain\Wipe Disk\x64\Release\Wipe Disk.pdb source: PuranWipeDiskSetup.tmp, 00000001.00000003.2042232290.0000000006155000.00000004.00001000.00020000.00000000.sdmp, Puran Wipe Disk.exe, 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmp, Puran Wipe Disk.exe, 00000006.00000000.2034718356.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmp, is-7J9I7.tmp.1.dr

Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe

Code function: 6_2_00007FF6DF170080 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,

6_2_00007FF6DF170080

Persistence and Installation Behavior

Contains functionality to infect the boot sector

Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe

Code function: GetVersionExW,malloc,DeviceIoControl,free,CloseHandle,CloseHandle,free,CloseHandle,free,free,CloseHandle, \\.\PhysicalDrive%d

6_2_00007FF6DF101F20

Source: C:\Users\user\Desktop\PuranWipeDiskSetup.exe	File created: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	File created: C:\Users\user\AppData\Local\Temp\is-BUOCP.tmp\_isetup\_shfoldr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	File created: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	File created: C:\Program Files\Puran Wipe Disk\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	File created: C:\Program Files\Puran Wipe Disk\Default.cjstyles (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	File created: C:\Users\user\AppData\Local\Temp\is-BUOCP.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	File created: C:\Program Files\Puran Wipe Disk\is-6S64H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	File created: C:\Program Files\Puran Wipe Disk\is-UDJ45.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	File created: C:\Program Files\Puran Wipe Disk\is-7J9I7.tmp	Jump to dropped file

Boot Survival

Contains functionality to infect the boot sector

Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe

Code function: GetVersionExW,malloc,DeviceIoControl,free,CloseHandle,CloseHandle,free,CloseHandle,free,free,CloseHandle, \\.\PhysicalDrive%d

6_2_00007FF6DF101F20

Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Puran Wipe Disk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Puran Wipe Disk\Puran Wipe Disk.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Puran Wipe Disk\Puran Wipe Disk on the Web.lnk	Jump to behavior

Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF103EC0 IsIconic,SendMessageW,GetSystemMetrics,GetSystemMetrics,GetClientRect,DrawIcon,		6_2_00007FF6DF103EC0
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF1082A4 MonitorFromWindow,IsIconic,GetWindowPlacement,GetWindowRect,		6_2_00007FF6DF1082A4

Source: C:\Users\user\Desktop\PuranWipeDiskSetup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\hh.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\hh.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\hh.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\hh.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\hh.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\hh.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\hh.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\hh.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\hh.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\hh.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Memory allocated: 49D0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\hh.exe	Memory allocated: 1E8A5330000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\hh.exe	Memory allocated: 1E0A0980000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-BUOCP.tmp\_isetup\_shfoldr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Dropped PE file which has not been started: C:\Program Files\Puran Wipe Disk\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-BUOCP.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Dropped PE file which has not been started: C:\Program Files\Puran Wipe Disk\is-6S64H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Dropped PE file which has not been started: C:\Program Files\Puran Wipe Disk\is-UDJ45.tmp	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809			Jump to behavior

Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe

File Volume queried: C:\ FullSizeInformation

Jump to behavior

Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe

Code function: 6_2_00007FF6DF12B460 GetFullPathNameW,PathIsUNCW,GetVolumeInformationW,CharUpperW,FindFirstFileW,FindClose,lstrlenW,

6_2_00007FF6DF12B460

Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe

6_2_00007FF6DF1034D0

Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe

Code function: 6_2_00007FF6DF14EA20 GetSystemInfo,

6_2_00007FF6DF14EA20

Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Windows\History\desktop.ini	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Windows	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	File opened: C:\Users\user\AppData\Local\Microsoft	Jump to behavior

Source: Puran Wipe Disk.exe, 00000006.00000002.2910915408.0000000000922000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}8b}
Source: Puran Wipe Disk.exe, 00000006.00000002.2911980379.00000000047F7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\4(
Source: PuranWipeDiskSetup.tmp, 00000001.00000003.2050882030.0000000000925000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}!
Source: Puran Wipe Disk.exe, 00000006.00000002.2911980379.0000000004716000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 0.Y-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: Puran Wipe Disk.exe, 00000006.00000002.2910915408.0000000000986000.00000004.00000020.00020000.00000000.sdmp, Puran Wipe Disk.exe, 00000006.00000002.2911980379.0000000004716000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: Puran Wipe Disk.exe, 00000006.00000002.2910915408.0000000000962000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW

Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	API call chain: ExitProcess graph end node			graph_6-53612
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	API call chain: ExitProcess graph end node			graph_6-55056

Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe

Code function: 6_2_00007FF6DF135D78 RtlCaptureContext,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

6_2_00007FF6DF135D78

Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe

Code function: 6_2_00007FF6DF170080 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,

6_2_00007FF6DF170080

Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe

Code function: 6_2_00007FF6DF18C450 GetProcessHeap,HeapFree,

6_2_00007FF6DF18C450

Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF135D78 RtlCaptureContext,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	6_2_00007FF6DF135D78
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF13B794 RtlCaptureContext,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	6_2_00007FF6DF13B794
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF131700 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	6_2_00007FF6DF131700
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: 6_2_00007FF6DF134A24 SetUnhandledExceptionFilter,	6_2_00007FF6DF134A24

Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp

Process created: C:\Windows\hh.exe "C:\Windows\hh.exe" C:\Program Files\Puran Wipe Disk\help\Wipe_Disk.chm

Jump to behavior

Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: GetModuleHandleW,GetProcAddress,ConvertDefaultLocale,ConvertDefaultLocale,GetProcAddress,ConvertDefaultLocale,ConvertDefaultLocale,GetModuleHandleW,EnumResourceLanguagesW,ConvertDefaultLocale,ConvertDefaultLocale,GetModuleFileNameW,CreateActCtxW,CreateActCtxW,ActivateActCtx,ActivateActCtx,GetLocaleInfoW,_errno,_errno,_snwprintf_s,_errno,_errno,_errno,LoadLibraryW,ReleaseActCtx,DeactivateActCtx,DeactivateActCtx,ReleaseActCtx,ReleaseActCtx,DeactivateActCtx,DeactivateActCtx,ReleaseActCtx,ReleaseActCtx,		6_2_00007FF6DF112724
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Code function: GetLocaleInfoA,		6_2_00007FF6DF141EBC

Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\hh.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\hh.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\hh.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\hh.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\hh.exe	Queries volume information: C:\Windows\Fonts\times.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\hh.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\hh.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\hh.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\hh.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\hh.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\hh.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation	Jump to behavior

Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe

Code function: 6_2_00007FF6DF135A30 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

6_2_00007FF6DF135A30

Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe

Code function: 6_2_00007FF6DF13CFFC _lock,___lc_codepage_func,free,free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,

6_2_00007FF6DF13CFFC

Source: C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe

Code function: 6_2_00007FF6DF10C148 GetVersionExW,

6_2_00007FF6DF10C148

Source: C:\Windows\hh.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
Source: C:\Windows\hh.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	1 Disable or Modify Tools	1 Input Capture	2 System Time Discovery	Remote Services	1 Archive Collected Data	2 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Native API	1 Windows Service	1 Access Token Manipulation	1 Deobfuscate/Decode Files or Information	LSASS Memory	4 File and Directory Discovery	Remote Desktop Protocol	1 Input Capture	1 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	2 Command and Scripting Interpreter	1 Registry Run Keys / Startup Folder	1 Windows Service	1 Obfuscated Files or Information	Security Account Manager	37 System Information Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	1 Bootkit	11 Process Injection	1 DLL Side-Loading	NTDS	31 Security Software Discovery	Distributed Component Object Model	Input Capture	13 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	1 Registry Run Keys / Startup Folder	3 Masquerading	LSA Secrets	1 Virtualization/Sandbox Evasion	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Virtualization/Sandbox Evasion	Cached Domain Credentials	1 Process Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Access Token Manipulation	DCSync	1 Application Window Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	11 Process Injection	Proc Filesystem	2 System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 Bootkit	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
PuranWipeDiskSetup.exe	4%	ReversingLabs

Dropped Files

Source	Detection	Scanner
C:\Program Files\Puran Wipe Disk\Default.cjstyles (copy)	0%	ReversingLabs
C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe (copy)	2%	ReversingLabs
C:\Program Files\Puran Wipe Disk\is-6S64H.tmp	0%	ReversingLabs
C:\Program Files\Puran Wipe Disk\is-7J9I7.tmp	2%	ReversingLabs
C:\Program Files\Puran Wipe Disk\is-UDJ45.tmp	7%	ReversingLabs
C:\Program Files\Puran Wipe Disk\unins000.exe (copy)	7%	ReversingLabs
C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp	7%	ReversingLabs
C:\Users\user\AppData\Local\Temp\is-BUOCP.tmp\_isetup\_setup64.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\is-BUOCP.tmp\_isetup\_shfoldr.dll	0%	ReversingLabs

Source	Detection	Scanner	Label	Link
http://www.remobjects.com/ps	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
purannetworks.com	69.49.232.79	true	false		unknown
www.purannetworks.com	unknown	unknown	false		unknown

Contacted URLs

Name	Malicious	Reputation
http://www.purannetworks.com/npupage7.html	false	unknown
http://www.purannetworks.com/home.png	false	unknown
http://www.purannetworks.com/fblike.jpg	false	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.innosetup.com/	PuranWipeDiskSetup.exe, 00000000.00000003.1636103041.00000000023D0000.00000004.00001000.00020000.00000000.sdmp, PuranWipeDiskSetup.exe, 00000000.00000003.1636351274.000000007FD10000.00000004.00001000.00020000.00000000.sdmp, PuranWipeDiskSetup.tmp, 00000001.00000000.1637056297.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-UDJ45.tmp.1.dr, PuranWipeDiskSetup.tmp.0.dr	false		unknown
http://www.purannetworks.com/pupage7c.html	Puran Wipe Disk.exe	false		unknown
http://www.purannetworks.com/home.pngnational)	Puran Wipe Disk.exe, 00000006.00000002.2911980379.0000000004710000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.purannetworks.com/npupage7.htmlPuran	Puran Wipe Disk.exe, 00000006.00000002.2911980379.00000000047DA000.00000004.00000020.00020000.00000000.sdmp, Puran Wipe Disk.exe, 00000006.00000002.2911980379.0000000004716000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.purannetworks.com/home.png...nb	Puran Wipe Disk.exe, 00000006.00000002.2911980379.00000000047AD000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.purannetworks.com/fblike.jpg...	Puran Wipe Disk.exe, 00000006.00000002.2911980379.00000000047AD000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU	PuranWipeDiskSetup.exe	false		high
http://www.puransoftware.com/	Puran Wipe Disk.exe, 00000006.00000002.2910915408.0000000000922000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.purannetworks.com/pupage7.html	Puran Wipe Disk.exe	false		unknown
http://www.purannetworks.com/npupage7.htmlUUC:	Puran Wipe Disk.exe, 00000006.00000002.2911980379.0000000004716000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.puransoftware.comq	PuranWipeDiskSetup.exe, 00000000.00000003.2055970608.000000000227A000.00000004.00001000.00020000.00000000.sdmp, PuranWipeDiskSetup.tmp, 00000001.00000003.2046969701.00000000025CA000.00000004.00001000.00020000.00000000.sdmp	false		unknown
http://www.purannetworks.com/npupage7.html6v	Puran Wipe Disk.exe, 00000006.00000002.2910915408.0000000000986000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.purannetworks.com/npupage7ty.html	Puran Wipe Disk.exe	false		unknown
http://www.purannetworks.com/npupage7.htmlS	Puran Wipe Disk.exe, 00000006.00000002.2910915408.0000000000922000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.purannetworks.com/npupage7.htmlttp://www.purannetworks.com/fblike.jpg...	Puran Wipe Disk.exe, 00000006.00000002.2911980379.000000000479D000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.puransoftware.com	Puran Wipe Disk.exe, 00000006.00000002.2911980379.0000000004716000.00000004.00000020.00020000.00000000.sdmp, Puran Wipe Disk.url.1.dr, npupage7[1].htm.6.dr	false		high
http://www.purannetworks.com/home.pngB	Puran Wipe Disk.exe, 00000006.00000002.2911980379.00000000047C7000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.purannetworks.com/npupage7.html.dll	Puran Wipe Disk.exe, 00000006.00000002.2910915408.0000000000962000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.purannetworks.com/npupage7c.htmlhttp://www.purannetworks.com/npupage7ty.htmlhttp://www.pu	PuranWipeDiskSetup.tmp, 00000001.00000003.2042232290.0000000006090000.00000004.00001000.00020000.00000000.sdmp, PuranWipeDiskSetup.tmp, 00000001.00000003.2042232290.0000000006155000.00000004.00001000.00020000.00000000.sdmp, Puran Wipe Disk.exe, 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmp, Puran Wipe Disk.exe, 00000006.00000000.2034718356.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmp, is-7J9I7.tmp.1.dr	false		unknown
http://www.puransoftware.com/L	Puran Wipe Disk.exe, 00000006.00000002.2911980379.00000000047C7000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.purannetworks.com/npupage7.htmlil.imgmll...e7.htmlent	Puran Wipe Disk.exe, 00000006.00000002.2910915408.0000000000962000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.purannetworks.com/rentVersion	Puran Wipe Disk.exe, 00000006.00000002.2910915408.0000000000922000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.purannetworks.com/npupage7.htmlC:	Puran Wipe Disk.exe, 00000006.00000002.2911980379.0000000004716000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.purannetworks.com/fblike.jpgF	Puran Wipe Disk.exe, 00000006.00000002.2911980379.0000000004710000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.purannetworks.com/npupage7c.html	Puran Wipe Disk.exe	false		unknown
http://www.purannetworks.com/npupage7.htmlannetworks.com/npupage7.html	Puran Wipe Disk.exe, 00000006.00000002.2911980379.0000000004716000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.puransoftware.comD~	Puran Wipe Disk.exe, 00000006.00000002.2911980379.00000000047AD000.00000004.00000020.00020000.00000000.sdmp	false		low
http://www.puransoftware.com-default-browser-puran	PuranWipeDiskSetup.tmp, 00000001.00000003.2042232290.0000000006245000.00000004.00001000.00020000.00000000.sdmp, is-E3G21.tmp.1.dr	false		unknown
http://www.purannetworks.com/fblike.jpgH	Puran Wipe Disk.exe, 00000006.00000002.2911980379.0000000004716000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.purannetworks.com/npupage7.htmlq	Puran Wipe Disk.exe, 00000006.00000002.2911980379.0000000004710000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.purannetworks.com/npupage7.html4Q	Puran Wipe Disk.exe, 00000006.00000002.2910915408.0000000000962000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.purannetworks.com/npupage7.htmls	Puran Wipe Disk.exe, 00000006.00000002.2910915408.0000000000922000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.remobjects.com/ps	PuranWipeDiskSetup.exe, 00000000.00000003.1636103041.00000000023D0000.00000004.00001000.00020000.00000000.sdmp, PuranWipeDiskSetup.exe, 00000000.00000003.1636351274.000000007FD10000.00000004.00001000.00020000.00000000.sdmp, PuranWipeDiskSetup.tmp, 00000001.00000000.1637056297.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-UDJ45.tmp.1.dr, PuranWipeDiskSetup.tmp.0.dr	false	URL Reputation: safe	unknown
http://www.puransoftware.com8http://www.puransoftware.com8http://www.puransoftware.com(	PuranWipeDiskSetup.exe, 00000000.00000003.1635262910.00000000023D0000.00000004.00001000.00020000.00000000.sdmp, PuranWipeDiskSetup.tmp, 00000001.00000003.1638444311.00000000032F0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
http://www.purannetworks.com/npupage7.htmlLMEMx	Puran Wipe Disk.exe, 00000006.00000002.2911980379.00000000047AD000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.purannetworks.com/npupage7.htmlowsh	Puran Wipe Disk.exe, 00000006.00000002.2911980379.0000000004710000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.purannetworks.com/pupage7ty.html	Puran Wipe Disk.exe	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
69.49.232.79	purannetworks.com	United States		46606	UNIFIEDLAYER-AS-1US	false

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1427673
Start date and time:	2024-04-17 23:25:54 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 20s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	PuranWipeDiskSetup.exe
Detection:	CLEAN
Classification:	clean15.winEXE@7/31@1/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 99% Number of executed functions: 137 Number of non-executed functions: 218
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
VT rate limit hit for: PuranWipeDiskSetup.exe

Simulations

Behavior and APIs

Time	Type	Description
23:27:23	API Interceptor	2x Sleep call for process: hh.exe modified
23:27:23	API Interceptor	3x Sleep call for process: Puran Wipe Disk.exe modified

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
UNIFIEDLAYER-AS-1US	Draft Sales contract.exe	Get hash	malicious	AgentTesla	Browse	162.241.123.30
	Bank slip.exe	Get hash	malicious	AgentTesla	Browse	50.87.219.149
	https://tracker.club-os.com/campaign/click?msgId=f8ea317d963149a518aa35e03e5541f797badf3c&target=splendidanimations.com%2F%40%2FQuantexa/IpoXF42991IpoXF42991IpoXF/bWFzc2ltb2JvcnJlbGxpQHF1YW50ZXhhLmNvbQ==	Get hash	malicious	HTMLPhisher	Browse	192.185.104.70
	QUOTATION-#170424.exe	Get hash	malicious	AgentTesla	Browse	192.254.225.136
	PURCHASE ORDER LISTS GREEN VALLY CORP.bat	Get hash	malicious	GuLoader	Browse	173.254.31.34
	draft bl_pdf.vbs	Get hash	malicious	AgentTesla, GuLoader	Browse	192.185.13.234
	signed documents and BOL.exe	Get hash	malicious	AgentTesla	Browse	162.241.123.30
	DN.exe	Get hash	malicious	AgentTesla	Browse	50.87.253.239
	2llKbb9pR7.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, RedLine, SmokeLoader	Browse	198.57.242.153
	NOA, BL and invoice.exe	Get hash	malicious	AgentTesla	Browse	162.241.123.30

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Local\Temp\is-BUOCP.tmp\_isetup\_setup64.tmp	ltVDtWrs13.exe	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.FileRepMalware.18165.2747.exe	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.FileRepMalware.18165.2747.exe	Get hash	malicious	Unknown	Browse
	Emcon.Zvit.2.0.exe	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.FileRepPup.2542.22578.exe	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.FileRepPup.2542.22578.exe	Get hash	malicious	Unknown	Browse
	Emcon.Zvit.2.0.exe	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.Program.Unwanted.5412.26753.681.exe	Get hash	malicious	PureLog Stealer	Browse
	SecuriteInfo.com.Program.Unwanted.5412.26753.681.exe	Get hash	malicious	HawkEye, PureLog Stealer	Browse
	my0qkzrWqy.rtf	Get hash	malicious	Unknown	Browse

Created / dropped Files

C:\Program Files\Puran Wipe Disk\Default.cjstyles (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	322048
Entropy (8bit):	6.272984914608066
Encrypted:	false
SSDEEP:	6144:IR6qT/i15eU9kXe6vaBuCGRY+22yJhM3JOOQ7R7tp16upvlz:IRVT/i15bk3aBuCAY+x3J4z
MD5:	D99AC9A95FF491539042F13171FB2C67
SHA1:	6D5FCA8B946A3CF58478A3E56E519A3C1D2C671C
SHA-256:	C21752FC7D82CB8A6B345F27D731B6D3422C2D146E5372F9FA8E308EF2BE9F89
SHA-512:	D1057A1DCEC6C7546B37E968A5D419E3252ECE5A974E3579AFDDE4605F252F47687859DC3E3667DFD08B9835CC168360E0BBBC972F4AA9A2A479B26CFBE0F05E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+...o..o..o..q...n..f...n..Richo..........PE..L......P...........!................................................................&.....@.............................................\............................................................................................................rsrc...\...........................@..@....................................................................8....@.......................... .......................8.......P.......h...P...............................>.......v...................(.......@...R...X.......p...................$ ......v ....... ....... ......4!......t!..0....!..H....!..`...4"..x...x"......."......."......(#......f#.......#.......#.. ....$..8...L$..P....$..h....$......4%.......%.......%.......&......N&.......&.......&..(....'..@...<'..X...~'..p....'.......'.......(......f(.......(.......)......

C:\Program Files\Puran Wipe Disk\Help\Wipe_Disk.chm (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp
File Type:	MS Windows HtmlHelp Data
Category:	dropped
Size (bytes):	31063
Entropy (8bit):	6.801131230892074
Encrypted:	false
SSDEEP:	768:Q5gs7eHtoU1URXYgNXgz9Xlb9kKsqu74Y:Q5gj+NYWQz9X1GK964Y
MD5:	B7025A0F66E3999BEE93D8EBA23CB078
SHA1:	1F82CAA94FF142B80AF0AADF5410182299C85EA9
SHA-256:	B1C426618881C6D77AF667577489ED1FBCB72925F9C6571A1F25D5B405FA38D5
SHA-512:	833116B8730FAA0AE69C4F38C56D696FBD11BA18538E9829CB36BD6EA8B9954088D0F6081AC827598BA2A377A51B92AE3EFDD11AD3EDD5A6703EE8074B25DC06
Malicious:	false
Reputation:	low
Preview:	ITSF....`............@.....\|.{.......".....\|.{......."..`...............x.......T.......................Wy..............ITSP....T...........................................j..].!......."..T...............PMGL................./..../#IDXHDR......./#ITBITS..../#IVB...X../#STRINGS...*D./#SYSTEM....7./#TOPICS....0./#URLSTR...eE./#URLTBL...A$./#WINDOWS...H.../$FIftiMain...-.d./$OBJINST...n.?./$WWAssociativeLinks/..../$WWAssociativeLinks/Property...j../$WWKeywordLinks/..../$WWKeywordLinks/Property...f../basicusage.html..w.e./basicusageb1.PNG..S..u./CSHelp.txt...d../Wipe_Disk.hhc..\.../Wipe_Disk.hhk..a.r.::DataSpace/NameList..<(::DataSpace/Storage/MSCompressed/Content..=...,::DataSpace/Storage/MSCompressed/ControlData.j.)::DataSpace/Storage/MSCompressed/SpanInfo.b./::DataSpace/Storage/MSCompressed/Transform/List.<&_::DataSpace/Storage/MSCompressed/Transform/{7FC28940-9D31-11D0-9B27-00A0C91E9C7C}/InstanceData/...i::DataSpace/Storage/MSCompressed/Transform/{7FC28940-9D31-11D0-9B27-00A0C91E9C7C}/

C:\Program Files\Puran Wipe Disk\Help\is-JQLMN.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp
File Type:	MS Windows HtmlHelp Data
Category:	dropped
Size (bytes):	31063
Entropy (8bit):	6.801131230892074
Encrypted:	false
SSDEEP:	768:Q5gs7eHtoU1URXYgNXgz9Xlb9kKsqu74Y:Q5gj+NYWQz9X1GK964Y
MD5:	B7025A0F66E3999BEE93D8EBA23CB078
SHA1:	1F82CAA94FF142B80AF0AADF5410182299C85EA9
SHA-256:	B1C426618881C6D77AF667577489ED1FBCB72925F9C6571A1F25D5B405FA38D5
SHA-512:	833116B8730FAA0AE69C4F38C56D696FBD11BA18538E9829CB36BD6EA8B9954088D0F6081AC827598BA2A377A51B92AE3EFDD11AD3EDD5A6703EE8074B25DC06
Malicious:	false
Reputation:	low
Preview:	ITSF....`............@.....\|.{.......".....\|.{......."..`...............x.......T.......................Wy..............ITSP....T...........................................j..].!......."..T...............PMGL................./..../#IDXHDR......./#ITBITS..../#IVB...X../#STRINGS...*D./#SYSTEM....7./#TOPICS....0./#URLSTR...eE./#URLTBL...A$./#WINDOWS...H.../$FIftiMain...-.d./$OBJINST...n.?./$WWAssociativeLinks/..../$WWAssociativeLinks/Property...j../$WWKeywordLinks/..../$WWKeywordLinks/Property...f../basicusage.html..w.e./basicusageb1.PNG..S..u./CSHelp.txt...d../Wipe_Disk.hhc..\.../Wipe_Disk.hhk..a.r.::DataSpace/NameList..<(::DataSpace/Storage/MSCompressed/Content..=...,::DataSpace/Storage/MSCompressed/ControlData.j.)::DataSpace/Storage/MSCompressed/SpanInfo.b./::DataSpace/Storage/MSCompressed/Transform/List.<&_::DataSpace/Storage/MSCompressed/Transform/{7FC28940-9D31-11D0-9B27-00A0C91E9C7C}/InstanceData/...i::DataSpace/Storage/MSCompressed/Transform/{7FC28940-9D31-11D0-9B27-00A0C91E9C7C}/

C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	984576
Entropy (8bit):	6.258738177267006
Encrypted:	false
SSDEEP:	12288:5oFOdnUb2aaGehG9gNSUXUWCNso3q2GeTQyE67YUjWpe6zO61HTdNXYSRFnToOHi:5oehYmxXUDNVa2GeTQyE67YUSbRTLY8
MD5:	05B0790DD0E18DA66B04A54B82D36F84
SHA1:	BF27850236E91529070A11AFD7EEAB35C03E3F60
SHA-256:	F92805A5A26C658A96A3CD9FA14BCEBB0DA610CCB9292512885FC1B53ACF9E3A
SHA-512:	40997C685B032507B18AE614C239792231AB312AE580752EEE943DFCAD2E3C0DBB36C87C54FF6E6C9047DE3FABC6592883983135FB62E1D6C24EB82476BCA95B
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........D..u.u.u....u....u..G.u..Q.u.u+.#w.'...u.'..u.'...u.'..u.'..u.'..u.Rich.u.........................PE..d.....^.........."............................@....................................D.....@..................................................`..,.......\|J...P...............@.....0@...............................................0.......`..@....................text............................... ..`.rdata..._...0...`..................@..@.data...........R...v..............@....pdata.......P......................@..@.rsrc...\|J.......L...f..............@..@.reloc...S...@...T..................@..B........................................................................................................................................................................................................................................

C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.url

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp
File Type:	MS Windows 95 Internet shortcut text (URL=<http://www.puransoftware.com>), ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	54
Entropy (8bit):	4.497181076961735
Encrypted:	false
SSDEEP:	3:HRAbABGQYm/0S4VYVv:HRYFVm/r4+
MD5:	6D693B0D013B4123C4377C1AE9B67DB7
SHA1:	C8EDA4FAD157D6B9518D4E85A170556906DA22A5
SHA-256:	55A4CBC336FD4EF23EF5A8D18061778D2F2C7F78F124233601B04D458D4602C8
SHA-512:	C1D55380D17786E4178BF12607F04EAD83D62E5E752C1968D42B38B85083F1E0A0FB273755EDF42C509E59A9624425A72608C5C3E4A455110850F661F87D4262
Malicious:	false
Reputation:	low
Preview:	[InternetShortcut]..URL=http://www.puransoftware.com..

C:\Program Files\Puran Wipe Disk\home.html (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	553
Entropy (8bit):	4.949277904960732
Encrypted:	false
SSDEEP:	12:TKkgHP3jzWcXDhgj8AU+a5CRQRCrITHlyAohaEUaP8zGb:ZgvzzWcS8ALwKIjEPKM
MD5:	27D8E60C79D18E3D57CD2286477646F3
SHA1:	B2739A3BD2248C263175F262E68EF658B51C38DD
SHA-256:	A044877DD85D88FF0403ED6338DA1ED9FD68B3971508FBC92CECCBEDA5DB403B
SHA-512:	A8A642C0C7DBCA1DFDAACF9243523F0FD2A219FCAACD927C6D8B21E73660816E04F53FF9A8202DEC3576DFF67735DC39F6E48B928D6C4383ABCB6251E4895546
Malicious:	false
Reputation:	low
Preview:	<html>..<head>....<title>..Puran Utilities..</title>....<style type="text/css">....table, td..{...font-family:arial;...font-size:12px;...border-collapse:collapse;....}......body..{.. margin:0;.. padding:0;..}....</style>..</head>....<body scroll="no">......<table width = '100%' height = '21'>..<tr>..<td width = '50%'>....<iframe allowtransparency="true" frameborder="0" scrolling="no" src = "homebutton.html" style="width:100px; height:21px;"></iframe>....</td>....<td align = right width = '50%'>......</td>....</tr>..</table>......</body>....</html>

C:\Program Files\Puran Wipe Disk\home.png (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp
File Type:	PNG image data, 55 x 21, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1577
Entropy (8bit):	7.7294161408097946
Encrypted:	false
SSDEEP:	48:YNVIWKNx+0pG+8okH2qTRu/JPomsRStoM11:cJK5pXUWqT0sao41
MD5:	5D4275BB1037DE0C2C0EFDEC907622C4
SHA1:	4E6DFD5E32BC29FCD76E4B2DE1D39518319516C4
SHA-256:	AD7D99F788E388309880E55C62E91817D08C64E312857F25421BA9890A7F7373
SHA-512:	D41DBA8ADC7F89AA8995BDE75C521234A9611387B97C8D555F2BC9476C022B769E7F673D5BA3AA2E17EA198EF89F74E7DD0E711130B3F549F9B2F92A176C97E9
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...7..........v{....sRGB.........gAMA......a.....pHYs..........+......bKGD.......C......vpAg..........g....%tEXtcreate-date.2009-12-28T09:23:20-05:00...Y...%tEXtmodify-date.2009-11-05T12:01:56-05:00c..P....tEXtSoftware.Adobe ImageReadyq.e<....IDATXG.kLSg...mi)m!..q.!.6o.p... .f...&...ID.l.e_.%..D..._.e...,3#.~ ...d..N..+...J...b..B/{O."x.2..INNr.......y........\|:\>..C./Og..MV9..k...G._.5.a.../..3.q3..T&./.[\|....I.....Y..~.e...p.Q...=t.Ml.T.1.{....?....0..>F..@!G.m.!....Gb.V.......y.....U.)../\|.9.Z\|....8..1.].x.%.)Q....X.........Fi}k#......]....}......~.(>..e..\|>!...FN...p...;..j.hM-Ee..;KY#...........y..c-6.....O.ji&....+(....^..VG........?.!.G....;._..&.....Z...E7...t.`...J..........p.]C......._F..l=...w..\!...U..J..a....7s$..w{k....>!.&...v...F..)-..S...Tx...0...OPEj.6..J P.....`.......ZKL. 7.8..k..`K.....1...8..v.t>FU.......m.I~...........%j.T.....7.Q4..\.G..bmi.....FC...1m..]L.Q...+...C...D.9.L... .>x/3....K.,.paD...P =.....h..D

C:\Program Files\Puran Wipe Disk\homebutton.html (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	237
Entropy (8bit):	4.843743148133857
Encrypted:	false
SSDEEP:	6:qKG4X6jHz3RtnxKFaXMwAHCc4JX4JpAI+XncGb:VDgHFjcBHBvrGb
MD5:	A10B05FBBBF97A8209D4FA93A9950A4B
SHA1:	F8BBFF05D84F18214E67B485D374FD5DBC23AD88
SHA-256:	16A2275B8DB669C4D0D67F1DE3B5EB1362562A1C8BA67CE1C6F214792C242C5C
SHA-512:	53310C035D249C75CDFA59D2F5A6C6362A1A741DECB8B45146E5090F485805EE70996A5A2523FFE5497E8EF3D8F3A064E8054CD3971DC5ED436EDF4F962C569E
Malicious:	false
Reputation:	low
Preview:	<html>....<head>....<style type="text/css">....body..{.. margin:0;.. padding:0;..}....</style>..</head>....<body>....<a href = "http://www.puransoftware.com-default-browser-puran"><img src="home.png" border = 0></a>....</body>....</html>

C:\Program Files\Puran Wipe Disk\is-6S64H.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	322048
Entropy (8bit):	6.272984914608066
Encrypted:	false
SSDEEP:	6144:IR6qT/i15eU9kXe6vaBuCGRY+22yJhM3JOOQ7R7tp16upvlz:IRVT/i15bk3aBuCAY+x3J4z
MD5:	D99AC9A95FF491539042F13171FB2C67
SHA1:	6D5FCA8B946A3CF58478A3E56E519A3C1D2C671C
SHA-256:	C21752FC7D82CB8A6B345F27D731B6D3422C2D146E5372F9FA8E308EF2BE9F89
SHA-512:	D1057A1DCEC6C7546B37E968A5D419E3252ECE5A974E3579AFDDE4605F252F47687859DC3E3667DFD08B9835CC168360E0BBBC972F4AA9A2A479B26CFBE0F05E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+...o..o..o..q...n..f...n..Richo..........PE..L......P...........!................................................................&.....@.............................................\............................................................................................................rsrc...\...........................@..@....................................................................8....@.......................... .......................8.......P.......h...P...............................>.......v...................(.......@...R...X.......p...................$ ......v ....... ....... ......4!......t!..0....!..H....!..`...4"..x...x"......."......."......(#......f#.......#.......#.. ....$..8...L$..P....$..h....$......4%.......%.......%.......&......N&.......&.......&..(....'..@...<'..X...~'..p....'.......'.......(......f(.......(.......)......

C:\Program Files\Puran Wipe Disk\is-7J9I7.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	984576
Entropy (8bit):	6.258738177267006
Encrypted:	false
SSDEEP:	12288:5oFOdnUb2aaGehG9gNSUXUWCNso3q2GeTQyE67YUjWpe6zO61HTdNXYSRFnToOHi:5oehYmxXUDNVa2GeTQyE67YUSbRTLY8
MD5:	05B0790DD0E18DA66B04A54B82D36F84
SHA1:	BF27850236E91529070A11AFD7EEAB35C03E3F60
SHA-256:	F92805A5A26C658A96A3CD9FA14BCEBB0DA610CCB9292512885FC1B53ACF9E3A
SHA-512:	40997C685B032507B18AE614C239792231AB312AE580752EEE943DFCAD2E3C0DBB36C87C54FF6E6C9047DE3FABC6592883983135FB62E1D6C24EB82476BCA95B
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........D..u.u.u....u....u..G.u..Q.u.u+.#w.'...u.'..u.'...u.'..u.'..u.'..u.Rich.u.........................PE..d.....^.........."............................@....................................D.....@..................................................`..,.......\|J...P...............@.....0@...............................................0.......`..@....................text............................... ..`.rdata..._...0...`..................@..@.data...........R...v..............@....pdata.......P......................@..@.rsrc...\|J.......L...f..............@..@.reloc...S...@...T..................@..B........................................................................................................................................................................................................................................

C:\Program Files\Puran Wipe Disk\is-E3G21.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	237
Entropy (8bit):	4.843743148133857
Encrypted:	false
SSDEEP:	6:qKG4X6jHz3RtnxKFaXMwAHCc4JX4JpAI+XncGb:VDgHFjcBHBvrGb
MD5:	A10B05FBBBF97A8209D4FA93A9950A4B
SHA1:	F8BBFF05D84F18214E67B485D374FD5DBC23AD88
SHA-256:	16A2275B8DB669C4D0D67F1DE3B5EB1362562A1C8BA67CE1C6F214792C242C5C
SHA-512:	53310C035D249C75CDFA59D2F5A6C6362A1A741DECB8B45146E5090F485805EE70996A5A2523FFE5497E8EF3D8F3A064E8054CD3971DC5ED436EDF4F962C569E
Malicious:	false
Reputation:	low
Preview:	<html>....<head>....<style type="text/css">....body..{.. margin:0;.. padding:0;..}....</style>..</head>....<body>....<a href = "http://www.puransoftware.com-default-browser-puran"><img src="home.png" border = 0></a>....</body>....</html>

C:\Program Files\Puran Wipe Disk\is-II2TT.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	553
Entropy (8bit):	4.949277904960732
Encrypted:	false
SSDEEP:	12:TKkgHP3jzWcXDhgj8AU+a5CRQRCrITHlyAohaEUaP8zGb:ZgvzzWcS8ALwKIjEPKM
MD5:	27D8E60C79D18E3D57CD2286477646F3
SHA1:	B2739A3BD2248C263175F262E68EF658B51C38DD
SHA-256:	A044877DD85D88FF0403ED6338DA1ED9FD68B3971508FBC92CECCBEDA5DB403B
SHA-512:	A8A642C0C7DBCA1DFDAACF9243523F0FD2A219FCAACD927C6D8B21E73660816E04F53FF9A8202DEC3576DFF67735DC39F6E48B928D6C4383ABCB6251E4895546
Malicious:	false
Reputation:	low
Preview:	<html>..<head>....<title>..Puran Utilities..</title>....<style type="text/css">....table, td..{...font-family:arial;...font-size:12px;...border-collapse:collapse;....}......body..{.. margin:0;.. padding:0;..}....</style>..</head>....<body scroll="no">......<table width = '100%' height = '21'>..<tr>..<td width = '50%'>....<iframe allowtransparency="true" frameborder="0" scrolling="no" src = "homebutton.html" style="width:100px; height:21px;"></iframe>....</td>....<td align = right width = '50%'>......</td>....</tr>..</table>......</body>....</html>

C:\Program Files\Puran Wipe Disk\is-JRBGR.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp
File Type:	PNG image data, 55 x 21, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1577
Entropy (8bit):	7.7294161408097946
Encrypted:	false
SSDEEP:	48:YNVIWKNx+0pG+8okH2qTRu/JPomsRStoM11:cJK5pXUWqT0sao41
MD5:	5D4275BB1037DE0C2C0EFDEC907622C4
SHA1:	4E6DFD5E32BC29FCD76E4B2DE1D39518319516C4
SHA-256:	AD7D99F788E388309880E55C62E91817D08C64E312857F25421BA9890A7F7373
SHA-512:	D41DBA8ADC7F89AA8995BDE75C521234A9611387B97C8D555F2BC9476C022B769E7F673D5BA3AA2E17EA198EF89F74E7DD0E711130B3F549F9B2F92A176C97E9
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...7..........v{....sRGB.........gAMA......a.....pHYs..........+......bKGD.......C......vpAg..........g....%tEXtcreate-date.2009-12-28T09:23:20-05:00...Y...%tEXtmodify-date.2009-11-05T12:01:56-05:00c..P....tEXtSoftware.Adobe ImageReadyq.e<....IDATXG.kLSg...mi)m!..q.!.6o.p... .f...&...ID.l.e_.%..D..._.e...,3#.~ ...d..N..+...J...b..B/{O."x.2..INNr.......y........\|:\>..C./Og..MV9..k...G._.5.a.../..3.q3..T&./.[\|....I.....Y..~.e...p.Q...=t.Ml.T.1.{....?....0..>F..@!G.m.!....Gb.V.......y.....U.)../\|.9.Z\|....8..1.].x.%.)Q....X.........Fi}k#......]....}......~.(>..e..\|>!...FN...p...;..j.hM-Ee..;KY#...........y..c-6.....O.ji&....+(....^..VG........?.!.G....;._..&.....Z...E7...t.`...J..........p.]C......._F..l=...w..\!...U..J..a....7s$..w{k....>!.&...v...F..)-..S...Tx...0...OPEj.6..J P.....`.......ZKL. 7.8..k..`K.....1...8..v.t>FU.......m.I~...........%j.T.....7.Q4..\.G..bmi.....FC...1m..]L.Q...+...C...D.9.L... .>x/3....K.,.paD...P =.....h..D

C:\Program Files\Puran Wipe Disk\is-UDJ45.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1270425
Entropy (8bit):	6.476155443956162
Encrypted:	false
SSDEEP:	24576:1EZXjiinrzY5tO+uKE3LMT0jECZQEbLBDBEnFWsyA7x9J9:SdmbjTKlD00iJ
MD5:	3C3198764A80FB19D2630C326076E818
SHA1:	09604A705898C34855B2A8F8576EED8E6B76E21E
SHA-256:	65B064BC2F1322A4B9F28FD7D51C923BFA5809F14A2DFD1D2749C3924DF01454
SHA-512:	838BA4B28EBCE030C5FBDF1736CB29D741996F6B82C50BCC403A827F60A816921C7C5DF5583EA5399FDA6B074A3AB0C835B817B1683D436A8F47808C960E1682
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 7%
Preview:	MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......U..........................................@..............................................@..............................,8... ..d...........................................................................\|................................text...$........................... ..`.itext.. ........................... ..`.data...<0.......2..................@....bss.....a...P...........................idata..,8.......:..................@....tls....<............X...................rdata...............X..............@..@.rsrc...d.... .......Z..............@..@....................................@..@........................................................................................................................................

C:\Program Files\Puran Wipe Disk\unins000.dat

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp
File Type:	InnoSetup Log 64-bit Puran Wipe Disk, version 0x418, 5245 bytes, 899552\37\user\376, C:\Program Files\Puran Wipe Disk\376\377\3
Category:	dropped
Size (bytes):	5245
Entropy (8bit):	3.6934891834793913
Encrypted:	false
SSDEEP:	96:g1yXYAWUDTCkfc1AGlEDA4MZAe2LBe70CeC5C6dhxK2CtCCLHhBs:gCacf7fDSmwxgHs
MD5:	3B7E5CCCEAC7516AB90D841A459774E2
SHA1:	03A37A7511AE1087E822E2AAA91EF6133A6B3440
SHA-256:	2926F0E7CBB364CA5821C803FAB55EAC687934679CCED0C13F7239B8B697939F
SHA-512:	A29AFEA81F37334A5D0ABA613B3C9802D211FDB91DC5821D5017A4E6B50A4155EC9808E168BE45CABD84875562AAE9753973D4B937FF390955055908AC5413E2
Malicious:	false
Preview:	Inno Setup Uninstall Log (b) 64-bit.............................Puran Wipe Disk.................................................................................................................Puran Wipe Disk.........................................................................................................................}...%................................................................................................................6 .........e$........{........8.9.9.5.5.2......j.o.n.e.s......C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.P.u.r.a.n. .W.i.p.e. .D.i.s.k....................... ..............IFPS....................................................................................................................................................................BOOLEAN..............TMSGBOXTYPE.....<...........!MAIN....-1.=...%.......INITIALIZESETUP....27..GETWINDOWSVERSION.......MSGBOX..........ISWIN64................`............`..............._....`.........................`....

C:\Program Files\Puran Wipe Disk\unins000.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1270425
Entropy (8bit):	6.476155443956162
Encrypted:	false
SSDEEP:	24576:1EZXjiinrzY5tO+uKE3LMT0jECZQEbLBDBEnFWsyA7x9J9:SdmbjTKlD00iJ
MD5:	3C3198764A80FB19D2630C326076E818
SHA1:	09604A705898C34855B2A8F8576EED8E6B76E21E
SHA-256:	65B064BC2F1322A4B9F28FD7D51C923BFA5809F14A2DFD1D2749C3924DF01454
SHA-512:	838BA4B28EBCE030C5FBDF1736CB29D741996F6B82C50BCC403A827F60A816921C7C5DF5583EA5399FDA6B074A3AB0C835B817B1683D436A8F47808C960E1682
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 7%
Preview:	MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......U..........................................@..............................................@..............................,8... ..d...........................................................................\|................................text...$........................... ..`.itext.. ........................... ..`.data...<0.......2..................@....bss.....a...P...........................idata..,8.......:..................@....tls....<............X...................rdata...............X..............@..@.rsrc...d.... .......Z..............@..@....................................@..@........................................................................................................................................

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Puran Wipe Disk\Puran Wipe Disk on the Web.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp
File Type:	MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
Category:	dropped
Size (bytes):	667
Entropy (8bit):	2.914827093956938
Encrypted:	false
SSDEEP:	12:8wl020kXXdpw/D+GII9GDlobdpCs1CbdpCsV:8uHda6Ixd8dt
MD5:	985229B2ED2AD5724A7FE15DD82605C2
SHA1:	4A193B87CA19643C5FB3015E2398D54E50F3E150
SHA-256:	136565BE6A30206573138101283AB2DDD426D95053EA6D5F723FAED634D175C3
SHA-512:	C379E3A6718CA796BDC004EBE0B53CA35EDF1A19605684ABF5EAF0383172CB905894799498E09F5EBB85A2AA30003267BA1ED6B76A346A1961D55E6DA9F37DC1
Malicious:	false
Preview:	L..................F.............................................................P.O. .:i.....+00.../C:\...................h.1...........Program Files.L............................................P.r.o.g.r.a.m. .F.i.l.e.s.....n.1...........Puran Wipe Disk.P............................................P.u.r.a.n. .W.i.p.e. .D.i.s.k.....z.2...........Puran Wipe Disk.url.X............................................P.u.r.a.n. .W.i.p.e. .D.i.s.k...u.r.l..."...C.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.P.u.r.a.n. .W.i.p.e. .D.i.s.k.\.P.u.r.a.n. .W.i.p.e. .D.i.s.k...u.r.l. .C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.P.u.r.a.n. .W.i.p.e. .D.i.s.k.....

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Puran Wipe Disk\Puran Wipe Disk.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Wed Apr 17 20:27:13 2024, mtime=Wed Apr 17 20:27:13 2024, atime=Tue Apr 28 09:45:58 2020, length=984576, window=hide
Category:	dropped
Size (bytes):	955
Entropy (8bit):	4.539056477115223
Encrypted:	false
SSDEEP:	12:8m8Mucc4O0YXih9mGbdpF4sXFUHw7GyULXQGeOjAeRkbdpCs15bdpCsovBmV:8m8VedfVUQNUNAeRwd/dQvBm
MD5:	74D7BF6B18DD8A12B47B675AFFBB3D72
SHA1:	64C67D95D310B0A4E98F771EB0C5C8144A13740F
SHA-256:	2B96EB331A9A5B79C18DFC7F600143F2D4A0EFADF05BB0328FFB19C831BF6650
SHA-512:	8FE3A7E5408229BF15A1FDC92D81911FEF36F362E91111005678DDEE242FE11E844AC312F218318E994F916E1D3C06EA7E87FCCE9331C01DE81AAED4038E91AA
Malicious:	false
Preview:	L..................F.... ....M.......u........T3J................................P.O. .:i.....+00.../C:\.....................1.....DW.V..PROGRA~1..t......O.IDWO`....B...............J.....i...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....h.1......Xg...PURANW~1..P......Xg..Xg............................(.P.u.r.a.n. .W.i.p.e. .D.i.s.k.....t.2......P.U .PURANW~1.EXE..X......Xg..Xg..............................P.u.r.a.n. .W.i.p.e. .D.i.s.k...e.x.e.......c...............-.......b...........k........C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe..C.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.P.u.r.a.n. .W.i.p.e. .D.i.s.k.\.P.u.r.a.n. .W.i.p.e. .D.i.s.k...e.x.e. .C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.P.u.r.a.n. .W.i.p.e. .D.i.s.k.`.......X.......899552...........hT..CrF.f4... ...T..b...,.......hT..CrF.f4... ...T..b...,......E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT

Download File

Process:	C:\Windows\hh.exe
File Type:	data
Category:	dropped
Size (bytes):	49120
Entropy (8bit):	0.0017331682157558962
Encrypted:	false
SSDEEP:	3:Ztt:T
MD5:	0392ADA071EB68355BED625D8F9695F3
SHA1:	777253141235B6C6AC92E17E297A1482E82252CC
SHA-256:	B1313DD95EAF63F33F86F72F09E2ECD700D11159A8693210C37470FCB84038F7
SHA-512:	EF659EEFCAB16221783ECB258D19801A1FF063478698CF4FCE3C9F98059CA7B1D060B0449E6FD89D3B70439D9735FA1D50088568FF46C9927DE45808250AEC2E
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\home[1].png

Download File

Process:	C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe
File Type:	PNG image data, 55 x 21, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1577
Entropy (8bit):	7.7294161408097946
Encrypted:	false
SSDEEP:	48:YNVIWKNx+0pG+8okH2qTRu/JPomsRStoM11:cJK5pXUWqT0sao41
MD5:	5D4275BB1037DE0C2C0EFDEC907622C4
SHA1:	4E6DFD5E32BC29FCD76E4B2DE1D39518319516C4
SHA-256:	AD7D99F788E388309880E55C62E91817D08C64E312857F25421BA9890A7F7373
SHA-512:	D41DBA8ADC7F89AA8995BDE75C521234A9611387B97C8D555F2BC9476C022B769E7F673D5BA3AA2E17EA198EF89F74E7DD0E711130B3F549F9B2F92A176C97E9
Malicious:	false
Preview:	.PNG........IHDR...7..........v{....sRGB.........gAMA......a.....pHYs..........+......bKGD.......C......vpAg..........g....%tEXtcreate-date.2009-12-28T09:23:20-05:00...Y...%tEXtmodify-date.2009-11-05T12:01:56-05:00c..P....tEXtSoftware.Adobe ImageReadyq.e<....IDATXG.kLSg...mi)m!..q.!.6o.p... .f...&...ID.l.e_.%..D..._.e...,3#.~ ...d..N..+...J...b..B/{O."x.2..INNr.......y........\|:\>..C./Og..MV9..k...G._.5.a.../..3.q3..T&./.[\|....I.....Y..~.e...p.Q...=t.Ml.T.1.{....?....0..>F..@!G.m.!....Gb.V.......y.....U.)../\|.9.Z\|....8..1.].x.%.)Q....X.........Fi}k#......]....}......~.(>..e..\|>!...FN...p...;..j.hM-Ee..;KY#...........y..c-6.....O.ji&....+(....^..VG........?.!.G....;._..&.....Z...E7...t.`...J..........p.]C......._F..l=...w..\!...U..J..a....7s$..w{k....>!.&...v...F..)-..S...Tx...0...OPEj.6..J P.....`.......ZKL. 7.8..k..`K.....1...8..v.t>FU.......m.I~...........%j.T.....7.Q4..\.G..bmi.....FC...1m..]L.Q...+...C...D.9.L... .>x/3....K.,.paD...P =.....h..D

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\basicusageb1[1].PNG

Download File

Process:	C:\Windows\hh.exe
File Type:	PNG image data, 784 x 256, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	31605
Entropy (8bit):	7.680895081039511
Encrypted:	false
SSDEEP:	768:AtkhwdExGE+AkZdpcxbxbxbxbxbxbxbxbxbxbxbxbxbxbxbxbxbxbxbxbxbxiU/Q:ysGEjPFFFFFFFFFFFFFFFFFFFFFRv583
MD5:	50399C068B22DF08B0DA5C47E376081B
SHA1:	F09B81A2F5B67AFB3FA03865152D4278C0F1087F
SHA-256:	1407318BE23AB80749A3F40AB310F0C6497918E0F0DB757C14990714FEC5BDA5
SHA-512:	231CE02DE08BD2D922A4C666322BF077F8C7A229006C13E2E60703220CAFE7D90895E99F6AAD5112C6D73EC7C9D045AD3D95F722A345DF5B989A288AE81492B9
Malicious:	false
Preview:	.PNG........IHDR...................{<IDATx.c...?.AHd6.qR..........M..yp4.G..h.........o.."....%N.zZ.?..?...)p4....h.....4?.c.a...@.!...IUOk..G..4.......M.1>.....3.... $2..8..im.Pw.h.....<8..i~4.G....q.......Df..'U=..........8..Gc\|4...h...1.... ...l\....C....?..G..h.......M.?......D....K.T..6....4.GS.h.....4?..i~..8......BB..g..B".q.......u....h....1>..Gc\|4.......?.AH................?..ht>!yJ....#....?..F.\|4...h...q.~f...@.!.....D...fL?....?...B".q.......u....h....1>..Gc\|4..X.....1.......B2.... $..~....?....Df..'U=..........8..Gc\|4...h.......?c........d...?.AH..1........"....%N.zZ.?..?x....1.;....c.)a4/`..Y.FS.h^...........3.o.."..... ...6c........D....K.T..6........c.ic4w`..Y.FS.h^........=.g...)......g....D..a...@.!!l..3....... $2..8..im.Pw....Y.F..h.........=.g..M..y.{..:6HS........... $......BB..g.......AHd6.qR.................=.g..M..y.{..:6..F.....ul......3.....?.AH.................. ...l\....C...7.g..M....{..:6..F.....ul4%....1>.. M....gL?....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\npupage7[1].htm

Download File

Process:	C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	721
Entropy (8bit):	4.993626831744709
Encrypted:	false
SSDEEP:	12:TKkgHP3jz/SXDqkzFXLkjgj8AU+a5CRQZBHoEQIQYFgoaULrMHJ1lAQIQYFN2oah:ZgvzzK3zF718ALw6eQXSC1laQieKM
MD5:	C9652C0FAB7CDA5C4122939DC54E311E
SHA1:	14771DD54E570DB3ECCC764F072EE556C0EFE3B5
SHA-256:	B861DC3F3498413CBBB329DDE0088F04A9E4CB21E6BFD4FE1D846535EFBE16A2
SHA-512:	9ACD8AA11CC57E07E179F6359863697FDB0885190394ECD44FBFD901C695271F5635861B7FCC1F5510D0124CF1A9972AC4FECD5BE6EB0AE779889AD16023A20E
Malicious:	false
Preview:	<html>..<head>....<title>..Puran Utilities..</title>....<style type="text/css">....table, td..{...font-family:arial;...font-size:11px;...border-collapse:collapse;....}.....tdtext..{.. font-family:arial;.. font-size:12px;.. border-collapse:collapse;.. padding-top:3px;..}......body..{.. margin:0;.. padding:0;..}....</style>..</head>....<body scroll="no">......<table width = '100%' height = '21'>..<tr>..<td>....<a href = "http://www.puransoftware.com" target = "_blank"><img src = "home.png" border = 0></a>....</td>......<td align = right valign = top>....<a href = "http://www.facebook.com/puransoftware" target = "_blank"><img src = "fblike.jpg" border = 0></a>....</td>....</tr>..</table>......</body>....</html>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\fblike[1].jpg

Download File

Process:	C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 140x21, components 3
Category:	dropped
Size (bytes):	2334
Entropy (8bit):	7.748478878116586
Encrypted:	false
SSDEEP:	48:QuERA7yTTSDFAj5sqWhpFCduVB5sPD31GLeLLlctDysGe:LEyyT8B3521GLIAvz
MD5:	8F44707AC323B5068A3DC0AF5F97A075
SHA1:	96F00E75786B282D7FF01538543BF051166DB485
SHA-256:	CC5D458B44CA55F2EB4021D98DF3E7DF6D97EC54AFDB88EBFCBCF658AB72AA4B
SHA-512:	E8868F7C3B7D535562CFF1BCB12C5D210C2B5498B49AF282ADF05B42C76A87D9DD6AD807ED0916CD12A77F26AA70B39CA23954D297C685E27E1227CB88904AD7
Malicious:	false
Preview:	......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.?o.....m..V:o...Z^.c.;.{k;....[[D..R8..Q...@...1..?h_.x....;..>.x..?.b.:..5}B.i....#I....HG$..:....}..._.$.........+wu.x................q.[..u)......KE.O.H~.v....A...0.......6.y]).....W.{..O+...7."J....^........'...\|3.z....x........hZ..}ssqqe...P..x....3.....k...zN.u..-f..o...mJ8.ey ...r.T)21.h...d............;.V..m.Y....E.-....#<F_*(.)....N.(...G.f......

C:\Users\user\AppData\Local\Temp\IMTE83B.tmp

Download File

Process:	C:\Windows\hh.exe
File Type:	data
Category:	dropped
Size (bytes):	8276
Entropy (8bit):	0.6274991512679713
Encrypted:	false
SSDEEP:	12:m0l6eohI+KKe+KjK9zh+KlE/KlEvt+KlEvdX:SQ1V2FlEClEvt1lEvdX
MD5:	943D3CE711A5EBA4A01A9B4E8EDF1388
SHA1:	E8DFD5502B1413F4996CA43E2E76E45F2A32A1D7
SHA-256:	BBB45CCB31607F92D62EE94204B0E2E4CA802EA6AE6A7B8B6AEBFE99655FA920
SHA-512:	C969D0EF61FFAC73436EC7F094F9C737AD0F26D05EAA8AA506A919F31ACF22E237CBB088F7291C1883C8BF3ABE764F9895F921B4B37EE87A0353F8E4229E68E3
Malicious:	false
Preview:	ITSP....T........ ..................................j..].!......."..T...............PMGL?................/....::DataSpace/NameList..4<(::DataSpace/Storage/MSCompressed/Content...,::DataSpace/Storage/MSCompressed/ControlData....)::DataSpace/Storage/MSCompressed/SpanInfo..../::DataSpace/Storage/MSCompressed/Transform/List..p&_::DataSpace/Storage/MSCompressed/Transform/{7FC28940-9D31-11D0-9B27-00A0C91E9C7C}/InstanceData/...i::DataSpace/Storage/MSCompressed/Transform/{7FC28940-9D31-11D0-9B27-00A0C91E9C7C}/InstanceData/ResetTable......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp

Download File

Process:	C:\Users\user\Desktop\PuranWipeDiskSetup.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1247744
Entropy (8bit):	6.503765981094978
Encrypted:	false
SSDEEP:	24576:9EZXjiinrzY5tO+uKE3LMT0jECZQEbLBDBEnFWsyA7x9Jp:admbjTKlD00iV
MD5:	659C4E56A4F543542525F51A8255901A
SHA1:	5B668515DB8D50F32651941292215977A98518D8
SHA-256:	201CFBACA35D65FFD10B6236E8B60B5AA80C8553320CB22AECD19FD3517D568E
SHA-512:	739C370F938FE78D3FF9D4D381B516D7A8256166BB127B88BFB9CB7DA87156D13F951CFC15AACDEDA657F1861CCCC3BD92E014B69071D335BF81FBD8C3ACA8C1
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 7%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......U..........................................@..............................................@..............................,8... ..d...........................................................................\|................................text...$........................... ..`.itext.. ........................... ..`.data...<0.......2..................@....bss.....a...P...........................idata..,8.......:..................@....tls....<............X...................rdata...............X..............@..@.rsrc...d.... .......Z..............@..@....................................@..@........................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-BUOCP.tmp\_isetup\_setup64.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp
File Type:	PE32+ executable (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	6144
Entropy (8bit):	4.720366600008286
Encrypted:	false
SSDEEP:	96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
MD5:	E4211D6D009757C078A9FAC7FF4F03D4
SHA1:	019CD56BA687D39D12D4B13991C9A42EA6BA03DA
SHA-256:	388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
SHA-512:	17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: ltVDtWrs13.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.FileRepMalware.18165.2747.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.FileRepMalware.18165.2747.exe, Detection: malicious, Browse Filename: Emcon.Zvit.2.0.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.FileRepPup.2542.22578.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.FileRepPup.2542.22578.exe, Detection: malicious, Browse Filename: Emcon.Zvit.2.0.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.Program.Unwanted.5412.26753.681.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.Program.Unwanted.5412.26753.681.exe, Detection: malicious, Browse Filename: my0qkzrWqy.rtf, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..\|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-BUOCP.tmp\_isetup\_shfoldr.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	23312
Entropy (8bit):	4.596242908851566
Encrypted:	false
SSDEEP:	384:+Vm08QoKkiWZ76UJuP71W55iWHHoSHigH2euwsHTGHVb+VHHmnH+aHjHqLHxmoq1:2m08QotiCjJuPGw4
MD5:	92DC6EF532FBB4A5C3201469A5B5EB63
SHA1:	3E89FF837147C16B4E41C30D6C796374E0B8E62C
SHA-256:	9884E9D1B4F8A873CCBD81F8AD0AE257776D2348D027D811A56475E028360D87
SHA-512:	9908E573921D5DBC3454A1C0A6C969AB8A81CC2E8B5385391D46B1A738FB06A76AA3282E0E58D0D2FFA6F27C85668CD5178E1500B8A39B1BBAE04366AE6A86D3
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......IzJ^..$...$...$...%.".$.T87...$.[."...$...$...$.Rich..$.........................PE..L.....\;...........#..... ...4.......'.......0.....q....................................................................k...l)..<....@.../...................p..T....................................................................................text...{........ .................. ..`.data...\....0.......&..............@....rsrc..../...@...0...(..............@..@.reloc.......p.......X..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF226B5233800436BA.TMP

Download File

Process:	C:\Windows\hh.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	0.3613836054883338
Encrypted:	false
SSDEEP:	3:YmsalTlLPltl2N81HRQjlORGt7RQ//W1XR9//3R9//3R9//:rl912N0xs+CFQXCB9Xh9Xh9X
MD5:	679672A5004E0AF50529F33DB5469699
SHA1:	427A4EC3281C9C4FAEB47A22FFBE7CA3E928AFB0
SHA-256:	205D000AA762F3A96AC3AD4B25D791B5F7FC8EFB9056B78F299F671A02B9FD21
SHA-512:	F8615C5E5CF768A94E06961C7C8BEF99BEB43E004A882A4E384F5DD56E047CA59B963A59971F78DCF4C35D1BB92D3A9BC7055BFA3A0D597635DE1A9CE06A3476
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DFAD402C8DF9D6ED10.TMP

Download File

Process:	C:\Windows\hh.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\HTML Help\hh.dat

Download File

Process:	C:\Windows\hh.exe
File Type:	MS Windows HtmlHelp Data
Category:	dropped
Size (bytes):	8590
Entropy (8bit):	0.7894333302013112
Encrypted:	false
SSDEEP:	12:fm6ysNMqiNMvyc0Ke0l6eohI+KKe+KjK9zh+KlE/KlEvt+KlEvdX:px5yc0JQ1V2FlEClEvt1lEvdX
MD5:	2513662107916BBB97D6C0C0FE3C25F3
SHA1:	9342AB5B78DE01D247679EC15B5B9C0A276569B4
SHA-256:	9705F0C1F428B670451673C722389ADCC7EA972580AACE5AFD4635B7937685DB
SHA-512:	3BE1EEC54E1CA3DC86D97A815AF113622DE1D2E64028D96FB2FF4593295A3C58DF3129D1C2717F4000B90A5F371D0B20B172C7B0EB35B807F315EE912B13A379
Malicious:	false
Preview:	ITSF....`.......W.... .....\|.{.......".....\|.{......."..`.......(.......:.......T .......................!......................,...................j..].!......."..T.....................U.n.c.o.m.p.r.e.s.s.e.d.....M.S.C.o.m.p.r.e.s.s.e.d...{.7.F.C.2.8.9.4.0.-.9.D.3.1.-.1.1.D.0.............LZXC....................ITSP....T........ ..................................j..].!......."..T...............PMGL?................/....::DataSpace/NameList..4<(::DataSpace/Storage/MSCompressed/Content...,::DataSpace/Storage/MSCompressed/ControlData....)::DataSpace/Storage/MSCompressed/SpanInfo..../::DataSpace/Storage/MSCompressed/Transform/List..p&_::DataSpace/Storage/MSCompressed/Transform/{7FC28940-9D31-11D0-9B27-00A0C91E9C7C}/InstanceData/...i::DataSpace/Storage/MSCompressed/Transform/{7FC28940-9D31-11D0-9B27-00A0C91E9C7C}/InstanceData/ResetTable............................................................................................................................................................

C:\Users\user\Desktop\Puran Wipe Disk.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Wed Apr 17 20:27:13 2024, mtime=Wed Apr 17 20:27:13 2024, atime=Tue Apr 28 09:45:58 2020, length=984576, window=hide
Category:	dropped
Size (bytes):	937
Entropy (8bit):	4.541245035885976
Encrypted:	false
SSDEEP:	12:8m8MZ4O0YXt1Th9VtdpF4sXFUHw7GyULXQGeOjAmbdpCs15bdpCsovBmV:8m8M5dfVUQNUNACd/dQvBm
MD5:	FA9A44FF651BDD15154E0687DBBE0937
SHA1:	B8B247D57FDA1954379C799FAFD00D62675BC2A1
SHA-256:	BE6B97A9A4CADF147A6543C623A76DDA4A559B873F653C9FDD7BA18B9E17B1C9
SHA-512:	D0799B4F3DF424870765EF8D04B60496CE543D153E2505EAF9F9A18AAEF14C419396786140632FBC003EB94A5B0BF09DC37531EA5FE93E9AA4311EB483E6C084
Malicious:	false
Preview:	L..................F.... ....M.......s........T3J................................P.O. .:i.....+00.../C:\.....................1......Xg...PROGRA~1..t......O.I.Xg.....B...............J.....W`L.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....h.1......Xg...PURANW~1..P......Xg..Xg............................(.P.u.r.a.n. .W.i.p.e. .D.i.s.k.....t.2......P.U .PURANW~1.EXE..X......Xg..Xg..............................P.u.r.a.n. .W.i.p.e. .D.i.s.k...e.x.e.......c...............-.......b...........k........C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe..:.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.P.u.r.a.n. .W.i.p.e. .D.i.s.k.\.P.u.r.a.n. .W.i.p.e. .D.i.s.k...e.x.e. .C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.P.u.r.a.n. .W.i.p.e. .D.i.s.k.`.......X.......899552...........hT..CrF.f4... ...T..b...,.......hT..CrF.f4... ...T..b...,......E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.928930067700818
TrID:	Win32 Executable (generic) a (10002005/4) 99.94% Win16/32 Executable Delphi generic (2074/23) 0.02% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	PuranWipeDiskSetup.exe
File size:	1'438'603 bytes
MD5:	d16aa5ca552327616646485fc6bd5dea
SHA1:	d19640ae5776d7c3b244685fffc4019fae20556c
SHA256:	56c131b4d4db9a111b3d8a0e635bb35b8b75d77905fed299e150655ef90e05e5
SHA512:	ecd2a1e0ac254f3829236aebc7b060900e3c3bb836721f1c589a68cda59f1ec1ba27d434bbda4b46b10033ad77e3a318eec05cc09381d7c605adafea929fe8d0
SSDEEP:	24576:cxGn/+skNdQJso/K4ga1ByaoNP6wKNLmzNHFFej8ORPFe/8:h/+skbQxCJa1BzZNglFejXwk
TLSH:	54652342B3D30432F9D19A71C9B694006D337DB958F5A12A3EB9DB0DCE7A1C2AC75B12
File Content Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

File Icon


Icon Hash:	073e676127112938

Static PE Info

General

Entrypoint:	0x4113bc
Entrypoint Section:	.itext
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
DLL Characteristics:	TERMINAL_SERVER_AWARE
Time Stamp:	0x55A7B084 [Thu Jul 16 13:24:20 2015 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	0
File Version Major:	5
File Version Minor:	0
Subsystem Version Major:	5
Subsystem Version Minor:	0
Import Hash:	48aa5c8931746a9655524f67b25a47ef

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
add esp, FFFFFFA4h
push ebx
push esi
push edi
xor eax, eax
mov dword ptr [ebp-3Ch], eax
mov dword ptr [ebp-40h], eax
mov dword ptr [ebp-5Ch], eax
mov dword ptr [ebp-30h], eax
mov dword ptr [ebp-38h], eax
mov dword ptr [ebp-34h], eax
mov dword ptr [ebp-2Ch], eax
mov dword ptr [ebp-28h], eax
mov dword ptr [ebp-14h], eax
mov eax, 00410034h
call 00007FF4ADE6B30Dh
xor eax, eax
push ebp
push 00411A9Eh
push dword ptr fs:[eax]
mov dword ptr fs:[eax], esp
xor edx, edx
push ebp
push 00411A5Ah
push dword ptr fs:[edx]
mov dword ptr fs:[edx], esp
mov eax, dword ptr [00415B48h]
call 00007FF4ADE73943h
call 00007FF4ADE73492h
cmp byte ptr [00412ADCh], 00000000h
je 00007FF4ADE7612Eh
call 00007FF4ADE73A58h
xor eax, eax
call 00007FF4ADE693A5h
lea edx, dword ptr [ebp-14h]
xor eax, eax
call 00007FF4ADE70507h
mov edx, dword ptr [ebp-14h]
mov eax, 00418654h
call 00007FF4ADE6997Ah
push 00000002h
push 00000000h
push 00000001h
mov ecx, dword ptr [00418654h]
mov dl, 01h
mov eax, dword ptr [0040BF3Ch]
call 00007FF4ADE70DF2h
mov dword ptr [00418658h], eax
xor edx, edx
push ebp
push 00411A06h
push dword ptr fs:[edx]
mov dword ptr fs:[edx], esp
call 00007FF4ADE739B6h
mov dword ptr [00418660h], eax
mov eax, dword ptr [00418660h]
cmp dword ptr [eax+0Ch], 01h
jne 00007FF4ADE7616Ah

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x19000	0xdd0	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x1c000	0x1ccd8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x1b000	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x192fc	0x20c	.idata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0xf134	0xf200	1b89617b988c8bd575544f47f0d04258	False	0.5509588068181818	data	6.3916466496378535	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.itext	0x11000	0xb44	0xc00	25478d452b599b551fe11bfb5904d2d0	False	0.59375	data	5.741238245374144	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.data	0x12000	0xc88	0xe00	0c3e63b09234b01ce16cff38df28bb6f	False	0.24860491071428573	data	2.2475330543602805	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.bss	0x13000	0x56b8	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x19000	0xdd0	0xe00	93d91a2b90e60bd758fc0c4908856ae1	False	0.36439732142857145	data	4.97188203376719	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.tls	0x1a000	0x8	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata	0x1b000	0x18	0x200	3dffc444ccc131c9dcee18db49ee6403	False	0.05078125	data	0.2044881574398449	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x1c000	0x1ccd8	0x1ce00	5210649be2007dd49ccf2e7e01b15549	False	0.6266402867965368	data	6.647878003721484	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0x1c44c	0xea00	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	English	United States	0.9932391826923077
RT_ICON	0x2ae4c	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	English	United States	0.412551867219917
RT_ICON	0x2d3f4	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	English	United States	0.46177298311444653
RT_ICON	0x2e49c	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 0	English	United States	0.5086065573770492
RT_ICON	0x2ee24	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	English	United States	0.5851063829787234
RT_STRING	0x2f28c	0x68	data			0.6538461538461539
RT_STRING	0x2f2f4	0xd4	data			0.5283018867924528
RT_STRING	0x2f3c8	0xa4	data			0.6524390243902439
RT_STRING	0x2f46c	0x2ac	data			0.45614035087719296
RT_STRING	0x2f718	0x34c	data			0.4218009478672986
RT_STRING	0x2fa64	0x294	data			0.4106060606060606
RT_RCDATA	0x2fcf8	0x82e8	data	English	United States	0.11261637622344235
RT_RCDATA	0x37fe0	0x10	data			1.5
RT_RCDATA	0x37ff0	0x150	data			0.8333333333333334
RT_RCDATA	0x38140	0x2c	data			1.2045454545454546
RT_GROUP_ICON	0x3816c	0x4c	data	English	United States	0.7894736842105263
RT_VERSION	0x381b8	0x4f4	data	English	United States	0.2870662460567823
RT_MANIFEST	0x386ac	0x62c	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.4240506329113924

Imports

DLL	Import
oleaut32.dll	SysFreeString, SysReAllocStringLen, SysAllocStringLen
advapi32.dll	RegQueryValueExW, RegOpenKeyExW, RegCloseKey
user32.dll	GetKeyboardType, LoadStringW, MessageBoxA, CharNextW
kernel32.dll	GetACP, Sleep, VirtualFree, VirtualAlloc, GetSystemInfo, GetTickCount, QueryPerformanceCounter, GetVersion, GetCurrentThreadId, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenW, lstrcpynW, LoadLibraryExW, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetLocaleInfoW, GetCommandLineW, FreeLibrary, FindFirstFileW, FindClose, ExitProcess, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle, CloseHandle
kernel32.dll	TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleW
user32.dll	CreateWindowExW, TranslateMessage, SetWindowLongW, PeekMessageW, MsgWaitForMultipleObjects, MessageBoxW, LoadStringW, GetSystemMetrics, ExitWindowsEx, DispatchMessageW, DestroyWindow, CharUpperBuffW, CallWindowProcW
kernel32.dll	WriteFile, WideCharToMultiByte, WaitForSingleObject, VirtualQuery, VirtualProtect, VirtualFree, VirtualAlloc, SizeofResource, SignalObjectAndWait, SetLastError, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResetEvent, RemoveDirectoryW, ReadFile, MultiByteToWideChar, LockResource, LoadResource, LoadLibraryW, GetWindowsDirectoryW, GetVersionExW, GetUserDefaultLangID, GetThreadLocale, GetSystemInfo, GetStdHandle, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetLocaleInfoW, GetLastError, GetFullPathNameW, GetFileSize, GetFileAttributesW, GetExitCodeProcess, GetEnvironmentVariableW, GetDiskFreeSpaceW, GetCurrentProcess, GetCommandLineW, GetCPInfo, InterlockedExchange, InterlockedCompareExchange, FreeLibrary, FormatMessageW, FindResourceW, EnumCalendarInfoW, DeleteFileW, CreateProcessW, CreateFileW, CreateEventW, CreateDirectoryW, CloseHandle
advapi32.dll	RegQueryValueExW, RegOpenKeyExW, RegCloseKey, OpenProcessToken, LookupPrivilegeValueW
comctl32.dll	InitCommonControls
kernel32.dll	Sleep
advapi32.dll	AdjustTokenPrivileges

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 17, 2024 23:27:23.617861986 CEST	49736	80	192.168.2.4	69.49.232.79
Apr 17, 2024 23:27:23.771811008 CEST	80	49736	69.49.232.79	192.168.2.4
Apr 17, 2024 23:27:23.771903038 CEST	49736	80	192.168.2.4	69.49.232.79
Apr 17, 2024 23:27:23.782143116 CEST	49736	80	192.168.2.4	69.49.232.79
Apr 17, 2024 23:27:23.935709000 CEST	80	49736	69.49.232.79	192.168.2.4
Apr 17, 2024 23:27:23.944879055 CEST	80	49736	69.49.232.79	192.168.2.4
Apr 17, 2024 23:27:23.944935083 CEST	49736	80	192.168.2.4	69.49.232.79
Apr 17, 2024 23:27:24.001908064 CEST	49736	80	192.168.2.4	69.49.232.79
Apr 17, 2024 23:27:24.003083944 CEST	49737	80	192.168.2.4	69.49.232.79
Apr 17, 2024 23:27:24.158436060 CEST	80	49737	69.49.232.79	192.168.2.4
Apr 17, 2024 23:27:24.158515930 CEST	49737	80	192.168.2.4	69.49.232.79
Apr 17, 2024 23:27:24.158899069 CEST	49737	80	192.168.2.4	69.49.232.79
Apr 17, 2024 23:27:24.161302090 CEST	80	49736	69.49.232.79	192.168.2.4
Apr 17, 2024 23:27:24.161319017 CEST	80	49736	69.49.232.79	192.168.2.4
Apr 17, 2024 23:27:24.161350012 CEST	49736	80	192.168.2.4	69.49.232.79
Apr 17, 2024 23:27:24.161381006 CEST	49736	80	192.168.2.4	69.49.232.79
Apr 17, 2024 23:27:24.311960936 CEST	80	49737	69.49.232.79	192.168.2.4
Apr 17, 2024 23:27:24.320292950 CEST	80	49737	69.49.232.79	192.168.2.4
Apr 17, 2024 23:27:24.320312023 CEST	80	49737	69.49.232.79	192.168.2.4
Apr 17, 2024 23:27:24.320327044 CEST	80	49737	69.49.232.79	192.168.2.4
Apr 17, 2024 23:27:24.320354939 CEST	49737	80	192.168.2.4	69.49.232.79
Apr 17, 2024 23:27:24.320415974 CEST	49737	80	192.168.2.4	69.49.232.79
Apr 17, 2024 23:27:29.161578894 CEST	80	49736	69.49.232.79	192.168.2.4
Apr 17, 2024 23:27:29.161710978 CEST	49736	80	192.168.2.4	69.49.232.79
Apr 17, 2024 23:27:29.322225094 CEST	80	49737	69.49.232.79	192.168.2.4
Apr 17, 2024 23:27:29.322309017 CEST	49737	80	192.168.2.4	69.49.232.79

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 17, 2024 23:27:23.284938097 CEST	61132	53	192.168.2.4	1.1.1.1
Apr 17, 2024 23:27:23.592130899 CEST	53	61132	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 17, 2024 23:27:23.284938097 CEST	192.168.2.4	1.1.1.1	0xfaec	Standard query (0)	www.purannetworks.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 17, 2024 23:27:23.592130899 CEST	1.1.1.1	192.168.2.4	0xfaec	No error (0)	www.purannetworks.com	purannetworks.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 17, 2024 23:27:23.592130899 CEST	1.1.1.1	192.168.2.4	0xfaec	No error (0)	purannetworks.com		69.49.232.79	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

www.purannetworks.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49736	69.49.232.79	80	7160	C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 23:27:23.782143116 CEST	337	OUT	GET /npupage7.html HTTP/1.1 Accept: / Accept-Language: en-CH UA-CPU: AMD64 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: www.purannetworks.com Connection: Keep-Alive
Apr 17, 2024 23:27:23.944879055 CEST	686	IN	HTTP/1.1 200 OK Date: Wed, 17 Apr 2024 21:27:23 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, Keep-Alive Last-Modified: Tue, 24 May 2022 12:18:15 GMT Accept-Ranges: bytes Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 372 Keep-Alive: timeout=5, max=75 Content-Type: text/html Data Raw: 1f 8b 08 00 00 00 00 00 00 03 85 52 cb 4e 84 30 14 5d 4b c2 3f dc 90 98 d9 38 14 c6 1d c3 cc 37 b8 71 6d 0a 5c a0 4e a1 4d 7b 95 41 e3 bf db 16 88 31 31 e3 a6 bd cf 73 4e 4e 5b f6 34 c8 73 1c 95 3d f2 c6 dd 2e 22 41 12 5d f8 f4 66 f8 08 cf 24 a4 20 81 d6 75 d8 d6 72 b1 a5 59 22 d0 ac f1 94 10 5e 89 d5 d6 26 a1 45 bc 92 f8 00 d4 c4 d1 67 1c dd b5 6a a4 7d cb 07 21 e7 82 1b c1 e5 71 2b 5a f1 81 45 9e eb ab af 54 ca 34 68 f6 b5 92 92 6b 8b c5 16 1c 3d e4 97 3f 52 6a 3c 51 40 05 f8 0b 76 ad 2e b8 87 80 0b 70 03 18 40 f3 a6 11 63 b7 27 a5 8b c7 b0 10 a8 e2 a8 52 cd bc 30 0d dc 74 62 2c 32 3f bf 8e 87 24 0c 96 2c f8 e0 0d 64 3f 0e fa 65 b0 b5 71 4c a7 64 54 8b 2d de 59 ef 0c 4c a2 a1 1e 4e b0 cb b3 ec 7e 07 3d 8a ae 27 9f 1f f2 9d 07 22 13 ce 15 8b 43 6f b0 75 ed a4 27 d2 05 63 d3 34 a5 da 3f 8d 55 2d 4d dc 60 5a ab 21 01 72 32 d1 c3 24 2f 95 e4 e3 25 39 97 62 e8 c0 9a 3a ec aa 01 53 3d 76 c9 6a 87 ab 65 e7 92 f1 85 83 ad 64 81 16 b8 14 dd e8 06 4c d0 f5 be a5 ce a2 1b 8a 5a 5e 63 a5 d4 c5 8b 61 bf e4 fd 27 ad ad a4 b8 60 fa aa ff 11 e7 82 60 0c 0b 2e 6e 7a 99 f7 7a ed 87 af fc 0d 5e 9b de 5c d1 02 00 00 Data Ascii: RN0]K?87qm\NM{A11sNN[4s=."A]f$ urY"^&Egj}!q+ZET4hk=?Rj<Q@v.p@c'R0tb,2?$,d?eqLdT-YLN~='"Cou'c4?U-M`Z!r2$/%9b:S=vjedLZ^ca'``.nzz^\
Apr 17, 2024 23:27:24.001908064 CEST	385	OUT	GET /home.png HTTP/1.1 Accept: / Referer: http://www.purannetworks.com/npupage7.html Accept-Language: en-CH UA-CPU: AMD64 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: www.purannetworks.com Connection: Keep-Alive
Apr 17, 2024 23:27:24.161302090 CEST	1289	IN	HTTP/1.1 200 OK Date: Wed, 17 Apr 2024 21:27:24 GMT Server: Apache Last-Modified: Tue, 24 May 2022 12:18:00 GMT Accept-Ranges: bytes Content-Length: 1577 Keep-Alive: timeout=5, max=74 Connection: Keep-Alive Content-Type: image/png Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 37 00 00 00 15 08 06 00 00 00 e2 bf 76 7b 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4 01 95 2b 0e 1b 00 00 00 06 62 4b 47 44 00 00 00 00 00 00 f9 43 bb 7f 00 00 00 09 76 70 41 67 00 00 01 00 00 00 01 00 00 b2 67 dc 8a 00 00 00 25 74 45 58 74 63 72 65 61 74 65 2d 64 61 74 65 00 32 30 30 39 2d 31 32 2d 32 38 54 30 39 3a 32 33 3a 32 30 2d 30 35 3a 30 30 0d ca c2 59 00 00 00 25 74 45 58 74 6d 6f 64 69 66 79 2d 64 61 74 65 00 32 30 30 39 2d 31 31 2d 30 35 54 31 32 3a 30 31 3a 35 36 2d 30 35 3a 30 30 63 11 eb 50 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 05 10 49 44 41 54 58 47 dd 97 6b 4c 53 67 18 c7 7f 6d 69 29 6d 21 a5 02 71 dc 21 eb 36 6f e0 70 19 98 b9 20 e8 8c 66 89 cb e2 26 1f 96 19 49 44 b3 6c ba 65 5f e6 25 99 bb 44 e3 e2 2e 5f 96 65 06 0d 9b 2c 33 23 8b 7e 20 1b ea 16 64 1a 1c 4e c1 81 2b 0c 18 05 4a a5 ca c5 62 b9 f4 42 2f 7b 4f d5 22 78 03 32 09 ee 49 4e 4e 72 ce f3 9e f7 f9 bd ff e7 79 de f7 c8 02 c2 f8 9f 9a 7c 3a 5c 3e b1 1e 43 97 2f 4f 67 e8 8c 8e 91 4d 56 39 bf 08 6b a0 b5 19 47 c3 5f f4 35 d5 61 fd e5 04 2f fc f0 33 da b9 71 33 1a f0 54 26 bb 2f 9c 5b 7c c9 d1 d8 80 a3 49 00 d5 9d a7 ff e2 59 ae fd 7e 1e 65 b8 c8 e4 70 05 51 99 ab c8 3d 74 18 4d 6c cc 54 e6 9c 31 df 7b c3 05 9c d4 3f bb 94 8e e8 30 94 ce 3e 46 fb 07 40 21 47 19 6d 00 21 e3 a8 d3 89 cb d6 47 62 c1 56 b2 bf f8 94 b0 19 0b 79 f2 13 dd b5 e6 ec 55 a7 29 d5 ea a9 2f 7c 83 39 a6 5a 7c 9e 00 aa b8 38 c2 f5 31 f8 5d a3 78 c5 25 97 29 51 c7 18 b0 fe 58 8c a9 b8 84 d9 d8 95 c6 c3 f9 46 69 7d 6b 23 a5 af bc 0a df 94 91 5d b8 11 d7 f6 7d a8 cc 16 02 de 00 7e cf 28 3e af 1f 65 98 02 7c 3e 21 a0 1c 95 46 4e fb 07 ef 70 e5 f8 89 3b 97 d4 6a a3 68 4d 2d 45 65 ae d0 3b 4b 59 23 cb d7 98 a9 9e bc 00 d3 f6 1c 07 d7 79 bc 82 63 2d 36 d2 7f 2a e7 e9 c5 4f e1 6a 69 26 fe e5 d7 09 2b 28 c0 d7 f6 0f 5e 01 a8 56 47 e0 1a 1c 12 90 1e b4 0a 3f aa 21 17 47 bb 1d 94 9f 3b 87 5f 00 cf 26 1b 07 97 f8 e2 5a 0a 8e 1d 45 37 e8 c0 ed 74 89 60 bd a8 95 4a e2 df fb 1c fd f2 d5 c8 06 06 70 f5 5d 43 e1 0b e0 e8 1b a2 a9 5f 46 cd bc e5 6c 3d fb 07 9b 77 bf 8f 5c 21 14 9d a2 55 ef af 15 4a de bc de b4 61 91 c6 07 15 37 73 24 a8 f2 8d 77 7b 6b ec ec bd e5 b7 df 3e 21 13 26 8c bf f9 76 1c dc 88 c3 81 46 bc a8 29 2d e5 cf 53 a7 90 a9 54 78 af da 98 93 30 17 c3 f6 4f 50 45 6a e9 36 f7 d3 ac 4a 20 50 b0 99 d8 8f f6 b1 60 d3 06 02 a2 9b dc af e6 5a 4b 4c a1 20 37 94 38 c7 f0 6b cc ec aa 8c 60 4b f1 12 aa 8a e3 31 9a bb f9 38 94 c2 76 0e 74 3e 46 55 c5 02 b6 a4 c3 c9 0f 6d a4 49 7e bb a3 a1 d2 c6 11 ab 14 a8 99 0d 25 6a f6 54 88 e7 15 e9 ac 1a 37 1e 51 34 b7 99 5c 2e 47 a3 d5 62 6d 69 a1 a7 ad 0d a5 46 43 fd c1 af 31 6d 7f 17 5d 4c 0c 51 bb f6 e1 2b da c2 d2 43 07 c9 2a da 44 c0 39 8c 4c a4 a8 b4 20 d2 3e 78 2f 33 16 2e 10 93 4b 01 2c e1 70 61 44 c8 ad fa 8c 50 20 3d 9a e7 12 c5 a3 c4 68 f2 05 44 6b e7 18 fc aa e7 05 08 6a 92 53 c5 2d e4 17 81 11 27 ed 02 ce 62 91 6a d9 ce ae a0 a2 66 4e 4e 08 60 1c 9c df ef c7 26 4e 1e 19 2b 56 a0 15 Data Ascii: PNGIHDR7v{sRGBgAMAapHYs+bKGDCvpAgg%tEXtcreate-date2009-12-28T09:23:20-05:00Y%tEXtmodify-date2009-11-05T12:01:56-05:00cPtEXtSoftwareAdobe ImageReadyqe<IDATXGkLSgmi)m!q!6op f&IDle_%D._e,3#~ dN+JbB/{O"x2INNry\|:\>C/OgMV9kG_5a/3q3T&/[\|IY~epQ=tMlT1{?0>F@!Gm!GbVyU)/\|9Z\|81]x%)QXFi}k#]}~(>e\|>!FNp;jhM-Ee;KY#yc-6Oji&+(^VG?!G;_&ZE7t`Jp]C_Fl=w\!UJa7s$w{k>!&vF)-STx0OPEj6J P`ZKL 78k`K18vt>FUmI~%jT7Q4\.GbmiFC1m]LQ+CD9L >x/3.K,paDP =hDkjS-'bjfNN`&N+V
Apr 17, 2024 23:27:24.161319017 CEST	530	IN	Data Raw: 60 a3 22 fd 46 3a 3a b9 5a fc 25 9e bf eb 48 5e fb 1a cf 6c 7b 1b 8d 4a 89 67 64 98 79 0b 17 b2 7a dd 3a 0c 49 49 b8 87 87 a7 98 90 ff 95 7b f4 4d e5 6e 2c 5e f1 7a 75 e8 c3 e3 e0 bc a2 21 fc 5a 5e 4e 7f 64 24 7a 11 70 62 72 1a 9a b8 00 4f e6 19 Data Ascii: `"F::Z%H^l{Jgdyz:II{Mn,^zu!Z^Nd$zpbrO)v8Cl-d3hRf;RYTZdo5wp\.]wQ^Q(Ib+3O]4K^?=N*Urx@C'1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49737	69.49.232.79	80	7160	C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 23:27:24.158899069 CEST	387	OUT	GET /fblike.jpg HTTP/1.1 Accept: / Referer: http://www.purannetworks.com/npupage7.html Accept-Language: en-CH UA-CPU: AMD64 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: www.purannetworks.com Connection: Keep-Alive
Apr 17, 2024 23:27:24.320292950 CEST	1289	IN	HTTP/1.1 200 OK Date: Wed, 17 Apr 2024 21:27:24 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, Keep-Alive Last-Modified: Tue, 24 May 2022 12:17:53 GMT Accept-Ranges: bytes Content-Length: 2334 Keep-Alive: timeout=5, max=75 Content-Type: image/jpeg Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 02 01 01 02 01 01 02 02 02 02 02 02 02 02 03 05 03 03 03 03 03 06 04 04 03 05 07 06 07 07 07 06 07 07 08 09 0b 09 08 08 0a 08 07 07 0a 0d 0a 0a 0b 0c 0c 0c 0c 07 09 0e 0f 0d 0c 0e 0b 0c 0c 0c ff db 00 43 01 02 02 02 03 03 03 06 03 03 06 0c 08 07 08 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08 00 15 00 8c 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 23 42 b1 c1 15 52 d1 f0 24 33 62 72 82 09 0a 16 17 18 19 1a 25 26 27 28 29 2a 34 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e1 e2 e3 e4 e5 e6 e7 e8 e9 ea f1 f2 f3 f4 f5 f6 f7 f8 f9 fa ff c4 00 1f 01 00 03 01 01 01 01 01 01 01 01 01 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 11 00 02 01 02 04 04 03 04 07 05 04 04 00 01 02 77 00 01 02 03 11 04 05 21 31 06 12 41 51 07 61 71 13 22 32 81 08 14 42 91 a1 b1 c1 09 23 33 52 f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 3f 6f 0f da b3 e2 9f 87 ff 00 6d 1f 8a 56 3a 6f c5 1f 89 5a 5e 9d 63 e2 3b bb 7b 6b 3b 1f 14 df db 5b 5b 44 8f b5 52 38 a3 95 51 14 01 d1 40 ae 9f f6 31 1f 10 3f 68 5f 04 78 ff 00 c6 de 3b fd a6 3e 2e 78 0f c0 3f 0e 62 b5 3a 9d ed bf 88 35 7d 42 ea 69 2e 19 95 15 23 49 cb 00 a4 2e 48 47 24 ba 80 3a 91 e4 df b7 d6 87 7d a8 fe dc 5f 17 24 b5 b1 be b8 8f fe 12 ab e1 be 2b 77 75 cf 9a 78 c8 18 af ad 7f e0 9f ff 00 b4 2e a9 f0 ef fe 09 71 f1 89 5b e1 cf 84 75 29 be 1f bd 98 82 1d 4b 45 92 4f f8 48 7e d3 76 f2 1f b7 2e 41 9f ca f3 30 98 c6 d0 8b d7 15 fa 96 36 8d 2a 79 5d 29 d1 a6 b9 9f 2a be 97 57 b2 7b a7 af 4f 2b dc f8 9a 37 9e 22 4a a4 9d 95 df 5e 9e 87 bf ff 00 c1 0a be 27 eb 1f 11 7c 33 f1 7a 0b ff 00 1e 78 b3 e2 16 8f a3 f8 b0 db 68 5a ae bd 7d 73 73 71 71 65 e5 fe ea 50 2e 09 78 bc c4 0a e6 33 8d a5 8f ca 0e 6b ed 9b 1f 88 7a 4e a7 75 e2 08 2d 66 9a e2 6f 0b cf f6 6d 4a 38 ad 65 79 20 90 db c5 72 11 54 29 32 31 86 68 98 08 f7 64 be df bc 08 1f 04 7f c1 bf 1a cd c7 89 bc 3b f1 af 56 ba d3 6d b4 59 f5 8f 17 0d 45 ec 2d ad da de 0b 23 3c 46 5f 2a 28 cf 29 12 ef c2 2e 4e 14 28 af a7 17 47 f1 66 85 f1 1b e2 c6 94 9e 05 f1 05 ee 9b e3 9b cf b5 58 6b 90 5d e9 c2 c2 35 fe c6 b4 Data Ascii: JFIF``CC"}!1AQa"q2#BR$3br%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyzw!1AQaq"2B#3Rbr$4%&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz??omV:oZ^c;{k;[[DR8Q@1?h_x;>.x?b:5}Bi.#I.HG$:}_$+wux.q[u)KEOH~v.A06y])W{O+7"J^'\|3zxhZ}ssqqeP.x3kzNu-fomJ8ey rT)21hd;VmYE-#<F_*().N(GfXk]5
Apr 17, 2024 23:27:24.320312023 CEST	1289	IN	Data Raw: b6 db 22 bd d2 dc ab 79 d6 ee bc 42 c3 e6 53 9c 12 47 c3 e6 78 68 2c 6c e0 f4 b5 bb 2e 8a fd 91 f4 98 1a 8f ea aa 4b 7b db e5 73 d4 bc 31 f1 53 4e f1 3f 8e ae bc 3f 6f 0e a5 1d e5 ae 8f 65 ad b3 5c 5a 9b 75 30 5d 49 71 1c 6a 51 f1 2a 48 0d b4 9b Data Ascii: "yBSGxh,l.K{s1SN??oe\Zu0]IqjQ*HJQ txvA.5m@5Oum-43\|H#+\|9x3]jK(WG RB[ReS&xkuY>grV
Apr 17, 2024 23:27:24.320327044 CEST	25	IN	Data Raw: a0 02 8a 28 a0 02 8c 51 45 00 14 51 45 00 14 51 45 00 18 a2 8a 28 03 ff d9 Data Ascii: (QEQEQE(

Target ID:	0
Start time:	23:26:41
Start date:	17/04/2024
Path:	C:\Users\user\Desktop\PuranWipeDiskSetup.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\PuranWipeDiskSetup.exe"
Imagebase:	0x400000
File size:	1'438'603 bytes
MD5 hash:	D16AA5CA552327616646485FC6BD5DEA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	23:26:41
Start date:	17/04/2024
Path:	C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\is-99JSC.tmp\PuranWipeDiskSetup.tmp" /SL5="$10450,952714,192000,C:\Users\user\Desktop\PuranWipeDiskSetup.exe"
Imagebase:	0x400000
File size:	1'247'744 bytes
MD5 hash:	659C4E56A4F543542525F51A8255901A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Antivirus matches:	Detection: 7%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	23:27:21
Start date:	17/04/2024
Path:	C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe"
Imagebase:	0x7ff6df100000
File size:	984'576 bytes
MD5 hash:	05B0790DD0E18DA66B04A54B82D36F84
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	7
Start time:	23:27:22
Start date:	17/04/2024
Path:	C:\Windows\hh.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\hh.exe" C:\Program Files\Puran Wipe Disk\help\Wipe_Disk.chm
Imagebase:	0x7ff7686f0000
File size:	18'432 bytes
MD5 hash:	2C8FE78D53C8CA27523A71DFD2938241
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	8.9%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	10.7%
Total number of Nodes:	2000
Total number of Limit Nodes:	60

Executed Functions

Function 00007FF6DF14BAC0 Relevance: 54.3, Strings: 43, Instructions: 593
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

., xrefs: 00007FF6DF14BFCC
/, xrefs: 00007FF6DF14BFE2
U, xrefs: 00007FF6DF14BEA3
%, xrefs: 00007FF6DF14BE72
-, xrefs: 00007FF6DF14BFA0
), xrefs: 00007FF6DF14BEE5
(, xrefs: 00007FF6DF14BF48
!, xrefs: 00007FF6DF14BE6A
+, xrefs: 00007FF6DF14BEDA
&, xrefs: 00007FF6DF14BE82
2, xrefs: 00007FF6DF14BC49
., xrefs: 00007FF6DF14BD23
d, xrefs: 00007FF6DF14BE7A
d, xrefs: 00007FF6DF14BF27
, xrefs: 00007FF6DF14BE08
###, xrefs: 00007FF6DF14C342
(, xrefs: 00007FF6DF14BF32
), xrefs: 00007FF6DF14BF69
!, xrefs: 00007FF6DF14BE28
), xrefs: 00007FF6DF14BE4D
&, xrefs: 00007FF6DF14BE98
), xrefs: 00007FF6DF14BC51
TREEVIEW, xrefs: 00007FF6DF14C530
., xrefs: 00007FF6DF14BFB6
+, xrefs: 00007FF6DF14BEF0
=, xrefs: 00007FF6DF14BF06
Z, xrefs: 00007FF6DF14BD91
!, xrefs: 00007FF6DF14BE38
,, xrefs: 00007FF6DF14BF74
P, xrefs: 00007FF6DF14BE5A
P, xrefs: 00007FF6DF14BF53
2, xrefs: 00007FF6DF14BECF
d, xrefs: 00007FF6DF14BE20
2, xrefs: 00007FF6DF14BE00
', xrefs: 00007FF6DF14BEC4
!, xrefs: 00007FF6DF14BFED
', xrefs: 00007FF6DF14BEAE
%, xrefs: 00007FF6DF14BE62
=, xrefs: 00007FF6DF14BF1C
-, xrefs: 00007FF6DF14BF8A
d, xrefs: 00007FF6DF14BEFB
,, xrefs: 00007FF6DF14BF5E
/, xrefs: 00007FF6DF14BFF8

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: CapsDevice
String ID: $!$!$!$!$###$%$%$&$&$'$'$($($)$)$)$)$+$+$,$,$-$-$.$.$.$/$/$2$2$2$=$=$P$P$TREEVIEW$U$Z$d$d$d$d
API String ID: 328075279-76100171
Opcode ID: b04681cb3ebb7eb535b0e956a35e2194527ed9fa468bff2f6436805e9e2e5f0f
Instruction ID: c6fa852d0f469ac503973d88029af6917feb10bdf547c3851945b4e36cbe353e
Opcode Fuzzy Hash: b04681cb3ebb7eb535b0e956a35e2194527ed9fa468bff2f6436805e9e2e5f0f
Instruction Fuzzy Hash: 1E42A2726082818BE3289F25E5447BE7B95FBC4748F40513AEA858BACADF7ED415CF40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF112724 Relevance: 52.8, APIs: 25, Strings: 5, Instructions: 288
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF6DF112775
GetProcAddress.KERNEL32 ref: 00007FF6DF112788
ConvertDefaultLocale.KERNEL32 ref: 00007FF6DF1127B7
ConvertDefaultLocale.KERNEL32 ref: 00007FF6DF1127C3
GetProcAddress.KERNEL32 ref: 00007FF6DF1127DB
ConvertDefaultLocale.KERNEL32 ref: 00007FF6DF112805
ConvertDefaultLocale.KERNEL32 ref: 00007FF6DF112811
GetModuleHandleW.KERNEL32 ref: 00007FF6DF112828
EnumResourceLanguagesW.KERNEL32 ref: 00007FF6DF112856
ConvertDefaultLocale.KERNEL32 ref: 00007FF6DF112882
ConvertDefaultLocale.KERNEL32 ref: 00007FF6DF11288E
GetModuleFileNameW.KERNEL32 ref: 00007FF6DF1128D4
CreateActCtxW.KERNEL32 ref: 00007FF6DF112952
ActivateActCtx.KERNEL32 ref: 00007FF6DF11298D
GetLocaleInfoW.KERNEL32 ref: 00007FF6DF112A06
_errno.LIBCMT ref: 00007FF6DF112A15
_errno.LIBCMT ref: 00007FF6DF112A1C
_snwprintf_s.LIBCMT ref: 00007FF6DF112A4A
_errno.LIBCMT ref: 00007FF6DF112A51
_errno.LIBCMT ref: 00007FF6DF112A5B
_errno.LIBCMT ref: 00007FF6DF112A7B
LoadLibraryW.KERNEL32 ref: 00007FF6DF112A97
DeactivateActCtx.KERNEL32 ref: 00007FF6DF112B22
DeactivateActCtx.KERNEL32 ref: 00007FF6DF112B6C
ReleaseActCtx.KERNEL32 ref: 00007FF6DF112B7E

Strings

LOC, xrefs: 00007FF6DF1129B0
GetUserDefaultUILanguage, xrefs: 00007FF6DF11277E
GetSystemDefaultUILanguage, xrefs: 00007FF6DF1127D1
kernel32.dll, xrefs: 00007FF6DF11276E
ntdll.dll, xrefs: 00007FF6DF112821

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Locale$ConvertDefault$_errno$Module$AddressDeactivateHandleProc$ActivateCreateEnumFileInfoLanguagesLibraryLoadNameReleaseResource_snwprintf_s
String ID: GetSystemDefaultUILanguage$GetUserDefaultUILanguage$LOC$kernel32.dll$ntdll.dll
API String ID: 945719241-1766055509
Opcode ID: 04ad5c5775aadc8802a2b6ec9f386746d8f4e6b65968e44f68e615f346dad5f8
Instruction ID: 9d2c69db396bf07ebce671793d60292b1d7727c32d5f66e0a6b061b0aa73fd9f
Opcode Fuzzy Hash: 04ad5c5775aadc8802a2b6ec9f386746d8f4e6b65968e44f68e615f346dad5f8
Instruction Fuzzy Hash: 71C17231A0868295EA649B15EC4027D73A9FF94760F540237EE6E93AD4DF3CE8A58B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF147EF0 Relevance: 44.0, APIs: 24, Strings: 1, Instructions: 273
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSysColor.USER32 ref: 00007FF6DF147F34
DeleteObject.GDI32 ref: 00007FF6DF147F47
SystemParametersInfoW.USER32 ref: 00007FF6DF147FBC
CreateFontIndirectW.GDI32 ref: 00007FF6DF147FD3
CreateFontIndirectW.GDI32 ref: 00007FF6DF147FF6
CreateFontIndirectW.GDI32 ref: 00007FF6DF148019
SystemParametersInfoW.USER32 ref: 00007FF6DF148041
GetSystemMetrics.USER32 ref: 00007FF6DF14804C
GetSystemMetrics.USER32 ref: 00007FF6DF14805D
GetSystemMetrics.USER32 ref: 00007FF6DF14806E
GetSystemMetrics.USER32 ref: 00007FF6DF14807F
GetSystemMetrics.USER32 ref: 00007FF6DF148090
GetSystemMetrics.USER32 ref: 00007FF6DF1480A1
GetSystemMetrics.USER32 ref: 00007FF6DF1480B2
GetSystemMetrics.USER32 ref: 00007FF6DF1480C3
GetSystemMetrics.USER32 ref: 00007FF6DF1480DB
GetSystemMetrics.USER32 ref: 00007FF6DF1480F5
CreateFontIndirectW.GDI32 ref: 00007FF6DF14820D
CreateFontIndirectW.GDI32 ref: 00007FF6DF14825A
DeleteObject.GDI32 ref: 00007FF6DF1482E8
CreateSolidBrush.GDI32 ref: 00007FF6DF1482F2
DeleteObject.GDI32 ref: 00007FF6DF14835F
CreateSolidBrush.GDI32 ref: 00007FF6DF14836B
DeleteObject.GDI32 ref: 00007FF6DF14837E

Strings

SYSMETRICS, xrefs: 00007FF6DF147F69

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: System$Metrics$Create$FontIndirect$DeleteObject$BrushInfoParametersSolid$Color
String ID: SYSMETRICS
API String ID: 2659976773-877845942
Opcode ID: 00c012bf04cdd8f44303098a8bb451b743c92e9ac28deabf7b08bcc480aa5412
Instruction ID: aa4b53c69b155eba2c060ac7f3cf0b0398805d4eb2ea395b17dfb0f50caeefda
Opcode Fuzzy Hash: 00c012bf04cdd8f44303098a8bb451b743c92e9ac28deabf7b08bcc480aa5412
Instruction Fuzzy Hash: CBD13C72A086829BE764DF21E9547AE77A8FB88748F404036DB5E83B54DF3CE565CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF15C920 Relevance: 42.5, APIs: 11, Strings: 13, Instructions: 502
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FillRect.USER32 ref: 00007FF6DF15C9D2
CopyRect.USER32 ref: 00007FF6DF15CA98
IsRectEmpty.USER32 ref: 00007FF6DF15CBDA
IsRectEmpty.USER32 ref: 00007FF6DF15CC5B
IsRectEmpty.USER32 ref: 00007FF6DF15CCAB
IsRectEmpty.USER32 ref: 00007FF6DF15CD49
CopyRect.USER32 ref: 00007FF6DF15CD9A
IsRectEmpty.USER32 ref: 00007FF6DF15CF00
IsRectEmpty.USER32 ref: 00007FF6DF15CF6C
IsRectEmpty.USER32 ref: 00007FF6DF15CFB7
IsRectEmpty.USER32 ref: 00007FF6DF15D052

Strings

=, xrefs: 00007FF6DF15CB61
?, xrefs: 00007FF6DF15D060
=, xrefs: 00007FF6DF15CE81
@, xrefs: 00007FF6DF15D01A
?, xrefs: 00007FF6DF15CD5B
SCROLLBAR, xrefs: 00007FF6DF15CA06
<, xrefs: 00007FF6DF15CAEE
>, xrefs: 00007FF6DF15CF7F
@, xrefs: 00007FF6DF15CFCE
<, xrefs: 00007FF6DF15CE06
@, xrefs: 00007FF6DF15CCC2
>, xrefs: 00007FF6DF15CC73
@, xrefs: 00007FF6DF15CD0E

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Rect$Empty$Copy$Fill
String ID: <$<$=$=$>$>$?$?$@$@$@$@$SCROLLBAR
API String ID: 1845722930-1463429986
Opcode ID: dc029febb008070a2e6d75a143f12da38882375ebbf2d0848c67af3241170446
Instruction ID: 7e86f253536d71a2fe43361417e082cb3dfdb52360934270aab0de960af15334
Opcode Fuzzy Hash: dc029febb008070a2e6d75a143f12da38882375ebbf2d0848c67af3241170446
Instruction Fuzzy Hash: 77223F76A082828AEB64CF25E84067EB7B8F785784F104136EE8987B54DF3DE855DF40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF1034D0 Relevance: 31.8, APIs: 16, Strings: 2, Instructions: 320
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

malloc.LIBCMT ref: 00007FF6DF1034EB

Part of subcall function 00007FF6DF131B7C: _FF_MSGBANNER.LIBCMT ref: 00007FF6DF131BAC
Part of subcall function 00007FF6DF131B7C: RtlAllocateHeap.NTDLL(?,?,00000018,00007FF6DF10630C), ref: 00007FF6DF131BD1
Part of subcall function 00007FF6DF131B7C: _errno.LIBCMT ref: 00007FF6DF131BF5
Part of subcall function 00007FF6DF131B7C: _errno.LIBCMT ref: 00007FF6DF131C00

malloc.LIBCMT ref: 00007FF6DF103514
malloc.LIBCMT ref: 00007FF6DF10353B
malloc.LIBCMT ref: 00007FF6DF103562
GetLogicalDriveStringsW.KERNEL32 ref: 00007FF6DF10358B
malloc.LIBCMT ref: 00007FF6DF103599
GetLogicalDriveStringsW.KERNEL32 ref: 00007FF6DF1035BC
GetDriveTypeW.KERNEL32 ref: 00007FF6DF103613
GetDriveTypeW.KERNEL32 ref: 00007FF6DF103621
GetVolumeInformationW.KERNEL32 ref: 00007FF6DF103656
GetDiskFreeSpaceExW.KERNEL32 ref: 00007FF6DF10374F

Part of subcall function 00007FF6DF131878: _errno.LIBCMT ref: 00007FF6DF131896

free.LIBCMT ref: 00007FF6DF1039A0
free.LIBCMT ref: 00007FF6DF1039B0
free.LIBCMT ref: 00007FF6DF1039B8
free.LIBCMT ref: 00007FF6DF1039C0
free.LIBCMT ref: 00007FF6DF1039C8

Part of subcall function 00007FF6DF131D58: _errno.LIBCMT ref: 00007FF6DF131D79

Part of subcall function 00007FF6DF131D58: _errno.LIBCMT ref: 00007FF6DF131DE3

Part of subcall function 00007FF6DF117C08: SendMessageW.USER32 ref: 00007FF6DF117C60

Strings

%0.2f %s, xrefs: 00007FF6DF1039E4, 00007FF6DF103A0B
%I64u %s, xrefs: 00007FF6DF103814, 00007FF6DF103917

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: _errnofreemalloc$Drive$LogicalStringsType$AllocateDiskFreeHeapInformationMessageSendSpaceVolume
String ID: %0.2f %s$%I64u %s
API String ID: 2794718883-3987708993
Opcode ID: c216a2ffcb985aec26c23cbedbebe7a4d3ee0cd7d9c93b4dde80a003d794d680
Instruction ID: 03ccf87a7815dd4f15b33e167de0133b8abb331582456043bedda52e3a170e1c
Opcode Fuzzy Hash: c216a2ffcb985aec26c23cbedbebe7a4d3ee0cd7d9c93b4dde80a003d794d680
Instruction Fuzzy Hash: 8ED1B531E0878291E7719B16A8006BEA398FF967C4F408637ED8DA7795DF7DE0A58700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF103A30 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 228
windowtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemMenu.USER32 ref: 00007FF6DF103A52
AppendMenuW.USER32 ref: 00007FF6DF103AE8
AppendMenuW.USER32 ref: 00007FF6DF103AFC
SendMessageW.USER32 ref: 00007FF6DF103B31
SendMessageW.USER32 ref: 00007FF6DF103B4A
SendMessageW.USER32 ref: 00007FF6DF103BF8
SendMessageW.USER32 ref: 00007FF6DF103C22
GetCommandLineW.KERNEL32 ref: 00007FF6DF103C3B
CommandLineToArgvW.SHELL32 ref: 00007FF6DF103C49
LocalFree.KERNEL32 ref: 00007FF6DF103C52
SetTimer.USER32 ref: 00007FF6DF103C9E
SendMessageW.USER32 ref: 00007FF6DF103D2D

Strings

File System, xrefs: 00007FF6DF103B8F
Volume, xrefs: 00007FF6DF103B6F
Free Space, xrefs: 00007FF6DF103BD3
Total Space, xrefs: 00007FF6DF103BB1

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: MessageSend$Menu$AppendCommandLine$ArgvFreeLocalSystemTimer
String ID: File System$Free Space$Total Space$Volume
API String ID: 2428043714-3133543179
Opcode ID: 5325b7721a77a5d0db840378b8d28b27ca01c5582408d503c523a38f0bedc976
Instruction ID: 90ac134638f4debdbfb47958d017f765a7c4dbec4df8b2a43bf14b4be0e5b023
Opcode Fuzzy Hash: 5325b7721a77a5d0db840378b8d28b27ca01c5582408d503c523a38f0bedc976
Instruction Fuzzy Hash: 71A1A272A0864282F764AB22DC506BD3369FF94B94F404137DA1E87BA5DF3DE4A58740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF102EE0 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 157
registrywindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SendMessageW.USER32 ref: 00007FF6DF102F02
malloc.LIBCMT ref: 00007FF6DF102F10

Part of subcall function 00007FF6DF131B7C: _FF_MSGBANNER.LIBCMT ref: 00007FF6DF131BAC
Part of subcall function 00007FF6DF131B7C: RtlAllocateHeap.NTDLL(?,?,00000018,00007FF6DF10630C), ref: 00007FF6DF131BD1
Part of subcall function 00007FF6DF131B7C: _errno.LIBCMT ref: 00007FF6DF131BF5
Part of subcall function 00007FF6DF131B7C: _errno.LIBCMT ref: 00007FF6DF131C00

malloc.LIBCMT ref: 00007FF6DF102F3A
malloc.LIBCMT ref: 00007FF6DF102F61
RegOpenKeyExW.KERNEL32 ref: 00007FF6DF102FAF
RegQueryValueExW.ADVAPI32 ref: 00007FF6DF102FF3

Part of subcall function 00007FF6DF131878: _errno.LIBCMT ref: 00007FF6DF131896

free.LIBCMT ref: 00007FF6DF1030F3
free.LIBCMT ref: 00007FF6DF1030FB
free.LIBCMT ref: 00007FF6DF103103

Strings

Software\Puran Software\Wipe Disk, xrefs: 00007FF6DF102F8B
Drives, xrefs: 00007FF6DF102FDC
(, xrefs: 00007FF6DF103072

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: _errnofreemalloc$AllocateHeapMessageOpenQuerySendValue
String ID: ($Drives$Software\Puran Software\Wipe Disk
API String ID: 2387807439-215104764
Opcode ID: e129cfc395059aba7e257728d5689261d2d0a42e91ae00e85c7f6efcb035e931
Instruction ID: 77434355a51298f750e54df309a0ae572ea7653786b3e0dfae7ee0a412e44989
Opcode Fuzzy Hash: e129cfc395059aba7e257728d5689261d2d0a42e91ae00e85c7f6efcb035e931
Instruction Fuzzy Hash: 6E512331F1924251EB289B266C046BE23D8BF86BC0F444636ED4D87799EFBDE0B18704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF15C5F0 Relevance: 15.2, APIs: 10, Instructions: 191
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF6DF11062C: GetWindowLongW.USER32 ref: 00007FF6DF110643

CreateRectRgn.GDI32 ref: 00007FF6DF15C6B4
CreateRectRgn.GDI32 ref: 00007FF6DF15C6DF
CreateRectRgn.GDI32 ref: 00007FF6DF15C72A
CombineRgn.GDI32 ref: 00007FF6DF15C7A8
CreateRectRgn.GDI32 ref: 00007FF6DF15C7DE
CombineRgn.GDI32 ref: 00007FF6DF15C80C
OffsetRgn.GDI32 ref: 00007FF6DF15C824
CombineRgn.GDI32 ref: 00007FF6DF15C83D
CreateRectRgn.GDI32 ref: 00007FF6DF15C87B
CombineRgn.GDI32 ref: 00007FF6DF15C8A1

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: CreateRect$Combine$LongOffsetWindow
String ID:
API String ID: 611651161-0
Opcode ID: 82f1669f09587348f1b56d5ad2dd33c5ba539dc4e0e65428020523141bb8e9e6
Instruction ID: 36a41d219e246d85f58a07352f722839825f97396a76448d30ceb59a3cf6a87e
Opcode Fuzzy Hash: 82f1669f09587348f1b56d5ad2dd33c5ba539dc4e0e65428020523141bb8e9e6
Instruction Fuzzy Hash: A781B13261864185E760DF36E8447AEB774FB84B94F444136EA4E87BA9CF3CE561CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF170080 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 30libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32 ref: 00007FF6DF1700A8
GetProcAddress.KERNEL32 ref: 00007FF6DF1700C1
GetProcAddress.KERNEL32 ref: 00007FF6DF1700D6
GetProcAddress.KERNEL32 ref: 00007FF6DF1700EB

Strings

msimg32.dll, xrefs: 00007FF6DF1700A1
GradientFill, xrefs: 00007FF6DF1700B7
TransparentBlt, xrefs: 00007FF6DF1700E0
AlphaBlend, xrefs: 00007FF6DF1700CB

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: AddressProc$LibraryLoad
String ID: AlphaBlend$GradientFill$TransparentBlt$msimg32.dll
API String ID: 2238633743-2878091333
Opcode ID: 704f7f55884e58ea600c0b29acc5714dbaa08b76165ececae83a88cd0ecdd57d
Instruction ID: 97cc3ab039ee4dc554dc8b6de63a00d61b431659bd5c498483980094a73e6ac5
Opcode Fuzzy Hash: 704f7f55884e58ea600c0b29acc5714dbaa08b76165ececae83a88cd0ecdd57d
Instruction Fuzzy Hash: 8E018875906F0691EB458F69EC4416833A8EB48B64B554136C95D87318EF38E6BAC780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF15B610 Relevance: 12.8, APIs: 6, Strings: 1, Instructions: 546COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6DF170250: IsWindow.USER32 ref: 00007FF6DF170273
Part of subcall function 00007FF6DF170250: GetWindowRect.USER32 ref: 00007FF6DF17028C

OffsetRect.USER32 ref: 00007FF6DF15B665

Part of subcall function 00007FF6DF11062C: GetWindowLongW.USER32 ref: 00007FF6DF110643

Part of subcall function 00007FF6DF110660: GetWindowLongW.USER32 ref: 00007FF6DF110677

OffsetRect.USER32 ref: 00007FF6DF15B847

Part of subcall function 00007FF6DF170250: SetRectEmpty.USER32 ref: 00007FF6DF1702A8

OffsetRect.USER32 ref: 00007FF6DF15B8FF

Part of subcall function 00007FF6DF1592D0: DrawEdge.USER32 ref: 00007FF6DF15934B
Part of subcall function 00007FF6DF1592D0: InflateRect.USER32 ref: 00007FF6DF15939A
Part of subcall function 00007FF6DF1592D0: InflateRect.USER32 ref: 00007FF6DF1593E5

Strings

WINDOW, xrefs: 00007FF6DF15B72E, 00007FF6DF15BA51

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Rect$Window$Offset$InflateLong$DrawEdgeEmpty
String ID: WINDOW
API String ID: 4227970549-2065448539
Opcode ID: 1681911590358887a586c62ebbb014b0edd0bf3f3c5d144773d7bb4535bf220d
Instruction ID: 40661757b174c44a9e8697d21b1ef4e6da8d84af4177c37a2e9c4c1cc1d6ebf7
Opcode Fuzzy Hash: 1681911590358887a586c62ebbb014b0edd0bf3f3c5d144773d7bb4535bf220d
Instruction Fuzzy Hash: C9325B76A086C18AD760DF2AE8407AEB7A4F788B94F404136EA8D83B58DF7CD455CF40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF10B220 Relevance: 10.6, APIs: 7, Instructions: 120windowCOMMON

Download Yara Rule

APIs

GetParent.USER32 ref: 00007FF6DF10B268
PeekMessageW.USER32 ref: 00007FF6DF10B28F
UpdateWindow.USER32 ref: 00007FF6DF10B2AC
SendMessageW.USER32 ref: 00007FF6DF10B2D2
SendMessageW.USER32 ref: 00007FF6DF10B2ED
UpdateWindow.USER32 ref: 00007FF6DF10B335
PeekMessageW.USER32 ref: 00007FF6DF10B36F

Part of subcall function 00007FF6DF11062C: GetWindowLongW.USER32 ref: 00007FF6DF110643

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Message$Window$PeekSendUpdate$LongParent
String ID:
API String ID: 2853195852-0
Opcode ID: d36ff26a022fb21f449db6113ef05ab8fe88b20a696377b1e6a63fa7fb122927
Instruction ID: 58a118f29c6e60d6361206f4f8999f802152003cc39c55133827617d4e5f89c9
Opcode Fuzzy Hash: d36ff26a022fb21f449db6113ef05ab8fe88b20a696377b1e6a63fa7fb122927
Instruction Fuzzy Hash: 5941CE32A0864382F764DB279C55B3E2398BF94B94F254436DE5DC76A4DF7CE8718600

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF103EC0 Relevance: 9.1, APIs: 6, Instructions: 61windowCOMMON

Download Yara Rule

APIs

IsIconic.USER32 ref: 00007FF6DF103EE2

Part of subcall function 00007FF6DF1193C4: BeginPaint.USER32(?,?,?,?,?,00007FF6DF1148A0), ref: 00007FF6DF1193FE

SendMessageW.USER32 ref: 00007FF6DF103F1D
GetSystemMetrics.USER32 ref: 00007FF6DF103F28
GetSystemMetrics.USER32 ref: 00007FF6DF103F35
GetClientRect.USER32 ref: 00007FF6DF103F46
DrawIcon.USER32 ref: 00007FF6DF103F7F

Part of subcall function 00007FF6DF119424: EndPaint.USER32(?,?,?,?,?,00007FF6DF1148D1), ref: 00007FF6DF11944C

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: MetricsPaintSystem$BeginClientDrawIconIconicMessageRectSend
String ID:
API String ID: 1182735605-0
Opcode ID: 9b3d588e5be3bf7a52cd459741d53a389c82b34ffe2181eb51fbfc7cdb49d869
Instruction ID: e3848b988ec20ca66059afb39d5c2c350bae15de00a09b92e1b8ee7e688d47bc
Opcode Fuzzy Hash: 9b3d588e5be3bf7a52cd459741d53a389c82b34ffe2181eb51fbfc7cdb49d869
Instruction Fuzzy Hash: F3212F32618A8286E760DB75F85476E73A8FBC8B84F445132DA9EC7B58CF3CE4558B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF178520 Relevance: 7.7, APIs: 4, Strings: 1, Instructions: 231COMMON

Download Yara Rule

Strings

1.2.10, xrefs: 00007FF6DF1785D6

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID:
String ID: 1.2.10
API String ID: 0-2288027664
Opcode ID: 96a53c5ab566ae0c68b9e95f07e6bfa4a24fd4eac9757ff5624e2700d44dd14a
Instruction ID: 4a35c16f3fb44127229cbbe48472288f10ccac3e9408d0671f7c32993aaba855
Opcode Fuzzy Hash: 96a53c5ab566ae0c68b9e95f07e6bfa4a24fd4eac9757ff5624e2700d44dd14a
Instruction Fuzzy Hash: C5A15F32A1CB81C1EB50DB56E85066FB768FB857A4F508036EA8D87B99DF7CD464CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF16B9D0 Relevance: 6.2, APIs: 4, Instructions: 182windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6DF170320: IsWindow.USER32 ref: 00007FF6DF170343
Part of subcall function 00007FF6DF170320: GetClientRect.USER32 ref: 00007FF6DF17035C

SendMessageW.USER32 ref: 00007FF6DF16BAD1
SendMessageW.USER32 ref: 00007FF6DF16BB2C
SendMessageW.USER32 ref: 00007FF6DF16BB5F
SendMessageW.USER32 ref: 00007FF6DF16BB89

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: MessageSend$ClientRectWindow
String ID:
API String ID: 1117068668-0
Opcode ID: e8b6186a50774642d0fd0f64b11c91961b46100b49241c2938ba542165970bd7
Instruction ID: f13b6c248ca8695b2a8c0e794da7ce169c1c41b80aa3c499bfe9c616fc5c4d49
Opcode Fuzzy Hash: e8b6186a50774642d0fd0f64b11c91961b46100b49241c2938ba542165970bd7
Instruction Fuzzy Hash: B571AC32A1868287E700DF65E8806AEB765FB85784F405136FB8D83B59DF3CE915CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF10FC44 Relevance: 6.0, APIs: 4, Instructions: 48COMMON

Download Yara Rule

APIs

FindResourceW.KERNEL32(?,?,?,00007FF6DF114E40), ref: 00007FF6DF10FC81
LoadResource.KERNEL32(?,?,?,00007FF6DF114E40), ref: 00007FF6DF10FC92
LockResource.KERNEL32(?,?,?,00007FF6DF114E40), ref: 00007FF6DF10FCA3
FreeResource.KERNEL32(?,?,?,00007FF6DF114E40), ref: 00007FF6DF10FCC6

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Resource$FindFreeLoadLock
String ID:
API String ID: 1078018258-0
Opcode ID: 4a82c76588101240cde6452c0dcb7d5ce60e577e8ff634a286cbeeac93ec5e5a
Instruction ID: 94235212bb6730770e4305c0cc1083589e110d1e6b5227476f1ff2e16d9181a6
Opcode Fuzzy Hash: 4a82c76588101240cde6452c0dcb7d5ce60e577e8ff634a286cbeeac93ec5e5a
Instruction Fuzzy Hash: 3C118E31B05B8281EA589B136D06128B3A8EF98FD0F084036DE1DC7755DF3CE8608340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF14EA20 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6DF13DE78: _errno.LIBCMT ref: 00007FF6DF13DE90

Part of subcall function 00007FF6DF13DE78: _errno.LIBCMT ref: 00007FF6DF13DED9

GetSystemInfo.KERNEL32 ref: 00007FF6DF14EAA3

Strings

KERNEL32.DLL, xrefs: 00007FF6DF14EA25

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: _errno$InfoSystem
String ID: KERNEL32.DLL
API String ID: 3648584981-2576044830
Opcode ID: 02d83db2e66c1e16f5a2018da8a250001653da62bce30535b3a5a2147d82cbce
Instruction ID: 4a52c1ea844ffb3139f993bf39b5fa09da9d056bbfb760f9d04093c6c158b682
Opcode Fuzzy Hash: 02d83db2e66c1e16f5a2018da8a250001653da62bce30535b3a5a2147d82cbce
Instruction Fuzzy Hash: 33111232A09B8595EB508B19EC4036C73A9FB98B48F648536CA5C837A5DF3DD4B5C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF10E294 Relevance: 2.2, Strings: 1, Instructions: 962COMMON

Download Yara Rule

Strings

, xrefs: 00007FF6DF10E351

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 220eeae4502c24aa54d8821742e9ec7a71e5f7d6897c653df134a81cad667d00
Instruction ID: ef3a60cd4874f0f785357b3d0d1c38a52e76fde504b0f3e496b54bebf63ecc71
Opcode Fuzzy Hash: 220eeae4502c24aa54d8821742e9ec7a71e5f7d6897c653df134a81cad667d00
Instruction Fuzzy Hash: 8B72A135B2D6C681EAA49B27685453E63D9BB85BC4F542837D94ECBB84CFBDE4308304

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF10C148 Relevance: 1.5, APIs: 1, Instructions: 39COMMON

Download Yara Rule

APIs

GetVersionExW.KERNEL32 ref: 00007FF6DF10C19E

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Version
String ID:
API String ID: 1889659487-0
Opcode ID: b3d273cdbd6c82119c279d5794e4b285c036e363c46a6cad06488e4e07a77540
Instruction ID: 3b45305775e8a08951641542390cbbed0fd38bb0d0253533ab62b42fb09c35a3
Opcode Fuzzy Hash: b3d273cdbd6c82119c279d5794e4b285c036e363c46a6cad06488e4e07a77540
Instruction Fuzzy Hash: 13116571A0868686FB24EB62DC153FD7398EF9DB44F040136EA4D9A392DF7CE0648A14

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF151DC0 Relevance: 80.8, APIs: 1, Strings: 45, Instructions: 350
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32(?,?,?,?,00000000,00007FF6DF1475EF), ref: 00007FF6DF151E32

Part of subcall function 00007FF6DF151CA0: GetModuleHandleA.KERNEL32 ref: 00007FF6DF151D22
Part of subcall function 00007FF6DF151CA0: LoadLibraryA.KERNEL32 ref: 00007FF6DF151D3E
Part of subcall function 00007FF6DF151CA0: GetModuleHandleA.KERNEL32 ref: 00007FF6DF151D4C

Strings

UXTHEME.DLL, xrefs: 00007FF6DF15208C, 00007FF6DF1520B3, 00007FF6DF1520DA, 00007FF6DF152101, 00007FF6DF152128, 00007FF6DF15214F, 00007FF6DF15217B, 00007FF6DF15219D, 00007FF6DF1521C4, 00007FF6DF1521EB
RegisterClassA, xrefs: 00007FF6DF151F65
SetScrollPos, xrefs: 00007FF6DF152268
CallWindowProcA, xrefs: 00007FF6DF15246E
LoadLibraryW, xrefs: 00007FF6DF151E7B
IsAppThemed, xrefs: 00007FF6DF152121
CreateThread, xrefs: 00007FF6DF151F3E
EnableScrollBar, xrefs: 00007FF6DF1522B6
LoadLibraryExW, xrefs: 00007FF6DF151EC9
GetScrollInfo, xrefs: 00007FF6DF15228F
DefWindowProcW, xrefs: 00007FF6DF15235D
DrawThemeBackground, xrefs: 00007FF6DF1520AC
LoadLibraryA, xrefs: 00007FF6DF151E57
SetScrollInfo, xrefs: 00007FF6DF152241
LoadLibraryExA, xrefs: 00007FF6DF151EA2
DeleteObject, xrefs: 00007FF6DF15205E
FillRect, xrefs: 00007FF6DF152037
DefWindowProcA, xrefs: 00007FF6DF152336
GetThemePartSize, xrefs: 00007FF6DF1521E4
DefFrameProcW, xrefs: 00007FF6DF1523AB
GDI32.DLL, xrefs: 00007FF6DF152065
OpenThemeData, xrefs: 00007FF6DF152085
DefFrameProcA, xrefs: 00007FF6DF152384
DrawFrameControl, xrefs: 00007FF6DF15220B
GetThemeSysColor, xrefs: 00007FF6DF1521BD
GetModuleHandleA, xrefs: 00007FF6DF151F17
IsThemeActive, xrefs: 00007FF6DF152148
GetSysColor, xrefs: 00007FF6DF151FC2
CallWindowProcW, xrefs: 00007FF6DF152495
DefDlgProcA, xrefs: 00007FF6DF1523D2
SystemParametersInfoW, xrefs: 00007FF6DF1522E8
AdjustWindowRectEx, xrefs: 00007FF6DF15230F
GetCurrentThemeName, xrefs: 00007FF6DF15216F
GetThemeSysBool, xrefs: 00007FF6DF152196
DefDlgProcW, xrefs: 00007FF6DF1523F9
GetSysColorBrush, xrefs: 00007FF6DF151FE9
GetProcAddress, xrefs: 00007FF6DF151EF0
DrawEdge, xrefs: 00007FF6DF152010
DefMDIChildProcA, xrefs: 00007FF6DF152420
USER32.DLL, xrefs: 00007FF6DF151F6C, 00007FF6DF151F93, 00007FF6DF151FC9, 00007FF6DF151FF0, 00007FF6DF152017, 00007FF6DF15203E, 00007FF6DF152212, 00007FF6DF152248, 00007FF6DF15226F, 00007FF6DF152296, 00007FF6DF1522BD, 00007FF6DF1522EF, 00007FF6DF152316, 00007FF6DF15233D, 00007FF6DF152364, 00007FF6DF15238B, 00007FF6DF1523B2, 00007FF6DF1523D9, 00007FF6DF152400, 00007FF6DF152427, 00007FF6DF15244E, 00007FF6DF152475, 00007FF6DF15249C
DefMDIChildProcW, xrefs: 00007FF6DF152447
GetThemeColor, xrefs: 00007FF6DF1520FA
KERNEL32.DLL, xrefs: 00007FF6DF151E5E, 00007FF6DF151E82, 00007FF6DF151EA9, 00007FF6DF151ED0, 00007FF6DF151EF7, 00007FF6DF151F1E, 00007FF6DF151F45
CloseThemeData, xrefs: 00007FF6DF1520D3
RegisterClassW, xrefs: 00007FF6DF151F8C

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: HandleModule$LibraryLoad
String ID: AdjustWindowRectEx$CallWindowProcA$CallWindowProcW$CloseThemeData$CreateThread$DefDlgProcA$DefDlgProcW$DefFrameProcA$DefFrameProcW$DefMDIChildProcA$DefMDIChildProcW$DefWindowProcA$DefWindowProcW$DeleteObject$DrawEdge$DrawFrameControl$DrawThemeBackground$EnableScrollBar$FillRect$GDI32.DLL$GetCurrentThemeName$GetModuleHandleA$GetProcAddress$GetScrollInfo$GetSysColor$GetSysColorBrush$GetThemeColor$GetThemePartSize$GetThemeSysBool$GetThemeSysColor$IsAppThemed$IsThemeActive$KERNEL32.DLL$LoadLibraryA$LoadLibraryExA$LoadLibraryExW$LoadLibraryW$OpenThemeData$RegisterClassA$RegisterClassW$SetScrollInfo$SetScrollPos$SystemParametersInfoW$USER32.DLL$UXTHEME.DLL
API String ID: 1178273743-2029340772
Opcode ID: 8ac681dacec48f5eaccbd5b50e6e22c60b559c150725926d516dde4af03415b4
Instruction ID: ef361bdcc1001d71da161c7b0cfef6018379f32d89e0cf9db205e1f727494671
Opcode Fuzzy Hash: 8ac681dacec48f5eaccbd5b50e6e22c60b559c150725926d516dde4af03415b4
Instruction Fuzzy Hash: 8D12F471908A4BA1EA11DB50ED002FD636DFB85788F900533D59D93BA9CF3DE62AC390

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF1297A0 Relevance: 27.5, APIs: 18, Instructions: 496windowkeyboardCOMMON

Download Yara Rule

APIs

GetFocus.USER32 ref: 00007FF6DF129810
IsWindowEnabled.USER32 ref: 00007FF6DF129878
GetFocus.USER32 ref: 00007FF6DF129927
GetParent.USER32 ref: 00007FF6DF12997F
GetParent.USER32 ref: 00007FF6DF129996
GetKeyState.USER32 ref: 00007FF6DF129AAE
SendMessageW.USER32 ref: 00007FF6DF129CA0
GetKeyState.USER32 ref: 00007FF6DF129CF9
MessageBeep.USER32 ref: 00007FF6DF129DC7
IsDialogMessageW.USER32 ref: 00007FF6DF129E71
GetFocus.USER32 ref: 00007FF6DF129E7D
GetFocus.USER32 ref: 00007FF6DF129E90
IsWindow.USER32 ref: 00007FF6DF129EAF
GetFocus.USER32 ref: 00007FF6DF129EB9
IsWindow.USER32 ref: 00007FF6DF129ED7
GetFocus.USER32 ref: 00007FF6DF129EE1

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Focus$MessageWindow$ParentState$BeepDialogEnabledSend
String ID:
API String ID: 3563088058-0
Opcode ID: 03f149d02e7687a5e321f71be34cd0a5dd574a8d38cbc8a551bd91bbc42419da
Instruction ID: 47451db6e641a44b9ba00816b6057182564146b0b020d58771fdb5d92e4d0f82
Opcode Fuzzy Hash: 03f149d02e7687a5e321f71be34cd0a5dd574a8d38cbc8a551bd91bbc42419da
Instruction Fuzzy Hash: 9012B531A0D64281EE749B9A9C5637D639CBF42B88F884437DA4EC7795DF7EE460A300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF10DD08 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 158
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CallNextHookEx.USER32 ref: 00007FF6DF10DD7B
GetClassNameW.USER32 ref: 00007FF6DF10DE08
GetClassLongPtrW.USER32 ref: 00007FF6DF10DE43
GetWindowLongPtrW.USER32 ref: 00007FF6DF10DE5E
GetPropW.USER32 ref: 00007FF6DF10DE7D
SetPropW.USER32 ref: 00007FF6DF10DE95
GetPropW.USER32 ref: 00007FF6DF10DEA1
GlobalAddAtomW.KERNEL32 ref: 00007FF6DF10DEB3
SetWindowLongPtrW.USER32 ref: 00007FF6DF10DEC8

Part of subcall function 00007FF6DF109940: GetClassInfoExW.USER32 ref: 00007FF6DF109991
Part of subcall function 00007FF6DF109940: GetLastError.KERNEL32 ref: 00007FF6DF1099AD
Part of subcall function 00007FF6DF109940: SetLastError.KERNEL32 ref: 00007FF6DF1099CB

SetWindowLongPtrW.USER32 ref: 00007FF6DF10DF19
CallNextHookEx.USER32 ref: 00007FF6DF10DF4D
UnhookWindowsHookEx.USER32 ref: 00007FF6DF10DF5F

Strings

#32768, xrefs: 00007FF6DF10DDDC, 00007FF6DF10DE1C
AfxOldWndProc423, xrefs: 00007FF6DF10DE70

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Long$ClassHookPropWindow$CallErrorLastNext$AtomGlobalInfoNameUnhookWindows
String ID: #32768$AfxOldWndProc423
API String ID: 3073514535-2141921550
Opcode ID: 89353e12f5fa688f7caebf3546dcd9a355d1acdf95531d66efdb66bd0c643d5f
Instruction ID: bff1c4a590513526d0adc8856c38d473163c517030e7aa2112e0605b91f0726e
Opcode Fuzzy Hash: 89353e12f5fa688f7caebf3546dcd9a355d1acdf95531d66efdb66bd0c643d5f
Instruction Fuzzy Hash: 12518071A08A4692EA249F16EC141BD3368BF85F90F444133E95E977A5CF7CE9B6C340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF111EC8 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 121
libraryloaderregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF6DF111EF1
GetProcAddress.KERNEL32 ref: 00007FF6DF111F0F
GetProcAddress.KERNEL32 ref: 00007FF6DF111F26
GetProcAddress.KERNEL32 ref: 00007FF6DF111F3D
GetProcAddress.KERNEL32 ref: 00007FF6DF111F54
RegOpenKeyExW.KERNEL32 ref: 00007FF6DF11201A
RegQueryValueExW.ADVAPI32 ref: 00007FF6DF112052
RegCloseKey.ADVAPI32 ref: 00007FF6DF1120A0

Strings

DeactivateActCtx, xrefs: 00007FF6DF111F43
ActivateActCtx, xrefs: 00007FF6DF111F2C
KERNEL32, xrefs: 00007FF6DF111EEA
CreateActCtxW, xrefs: 00007FF6DF111F05
ReleaseActCtx, xrefs: 00007FF6DF111F15

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: AddressProc$CloseHandleModuleOpenQueryValue
String ID: ActivateActCtx$CreateActCtxW$DeactivateActCtx$KERNEL32$ReleaseActCtx
API String ID: 380410164-2424895508
Opcode ID: cc789e899ca379414af162ca544fa66fe9eba6609ed3abac65f082b017081bba
Instruction ID: 20ef331dce729e5da7530a1ae351f069b72cfc1695580cf377518708808d86c0
Opcode Fuzzy Hash: cc789e899ca379414af162ca544fa66fe9eba6609ed3abac65f082b017081bba
Instruction Fuzzy Hash: 9B516F72E08B43A6FB148B50EC4437DB7ACEB94B99F540136DA5C826A4DF7DE4A8C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF123AC8 Relevance: 20.2, APIs: 13, Instructions: 671stringCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32 ref: 00007FF6DF123BAD

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: lstrlen
String ID:
API String ID: 1659193697-0
Opcode ID: 2aa0c0bccf1cf80f23253acdcdae9f356f052402e850a70392b0e966363b70f5
Instruction ID: acdb5cb48e547eda073c4aa35000aa5d2a4ee47b5ae6768228421725bca5f667
Opcode Fuzzy Hash: 2aa0c0bccf1cf80f23253acdcdae9f356f052402e850a70392b0e966363b70f5
Instruction Fuzzy Hash: 9652D432A0969185E634CFA5E8511BD77A8FB8BB80F104037D74E87B99DF2ED6A0C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF102670 Relevance: 17.7, APIs: 3, Strings: 7, Instructions: 170
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

malloc.LIBCMT ref: 00007FF6DF1026BD

Part of subcall function 00007FF6DF131B7C: _FF_MSGBANNER.LIBCMT ref: 00007FF6DF131BAC
Part of subcall function 00007FF6DF131B7C: RtlAllocateHeap.NTDLL(?,?,00000018,00007FF6DF10630C), ref: 00007FF6DF131BD1
Part of subcall function 00007FF6DF131B7C: _errno.LIBCMT ref: 00007FF6DF131BF5
Part of subcall function 00007FF6DF131B7C: _errno.LIBCMT ref: 00007FF6DF131C00

RegOpenKeyExW.KERNEL32 ref: 00007FF6DF102712
RegQueryValueExW.ADVAPI32 ref: 00007FF6DF102759

Part of subcall function 00007FF6DF131878: _errno.LIBCMT ref: 00007FF6DF131896

Part of subcall function 00007FF6DF102550: malloc.LIBCMT ref: 00007FF6DF102564
Part of subcall function 00007FF6DF102550: RegOpenKeyExW.KERNEL32 ref: 00007FF6DF1025B1
Part of subcall function 00007FF6DF102550: free.LIBCMT ref: 00007FF6DF10263B

Strings

http://www.purannetworks.com/pupage7c.html, xrefs: 00007FF6DF1028A1
http://www.purannetworks.com/npupage7ty.html, xrefs: 00007FF6DF1027EC
http://www.purannetworks.com/pupage7ty.html, xrefs: 00007FF6DF1028F5
http://www.purannetworks.com/npupage7c.html, xrefs: 00007FF6DF102798
http://www.purannetworks.com/npupage7.html, xrefs: 00007FF6DF102837
Software\Puran Software\Puran Utilities, xrefs: 00007FF6DF102704
http://www.purannetworks.com/pupage7.html, xrefs: 00007FF6DF10293D

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: _errno$Openmalloc$AllocateHeapQueryValuefree
String ID: Software\Puran Software\Puran Utilities$http://www.purannetworks.com/npupage7.html$http://www.purannetworks.com/npupage7c.html$http://www.purannetworks.com/npupage7ty.html$http://www.purannetworks.com/pupage7.html$http://www.purannetworks.com/pupage7c.html$http://www.purannetworks.com/pupage7ty.html
API String ID: 4184268942-2897488375
Opcode ID: ee498eac1bdad58f4e3aa3bcf6e81a7678daf2eabc7b89e522898d1a73cc315e
Instruction ID: cc6381accd23f7c1d13884e1cf93222055879af82f3f58780f35959de5180e32
Opcode Fuzzy Hash: ee498eac1bdad58f4e3aa3bcf6e81a7678daf2eabc7b89e522898d1a73cc315e
Instruction Fuzzy Hash: F2810C31A18B9281E6609B15B94056EB3ECFF95780F54423AEACD82FA9DF7DD174CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF123B38 Relevance: 16.8, APIs: 11, Instructions: 308stringCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32 ref: 00007FF6DF123BAD

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: lstrlen
String ID:
API String ID: 1659193697-0
Opcode ID: e792596ac13d8729cf7acb3b54990f9f31c4f1d9ae744308f48d3bd6994f0961
Instruction ID: c5c9fa738f706740f7a9cbedbdf16882e474f3951b17a4cf5b8779dfb19b986b
Opcode Fuzzy Hash: e792596ac13d8729cf7acb3b54990f9f31c4f1d9ae744308f48d3bd6994f0961
Instruction Fuzzy Hash: D0D13832A0869282E734DB64EC552BD77A8FB82B90F400137D69E87AD9DF2DD5A1C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF14ECA0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 121
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF6DF14ECE4
GetCurrentProcessId.KERNEL32 ref: 00007FF6DF14ECF9

Strings

NTDLL.DLL, xrefs: 00007FF6DF14EE0B
USER32.DLL, xrefs: 00007FF6DF14ECDD
COMCTL32.DLL, xrefs: 00007FF6DF14ED58

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: CurrentHandleModuleProcess
String ID: COMCTL32.DLL$NTDLL.DLL$USER32.DLL
API String ID: 65871501-2256745889
Opcode ID: 785b8dab34d37488cd4505603388a927b2edece4b8b324698245e9904297263c
Instruction ID: 0346ec566b2bc9406765bf2bd4faf3f762f898e741bd9e644f7e66b47332e665
Opcode Fuzzy Hash: 785b8dab34d37488cd4505603388a927b2edece4b8b324698245e9904297263c
Instruction Fuzzy Hash: DA510B31E0EA4381EA209B55EC511BDA3A8BFC87A4F440633E52EC72E5DF6CE965C340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF11524C Relevance: 15.2, APIs: 10, Instructions: 161
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindResourceW.KERNEL32 ref: 00007FF6DF1152B5
LoadResource.KERNEL32 ref: 00007FF6DF1152C1

Part of subcall function 00007FF6DF10BA60: UnhookWindowsHookEx.USER32 ref: 00007FF6DF10BA9B

LockResource.KERNEL32 ref: 00007FF6DF1152D7
GetDesktopWindow.USER32 ref: 00007FF6DF11532C
IsWindowEnabled.USER32 ref: 00007FF6DF11533E
EnableWindow.USER32 ref: 00007FF6DF11534D
EnableWindow.USER32 ref: 00007FF6DF115487
GetActiveWindow.USER32 ref: 00007FF6DF115492
SetActiveWindow.USER32 ref: 00007FF6DF1154A1
FreeResource.KERNEL32 ref: 00007FF6DF1154C8

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Window$Resource$ActiveEnable$DesktopEnabledFindFreeHookLoadLockUnhookWindows
String ID:
API String ID: 3362358738-0
Opcode ID: 98c89c36e2e6e848c7db363e62250482db41ea60bcb3e5ab864ca9347ef6462e
Instruction ID: 9ce4dc16f1aec7b88441eeb370d811830c7f4eb06925349da4214a15ca8a8e19
Opcode Fuzzy Hash: 98c89c36e2e6e848c7db363e62250482db41ea60bcb3e5ab864ca9347ef6462e
Instruction Fuzzy Hash: 73619D31A09B8281EB649B22AD0437E77A9BF95FA5F044232DD5E87B95DF3CE465C300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF16FBF0 Relevance: 15.1, APIs: 10, Instructions: 131
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF6DF171BF0: FindResourceW.KERNEL32 ref: 00007FF6DF171C14

FindResourceW.KERNEL32 ref: 00007FF6DF16FC41
LoadResource.KERNEL32 ref: 00007FF6DF16FC59
LockResource.KERNEL32 ref: 00007FF6DF16FC6E
SizeofResource.KERNEL32 ref: 00007FF6DF16FCB1
CreateCompatibleDC.GDI32 ref: 00007FF6DF16FCD0
malloc.LIBCMT ref: 00007FF6DF16FCF1

Part of subcall function 00007FF6DF1754F0: FindResourceW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6DF16FC30), ref: 00007FF6DF17553F

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Resource$Find$CompatibleCreateLoadLockSizeofmalloc
String ID:
API String ID: 224749194-0
Opcode ID: 36fdf7f5489b507d072796689b3b6302109d1bd91393c791cc1a314283bfae67
Instruction ID: bedc28b97fce0b7d0aa2298c0f384b789cc7cd4150b15737198441d41833b13d
Opcode Fuzzy Hash: 36fdf7f5489b507d072796689b3b6302109d1bd91393c791cc1a314283bfae67
Instruction Fuzzy Hash: 9441DF31A0978240EA549F12AD182BDA7A9EF89FD0F08413AED1ED7795EF3CE4558780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF1247B0 Relevance: 15.1, APIs: 10, Instructions: 112memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00007FF6DF1247D0
GlobalAlloc.KERNEL32 ref: 00007FF6DF124856
GlobalHandle.KERNEL32 ref: 00007FF6DF12485E
GlobalUnlock.KERNEL32 ref: 00007FF6DF12486A
GlobalReAlloc.KERNEL32 ref: 00007FF6DF124898
GlobalHandle.KERNEL32 ref: 00007FF6DF1248AC
GlobalLock.KERNEL32 ref: 00007FF6DF1248B5
LeaveCriticalSection.KERNEL32 ref: 00007FF6DF1248BF
GlobalLock.KERNEL32 ref: 00007FF6DF1248CE
LeaveCriticalSection.KERNEL32 ref: 00007FF6DF124921

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Global$CriticalSection$AllocHandleLeaveLock$EnterUnlock
String ID:
API String ID: 2667261700-0
Opcode ID: 17754285b4efd2cc4ad0a97aec3495f4159d77852b57d4ab14c467b32d3d8b06
Instruction ID: eac836d426c19cc84892bf303388262f57ff14d45dc67e0724f673650e91e796
Opcode Fuzzy Hash: 17754285b4efd2cc4ad0a97aec3495f4159d77852b57d4ab14c467b32d3d8b06
Instruction Fuzzy Hash: 1141B372B1569293EA288BA6E95517C73A9FF45B81F004036CB6E83791DF3DE9B1C340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF160B80 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 262libraryCOMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNEL32 ref: 00007FF6DF160C87
LoadLibraryW.KERNEL32 ref: 00007FF6DF160D4A
LoadLibraryExW.KERNEL32 ref: 00007FF6DF160D62
FindResourceW.KERNEL32 ref: 00007FF6DF160E53

Part of subcall function 00007FF6DF160A60: FindResourceW.KERNEL32 ref: 00007FF6DF160A94

LoadResource.KERNEL32 ref: 00007FF6DF160E87
LockResource.KERNEL32 ref: 00007FF6DF160EB1
SizeofResource.KERNEL32 ref: 00007FF6DF160EC5

Strings

TEXTFILE, xrefs: 00007FF6DF160E3D

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Resource$Load$FindLibrary$AttributesFileLockSizeof
String ID: TEXTFILE
API String ID: 1760693660-343777186
Opcode ID: f97e354991edbf33df4f824aa94f4422e34c5d661425287184bb2c6687dccea7
Instruction ID: aa0270a27d1ef3dd798ff16942dc042cfa9733e9313115271ab071cafbacc782
Opcode Fuzzy Hash: f97e354991edbf33df4f824aa94f4422e34c5d661425287184bb2c6687dccea7
Instruction Fuzzy Hash: 3EB18972705A4283EB649B1ADC5026E63A4FF45BA1F448236EE6E87BD1DF3CD494C780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF149250 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 115libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00007FF6DF15F5A0: InitializeCriticalSection.KERNEL32 ref: 00007FF6DF15F5A9

Part of subcall function 00007FF6DF1062E0: malloc.LIBCMT ref: 00007FF6DF106307

GetModuleHandleW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DF149475), ref: 00007FF6DF1493A6
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DF149475), ref: 00007FF6DF1493BE
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DF149475), ref: 00007FF6DF1493D5
GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DF149475), ref: 00007FF6DF1493F1
SetWinEventHook.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DF149475), ref: 00007FF6DF149414

Strings

SetWinEventHook, xrefs: 00007FF6DF1493B4
UnhookWinEvent, xrefs: 00007FF6DF1493CB
USER32, xrefs: 00007FF6DF14939F

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: AddressProc$CriticalCurrentEventHandleHookInitializeModuleProcessSectionmalloc
String ID: SetWinEventHook$USER32$UnhookWinEvent
API String ID: 1722536996-3138813856
Opcode ID: 3c0b9aabd5848c2e64c9202fb78c65960cc2651f8d6a1f44713d945060e0be00
Instruction ID: b2abf5e4a3a131c5243c96afe3b2ea832efca0646c1919b55a834ac9b3fd5505
Opcode Fuzzy Hash: 3c0b9aabd5848c2e64c9202fb78c65960cc2651f8d6a1f44713d945060e0be00
Instruction Fuzzy Hash: 47517C31A09B4282FB40AF24E8553AD33A8FF88B88F54453AEA5D87795DF3CE461C750

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF10DB78 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 106COMMON

Download Yara Rule

APIs

GetPropW.USER32 ref: 00007FF6DF10DBB8
CallWindowProcW.USER32 ref: 00007FF6DF10DC22

Part of subcall function 00007FF6DF10C268: GetWindowRect.USER32 ref: 00007FF6DF10C298
Part of subcall function 00007FF6DF10C268: GetWindow.USER32 ref: 00007FF6DF10C2BA

SetWindowLongPtrW.USER32 ref: 00007FF6DF10DC4D
RemovePropW.USER32 ref: 00007FF6DF10DC5D
GlobalFindAtomW.KERNEL32 ref: 00007FF6DF10DC6A
GlobalDeleteAtom.KERNEL32 ref: 00007FF6DF10DC73

Part of subcall function 00007FF6DF109CFC: GetWindowRect.USER32 ref: 00007FF6DF109D10

CallWindowProcW.USER32 ref: 00007FF6DF10DCDF

Strings

AfxOldWndProc423, xrefs: 00007FF6DF10DBB1, 00007FF6DF10DC53, 00007FF6DF10DC63

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Window$AtomCallGlobalProcPropRect$DeleteFindLongRemove
String ID: AfxOldWndProc423
API String ID: 3892049428-1060338832
Opcode ID: 669c69c68364cdfefddd0a615d09fa28cf1e8fe76240ecdcc0d10828ee09a8d3
Instruction ID: 291bac698fc2d5c1711c16f8f1e1b272177236d0ae22476257de83fa4c6bd4b4
Opcode Fuzzy Hash: 669c69c68364cdfefddd0a615d09fa28cf1e8fe76240ecdcc0d10828ee09a8d3
Instruction Fuzzy Hash: 5C311231A0865292EA149B17AC1457E7398BF81FE0F00523AED5E87798CFBCE566C300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF103250 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 99registrywindowCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6DF115B40: GetActiveWindow.USER32(?,?,?,?,00007FF6DF103132), ref: 00007FF6DF115B56

Part of subcall function 00007FF6DF110578: GetDlgItem.USER32 ref: 00007FF6DF11058A

malloc.LIBCMT ref: 00007FF6DF103279

Part of subcall function 00007FF6DF131B7C: _FF_MSGBANNER.LIBCMT ref: 00007FF6DF131BAC
Part of subcall function 00007FF6DF131B7C: RtlAllocateHeap.NTDLL(?,?,00000018,00007FF6DF10630C), ref: 00007FF6DF131BD1
Part of subcall function 00007FF6DF131B7C: _errno.LIBCMT ref: 00007FF6DF131BF5
Part of subcall function 00007FF6DF131B7C: _errno.LIBCMT ref: 00007FF6DF131C00

RegOpenKeyExW.KERNEL32 ref: 00007FF6DF1032C6
RegQueryValueExW.ADVAPI32 ref: 00007FF6DF103307
SendMessageW.USER32 ref: 00007FF6DF103334
SendMessageW.USER32 ref: 00007FF6DF10339A

Part of subcall function 00007FF6DF131878: _errno.LIBCMT ref: 00007FF6DF131896

free.LIBCMT ref: 00007FF6DF1033A8

Strings

Pass, xrefs: 00007FF6DF1032F0
Software\Puran Software\Wipe Disk, xrefs: 00007FF6DF1032A2, 00007FF6DF1033C6

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: _errno$MessageSend$ActiveAllocateHeapItemOpenQueryValueWindowfreemalloc
String ID: Pass$Software\Puran Software\Wipe Disk
API String ID: 2368417539-264370492
Opcode ID: ac6d383e947dfa6a39891fcf46d85343683bfee38ac6befceb6075fcec3e0ecc
Instruction ID: 73b00e8a52c670247807d5d871cf6a254dbdca8d255a3f2569e23959178fc421
Opcode Fuzzy Hash: ac6d383e947dfa6a39891fcf46d85343683bfee38ac6befceb6075fcec3e0ecc
Instruction Fuzzy Hash: A441E231F0864391FB209B22EC516BD6368AF86780F844436D94D9BB95DFBCE5A5C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF102430 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 71registryCOMMON

Download Yara Rule

APIs

malloc.LIBCMT ref: 00007FF6DF102444

Part of subcall function 00007FF6DF131B7C: _FF_MSGBANNER.LIBCMT ref: 00007FF6DF131BAC
Part of subcall function 00007FF6DF131B7C: RtlAllocateHeap.NTDLL(?,?,00000018,00007FF6DF10630C), ref: 00007FF6DF131BD1
Part of subcall function 00007FF6DF131B7C: _errno.LIBCMT ref: 00007FF6DF131BF5
Part of subcall function 00007FF6DF131B7C: _errno.LIBCMT ref: 00007FF6DF131C00

RegOpenKeyExW.KERNEL32 ref: 00007FF6DF102491
RegQueryValueExW.ADVAPI32 ref: 00007FF6DF1024D2
free.LIBCMT ref: 00007FF6DF10251B
free.LIBCMT ref: 00007FF6DF102535

Part of subcall function 00007FF6DF131878: _errno.LIBCMT ref: 00007FF6DF131896

Strings

CLicense, xrefs: 00007FF6DF1024BB
712127, xrefs: 00007FF6DF102504
Software\Puran Software, xrefs: 00007FF6DF10246D

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: _errno$free$AllocateHeapOpenQueryValuemalloc
String ID: 712127$CLicense$Software\Puran Software
API String ID: 2709683842-2796906906
Opcode ID: 7e561cc988d7264770a94a83ae05ee8a62b043a80df56e12db8dd267451283be
Instruction ID: b38b4016d1845f1cb17132fd7e0198cf4ca3cb0badbec4947f9d167abec3b479
Opcode Fuzzy Hash: 7e561cc988d7264770a94a83ae05ee8a62b043a80df56e12db8dd267451283be
Instruction Fuzzy Hash: 3D31C431B0868291EB108B16EC001BE63A8FF86780F844536EE8C97B95DFBCD1A5C704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF1029A0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 143COMMON

Download Yara Rule

APIs

malloc.LIBCMT ref: 00007FF6DF102ABE
free.LIBCMT ref: 00007FF6DF102B92
SysFreeString.OLEAUT32 ref: 00007FF6DF102B9C
free.LIBCMT ref: 00007FF6DF102BA5

Strings

about:blank, xrefs: 00007FF6DF102B42
home.html, xrefs: 00007FF6DF102B1A
puran, xrefs: 00007FF6DF102B06

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: free$FreeStringmalloc
String ID: about:blank$home.html$puran
API String ID: 2296260295-3028658358
Opcode ID: 9b6d4a38ccbc4085e8c5676482795088c1b890a8fbbb127b386c45ecc10fb8e9
Instruction ID: b4aafbf03957d5ddf37d4b702d602bdb354ee76e10cf7f2fa2e038665fde3f6b
Opcode Fuzzy Hash: 9b6d4a38ccbc4085e8c5676482795088c1b890a8fbbb127b386c45ecc10fb8e9
Instruction Fuzzy Hash: E1510236B09B8291EB24DB06E8407AE73A9FB80B94F044236DE9D87B95DF7CD465C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF1169F8 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 113threadwindowCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6DF1168EC: GetWindowLongW.USER32 ref: 00007FF6DF116959
Part of subcall function 00007FF6DF1168EC: GetParent.USER32 ref: 00007FF6DF116968
Part of subcall function 00007FF6DF1168EC: GetParent.USER32 ref: 00007FF6DF116987
Part of subcall function 00007FF6DF1168EC: GetLastActivePopup.USER32 ref: 00007FF6DF11699F
Part of subcall function 00007FF6DF1168EC: IsWindowEnabled.USER32 ref: 00007FF6DF1169B5
Part of subcall function 00007FF6DF1168EC: EnableWindow.USER32(?,?,?,00007FF6DF114C27), ref: 00007FF6DF1169CC

EnableWindow.USER32 ref: 00007FF6DF116A4D
GetWindowThreadProcessId.USER32 ref: 00007FF6DF116A64
GetCurrentProcessId.KERNEL32 ref: 00007FF6DF116A6F
SendMessageW.USER32 ref: 00007FF6DF116A89
EnableWindow.USER32 ref: 00007FF6DF116B1B
GetModuleFileNameW.KERNEL32 ref: 00007FF6DF116B62

Strings

Help not found. Please re-install, xrefs: 00007FF6DF1169FB

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Window$Enable$ParentProcess$ActiveCurrentEnabledFileLastLongMessageModuleNamePopupSendThread
String ID: Help not found. Please re-install
API String ID: 1819874647-51286129
Opcode ID: a40c0f48d4d461c5e3973b4145cbfe1987f05e7a44b7d2fdd969b3e62f86e8fe
Instruction ID: ce1c2e1013ed01fcdee6727046941ff796d022bfeb77517693aafc5c4a3b0c52
Opcode Fuzzy Hash: a40c0f48d4d461c5e3973b4145cbfe1987f05e7a44b7d2fdd969b3e62f86e8fe
Instruction Fuzzy Hash: E441E136A0954246EA709B61BC0077E739CFF98798F484237DA1E87B84DF7DE8A58700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF102550 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 71registryCOMMON

Download Yara Rule

APIs

malloc.LIBCMT ref: 00007FF6DF102564

Part of subcall function 00007FF6DF131B7C: _FF_MSGBANNER.LIBCMT ref: 00007FF6DF131BAC
Part of subcall function 00007FF6DF131B7C: RtlAllocateHeap.NTDLL(?,?,00000018,00007FF6DF10630C), ref: 00007FF6DF131BD1
Part of subcall function 00007FF6DF131B7C: _errno.LIBCMT ref: 00007FF6DF131BF5
Part of subcall function 00007FF6DF131B7C: _errno.LIBCMT ref: 00007FF6DF131C00

RegOpenKeyExW.KERNEL32 ref: 00007FF6DF1025B1
RegQueryValueExW.ADVAPI32 ref: 00007FF6DF1025F2
free.LIBCMT ref: 00007FF6DF10263B
free.LIBCMT ref: 00007FF6DF102655

Part of subcall function 00007FF6DF131878: _errno.LIBCMT ref: 00007FF6DF131896

Strings

TYLicense, xrefs: 00007FF6DF1025DB
Software\Puran Software, xrefs: 00007FF6DF10258D

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: _errno$free$AllocateHeapOpenQueryValuemalloc
String ID: Software\Puran Software$TYLicense
API String ID: 2709683842-2579893919
Opcode ID: 1ddffd9612742268552b73f4f58e0df5e7da9b449d0833f6d2154f189d6d8d63
Instruction ID: 0f5e38909622b9a0947f9faeb4944f391c9e546c3d113294578eaa02f7915e65
Opcode Fuzzy Hash: 1ddffd9612742268552b73f4f58e0df5e7da9b449d0833f6d2154f189d6d8d63
Instruction Fuzzy Hash: 3531C431B08A8391EB109B16F8001BE63A8FF867C0F844536EE8D97B95DFBCD4A58700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF11CACC Relevance: 10.8, APIs: 7, Instructions: 293memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6DF11AB3C: SysStringLen.OLEAUT32 ref: 00007FF6DF11AB69
Part of subcall function 00007FF6DF11AB3C: CoGetClassObject.OLE32 ref: 00007FF6DF11AB92

CreateILockBytesOnHGlobal.OLE32 ref: 00007FF6DF11CD40
StgCreateDocfileOnILockBytes.OLE32 ref: 00007FF6DF11CD68
GlobalAlloc.KERNEL32 ref: 00007FF6DF11CDC5
GlobalLock.KERNEL32 ref: 00007FF6DF11CDD6
GlobalUnlock.KERNEL32 ref: 00007FF6DF11CDF4
CreateILockBytesOnHGlobal.OLE32 ref: 00007FF6DF11CE1B
StgOpenStorageOnILockBytes.OLE32 ref: 00007FF6DF11CE4A

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: GlobalLock$Bytes$Create$AllocClassDocfileObjectOpenStorageStringUnlock
String ID:
API String ID: 1740323717-0
Opcode ID: e42565ac332bc85afb3fe496decf16bf7c5f4d803c8ce7e23b425300149a086c
Instruction ID: d6a1c559c17463e673e92365378b756c4cb5b2513c6fd3c3faec928cc920f6ad
Opcode Fuzzy Hash: e42565ac332bc85afb3fe496decf16bf7c5f4d803c8ce7e23b425300149a086c
Instruction Fuzzy Hash: A9D16E37708A8582DB60DB29E8842AE77A5FBD8B94F154433EA4E87B54CF3DD895C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF116D94 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 73COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6DF116CA0: GetModuleHandleW.KERNEL32 ref: 00007FF6DF116CB9
Part of subcall function 00007FF6DF116CA0: GetProcAddress.KERNEL32 ref: 00007FF6DF116CDB
Part of subcall function 00007FF6DF116CA0: GetProcAddress.KERNEL32 ref: 00007FF6DF116CF6
Part of subcall function 00007FF6DF116CA0: GetProcAddress.KERNEL32 ref: 00007FF6DF116D11
Part of subcall function 00007FF6DF116CA0: GetProcAddress.KERNEL32 ref: 00007FF6DF116D2C

GetModuleFileNameW.KERNEL32 ref: 00007FF6DF116DE4
SetLastError.KERNEL32 ref: 00007FF6DF116DFF
CreateActCtxW.KERNEL32 ref: 00007FF6DF116E47
CreateActCtxW.KERNEL32 ref: 00007FF6DF116E74
CreateActCtxW.KERNEL32 ref: 00007FF6DF116EA5

Strings

8, xrefs: 00007FF6DF116E24

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: AddressProc$Create$Module$ErrorFileHandleLastName
String ID: 8
API String ID: 3223166449-4194326291
Opcode ID: e87a5c0beb6c0970ee4e7de4e75450838c0abcc65391709dbd2d40bc9ca5aa04
Instruction ID: bf8384f16758c318897e942780edc439a401c670290c5d29aae375e228bc9bcf
Opcode Fuzzy Hash: e87a5c0beb6c0970ee4e7de4e75450838c0abcc65391709dbd2d40bc9ca5aa04
Instruction Fuzzy Hash: 95317E3260AB8081EA70CB51E94436EB3B8FB94BD4F540636DA9D87B98DF3DE564C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF12E754 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 43libraryloaderCOMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32 ref: 00007FF6DF12E76E
SetErrorMode.KERNEL32 ref: 00007FF6DF12E77B

Part of subcall function 00007FF6DF116D94: GetModuleFileNameW.KERNEL32 ref: 00007FF6DF116DE4
Part of subcall function 00007FF6DF116D94: SetLastError.KERNEL32 ref: 00007FF6DF116DFF

GetModuleHandleW.KERNEL32 ref: 00007FF6DF12E7D4
GetProcAddress.KERNEL32 ref: 00007FF6DF12E7E9

Part of subcall function 00007FF6DF12E4E4: GetModuleFileNameW.KERNEL32 ref: 00007FF6DF12E541
Part of subcall function 00007FF6DF12E4E4: PathFindExtensionW.SHLWAPI ref: 00007FF6DF12E55C

Strings

user32.dll, xrefs: 00007FF6DF12E7CD
NotifyWinEvent, xrefs: 00007FF6DF12E7DF

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: ErrorModule$FileModeName$AddressExtensionFindHandleLastPathProc
String ID: NotifyWinEvent$user32.dll
API String ID: 607988645-597752486
Opcode ID: 4b6f009bfad02dc04ae045455b67b7f256ae5b64c054288ffe7aa0010e7ec2fc
Instruction ID: 11f6b1e1e2893e6d96ec5b201f9e4df7a700bda2340635022b5aab7cb99931e8
Opcode Fuzzy Hash: 4b6f009bfad02dc04ae045455b67b7f256ae5b64c054288ffe7aa0010e7ec2fc
Instruction Fuzzy Hash: BA113A31E0968281FA54AB51EC4627C77A8BF55B50F484136E69D87392DF3DE4A98340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF125894 Relevance: 10.5, APIs: 7, Instructions: 35COMMONLIBRARYCODE

Download Yara Rule

APIs

GetSystemMetrics.USER32 ref: 00007FF6DF1258A6
GetSystemMetrics.USER32 ref: 00007FF6DF1258B4
GetSystemMetrics.USER32 ref: 00007FF6DF1258C2
GetSystemMetrics.USER32 ref: 00007FF6DF1258D5
GetDC.USER32 ref: 00007FF6DF1258E5
GetDeviceCaps.GDI32 ref: 00007FF6DF1258F6
GetDeviceCaps.GDI32 ref: 00007FF6DF125907

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: MetricsSystem$CapsDevice
String ID:
API String ID: 4163108049-0
Opcode ID: f3f6061416fc3e83739aec331e3265cbdea69d5c0f2617d709af19cbafbfac76
Instruction ID: 9bc8904ee27be9290dce80806702f9602caf655cf13f6a4b026ea32797ea7c5d
Opcode Fuzzy Hash: f3f6061416fc3e83739aec331e3265cbdea69d5c0f2617d709af19cbafbfac76
Instruction Fuzzy Hash: B0011A71E0964197EB088F62ED1832E33A9FB48785F00803ACA2AC7750DF3CA4A48B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF1600F0 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 30libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(?,?,?,00007FF6DF1602B8,?,?,?,00007FF6DF160329), ref: 00007FF6DF160100
GetModuleHandleW.KERNEL32(?,?,?,00007FF6DF1602B8,?,?,?,00007FF6DF160329), ref: 00007FF6DF16011F
GetProcAddress.KERNEL32(?,?,?,00007FF6DF1602B8,?,?,?,00007FF6DF160329), ref: 00007FF6DF160134

Strings

CreateToolhelp32Snapshot, xrefs: 00007FF6DF16012A
KERNEL32.DLL, xrefs: 00007FF6DF160118
PSAPI.DLL, xrefs: 00007FF6DF1600F9

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: AddressHandleLibraryLoadModuleProc
String ID: CreateToolhelp32Snapshot$KERNEL32.DLL$PSAPI.DLL
API String ID: 310444273-467172384
Opcode ID: 529d200265f6fc7636727fbc19a715d52aa8217a5f6523bbe822e0a9789e2816
Instruction ID: a77ba938775eae71a52f14c9b5ad9f8e5550b0984f2ca84c58d58455dfc25e40
Opcode Fuzzy Hash: 529d200265f6fc7636727fbc19a715d52aa8217a5f6523bbe822e0a9789e2816
Instruction Fuzzy Hash: 5AF03071E06A4382FF158F25DC8527C23A9AF59B41F4C8036C92D86364EF3CA9E5C750

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF113E44 Relevance: 9.3, APIs: 6, Instructions: 285memoryCOMMON

Download Yara Rule

APIs

MapDialogRect.USER32 ref: 00007FF6DF113F58
SysAllocStringLen.OLEAUT32 ref: 00007FF6DF113F80

Part of subcall function 00007FF6DF1062E0: malloc.LIBCMT ref: 00007FF6DF106307

CLSIDFromString.OLE32 ref: 00007FF6DF1140F9
CLSIDFromProgID.OLE32 ref: 00007FF6DF11410F
SetWindowPos.USER32 ref: 00007FF6DF114210
SysFreeString.OLEAUT32 ref: 00007FF6DF114278

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: String$From$AllocDialogFreeProgRectWindowmalloc
String ID:
API String ID: 1120981667-0
Opcode ID: 2a68161aee3b26a5e9652a1e83363c760db7c397ea058a095d323541f3709c56
Instruction ID: fe83344ff4fc2422d16053359a1c198343d5169ddc0a7c95a32cac50a2c98879
Opcode Fuzzy Hash: 2a68161aee3b26a5e9652a1e83363c760db7c397ea058a095d323541f3709c56
Instruction Fuzzy Hash: A4D18F36608BC186D764CF25E8407AEB7A4FB89B90F104126EB9D83B58EF3CD595CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF15BF20 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 365windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6DF110660: GetWindowLongW.USER32 ref: 00007FF6DF110677

SetRectEmpty.USER32 ref: 00007FF6DF15C1BD
CreateCompatibleDC.GDI32 ref: 00007FF6DF15C1EA
CreateCompatibleBitmap.GDI32 ref: 00007FF6DF15C25C
MulDiv.KERNEL32 ref: 00007FF6DF15C3C2

Strings

WINDOW, xrefs: 00007FF6DF15BFF4

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: CompatibleCreate$BitmapEmptyLongRectWindow
String ID: WINDOW
API String ID: 3117926275-2065448539
Opcode ID: eac7a0e722c8e72b9fca6ad0351c789688a835a0317ddc10e1383dc687e873e3
Instruction ID: 284901c42ffd7623dbf6afbcafd70988135c81da148736ffa92d03aa9bab0589
Opcode Fuzzy Hash: eac7a0e722c8e72b9fca6ad0351c789688a835a0317ddc10e1383dc687e873e3
Instruction Fuzzy Hash: A7027272608A8186D760DF29E8402AEB7B4FB85B94F104237DA9D837A9DF7CD455CF40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF131500 Relevance: 9.1, APIs: 6, Instructions: 111COMMON

Download Yara Rule

APIs

GetStartupInfoW.KERNEL32 ref: 00007FF6DF131517
_FF_MSGBANNER.LIBCMT ref: 00007FF6DF1315B6
_FF_MSGBANNER.LIBCMT ref: 00007FF6DF1315E0
_RTC_Initialize.LIBCMT ref: 00007FF6DF1315F9
GetCommandLineW.KERNEL32 ref: 00007FF6DF131612
_cinit.LIBCMT ref: 00007FF6DF131652

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: CommandInfoInitializeLineStartup_cinit
String ID:
API String ID: 3693240955-0
Opcode ID: 51b68f98e6a671b63f48d075338e661ca723878948893e0411ee52440aa95a5b
Instruction ID: 13c11d570065ec61f980cee98c88671e4a65dbd38f2f8a1d1e4120a3de186acd
Opcode Fuzzy Hash: 51b68f98e6a671b63f48d075338e661ca723878948893e0411ee52440aa95a5b
Instruction Fuzzy Hash: 3F418C31E0C65396F760ABA19C513BE63DDAF82740F44403BD64ED26E6DF6CB8618B06

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF12E4E4 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 163COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32 ref: 00007FF6DF12E541
PathFindExtensionW.SHLWAPI ref: 00007FF6DF12E55C

Strings

.INI, xrefs: 00007FF6DF12E6CB
.HLP, xrefs: 00007FF6DF12E66D
.CHM, xrefs: 00007FF6DF12E637

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: ExtensionFileFindModuleNamePath
String ID: .CHM$.HLP$.INI
API String ID: 2295281026-4017452060
Opcode ID: ac51f59bbc7975ac41272dcf83583f9039451b984820e659651344d2cf483c84
Instruction ID: 5b6b87e2d5cd0c7bf062991b848bb0685f92b576cfe7d57a274580818bc5c1db
Opcode Fuzzy Hash: ac51f59bbc7975ac41272dcf83583f9039451b984820e659651344d2cf483c84
Instruction Fuzzy Hash: DF61BE35A1868754FAB0AB91EC4A2BD239CFF56780F540833DA4DC6696DF2DE864CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF163D10 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 152COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6DF170250: IsWindow.USER32 ref: 00007FF6DF170273
Part of subcall function 00007FF6DF170250: GetWindowRect.USER32 ref: 00007FF6DF17028C

OffsetRect.USER32 ref: 00007FF6DF163D7A
IsRectEmpty.USER32 ref: 00007FF6DF163D9E
CopyRect.USER32 ref: 00007FF6DF163DEC
CopyRect.USER32 ref: 00007FF6DF163E70

Strings

SCROLLBAR, xrefs: 00007FF6DF163F57

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Rect$CopyWindow$EmptyOffset
String ID: SCROLLBAR
API String ID: 2269525153-324577739
Opcode ID: 0ee595104e8f073e8c6c4ccff9f60d058e1c0955292a68026c0ad85d877ddcc8
Instruction ID: 5b30ecbd5719bbd8db562eab94a8224c722157d14904df868a9a37d35c7b79b1
Opcode Fuzzy Hash: 0ee595104e8f073e8c6c4ccff9f60d058e1c0955292a68026c0ad85d877ddcc8
Instruction Fuzzy Hash: C2715B72A18B8286EB50CF25D8842ADB3A4FB84B84F445133EE4E87798DF38D455CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF163780 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 116COMMON

Download Yara Rule

APIs

SetBrushOrgEx.GDI32 ref: 00007FF6DF16389E
FillRect.USER32 ref: 00007FF6DF1638D2
SetBkColor.GDI32 ref: 00007FF6DF16390C
SetTextColor.GDI32 ref: 00007FF6DF163925

Strings

COMBOBOX, xrefs: 00007FF6DF1637D6

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Color$BrushFillRectText
String ID: COMBOBOX
API String ID: 2541309923-1136563877
Opcode ID: ba7bfc6e3164c7a4aa379a41fedecef9e1d5810495c8d6829d50fdf4529964b4
Instruction ID: 0884a9cace8b6b6dfd5e90d8f4cfe02724644902920fcb7bd5921824d129a42a
Opcode Fuzzy Hash: ba7bfc6e3164c7a4aa379a41fedecef9e1d5810495c8d6829d50fdf4529964b4
Instruction Fuzzy Hash: DB415235A08A8285EB609F26D8586BE2369FB89FC4F148037EE4D87795DF3DE590C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF158890 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 60windowtimeCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6DF11062C: GetWindowLongW.USER32 ref: 00007FF6DF110643

Part of subcall function 00007FF6DF110660: GetWindowLongW.USER32 ref: 00007FF6DF110677

SendMessageW.USER32 ref: 00007FF6DF1588DD
GetClassLongPtrW.USER32 ref: 00007FF6DF1588EF
SendMessageTimeoutW.USER32 ref: 00007FF6DF158936
LoadIconW.USER32 ref: 00007FF6DF158957

Strings

d, xrefs: 00007FF6DF158926

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Long$MessageSendWindow$ClassIconLoadTimeout
String ID: d
API String ID: 2815217987-2564639436
Opcode ID: 8a10ef36ce0ec94a93b7d572efd1e8e07d947d2624c876924d1c963079cc2a38
Instruction ID: 59d07faa56179735463c1abeeee147fbbc2182e02abcec43880bc583a937599d
Opcode Fuzzy Hash: 8a10ef36ce0ec94a93b7d572efd1e8e07d947d2624c876924d1c963079cc2a38
Instruction Fuzzy Hash: F2217F32A0874282EB508B21E89473E73A8FFD47A4F444836DA4D87B59DF3DE464C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF114A1C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56COMMON

Download Yara Rule

Strings

Edit, xrefs: 00007FF6DF114A88

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID:
String ID: Edit
API String ID: 0-554135844
Opcode ID: 3556493d1662b8526b2c05ae238ddc46916b78ca5659e20d22cb14d182adf17a
Instruction ID: 642afee1fe21ab649a0af0e348a357d3b50ecd280b9b8e9c8bc84a2fae4ced30
Opcode Fuzzy Hash: 3556493d1662b8526b2c05ae238ddc46916b78ca5659e20d22cb14d182adf17a
Instruction Fuzzy Hash: 5C219D31A0C55282FE648B22ED1427C23ACEF55F84F254232D94EC72D9CF2CE9B08304

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF114FDC Relevance: 7.7, APIs: 5, Instructions: 166COMMON

Download Yara Rule

APIs

GlobalLock.KERNEL32 ref: 00007FF6DF115133
CreateDialogIndirectParamW.USER32 ref: 00007FF6DF11516F
DestroyWindow.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF6DF115205
GlobalUnlock.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF6DF115216

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Global$CreateDestroyDialogIndirectLockParamUnlockWindow
String ID:
API String ID: 118996721-0
Opcode ID: 9e4f27ae081e4f18c2fb74bbec4ef5f3c8f3787ccd543229719e013b6a1aeb8a
Instruction ID: bc5e79905f5f46a8d66f97c89053074622546da85b0ac0d4d64c90ed649db5a4
Opcode Fuzzy Hash: 9e4f27ae081e4f18c2fb74bbec4ef5f3c8f3787ccd543229719e013b6a1aeb8a
Instruction Fuzzy Hash: 8661D532A08A9282EA54AF62DC5117D33A8FF95B94F444137EA6E83795DF7CD4A5C300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF15FDB0 Relevance: 7.6, APIs: 5, Instructions: 61COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32 ref: 00007FF6DF15FDD8
K32EnumProcessModules.KERNEL32 ref: 00007FF6DF15FE01
K32EnumProcessModules.KERNEL32 ref: 00007FF6DF15FE47
CloseHandle.KERNEL32 ref: 00007FF6DF15FE51

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Process$EnumModules$CloseHandleOpen
String ID:
API String ID: 1480258505-0
Opcode ID: c72e6945388e097766bb322716875043392fe01f77a69307a129e92ba12a4bff
Instruction ID: 50d30b3ea2784f1104c16eed883ecaeb4f5fc4cfdd1d8df71d86e724e4cf19d5
Opcode Fuzzy Hash: c72e6945388e097766bb322716875043392fe01f77a69307a129e92ba12a4bff
Instruction Fuzzy Hash: 7F214F3171864683EB94CB66E94472D63E4FB89BA4F455139EB2DC7B84DF3CD4A08B00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF14DAF0 Relevance: 7.6, APIs: 5, Instructions: 52COMMON

Download Yara Rule

APIs

IsWindowUnicode.USER32 ref: 00007FF6DF14DB1D
GetWindowLongPtrW.USER32 ref: 00007FF6DF14DB3B
SetWindowLongPtrW.USER32 ref: 00007FF6DF14DB59
GetWindowLongPtrA.USER32 ref: 00007FF6DF14DB61
SetWindowLongPtrA.USER32 ref: 00007FF6DF14DB7F

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Window$Long$Unicode
String ID:
API String ID: 434367412-0
Opcode ID: ce8efbfcfe05795d7fa4f30d8897333a45d6bf9021eb11d7ce6b94f260f75463
Instruction ID: f5464b86688e6994efcb79d2cc64eb12ade35ca1bd459570b174baf3c9563b9a
Opcode Fuzzy Hash: ce8efbfcfe05795d7fa4f30d8897333a45d6bf9021eb11d7ce6b94f260f75463
Instruction Fuzzy Hash: CE215B32A08B8286DB50CF12A9502AD73A8FB89FD8F444132DE8D87758CF3CE4648780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF1754F0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 82COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6DF171BF0: FindResourceW.KERNEL32 ref: 00007FF6DF171C14

FindResourceW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6DF16FC30), ref: 00007FF6DF17553F

Strings

@, xrefs: 00007FF6DF1755F9
PNG, xrefs: 00007FF6DF175532

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: FindResource
String ID: @$PNG
API String ID: 1635176832-1535053621
Opcode ID: 74658ecd211e47ec08a0e81dede1666f179b1711db109605a6ccaf571f535dcf
Instruction ID: 30ae35fdc433de5d54a855ca1806a4e734970530d102d6e65491631501337816
Opcode Fuzzy Hash: 74658ecd211e47ec08a0e81dede1666f179b1711db109605a6ccaf571f535dcf
Instruction Fuzzy Hash: E0311331A08641C1E6509B15FC402AEB7A8EB84BD0F541132EB5EC7BA9DF3CE5668B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF151510 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 74COMMON

Download Yara Rule

APIs

SystemParametersInfoW.USER32 ref: 00007FF6DF151547
SystemParametersInfoW.USER32 ref: 00007FF6DF151552

Strings

SYSMETRICS, xrefs: 00007FF6DF151569, 00007FF6DF1515AA
\, xrefs: 00007FF6DF15155B

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: InfoParametersSystem
String ID: SYSMETRICS$\
API String ID: 3098949447-2551283075
Opcode ID: c1f43b22529e17234ec69891875d41fe4144a86bc9042d767d946704dd080fc9
Instruction ID: 71777de43ad312faafc4ea893db0478ffe429818be6f2262ac1703da04b38e4a
Opcode Fuzzy Hash: c1f43b22529e17234ec69891875d41fe4144a86bc9042d767d946704dd080fc9
Instruction Fuzzy Hash: 8E21E831B0C64243E7209B65F88067E77A9EBD8788F944136EB5D83B95CF7CD9618B00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF151CA0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 71libraryCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32 ref: 00007FF6DF151D22
LoadLibraryA.KERNEL32 ref: 00007FF6DF151D3E
GetModuleHandleA.KERNEL32 ref: 00007FF6DF151D4C

Strings

UXTHEME.DLL, xrefs: 00007FF6DF151CEA

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: HandleModule$LibraryLoad
String ID: UXTHEME.DLL
API String ID: 1178273743-1012247522
Opcode ID: d1437003ef7f08dfc070adac7db9fec4e6071c178e26105692feac182e0b13da
Instruction ID: d06ac754f34ef6d515970cac9931181f6e68f50ae146e1c912a0968e75dff93e
Opcode Fuzzy Hash: d1437003ef7f08dfc070adac7db9fec4e6071c178e26105692feac182e0b13da
Instruction Fuzzy Hash: 7B21A331A0CB8191EA119B52BD4417EA3A9BF88BD4F040536EE9D97B99DF3CE0218700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF1026AA Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 50registryCOMMON

Download Yara Rule

APIs

malloc.LIBCMT ref: 00007FF6DF1026BD

Part of subcall function 00007FF6DF131B7C: _FF_MSGBANNER.LIBCMT ref: 00007FF6DF131BAC
Part of subcall function 00007FF6DF131B7C: RtlAllocateHeap.NTDLL(?,?,00000018,00007FF6DF10630C), ref: 00007FF6DF131BD1
Part of subcall function 00007FF6DF131B7C: _errno.LIBCMT ref: 00007FF6DF131BF5
Part of subcall function 00007FF6DF131B7C: _errno.LIBCMT ref: 00007FF6DF131C00

RegOpenKeyExW.KERNEL32 ref: 00007FF6DF102712

Strings

http://www.purannetworks.com/npupage7c.html, xrefs: 00007FF6DF102798
Software\Puran Software\Puran Utilities, xrefs: 00007FF6DF102704

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: _errno$AllocateHeapOpenmalloc
String ID: Software\Puran Software\Puran Utilities$http://www.purannetworks.com/npupage7c.html
API String ID: 3746995541-1984694641
Opcode ID: da64facbe97b29fd333be5387551c00477e9ca11fd54b4bbb6cd61a7237e494b
Instruction ID: fa207a2555930cba65635f0cb007ca34b2fc2c5a6b1b55005d0e5dcd4da869d1
Opcode Fuzzy Hash: da64facbe97b29fd333be5387551c00477e9ca11fd54b4bbb6cd61a7237e494b
Instruction Fuzzy Hash: 8F116D35A0CB8281E6609B12B8002BDA39CFF9A784F540136DE8D93B99DFBDD1B4C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF12D4DC Relevance: 6.4, APIs: 4, Instructions: 369stringCOMMON

Download Yara Rule

APIs

VariantClear.OLEAUT32 ref: 00007FF6DF12D833
lstrlenA.KERNEL32 ref: 00007FF6DF12D55A

Part of subcall function 00007FF6DF116D40: DeactivateActCtx.KERNEL32(?,?,?,?,?,?,?,00080000,00007FF6DF10C134), ref: 00007FF6DF116D52

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: ClearDeactivateVariantlstrlen
String ID:
API String ID: 2276215455-0
Opcode ID: 39bc3dc2c15502ab5d4757e17c8d47adc8ba39ae7282b612bbd7e391e5d9ee8a
Instruction ID: 0154c060f72cccdf246cf72e2c33af42bd002ae5d55fbf871d5c7ff749571b15
Opcode Fuzzy Hash: 39bc3dc2c15502ab5d4757e17c8d47adc8ba39ae7282b612bbd7e391e5d9ee8a
Instruction Fuzzy Hash: 43F1C33290968285DB349F65D8561BD33A8FB06798F504637EA6E87BD5CF3EE460C340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF14EAE0 Relevance: 6.1, APIs: 4, Instructions: 117COMMONLIBRARYCODE

Download Yara Rule

APIs

ImageDirectoryEntryToData.IMAGEHLP(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF6DF14F630), ref: 00007FF6DF14EB4A

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: DataDirectoryEntryImage
String ID:
API String ID: 2408702995-0
Opcode ID: 671edae44d4ddf35e830a7efb00535914083b4d67fa02f8a979984068f79b073
Instruction ID: 69d0be6b4fdaf879024dfa08e4193914144c3bac45e06fe2a97c8eaaf3aab81f
Opcode Fuzzy Hash: 671edae44d4ddf35e830a7efb00535914083b4d67fa02f8a979984068f79b073
Instruction Fuzzy Hash: F4417036B0864291EA60CB21DC1467E67A8FBC9B98F444533D95EC3B94DF3DE9658700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF162610 Relevance: 6.1, APIs: 4, Instructions: 66windowCOMMON

Download Yara Rule

APIs

GetParent.USER32 ref: 00007FF6DF162638
GetParent.USER32 ref: 00007FF6DF16265F
SendMessageW.USER32 ref: 00007FF6DF162671
FillRect.USER32 ref: 00007FF6DF1626AC

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Parent$FillMessageRectSend
String ID:
API String ID: 1765584866-0
Opcode ID: ff41e4912218a1e7c19f766f39e1ad445cc8c39b7c7d25df082cd5ec834d0329
Instruction ID: 5b4c3056f1e9df4d9f63535c648f1a03c0f884112010393b1b18b2939b5e3403
Opcode Fuzzy Hash: ff41e4912218a1e7c19f766f39e1ad445cc8c39b7c7d25df082cd5ec834d0329
Instruction Fuzzy Hash: DF215E35B08B8185EE559B13AC0417EA368FB89FE4F180436EE5E97B55CF3CE4A18340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF113638 Relevance: 6.1, APIs: 4, Instructions: 64COMMON

Download Yara Rule

APIs

FindResourceW.KERNEL32 ref: 00007FF6DF11367F
LoadResource.KERNEL32 ref: 00007FF6DF113690
LockResource.KERNEL32 ref: 00007FF6DF1136A1
FreeResource.KERNEL32 ref: 00007FF6DF1136D1

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Resource$FindFreeLoadLock
String ID:
API String ID: 1078018258-0
Opcode ID: 9f170f2aa823954abd0ba523f3f0383d7371684ffd96bdce6408b58098674089
Instruction ID: 0feeef7ab577c5dd8fbdd1709d442518622d6891b49adf9d8aec1632d0918329
Opcode Fuzzy Hash: 9f170f2aa823954abd0ba523f3f0383d7371684ffd96bdce6408b58098674089
Instruction Fuzzy Hash: D3218C32B04B8281EA159B139C1866DB3A8FB99FD4F494036DE0C87B58DF3DD995C300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF10C71C Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON

Download Yara Rule

APIs

GetTopWindow.USER32 ref: 00007FF6DF10C734
SendMessageW.USER32(?,?,00000001,?,?,00007FF6DF10F7CF), ref: 00007FF6DF10C788
GetTopWindow.USER32 ref: 00007FF6DF10C795
GetWindow.USER32 ref: 00007FF6DF10C7C4

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Window$MessageSend
String ID:
API String ID: 1496643700-0
Opcode ID: d1c7cae1b8da811d1b24456718ec9aaa18060083a2f3574a294bba5c81a94312
Instruction ID: 766151c08a57bf6f5f6f73f799fafdc065c94ce6ea406c24caf13c039df27140
Opcode Fuzzy Hash: d1c7cae1b8da811d1b24456718ec9aaa18060083a2f3574a294bba5c81a94312
Instruction Fuzzy Hash: 2C11843AA0974187EA119F57A80016EB768FFC8B90F180136EE8D47798DF7CE4608F80

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF15FD10 Relevance: 6.0, APIs: 4, Instructions: 43COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32 ref: 00007FF6DF15FD51
K32GetModuleInformation.KERNEL32 ref: 00007FF6DF15FD6E
CloseHandle.KERNEL32 ref: 00007FF6DF15FD78

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: CloseHandleInformationModuleOpenProcess
String ID:
API String ID: 3698840065-0
Opcode ID: c174200bace09b7a94531bd1fdddd5beebe4bacd74eddcc43cce04887419ee44
Instruction ID: 5be57e9676cda53b54d4e213d9e76c3b2eb93f86473cab2b39e4700d21ce4712
Opcode Fuzzy Hash: c174200bace09b7a94531bd1fdddd5beebe4bacd74eddcc43cce04887419ee44
Instruction Fuzzy Hash: B9019231B18A8181EB548B17B80432E63A4EB58FC4F184035EF4E87B59DF3CD8E18780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF163620 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 84COMMON

Download Yara Rule

APIs

SetBkColor.GDI32 ref: 00007FF6DF163722
SetTextColor.GDI32 ref: 00007FF6DF16373B

Strings

COMBOBOX, xrefs: 00007FF6DF163676

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Color$Text
String ID: COMBOBOX
API String ID: 657580467-1136563877
Opcode ID: 7e9d16b19d82d31042f7e863be722d282642023a55f9ad2842972e9582ba9efc
Instruction ID: 324217d60772d9bb6b72518ab496d8f25dded2786729e15cf57960ded2f79a3e
Opcode Fuzzy Hash: 7e9d16b19d82d31042f7e863be722d282642023a55f9ad2842972e9582ba9efc
Instruction Fuzzy Hash: 70319075B08A8286EB509F1AD8442AE636AFB89BC4F544033EE4D83799CF3CE591C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF112BB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32 ref: 00007FF6DF112BDD
PathFindExtensionW.SHLWAPI ref: 00007FF6DF112BF5

Part of subcall function 00007FF6DF112724: GetModuleHandleW.KERNEL32 ref: 00007FF6DF112775
Part of subcall function 00007FF6DF112724: GetProcAddress.KERNEL32 ref: 00007FF6DF112788
Part of subcall function 00007FF6DF112724: ConvertDefaultLocale.KERNEL32 ref: 00007FF6DF1127B7
Part of subcall function 00007FF6DF112724: ConvertDefaultLocale.KERNEL32 ref: 00007FF6DF1127C3
Part of subcall function 00007FF6DF112724: GetProcAddress.KERNEL32 ref: 00007FF6DF1127DB
Part of subcall function 00007FF6DF112724: ConvertDefaultLocale.KERNEL32 ref: 00007FF6DF112805
Part of subcall function 00007FF6DF112724: ConvertDefaultLocale.KERNEL32 ref: 00007FF6DF112811
Part of subcall function 00007FF6DF112724: GetModuleFileNameW.KERNEL32 ref: 00007FF6DF1128D4

Strings

%s%s.dll, xrefs: 00007FF6DF112C08

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: ConvertDefaultLocale$Module$AddressFileNameProc$ExtensionFindHandlePath
String ID: %s%s.dll
API String ID: 288242826-1649984862
Opcode ID: bc86d8d5df52e3024a03c7bffb446ee87924a6ee14f115bbd521ea0080c09911
Instruction ID: b0dba06c54e21a47ae161fd14d69a027cf4e1886d44e8700d46f5939c75d8e33
Opcode Fuzzy Hash: bc86d8d5df52e3024a03c7bffb446ee87924a6ee14f115bbd521ea0080c09911
Instruction Fuzzy Hash: 61012D3561DA8681EA618B14EC9437E73A4FB98B84F604033CA9CC7364DF3DD5A6C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF11432C Relevance: 4.6, APIs: 3, Instructions: 147COMMON

Download Yara Rule

APIs

GetWindow.USER32 ref: 00007FF6DF114424
SetWindowContextHelpId.USER32 ref: 00007FF6DF1144C3
GetParent.USER32 ref: 00007FF6DF1144CC

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Window$ContextHelpParent
String ID:
API String ID: 2037418093-0
Opcode ID: 3464f2a129e6c284c3bb9c720484472c71ac56d7f98537aca4f60156609e90ad
Instruction ID: 4a3ca436f2801b0bd71148064634c7e195c4af404e4b0da762ae5fe4f29c2543
Opcode Fuzzy Hash: 3464f2a129e6c284c3bb9c720484472c71ac56d7f98537aca4f60156609e90ad
Instruction Fuzzy Hash: 94518331A1D6A181E7748B11E84066EB369F795F90F148232EE5D47B8CDF7CDDA18B01

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF1647A0 Relevance: 4.6, APIs: 3, Instructions: 99windowCOMMON

Download Yara Rule

APIs

GetClientRect.USER32 ref: 00007FF6DF1647CE
SendMessageW.USER32 ref: 00007FF6DF164808
SendMessageW.USER32 ref: 00007FF6DF1648B6

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: MessageSend$ClientRect
String ID:
API String ID: 1925248871-0
Opcode ID: e44c2a15d204669b7f8a780429fdc70fbacbb4e3f1a5ce82bd83ba4b44b77fe8
Instruction ID: d1b524e11454453799f8e7efaabd07efbc7784c4ecc284c6454253d1d8f0074b
Opcode Fuzzy Hash: e44c2a15d204669b7f8a780429fdc70fbacbb4e3f1a5ce82bd83ba4b44b77fe8
Instruction Fuzzy Hash: 28418132608A8187EA50DF61E8147AEB324FB95B94F404133EE5E83B99DF7CDA15C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF161EF0 Relevance: 4.6, APIs: 3, Instructions: 68windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6DF161E50: SendMessageW.USER32 ref: 00007FF6DF161E89
Part of subcall function 00007FF6DF161E50: GetWindowLongPtrW.USER32 ref: 00007FF6DF161E9D

SendMessageW.USER32 ref: 00007FF6DF161F72
SendMessageW.USER32 ref: 00007FF6DF161F94
SendMessageW.USER32 ref: 00007FF6DF161FA8

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: MessageSend$LongWindow
String ID:
API String ID: 312131281-0
Opcode ID: 2e95443533d5338a8361be0eda53e59619181777d7157df3c984f92d11939945
Instruction ID: d8194fbc21dcd140fa3ffd6842e36a5f2d1086f960a104d6ec2fe5c90483330b
Opcode Fuzzy Hash: 2e95443533d5338a8361be0eda53e59619181777d7157df3c984f92d11939945
Instruction Fuzzy Hash: 0521A131F0965292FB589B62A95167E6398AF84FC4F081032EE4DD7B86DF2CD8614780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF162510 Relevance: 4.6, APIs: 3, Instructions: 67windowCOMMON

Download Yara Rule

APIs

GetParent.USER32 ref: 00007FF6DF16252C
GetParent.USER32 ref: 00007FF6DF162577
SendMessageW.USER32 ref: 00007FF6DF16259A

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Parent$MessageSend
String ID:
API String ID: 2251359880-0
Opcode ID: f93be45edf7cc19a538a06cfe734c898c52cfa674fc2a0656dc14a2a90fe9a4f
Instruction ID: e504a14ccfaaf45a6212efce0d6ea9282848f700bd3ee74725abd96c4edf6b02
Opcode Fuzzy Hash: f93be45edf7cc19a538a06cfe734c898c52cfa674fc2a0656dc14a2a90fe9a4f
Instruction Fuzzy Hash: 8E213335B1DB8182EE64AF16A9501FD5368EB88FD4F480033EE5E97756CF2CE4618780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF11AB3C Relevance: 4.6, APIs: 3, Instructions: 60COMMON

Download Yara Rule

APIs

SysStringLen.OLEAUT32 ref: 00007FF6DF11AB69
CoGetClassObject.OLE32 ref: 00007FF6DF11AB92
CoGetClassObject.OLE32 ref: 00007FF6DF11ABBD

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: ClassObject$String
String ID:
API String ID: 1109195124-0
Opcode ID: d9fca002ef3f002b62b5573e0e2bca09d95d471f6e0ac6680a0684f2ad36519b
Instruction ID: f227d4b34f0574bf8d9c95b441864640e6f18da67cac6ab2f4e862f02b8f95fb
Opcode Fuzzy Hash: d9fca002ef3f002b62b5573e0e2bca09d95d471f6e0ac6680a0684f2ad36519b
Instruction Fuzzy Hash: 6A21FA36718B9582D7508B56E84451EB7A9F788FC0F444136EE8D87B14DF3DD459CB04

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF161FF0 Relevance: 4.6, APIs: 3, Instructions: 57COMMON

Download Yara Rule

APIs

SetWindowRgn.USER32 ref: 00007FF6DF162030
SetWindowRgn.USER32 ref: 00007FF6DF16209D
SetWindowRgn.USER32 ref: 00007FF6DF1620C2

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Window
String ID:
API String ID: 2353593579-0
Opcode ID: 14cd502f0170424bead04bf8a2c1d5305ceee93b4da0a52fdb4b478b9df5a07c
Instruction ID: 8e12526100aeaf86e532a2a207f61aaed483b106ffb9930f2db2b4ccc2916491
Opcode Fuzzy Hash: 14cd502f0170424bead04bf8a2c1d5305ceee93b4da0a52fdb4b478b9df5a07c
Instruction Fuzzy Hash: F9217F32909681C6EB648F22C8183AD33A5FB44F89F084136DE0D8A3A5DF7FD495C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF109B18 Relevance: 4.6, APIs: 3, Instructions: 54windowCOMMON

Download Yara Rule

APIs

MessageBoxW.USER32 ref: 00007FF6DF109B73
GetLastError.KERNEL32 ref: 00007FF6DF109B8F
SetLastError.KERNEL32 ref: 00007FF6DF109BAD

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: ErrorLast$Message
String ID:
API String ID: 464048744-0
Opcode ID: b4a3e8d06c9168645e3023989f4e1c561002bc20f8a199339af8938aff161270
Instruction ID: 519d115144d0cfbd840e7580d0ea7df493cbde32bb92aa9bb91dcdc93a008c6c
Opcode Fuzzy Hash: b4a3e8d06c9168645e3023989f4e1c561002bc20f8a199339af8938aff161270
Instruction Fuzzy Hash: F0118432A0874682E7608B56A84032EB7E8FB98BD4F480177EE5CC3754CFBCD4658740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF178A80 Relevance: 4.6, APIs: 3, Instructions: 53COMMON

Download Yara Rule

APIs

SizeofResource.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DF175555), ref: 00007FF6DF178AC4
LoadResource.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DF175555), ref: 00007FF6DF178AD2
LockResource.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DF175555), ref: 00007FF6DF178AE0

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Resource$LoadLockSizeof
String ID:
API String ID: 2853612939-0
Opcode ID: bb551ac39bc6d11afb788d6ed1bf15bebfd6807f7ef2b6e40d3c0081ab218214
Instruction ID: 2cdafa03e0d2fdd6e7af7c705d81d274ab3d67c35c9a8424d2c26eb6c32db199
Opcode Fuzzy Hash: bb551ac39bc6d11afb788d6ed1bf15bebfd6807f7ef2b6e40d3c0081ab218214
Instruction Fuzzy Hash: BE11B231F1874185EAA09B11ED4476D6398AF58FE0F298232DE6EC77D5DF2CE8148780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF10B6C4 Relevance: 4.6, APIs: 3, Instructions: 52networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6DF10B650: GetModuleHandleW.KERNEL32 ref: 00007FF6DF10B672
Part of subcall function 00007FF6DF10B650: LoadLibraryW.KERNEL32 ref: 00007FF6DF10B685
Part of subcall function 00007FF6DF10B650: GetProcAddress.KERNEL32 ref: 00007FF6DF10B6A3

InitNetworkAddressControl.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DF10C1CA), ref: 00007FF6DF10B71C
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DF10C1CA), ref: 00007FF6DF10B735
SetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DF10C1CA), ref: 00007FF6DF10B753

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: AddressErrorLast$ControlHandleInitLibraryLoadModuleNetworkProc
String ID:
API String ID: 3293949137-0
Opcode ID: b1d3676a45a83a427010b25eace46e5b83e71c19b6a31ff0f8d53d8e2fa67c23
Instruction ID: aaa5f38a2369cb188bcbf4ddb592aa2a034cef6203e415c22c08dfe4dd0880a3
Opcode Fuzzy Hash: b1d3676a45a83a427010b25eace46e5b83e71c19b6a31ff0f8d53d8e2fa67c23
Instruction Fuzzy Hash: 45118232B0834782FB509BB6A84137E6399AF48794F044136EE4DC6690DFACE8758640

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF16C090 Relevance: 4.5, APIs: 3, Instructions: 41windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32 ref: 00007FF6DF16C0D4
SendMessageW.USER32 ref: 00007FF6DF16C0F6
SendMessageW.USER32 ref: 00007FF6DF16C118

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 263cc5f048e16869991967220da49195178f81d6a84d97388452f87ff0fca7d4
Instruction ID: a760c7754e32588b14a7f1fa11a51827056f023076443ea814c2322960d59bd9
Opcode Fuzzy Hash: 263cc5f048e16869991967220da49195178f81d6a84d97388452f87ff0fca7d4
Instruction Fuzzy Hash: B2017C31B1054283E7649B79AC1576E1399DF88BAAF442031DD1DCBB85DF3DC4D18740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF108E4C Relevance: 4.5, APIs: 3, Instructions: 40COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32 ref: 00007FF6DF108E6B
SetWindowLongA.USER32 ref: 00007FF6DF108E87
SetWindowPos.USER32 ref: 00007FF6DF108EB5

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Window$Long
String ID:
API String ID: 847901565-0
Opcode ID: d9683af92b8828efa542a4f6c1477ab0ed66d13064c4fe98b1e21091569818b8
Instruction ID: a73b3505213279cf56fa50491f7ec89189adbcd8e29b3228bc4f014399ec3ffe
Opcode Fuzzy Hash: d9683af92b8828efa542a4f6c1477ab0ed66d13064c4fe98b1e21091569818b8
Instruction Fuzzy Hash: 74017936A2C65187E3518F16B94072EB754F784BE5F049135EE8643F15CF7CD8654B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF115B6C Relevance: 4.5, APIs: 3, Instructions: 27windowCOMMON

Download Yara Rule

APIs

GetMessageW.USER32 ref: 00007FF6DF115B8A
TranslateMessage.USER32 ref: 00007FF6DF115BAE
DispatchMessageW.USER32 ref: 00007FF6DF115BB8

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Message$DispatchTranslate
String ID:
API String ID: 1706434739-0
Opcode ID: eac75e5d2b408492b9611052a9c37f52eebce866c7bf163c00dd0cac57a7f4bf
Instruction ID: 1b6d6562dc5de8e63e9349ad4fbeb36a202f48a43404e5205245f94be1817520
Opcode Fuzzy Hash: eac75e5d2b408492b9611052a9c37f52eebce866c7bf163c00dd0cac57a7f4bf
Instruction Fuzzy Hash: 1EF03031B08A46A2FB209B61ED546BD3369FFA4744F844032DA1DC25A1DF38E9B5C705

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF161110 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 43libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6DF161010: GetModuleHandleA.KERNEL32 ref: 00007FF6DF16102B

GetProcAddress.KERNEL32 ref: 00007FF6DF161168

Strings

GetCurrentThemeName, xrefs: 00007FF6DF161161

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: GetCurrentThemeName
API String ID: 1646373207-2824197984
Opcode ID: 182a9a2757b9e3856052564170dd10d6c50601e6ebb455ce1015e553ebb657d6
Instruction ID: 77d18a911e1489dd3f2eecfe6939d98d8978c4ac25d199ed996973d44b05ce5c
Opcode Fuzzy Hash: 182a9a2757b9e3856052564170dd10d6c50601e6ebb455ce1015e553ebb657d6
Instruction Fuzzy Hash: 58110B3261978596E750CF16A80036DB7A4FB89BE0F044236FE9D97B98CF7CD4508B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF161350 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6DF161010: GetModuleHandleA.KERNEL32 ref: 00007FF6DF16102B

Part of subcall function 00007FF6DF161070: GetProcAddress.KERNEL32 ref: 00007FF6DF1610BD

GetProcAddress.KERNEL32 ref: 00007FF6DF1613AA

Strings

OpenThemeData, xrefs: 00007FF6DF1613A3

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: AddressProc$HandleModule
String ID: OpenThemeData
API String ID: 667068680-1668096671
Opcode ID: 0d04eb9bec8cdeb547f75d93a6f77dda677824dfc2d1379bcfb9b8282857187c
Instruction ID: 5c58b41aa78417cf591fcb35e49868cc09880678134848ebb5d3e40a283e90b6
Opcode Fuzzy Hash: 0d04eb9bec8cdeb547f75d93a6f77dda677824dfc2d1379bcfb9b8282857187c
Instruction Fuzzy Hash: 41017131609B8181EA109B12A80037DA3A8FF89FE0F140736EEAD97BD8CF3DD4618740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF1612E0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 28libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32 ref: 00007FF6DF161324

Part of subcall function 00007FF6DF161010: GetModuleHandleA.KERNEL32 ref: 00007FF6DF16102B

Strings

IsThemeActive, xrefs: 00007FF6DF16131D

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: IsThemeActive
API String ID: 1646373207-353054387
Opcode ID: 421e57b0f65e4abb2ad20d677bb65b5ea062cfd6e98e05dd99fb9fe6bb833349
Instruction ID: ef0dd11272552dce78db6d2b8438042d4edd8723cb055c0ecd454306c6b2d664
Opcode Fuzzy Hash: 421e57b0f65e4abb2ad20d677bb65b5ea062cfd6e98e05dd99fb9fe6bb833349
Instruction Fuzzy Hash: 71F09031A1A64696EE605B209C0137C1398EF48F74F484636E97EC63D4DF2C94A0C280

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF15E880 Relevance: 3.4, APIs: 2, Instructions: 438COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6DF15D510: CreateCompatibleDC.GDI32 ref: 00007FF6DF15D57F
Part of subcall function 00007FF6DF15D510: GetObjectW.GDI32 ref: 00007FF6DF15D5AF
Part of subcall function 00007FF6DF15D510: CreateDIBSection.GDI32 ref: 00007FF6DF15D61D
Part of subcall function 00007FF6DF15D510: DrawStateW.USER32 ref: 00007FF6DF15D6A5
Part of subcall function 00007FF6DF15D510: DeleteObject.GDI32 ref: 00007FF6DF15D6BC

Part of subcall function 00007FF6DF118728: SetStretchBltMode.GDI32 ref: 00007FF6DF118743
Part of subcall function 00007FF6DF118728: SetStretchBltMode.GDI32 ref: 00007FF6DF118754

MulDiv.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,?,?), ref: 00007FF6DF15EA19
MulDiv.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,?,?), ref: 00007FF6DF15EA8E

Part of subcall function 00007FF6DF170680: SelectObject.GDI32 ref: 00007FF6DF1706A8

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Object$CreateModeStretch$CompatibleDeleteDrawSectionSelectState
String ID:
API String ID: 3843085611-0
Opcode ID: aef39f7f45dee10b19fa7b903ae07c05a64533185e707654b06dbc578c21f3be
Instruction ID: b03dacf6c84cea1dbc8f6e191e81539b40492d302aa60401e17a65bfcb64f556
Opcode Fuzzy Hash: aef39f7f45dee10b19fa7b903ae07c05a64533185e707654b06dbc578c21f3be
Instruction Fuzzy Hash: 7E2207775186C18FC714CF29E540A5EBBB5F788798F10812AEB8987B58DB78E960CF40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF11C358 Relevance: 3.2, APIs: 2, Instructions: 245COMMON

Download Yara Rule

APIs

OffsetRect.USER32 ref: 00007FF6DF11C5FD
OffsetRect.USER32 ref: 00007FF6DF11C641

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: OffsetRect
String ID:
API String ID: 177026234-0
Opcode ID: 4001e4ffc08d2ec0156b4bb0285ef236915f84fa0f69f5fce5b56c02f80ef860
Instruction ID: af69e0c9b917f4605c651df12f909c4e6f22bc2a71834ca76614ce1ed5c5e088
Opcode Fuzzy Hash: 4001e4ffc08d2ec0156b4bb0285ef236915f84fa0f69f5fce5b56c02f80ef860
Instruction Fuzzy Hash: 3DB18D36A08B8286EB509F26D8403ED7764FB99F94F049132CE4E9B758DF38D418CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF165760 Relevance: 3.2, APIs: 2, Instructions: 222windowCOMMON

Download Yara Rule

APIs

GetCapture.USER32 ref: 00007FF6DF165790
SendMessageW.USER32 ref: 00007FF6DF1657D0

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: CaptureMessageSend
String ID:
API String ID: 444909045-0
Opcode ID: 7b7b35727702e0d1ef26660ba97d4d0427f28e2d963ead4d123f9f26ea29657d
Instruction ID: 7d8fe0cbd5460e611f4dfd7a7a56ac820c4d9759b04121dcf81f7ffadc4f983f
Opcode Fuzzy Hash: 7b7b35727702e0d1ef26660ba97d4d0427f28e2d963ead4d123f9f26ea29657d
Instruction Fuzzy Hash: FB81D531F1855246EB749A16A810BBE6359BF85B98F484033EE4E87B85CF3DE865C7C0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF188E24 Relevance: 3.2, APIs: 2, Instructions: 210stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32 ref: 00007FF6DF188EDF
__doserrno.LIBCMT ref: 00007FF6DF188F72

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: __doserrnolstrlen
String ID:
API String ID: 2417770779-0
Opcode ID: b3a909641a27d3d089bf3ba5f18b386acd8c3a6bd6149599e508cbafe4348029
Instruction ID: 9a79f650e8887f835d57e55f9baead8f2e6f3985dac7997d82b0bb915241727b
Opcode Fuzzy Hash: b3a909641a27d3d089bf3ba5f18b386acd8c3a6bd6149599e508cbafe4348029
Instruction Fuzzy Hash: 6C81CF32B0864296EB14DB2AC98427D77A9BB84B88F148537DB5DC7796CF39E461C340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF10F654 Relevance: 3.1, APIs: 2, Instructions: 107windowCOMMON

Download Yara Rule

APIs

SendDlgItemMessageA.USER32 ref: 00007FF6DF10F6FE
SendDlgItemMessageW.USER32 ref: 00007FF6DF10F766

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: ItemMessageSend
String ID:
API String ID: 3015471070-0
Opcode ID: d865ce6c85f0faeab1c2bad6cb3d31c6d568c8736e1976e5d8ed5ce1d538160e
Instruction ID: 4c46b9cfa654bad36a5b850db84ca59de77e960f3bd69f8ffc440dddb87d30d4
Opcode Fuzzy Hash: d865ce6c85f0faeab1c2bad6cb3d31c6d568c8736e1976e5d8ed5ce1d538160e
Instruction Fuzzy Hash: 4E41E43AA0868142EB609B16E80056E7359F7847B4F944332EFBD87BD4CF7DD8A68704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF11CF34 Relevance: 3.1, APIs: 2, Instructions: 79COMMON

Download Yara Rule

APIs

SetRect.USER32 ref: 00007FF6DF11CFE8
SetRect.USER32 ref: 00007FF6DF11D01A

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Rect
String ID:
API String ID: 400858303-0
Opcode ID: 587609c53b6e5197863f8e0c9ec6057b82f4dd7f95b1f3b50ce2be79b549f35f
Instruction ID: 1b10e2562bacf6c82246191afe707955fa17e181220226be7b3f14e58ecc6660
Opcode Fuzzy Hash: 587609c53b6e5197863f8e0c9ec6057b82f4dd7f95b1f3b50ce2be79b549f35f
Instruction Fuzzy Hash: F831CD32A08B8686DB909F2AE4447AD77A4FB84F88F548136DB4D83B54DF3DD816C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF1505F0 Relevance: 3.1, APIs: 2, Instructions: 57COMMON

Download Yara Rule

APIs

SetScrollInfo.USER32 ref: 00007FF6DF15062A
SetScrollInfo.USER32 ref: 00007FF6DF150663

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: InfoScroll
String ID:
API String ID: 629608716-0
Opcode ID: 22aed04f698c170091ae2b7bbd316069a5e0a8aeb1de172d72eaf5722b5b2dcc
Instruction ID: 73d5def1b22d5519003ff4c66e566215a4e074ded548eef26c4a40cc3706cb97
Opcode Fuzzy Hash: 22aed04f698c170091ae2b7bbd316069a5e0a8aeb1de172d72eaf5722b5b2dcc
Instruction Fuzzy Hash: 89118E31B0824346EA14AA977C5047F97A96FE9FC8E5C4036EE0D8778ADF3CD9628244

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF150810 Relevance: 3.1, APIs: 2, Instructions: 56COMMON

Download Yara Rule

APIs

CallWindowProcW.USER32 ref: 00007FF6DF150862

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: CallProcWindow
String ID:
API String ID: 2714655100-0
Opcode ID: 637a054879568d5482c39557d17fc2b84a4de57f5403aafd6be30525ccbeb62b
Instruction ID: da631863b31b7bf5d92fdb896c4626cc7d3f272be8ecca544bdb843df78e83ad
Opcode Fuzzy Hash: 637a054879568d5482c39557d17fc2b84a4de57f5403aafd6be30525ccbeb62b
Instruction Fuzzy Hash: 3921F132A08B8285DA609B52F8447AEF3A8FB84BC4F584136EADD47B59DF7CD5508B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF1485F0 Relevance: 3.1, APIs: 2, Instructions: 52COMMON

Download Yara Rule

APIs

CallNextHookEx.USER32 ref: 00007FF6DF148647
GetClassNameW.USER32 ref: 00007FF6DF148672

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: CallClassHookNameNext
String ID:
API String ID: 1946907262-0
Opcode ID: 19a7bcbf32f3ab48f4a00d0c8c100eaac20f416218698f0092dd43c781e7ff15
Instruction ID: e22eff8c1c977a103f5ac35d190b06c120df58b3ac95127be172fb816d609cd3
Opcode Fuzzy Hash: 19a7bcbf32f3ab48f4a00d0c8c100eaac20f416218698f0092dd43c781e7ff15
Instruction Fuzzy Hash: CD11D032A0868685EB609B11EC043BD6368EB88BD8F448033DE4D83B86DF3CE169C701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF14CB50 Relevance: 3.1, APIs: 2, Instructions: 51COMMON

Download Yara Rule

APIs

CallWindowProcW.USER32 ref: 00007FF6DF14CB74
CallWindowProcW.USER32 ref: 00007FF6DF14CBB1

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: CallProcWindow
String ID:
API String ID: 2714655100-0
Opcode ID: 6142c5f68b1c074cbf5c553d8605ffadc76a61065e6fbe0ae0ea747b3a5457e3
Instruction ID: 5f6373c9ed798c89cb2684ba9e275af16ab5e9708260b35d02257c8da808c741
Opcode Fuzzy Hash: 6142c5f68b1c074cbf5c553d8605ffadc76a61065e6fbe0ae0ea747b3a5457e3
Instruction Fuzzy Hash: DD117336F04A5582DA608B0AC895A6C67A8FBA9BCCF544432DE4DC3B60DF3AD566C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF14DC50 Relevance: 3.0, APIs: 2, Instructions: 47COMMON

Download Yara Rule

APIs

EnumWindows.USER32 ref: 00007FF6DF14DC7F
IsWindow.USER32 ref: 00007FF6DF14DCB3

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: EnumWindowWindows
String ID:
API String ID: 4176303037-0
Opcode ID: cca07aee08799e99033250a4a3f947e5a76c2bb2ddc57404416087e7ce48270c
Instruction ID: a6635091a112b4d2ad8e1c62f8f8c015e65f0ca3baf9d9ed7c8542154a0892f7
Opcode Fuzzy Hash: cca07aee08799e99033250a4a3f947e5a76c2bb2ddc57404416087e7ce48270c
Instruction Fuzzy Hash: C4112132708A8691EE10DF55E8442AEF764FBC8B98F484036EA8D87B54DF7CD456C780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF135294 Relevance: 3.0, APIs: 2, Instructions: 42COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32(?,?,00000001,00007FF6DF131623), ref: 00007FF6DF1352A8
FreeEnvironmentStringsW.KERNEL32(?,?,00000001,00007FF6DF131623), ref: 00007FF6DF1352FF

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: EnvironmentStrings$Free
String ID:
API String ID: 3328510275-0
Opcode ID: 5c3bafec2fd327903289f800cd7433b594a51048b01bf84cf77acfa9e362bb64
Instruction ID: 0d60e8670644a9c0d89bb99971b7d83ec542c63a77c6f789e645f4a4ad6289a1
Opcode Fuzzy Hash: 5c3bafec2fd327903289f800cd7433b594a51048b01bf84cf77acfa9e362bb64
Instruction Fuzzy Hash: 2C012122F0978285EE606F52AD4507EA3E8EB54FC0F484436DA5E97755DF2CE5A18340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF108F58 Relevance: 3.0, APIs: 2, Instructions: 40COMMON

Download Yara Rule

APIs

DefWindowProcW.USER32 ref: 00007FF6DF108FAF
CallWindowProcW.USER32 ref: 00007FF6DF108FC6

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: ProcWindow$Call
String ID:
API String ID: 2316559721-0
Opcode ID: a203781ef06d7d0d316a9fcc4eb96e62fe30b67c45f68e7f1a90995be2830e23
Instruction ID: eea976488aac140255ab62b5e9dab543e4eb8cdba185cdb3b34bf4cab4f1be5e
Opcode Fuzzy Hash: a203781ef06d7d0d316a9fcc4eb96e62fe30b67c45f68e7f1a90995be2830e23
Instruction Fuzzy Hash: 38015A36718B85C1EA088B57E85016CB768FB94FD4F288436EF4D43B64CF38D9618380

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF10DF90 Relevance: 3.0, APIs: 2, Instructions: 32threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF6DF10DFCB
SetWindowsHookExW.USER32 ref: 00007FF6DF10DFE2

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: CurrentHookThreadWindows
String ID:
API String ID: 1904029216-0
Opcode ID: 6777077d2a10759b6c22de4bc2fda53a129d284ea33613d042ed89d38e16516f
Instruction ID: 91f72e699af25ce3e4bc2be5e1b24419eee9eac5363092fb01429c4c5bb09e12
Opcode Fuzzy Hash: 6777077d2a10759b6c22de4bc2fda53a129d284ea33613d042ed89d38e16516f
Instruction Fuzzy Hash: C301D632A08A0791EB185B61EC4037C73ACDF58B94F105037D51C82651EF7CE8B5C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF1106F4 Relevance: 3.0, APIs: 2, Instructions: 31COMMON

Download Yara Rule

APIs

IsWindow.USER32 ref: 00007FF6DF110713
SetWindowTextW.USER32 ref: 00007FF6DF11073E

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Window$Text
String ID:
API String ID: 848690642-0
Opcode ID: 98977b6103712a47a2e0cc8d7f4f595c76be1d1485d2a9a940b07f8e8a9c64e2
Instruction ID: c0328dcb17b28f27739d3cc9cee72e24d87480924d7b25e7e5c239cf866c969e
Opcode Fuzzy Hash: 98977b6103712a47a2e0cc8d7f4f595c76be1d1485d2a9a940b07f8e8a9c64e2
Instruction Fuzzy Hash: 5DF0C275F08A4781EB449B22D9843BD7368FF69FC4F184032CE5DC6A54DF2CD8A48601

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF151B30 Relevance: 3.0, APIs: 2, Instructions: 30COMMON

Download Yara Rule

APIs

CallWindowProcW.USER32(?,?,?,?,?,00007FF6DF14C943), ref: 00007FF6DF151B75
CallWindowProcW.USER32 ref: 00007FF6DF151B83

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: CallProcWindow
String ID:
API String ID: 2714655100-0
Opcode ID: 447bf7047ead732e568a881174507d5d6dfd12bf6d71302635a62756b6697114
Instruction ID: 6fc2e44a06c85eaa76cbcdcc648f331d8ba9b98290fc0bd6bd03fee63cd7ea1e
Opcode Fuzzy Hash: 447bf7047ead732e568a881174507d5d6dfd12bf6d71302635a62756b6697114
Instruction Fuzzy Hash: F6F01D36618B95D6DA109B42B80002EA778FB89BD0F584536EF8C47B59CF3CD5618B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF148980 Relevance: 3.0, APIs: 2, Instructions: 25threadCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF6DF14898A
SetWindowsHookExW.USER32 ref: 00007FF6DF1489CB

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: CurrentHookThreadWindows
String ID:
API String ID: 1904029216-0
Opcode ID: a5cf32bb6eadfdb7076eac614a99d00cc311073f7879348ca49174f9fe47cb44
Instruction ID: d63c155a0be4f3d27daeb418dba184916770880227f88a27a3e6e543881d7627
Opcode Fuzzy Hash: a5cf32bb6eadfdb7076eac614a99d00cc311073f7879348ca49174f9fe47cb44
Instruction Fuzzy Hash: 21F0B432A08A4791EB549B54FC9177C63A8EF98758F449433CA1DC3651EF3CD4A9C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF125928 Relevance: 3.0, APIs: 2, Instructions: 24COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00007FF6DF125894: GetSystemMetrics.USER32 ref: 00007FF6DF1258A6
Part of subcall function 00007FF6DF125894: GetSystemMetrics.USER32 ref: 00007FF6DF1258B4
Part of subcall function 00007FF6DF125894: GetSystemMetrics.USER32 ref: 00007FF6DF1258C2
Part of subcall function 00007FF6DF125894: GetSystemMetrics.USER32 ref: 00007FF6DF1258D5
Part of subcall function 00007FF6DF125894: GetDC.USER32 ref: 00007FF6DF1258E5
Part of subcall function 00007FF6DF125894: GetDeviceCaps.GDI32 ref: 00007FF6DF1258F6
Part of subcall function 00007FF6DF125894: GetDeviceCaps.GDI32 ref: 00007FF6DF125907

Part of subcall function 00007FF6DF125820: GetSysColor.USER32 ref: 00007FF6DF12582E
Part of subcall function 00007FF6DF125820: GetSysColor.USER32 ref: 00007FF6DF12583C
Part of subcall function 00007FF6DF125820: GetSysColor.USER32 ref: 00007FF6DF12584A
Part of subcall function 00007FF6DF125820: GetSysColor.USER32 ref: 00007FF6DF125858
Part of subcall function 00007FF6DF125820: GetSysColor.USER32 ref: 00007FF6DF125866
Part of subcall function 00007FF6DF125820: GetSysColorBrush.USER32 ref: 00007FF6DF125874
Part of subcall function 00007FF6DF125820: GetSysColorBrush.USER32 ref: 00007FF6DF125883

LoadCursorW.USER32 ref: 00007FF6DF12594A
LoadCursorW.USER32 ref: 00007FF6DF12595B

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Color$MetricsSystem$BrushCapsCursorDeviceLoad
String ID:
API String ID: 3232524254-0
Opcode ID: 6f8e22b9b4d865a0eaad2ee6eed5c72806c3c760399339b40656e43742118b3c
Instruction ID: 9da3294f472c653a25f691efc647e6ce8590a381940b509a77fc15a35ea8223b
Opcode Fuzzy Hash: 6f8e22b9b4d865a0eaad2ee6eed5c72806c3c760399339b40656e43742118b3c
Instruction Fuzzy Hash: 2FF030B2E14B0587E718AF76E44A33D23E5FB09B49F100139CA4D8A389DF7ED4A58380

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF164BB0 Relevance: 3.0, APIs: 2, Instructions: 19COMMON

Download Yara Rule

APIs

DefWindowProcW.USER32 ref: 00007FF6DF164BCC
InvalidateRect.USER32 ref: 00007FF6DF164BDE

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: InvalidateProcRectWindow
String ID:
API String ID: 3438401492-0
Opcode ID: bf275db6ef1c9104c82276dd4459fb1c4b1d45a866cee52721fffdf118a7eaf9
Instruction ID: eaa902c380e3a811f8c4aeef7667f18fa53eecea12f4f6ad47e207a6128011dd
Opcode Fuzzy Hash: bf275db6ef1c9104c82276dd4459fb1c4b1d45a866cee52721fffdf118a7eaf9
Instruction Fuzzy Hash: 69E08621B14A8082DB148B9BF84446D6364FBCDFC4F549031DF1D87714DE39D4A14600

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF1359E4 Relevance: 3.0, APIs: 2, Instructions: 18memoryCOMMON

Download Yara Rule

APIs

HeapCreate.KERNEL32(?,?,?,?,00007FF6DF1315AA), ref: 00007FF6DF1359F6
HeapSetInformation.KERNEL32 ref: 00007FF6DF135A20

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Heap$CreateInformation
String ID:
API String ID: 1774340351-0
Opcode ID: 64b7d6f7e980f2d4cdcb03ec3ac0fb808092f5e168e2298a5549063e5612b07e
Instruction ID: ed7c62b461d5057aa792b0995a76fe470632a05a90a7e1b878d8fe693447856e
Opcode Fuzzy Hash: 64b7d6f7e980f2d4cdcb03ec3ac0fb808092f5e168e2298a5549063e5612b07e
Instruction Fuzzy Hash: 96E04F75A2679182EB889B21AC4576D63A8FF88740F80903AE94E82794DF3CD1958B00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF115E30 Relevance: 3.0, APIs: 2, Instructions: 17threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF6DF115E49
SetWindowsHookExW.USER32 ref: 00007FF6DF115E5F

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: CurrentHookThreadWindows
String ID:
API String ID: 1904029216-0
Opcode ID: 359b92405a6caa4061837e4a3ab384e5b7131f7f9b31a5e48c2d062b80b669c6
Instruction ID: 3374534731caa73da8c882573881414efafefab8b39e10f5c43627ef74e11ddc
Opcode Fuzzy Hash: 359b92405a6caa4061837e4a3ab384e5b7131f7f9b31a5e48c2d062b80b669c6
Instruction Fuzzy Hash: B0E046B0E0865781FB2027B46C4566C27999F2A730F841232E92D867D1DF2CA0E98310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF1788F0 Relevance: 2.6, APIs: 2, Instructions: 74COMMON

Download Yara Rule

APIs

free.LIBCMT ref: 00007FF6DF178960

Part of subcall function 00007FF6DF131D18: RtlRestoreThreadPreferredUILanguages.NTDLL(?,?,00000000,00007FF6DF1357EC,?,?,00000018,00007FF6DF133831,?,?,?,?,00007FF6DF131C1A,?,?,00000018), ref: 00007FF6DF131D2E
Part of subcall function 00007FF6DF131D18: _errno.LIBCMT ref: 00007FF6DF131D38
Part of subcall function 00007FF6DF131D18: GetLastError.KERNEL32(?,?,00000000,00007FF6DF1357EC,?,?,00000018,00007FF6DF133831,?,?,?,?,00007FF6DF131C1A,?,?,00000018), ref: 00007FF6DF131D40

free.LIBCMT ref: 00007FF6DF1789AF

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: free$ErrorLanguagesLastPreferredRestoreThread_errno
String ID:
API String ID: 3144437221-0
Opcode ID: 88df3173620586656299a103df5e4c2717825ad92c2653bc19b0c2b25f8a3387
Instruction ID: d1be2cb09a3146ca422ed0723ff907e655b7d5084a459d3f3933089c4857d2f1
Opcode Fuzzy Hash: 88df3173620586656299a103df5e4c2717825ad92c2653bc19b0c2b25f8a3387
Instruction Fuzzy Hash: C6218072E0968186EA51DB29A4002AEA7D4FB81B95F644036EF8C97B59EF3CD456CF00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF1390F8 Relevance: 2.5, APIs: 2, Instructions: 30sleepCOMMONLIBRARYCODE

Download Yara Rule

APIs

malloc.LIBCMT ref: 00007FF6DF139117

Part of subcall function 00007FF6DF131B7C: _FF_MSGBANNER.LIBCMT ref: 00007FF6DF131BAC
Part of subcall function 00007FF6DF131B7C: RtlAllocateHeap.NTDLL(?,?,00000018,00007FF6DF10630C), ref: 00007FF6DF131BD1
Part of subcall function 00007FF6DF131B7C: _errno.LIBCMT ref: 00007FF6DF131BF5
Part of subcall function 00007FF6DF131B7C: _errno.LIBCMT ref: 00007FF6DF131C00

Sleep.KERNEL32(?,?,00000000,00007FF6DF13B9E5,?,?,00000000,00007FF6DF13BA8F,?,?,00000000,00007FF6DF135721,?,?,00000000,00007FF6DF1357D8), ref: 00007FF6DF13912E

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: _errno$AllocateHeapSleepmalloc
String ID:
API String ID: 4275769124-0
Opcode ID: 8bc2b147094bfe52bf52f5648df6b56982f41e17b54edbacdf1cebedceff450f
Instruction ID: a6f320ccbb7ad9f646b11ca736e62179d9efa30d599ea9f82193bee9b6535b87
Opcode Fuzzy Hash: 8bc2b147094bfe52bf52f5648df6b56982f41e17b54edbacdf1cebedceff450f
Instruction Fuzzy Hash: 4FF09C32A087C596EA549F16AC4007D73B5EBC8B90F544136EE6D53795DF3CE8A18B00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF15A840 Relevance: 2.0, APIs: 1, Instructions: 470COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Rect$CopyInflate
String ID:
API String ID: 3568727236-0
Opcode ID: 651a317b7c622e8bf0179019f79c201e132294c8d5b836afb897d515662d4fa2
Instruction ID: db33f4f0a6098a84e47c96189bd100e3920a6a02537eacb09f948de116bf51e7
Opcode Fuzzy Hash: 651a317b7c622e8bf0179019f79c201e132294c8d5b836afb897d515662d4fa2
Instruction Fuzzy Hash: 0C227D726086C18AD7649F29E84076EB7A4F7C8B94F144236EB8987B98DF7CD454CF40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF160870 Relevance: 1.7, APIs: 1, Instructions: 156COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNEL32 ref: 00007FF6DF16090C

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 9500b70f2aec2a77cd204ea3060cd8d4970b890d291eb9cc60da358d29f94635
Instruction ID: 0b006c6ab8215cc91cab03a44932f270a0655e742c725f4813b778630fe11370
Opcode Fuzzy Hash: 9500b70f2aec2a77cd204ea3060cd8d4970b890d291eb9cc60da358d29f94635
Instruction Fuzzy Hash: 9E51A372B06A4682EA109F6AC85023D6355EF85BE0F088236DA6D837D5DF6CD865C780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF15EFE0 Relevance: 1.6, APIs: 1, Instructions: 138windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6DF15E400: IntersectRect.USER32 ref: 00007FF6DF15E479
Part of subcall function 00007FF6DF15E400: EqualRect.USER32 ref: 00007FF6DF15E48B

CreateCompatibleBitmap.GDI32 ref: 00007FF6DF15F11A

Part of subcall function 00007FF6DF12BD28: SetBkColor.GDI32 ref: 00007FF6DF12BD60
Part of subcall function 00007FF6DF12BD28: ExtTextOutW.GDI32 ref: 00007FF6DF12BD8B

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Rect$BitmapColorCompatibleCreateEqualIntersectText
String ID:
API String ID: 744708650-0
Opcode ID: 7870847fef10d1165758a4cac068852cb70be16dd7e51f62c968b9485175cf08
Instruction ID: 7b1d1024f273f28c614fc9aab6da2d5eeb23ef0d63d53199efaf72bc9b5da4f8
Opcode Fuzzy Hash: 7870847fef10d1165758a4cac068852cb70be16dd7e51f62c968b9485175cf08
Instruction Fuzzy Hash: 95518E326186C18AD720DF15E8447AEB7A8FB84794F144136EA9D87B99DF3CE854CF40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF14D690 Relevance: 1.6, APIs: 1, Instructions: 127COMMON

Download Yara Rule

APIs

CallWindowProcW.USER32 ref: 00007FF6DF14D72C

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: CallProcWindow
String ID:
API String ID: 2714655100-0
Opcode ID: 443fea1dd655b14d978ea0ed2a89989f3a485ad3bf04e546765fd3e4557b70a7
Instruction ID: 2ee82aea2d5ff67942f39d5c813a433590d9c778286169a8752aa789860bfcec
Opcode Fuzzy Hash: 443fea1dd655b14d978ea0ed2a89989f3a485ad3bf04e546765fd3e4557b70a7
Instruction Fuzzy Hash: A4512936608B8585DB60CF16E8407AE73A9F789F88F144136DE8D87B58DF38D0A5C701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF14F4D0 Relevance: 1.6, APIs: 1, Instructions: 125COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32 ref: 00007FF6DF14F5AE

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: CurrentProcess
String ID:
API String ID: 2050909247-0
Opcode ID: b871319baa1059a133dda015d2cc0a84c29baf8a0e149102c9b868eaa4a06396
Instruction ID: beb7e2feaf139b8bfd8491e7b0167887cc01d51fc00a9c5303d23e431e4f17f2
Opcode Fuzzy Hash: b871319baa1059a133dda015d2cc0a84c29baf8a0e149102c9b868eaa4a06396
Instruction Fuzzy Hash: 0B41E632B1868245EA559F12EC405AE6398FFC8BD8F484132FE2D87795DF3CE8628700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF14F560 Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32 ref: 00007FF6DF14F5AE

Part of subcall function 00007FF6DF14EAE0: ImageDirectoryEntryToData.IMAGEHLP(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF6DF14F630), ref: 00007FF6DF14EB4A

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: CurrentDataDirectoryEntryImageProcess
String ID:
API String ID: 762017423-0
Opcode ID: f7d2e7e7078cedb876beb5898ee5da568ffa08c94198d7ed53175d7ba82b8e0d
Instruction ID: 389519ce24ccf727e2df63c951a669fcd2b766bb94cc9d389b67d2712ebd4e76
Opcode Fuzzy Hash: f7d2e7e7078cedb876beb5898ee5da568ffa08c94198d7ed53175d7ba82b8e0d
Instruction Fuzzy Hash: 5921963271968255E511AB12AC404AE6399BFC8BD4F584232FE6E877A5DF3CD9628300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF16C7A0 Relevance: 1.6, APIs: 1, Instructions: 77COMMON

Download Yara Rule

APIs

IsWindow.USER32 ref: 00007FF6DF16C7D0

Part of subcall function 00007FF6DF1062E0: malloc.LIBCMT ref: 00007FF6DF106307

Part of subcall function 00007FF6DF11927C: GetDC.USER32 ref: 00007FF6DF1192BB

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Windowmalloc
String ID:
API String ID: 3771800196-0
Opcode ID: 0b2c0467d5925b09244211d8612d05cff0b38b83484156f9248a52823b7a9000
Instruction ID: db95f66b50b34909336a3256e06205c3d1d82d6e044da8e5c9a994ad2d472de4
Opcode Fuzzy Hash: 0b2c0467d5925b09244211d8612d05cff0b38b83484156f9248a52823b7a9000
Instruction Fuzzy Hash: 3D31A431B09B8281EE60AB16D8443BE6358EF85BD1F144137EA5E877D5DF2CD865C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF111D28 Relevance: 1.6, APIs: 1, Instructions: 74COMMON

Download Yara Rule

APIs

FindResourceW.KERNEL32(?,?,?,00007FF6DF111529), ref: 00007FF6DF111D7A

Part of subcall function 00007FF6DF1015B0: LoadResource.KERNEL32 ref: 00007FF6DF1015C8

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Resource$FindLoad
String ID:
API String ID: 2619053042-0
Opcode ID: aea370b9cc2da897e8831de5be6f84c1e5444351d670673491dbc750d830c325
Instruction ID: ef97117619582e38751f92e6169ba05d041e99e376938bd84240aa805050cda0
Opcode Fuzzy Hash: aea370b9cc2da897e8831de5be6f84c1e5444351d670673491dbc750d830c325
Instruction Fuzzy Hash: 9A214531A0825255EA689B52C8440BDB3ADBF98B80F580433EA4DE3B95CF3CF871C741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF114AEC Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

GetParent.USER32 ref: 00007FF6DF114B44

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Parent
String ID:
API String ID: 975332729-0
Opcode ID: e346ab1d6c35335b60d42211d9c367faa2d587745e4b4b76426836140eea55be
Instruction ID: 5130e5890477cb19443875e4a1795b2c6b7c93fd7909aeb7682ed43ca65c36de
Opcode Fuzzy Hash: e346ab1d6c35335b60d42211d9c367faa2d587745e4b4b76426836140eea55be
Instruction Fuzzy Hash: 08214D36B08B5281EA648B16A84062D77E8FBA9F90F480436DF4DC3799DF3CE5608744

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF16BE60 Relevance: 1.6, APIs: 1, Instructions: 58windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32 ref: 00007FF6DF16BEBD

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 5cd80a4810b0d1b0b50843ecc9841cf87ee282c261994246545af1bd9d8b9bed
Instruction ID: 9752c943ca62abc394010624a14ae34bfc8d06b956f579f8a31c0b3876cf4dbd
Opcode Fuzzy Hash: 5cd80a4810b0d1b0b50843ecc9841cf87ee282c261994246545af1bd9d8b9bed
Instruction Fuzzy Hash: D4110A32E0868581E764CB67A98066D6368FB84BD4F084032FF0D87B55CF2DD8A18740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF150B00 Relevance: 1.6, APIs: 1, Instructions: 56COMMON

Download Yara Rule

APIs

DefWindowProcW.USER32 ref: 00007FF6DF150B45

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: ProcWindow
String ID:
API String ID: 181713994-0
Opcode ID: 5a2ff1db2f64e52f530a4f4fe15248fa51bcd553f1a520071f4daabc1587aac9
Instruction ID: a6989749b9774298a6c8d05395f42280362f615b9aa50faeb8b0eece49009738
Opcode Fuzzy Hash: 5a2ff1db2f64e52f530a4f4fe15248fa51bcd553f1a520071f4daabc1587aac9
Instruction Fuzzy Hash: C4211A36A08B8582E6608B55F4803AEA7A4F788BC4F544126EBCD53B59DF7CC0958B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF15E340 Relevance: 1.6, APIs: 1, Instructions: 55COMMON

Download Yara Rule

APIs

DeleteObject.GDI32 ref: 00007FF6DF15E3B4

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: DeleteObject
String ID:
API String ID: 1531683806-0
Opcode ID: 238951122653add203a7ea8423bd2a186d8e5851caaecd888bcf440c51fd7199
Instruction ID: 72db1274ea7c3e8e95c7734233d40469c8ca1bbe758bfa958470ae3339c33569
Opcode Fuzzy Hash: 238951122653add203a7ea8423bd2a186d8e5851caaecd888bcf440c51fd7199
Instruction Fuzzy Hash: 75114A72A08B4582DB24CF55E84017DB3B9FB94BC4B68053AEA8D87B59DF38D5B0C780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF114CD0 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

GetNextDlgTabItem.USER32 ref: 00007FF6DF114D63

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: ItemNext
String ID:
API String ID: 4145397660-0
Opcode ID: b43d664db3cc94bfdac303935c648d9bab9115b5fe7ebbc431ff33d0acc6c5c4
Instruction ID: 15d02e8a2f53a97b4ccecba5449a799147196169ebe02946c4046b3c0dd07cd0
Opcode Fuzzy Hash: b43d664db3cc94bfdac303935c648d9bab9115b5fe7ebbc431ff33d0acc6c5c4
Instruction Fuzzy Hash: A9117F72A0969A80EE549F669C547BD33A8EFA6F94F084032DE0D8B399DF2CD5608350

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF11B554 Relevance: 1.6, APIs: 1, Instructions: 53COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32 ref: 00007FF6DF11B58D

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: LongWindow
String ID:
API String ID: 1378638983-0
Opcode ID: 8d98a495d3151304600fc00309b5e21fed25ad8b65ec0ced9c63234ed4fc8e10
Instruction ID: c11824e665722fb704e34f13528005e44151cff449eebb65d5906d4528ba67b7
Opcode Fuzzy Hash: 8d98a495d3151304600fc00309b5e21fed25ad8b65ec0ced9c63234ed4fc8e10
Instruction Fuzzy Hash: 48112E3260879187E710CF69E48466EB7A1F784794F64823AEB9947BA4CF38D456CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF107108 Relevance: 1.6, APIs: 1, Instructions: 51COMMON

Download Yara Rule

APIs

CopyRect.USER32 ref: 00007FF6DF107137

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: CopyRect
String ID:
API String ID: 1989077687-0
Opcode ID: 04b4df9c811772f3e582a1be72513d7316e059bda7de3b23d9b3d7d6add46230
Instruction ID: f84d0ea6cba10ebe66e657ec8f3c8a6b3ec826d032474a519c43188186fc7dff
Opcode Fuzzy Hash: 04b4df9c811772f3e582a1be72513d7316e059bda7de3b23d9b3d7d6add46230
Instruction Fuzzy Hash: F5217576609B848AD760CF16F48464AB7A4F788B90F544226EFDC93B28DB38D555CF40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF16BF20 Relevance: 1.5, APIs: 1, Instructions: 49windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32 ref: 00007FF6DF16BF61

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 1f6918e99a74135104552278cea1c93887ab5e7ff7310aa3d18097e32bf523e5
Instruction ID: 8e3347f7121a46b78fe6cb6dde3df72d48e8f0e1b0ef6c0d2c68e0128a95740a
Opcode Fuzzy Hash: 1f6918e99a74135104552278cea1c93887ab5e7ff7310aa3d18097e32bf523e5
Instruction Fuzzy Hash: 3011C632E245D182EB68CB57E94456D6369EB84BD4F045032EF0D47F65CF3DD8A28B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF12CC84 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON

Download Yara Rule

APIs

OleInitializeWOW.OLE32 ref: 00007FF6DF12CCBA

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 54fa895a7709e88924b36b3580f23037fe9e0fa884bf8e0432d7a7929963195c
Instruction ID: 220d4fa69af59bf400a94b07ab31bf6debae97c89c883440a08ad735ae195e87
Opcode Fuzzy Hash: 54fa895a7709e88924b36b3580f23037fe9e0fa884bf8e0432d7a7929963195c
Instruction Fuzzy Hash: 1B116032A0868646E764AB64EC422AC77A8AB427A0F540636D76DC73D6DF3AE0708740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF11DDE8 Relevance: 1.5, APIs: 1, Instructions: 37COMMON

Download Yara Rule

APIs

VariantClear.OLEAUT32 ref: 00007FF6DF11DE62

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: ClearVariant
String ID:
API String ID: 1473721057-0
Opcode ID: 253ff43eb4676277f1ee4ad9465af729705cd25471d5126ad1117e5e05c9545e
Instruction ID: a2094186acadd7cd25de1e256921d3a2ecde7823854e8245af429fc26ac46ada
Opcode Fuzzy Hash: 253ff43eb4676277f1ee4ad9465af729705cd25471d5126ad1117e5e05c9545e
Instruction Fuzzy Hash: E4111873619B848ADB608B15E48436EB3A4FB98795F505026E7CD46A59CF7CD458CF00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF10C460 Relevance: 1.5, APIs: 1, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea37fef1933a1ab2b507bb381cf72b0e0be3d1ab79fac069dd55c1235e623710
Instruction ID: 1ae26e43425bb74a9ad62971bff628a78cf0fb2da7ce7c68a69246cb81b0dcfa
Opcode Fuzzy Hash: ea37fef1933a1ab2b507bb381cf72b0e0be3d1ab79fac069dd55c1235e623710
Instruction Fuzzy Hash: F7F0A431A0C75582EA109B03A84027DA798FBA4FC4F584436EE4CC7795CFBCD5714B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF10BE1C Relevance: 1.5, APIs: 1, Instructions: 34COMMON

Download Yara Rule

APIs

GetParent.USER32 ref: 00007FF6DF10BE62

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Parent
String ID:
API String ID: 975332729-0
Opcode ID: dd807cb767dff46d0b1cabf69aa6fbbac62dc68b828f12ed19d6e981bdbb2ace
Instruction ID: 1d366ff68eaf5898cd064ed562079e08ae37889486eef653c55d346a88152646
Opcode Fuzzy Hash: dd807cb767dff46d0b1cabf69aa6fbbac62dc68b828f12ed19d6e981bdbb2ace
Instruction Fuzzy Hash: C3F04931B0AA8281EE54CA13A8041BD6398AF48FC0F0C8536DF1EC7B55EFACD8B19300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF16DC30 Relevance: 1.5, APIs: 1, Instructions: 28COMMON

Download Yara Rule

APIs

InvalidateRect.USER32 ref: 00007FF6DF16DC54

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: InvalidateRect
String ID:
API String ID: 634782764-0
Opcode ID: 3aefebd851f2ebc9c2a7f4192a7be0937c69fc08d7a05cd0e0ecec86f3d0f6ff
Instruction ID: f41bce0bb69268c42bd5ad81aaad402051e31a2110d1c12e2dca8492e6a680db
Opcode Fuzzy Hash: 3aefebd851f2ebc9c2a7f4192a7be0937c69fc08d7a05cd0e0ecec86f3d0f6ff
Instruction Fuzzy Hash: 04E06521F2011242FB7492B22C52F7E12458FE5760E582132DD19C6AC1DE6DD4E24A00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF151930 Relevance: 1.5, APIs: 1, Instructions: 22libraryCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32 ref: 00007FF6DF151957

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 58d255f6364bcee0aec282b138dd581893cd360b3e8b7b50338866d357837ea3
Instruction ID: 4b1bdce30043355b6d70a5215f28e667624992b96ac7b68b1fb857b7605a0d66
Opcode Fuzzy Hash: 58d255f6364bcee0aec282b138dd581893cd360b3e8b7b50338866d357837ea3
Instruction Fuzzy Hash: 5EE0EC61F1A1474BFE9967A22C622BD02588F5DB84E0C1075ED1D8A392EE1CA9E14650

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF117C08 Relevance: 1.5, APIs: 1, Instructions: 21windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32 ref: 00007FF6DF117C60

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 352e05066cd42166bbbe94c964941d19346565a3fb2156781a833d42ff52a9d2
Instruction ID: 612fd00494ae06764651e971555831bb4f9b4927f40dfead906851289e5af54d
Opcode Fuzzy Hash: 352e05066cd42166bbbe94c964941d19346565a3fb2156781a833d42ff52a9d2
Instruction Fuzzy Hash: EAF0AF7AA19784CBE7A0CF18E448B5EB7B4F399B44F504125E78883B18DB39C459CF40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF10225C Relevance: 1.5, APIs: 1, Instructions: 21windowCOMMON

Download Yara Rule

APIs

LoadIconW.USER32 ref: 00007FF6DF10226F

Part of subcall function 00007FF6DF11524C: FindResourceW.KERNEL32 ref: 00007FF6DF1152B5
Part of subcall function 00007FF6DF11524C: LoadResource.KERNEL32 ref: 00007FF6DF1152C1
Part of subcall function 00007FF6DF11524C: LockResource.KERNEL32 ref: 00007FF6DF1152D7

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Resource$Load$FindIconLock
String ID:
API String ID: 3986521795-0
Opcode ID: b82824f75ee526cc7879e94ed842cd6de6b0ba96d617103049f98ea8ab822177
Instruction ID: 406d834d3b79b0c0ce155090c239c1ebf502cca73b6908729730e4d11c84a9d3
Opcode Fuzzy Hash: b82824f75ee526cc7879e94ed842cd6de6b0ba96d617103049f98ea8ab822177
Instruction Fuzzy Hash: 06F0AC32A2998192D650A710F8913EE7368FFE5700F411232E68DC27AADF28D564C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF1105E8 Relevance: 1.5, APIs: 1, Instructions: 20windowCOMMON

Download Yara Rule

APIs

IsDialogMessageW.USER32 ref: 00007FF6DF11061A

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: DialogMessage
String ID:
API String ID: 547518314-0
Opcode ID: fd6207df5692a8a5e8e0789853c90e41a3b5423c21af2887b2ed08784d48ecf4
Instruction ID: b8989909a60e05dce9d70c91c13b10f843151dc06492930b141e88469a213f10
Opcode Fuzzy Hash: fd6207df5692a8a5e8e0789853c90e41a3b5423c21af2887b2ed08784d48ecf4
Instruction Fuzzy Hash: 5DE01272A18A4581DA009B56E84803DB724FB99FD4F144032EA0D87766CF28D8A5C704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF16CD80 Relevance: 1.5, APIs: 1, Instructions: 18COMMON

Download Yara Rule

APIs

InvalidateRect.USER32 ref: 00007FF6DF16CDA4

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: InvalidateRect
String ID:
API String ID: 634782764-0
Opcode ID: 63a1af84b5f4b08ffb83d5be067448fa2310837e9429edd57db0321fa9cb8495
Instruction ID: c4cd82acbd1443c5470720ef73890487a8f716242f4477f91f01b96c07ddf78e
Opcode Fuzzy Hash: 63a1af84b5f4b08ffb83d5be067448fa2310837e9429edd57db0321fa9cb8495
Instruction Fuzzy Hash: 47D05E61F2000282FB3463B26C810BD12C58F8C731F581631EA28C82C0DF2DD4E26640

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF110794 Relevance: 1.5, APIs: 1, Instructions: 17COMMON

Download Yara Rule

APIs

MoveWindow.USER32 ref: 00007FF6DF1107B6

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: MoveWindow
String ID:
API String ID: 2234453006-0
Opcode ID: 913c1ba0bb760ccdb26ecee14180eeb17bacc0cc1ad62bc9e0ea29b72c47932f
Instruction ID: 38a6d5e6e1d21e1ff6fb59ef1a4a28a2ca1c5058f7e77ae83791bffedd50dc5c
Opcode Fuzzy Hash: 913c1ba0bb760ccdb26ecee14180eeb17bacc0cc1ad62bc9e0ea29b72c47932f
Instruction Fuzzy Hash: C5E0A57AA08785CBC720CB19D45471D77A4F789B48F540122EA8987724DF3DE555CF00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF12F908 Relevance: 1.5, APIs: 1, Instructions: 15windowCOMMON

Download Yara Rule

APIs

CoRegisterMessageFilter.OLE32 ref: 00007FF6DF12F917

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: FilterMessageRegister
String ID:
API String ID: 523350258-0
Opcode ID: 9fa9d209e3cb8578cb868755363376e0a2ca3c4e129b2a61f442a5e472108ac1
Instruction ID: 7e8cfdff451732f99f374f5bdb130e05db12beecc6bca90b15e7cb9420e5e11a
Opcode Fuzzy Hash: 9fa9d209e3cb8578cb868755363376e0a2ca3c4e129b2a61f442a5e472108ac1
Instruction Fuzzy Hash: B4D0A962F08006D3FB280BF21C8127902899B19700F085032CA16C8248EF1E94E24210

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF11086C Relevance: 1.5, APIs: 1, Instructions: 13windowCOMMON

Download Yara Rule

APIs

SetFocus.USER32 ref: 00007FF6DF11087E

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Focus
String ID:
API String ID: 2734777837-0
Opcode ID: ca906d2053b063b074b29564940c73a899fade6f19bc599a39ad28075772ac63
Instruction ID: 631388d56b498cc1c1a4acdef05ada7db8437d4baf57e618f4021d7764897c30
Opcode Fuzzy Hash: ca906d2053b063b074b29564940c73a899fade6f19bc599a39ad28075772ac63
Instruction Fuzzy Hash: E6E01235E0964681DA14AB1BCC5537C2364FB95F84F540033C50E87360CF3E90A68341

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF11062C Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32 ref: 00007FF6DF110643

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: LongWindow
String ID:
API String ID: 1378638983-0
Opcode ID: 7582f2a552f41795d5f7b71dc776afed2a5986f88cd4230294931e5f4f3ca87e
Instruction ID: 90b6fab873999f0dbf43518be3bbb80b3ced8ff45c81ce033371d252eed08ef2
Opcode Fuzzy Hash: 7582f2a552f41795d5f7b71dc776afed2a5986f88cd4230294931e5f4f3ca87e
Instruction Fuzzy Hash: 70D06726E05A46C5DA149B1AC89437C3364FB95F98F645232CA5E8A3A4CF2A94A7C701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF1195B0 Relevance: 1.5, APIs: 1, Instructions: 10COMMONLIBRARYCODE

Download Yara Rule

APIs

DeleteObject.GDI32 ref: 00007FF6DF1195C7

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: DeleteObject
String ID:
API String ID: 1531683806-0
Opcode ID: 705a855478b3dfffbfb932f29975613bbd47e2e82d261f3e3300abfd6f3c4e45
Instruction ID: d95d98796095f4225317fd54d5de9651865fe43380e6cf32a2dae1086c95f3c2
Opcode Fuzzy Hash: 705a855478b3dfffbfb932f29975613bbd47e2e82d261f3e3300abfd6f3c4e45
Instruction Fuzzy Hash: C8C01220E0A64380EA94BB219C4533C239CAF24B08FE00033C12ED1281DF2DA0B68E04

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF111738 Relevance: 1.3, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

malloc.LIBCMT ref: 00007FF6DF11175D

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: e413c14b6d91bfe5880fd2f0ea7f6521ace7a385b7cd7c0cf075f404a652753e
Instruction ID: 41519ed1e05f6faaf2baf166d2e2bd8904433eae5c9df8eda0a98a56ba392766
Opcode Fuzzy Hash: e413c14b6d91bfe5880fd2f0ea7f6521ace7a385b7cd7c0cf075f404a652753e
Instruction Fuzzy Hash: D4E0E532A1464292EB448B05D58023CF7E8EFA8750F59C435C60883786EF3CE4648B00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF1062E0 Relevance: 1.3, APIs: 1, Instructions: 22COMMONLIBRARYCODE

Download Yara Rule

APIs

malloc.LIBCMT ref: 00007FF6DF106307

Part of subcall function 00007FF6DF131B7C: _FF_MSGBANNER.LIBCMT ref: 00007FF6DF131BAC
Part of subcall function 00007FF6DF131B7C: RtlAllocateHeap.NTDLL(?,?,00000018,00007FF6DF10630C), ref: 00007FF6DF131BD1
Part of subcall function 00007FF6DF131B7C: _errno.LIBCMT ref: 00007FF6DF131BF5
Part of subcall function 00007FF6DF131B7C: _errno.LIBCMT ref: 00007FF6DF131C00

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: _errno$AllocateHeapmalloc
String ID:
API String ID: 3105967009-0
Opcode ID: 5762423495351338c935a0281ecee357bb2bf685423aeaeca3b9ccbd122f5cee
Instruction ID: 1b24186784d3c59e553286c403ff62c9ccef3593e6cd88c0a5a957fc56a60e6c
Opcode Fuzzy Hash: 5762423495351338c935a0281ecee357bb2bf685423aeaeca3b9ccbd122f5cee
Instruction Fuzzy Hash: F3E04620B1E68780BE55975BAA9223C53A85F48BC4F0C503ADD0C8F786EF6CE470C310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF181670 Relevance: 1.3, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

free.LIBCMT ref: 00007FF6DF181681

Part of subcall function 00007FF6DF131D18: RtlRestoreThreadPreferredUILanguages.NTDLL(?,?,00000000,00007FF6DF1357EC,?,?,00000018,00007FF6DF133831,?,?,?,?,00007FF6DF131C1A,?,?,00000018), ref: 00007FF6DF131D2E
Part of subcall function 00007FF6DF131D18: _errno.LIBCMT ref: 00007FF6DF131D38
Part of subcall function 00007FF6DF131D18: GetLastError.KERNEL32(?,?,00000000,00007FF6DF1357EC,?,?,00000018,00007FF6DF133831,?,?,?,?,00007FF6DF131C1A,?,?,00000018), ref: 00007FF6DF131D40

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: ErrorLanguagesLastPreferredRestoreThread_errnofree
String ID:
API String ID: 86378118-0
Opcode ID: 48aa7e011882160b1f18e4a974a98c652020fba8093b4a35c61c957ecd2274f3
Instruction ID: 752643925f512363565abe515964c5cbe652757a781870a9c1809069ae5554fc
Opcode Fuzzy Hash: 48aa7e011882160b1f18e4a974a98c652020fba8093b4a35c61c957ecd2274f3
Instruction Fuzzy Hash: 1AB09BE9F0710371FC9D62011F5523802561F653C0C7D4431DC59541459F4C24720540

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00007FF6DF140AC8 Relevance: 44.5, APIs: 10, Strings: 15, Instructions: 714COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6DF1318FC: _getptd.LIBCMT ref: 00007FF6DF131912

_errno.LIBCMT ref: 00007FF6DF140B30

Part of subcall function 00007FF6DF135EA0: DecodePointer.KERNEL32 ref: 00007FF6DF135EC7

_errno.LIBCMT ref: 00007FF6DF140BFC
write_multi_char.LIBCMT ref: 00007FF6DF14121B
write_multi_char.LIBCMT ref: 00007FF6DF14124C
write_multi_char.LIBCMT ref: 00007FF6DF141302
free.LIBCMT ref: 00007FF6DF14131A

Strings

, xrefs: 00007FF6DF1411EF
I, xrefs: 00007FF6DF141399
-, xrefs: 00007FF6DF14151F
*, xrefs: 00007FF6DF141499
+, xrefs: 00007FF6DF141519
g, xrefs: 00007FF6DF1410BA
l, xrefs: 00007FF6DF1413A5
@, xrefs: 00007FF6DF140B75
h, xrefs: 00007FF6DF14139F
g, xrefs: 00007FF6DF141178
*, xrefs: 00007FF6DF1414D2
w, xrefs: 00007FF6DF1413AB
0, xrefs: 00007FF6DF141525
#, xrefs: 00007FF6DF141513
, xrefs: 00007FF6DF14150D

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: write_multi_char$_errno$DecodePointer_getptdfree
String ID: $ $#$*$*$+$-$0$@$I$g$g$h$l$w
API String ID: 2009448492-3234884659
Opcode ID: 9c56be43ee234d4602878c66d7450012a7bf604f6bf25100e724af85b3bb476e
Instruction ID: 8a64c329f805ee3863beba37e0315abfdf7209e8079757806055f97636d561fd
Opcode Fuzzy Hash: 9c56be43ee234d4602878c66d7450012a7bf604f6bf25100e724af85b3bb476e
Instruction Fuzzy Hash: B752E472D0C28395FB758A25D84437E6B99BBC9758F180137DA8ED6AD5CF3CE8608B00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF13FBF8 Relevance: 39.0, APIs: 21, Strings: 1, Instructions: 468COMMONLIBRARYCODE

Download Yara Rule

APIs

__doserrno.LIBCMT ref: 00007FF6DF13FC49
_errno.LIBCMT ref: 00007FF6DF13FC50

Strings

U, xrefs: 00007FF6DF140207

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: __doserrno_errno
String ID: U
API String ID: 921712934-4171548499
Opcode ID: b8cde3dc45426d2fccb524598b351ced835cad963a61412f9881e6c3978d947a
Instruction ID: 66a8bdf1916f3064fdffe85f59e137b4d828157d1c36e24c3e8803e3d4900c5d
Opcode Fuzzy Hash: b8cde3dc45426d2fccb524598b351ced835cad963a61412f9881e6c3978d947a
Instruction Fuzzy Hash: 7312C332A0C68386EB288F25E84437E67A8FB89758F540137DE5E87695DF3DE465CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF171720 Relevance: 38.7, APIs: 20, Strings: 2, Instructions: 194windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6DF170110: GetModuleHandleA.KERNEL32 ref: 00007FF6DF17012D
Part of subcall function 00007FF6DF170110: GetProcAddress.KERNEL32 ref: 00007FF6DF170142

Part of subcall function 00007FF6DF171670: CreateDIBSection.GDI32 ref: 00007FF6DF1716E5

CreateCompatibleDC.GDI32 ref: 00007FF6DF1717E9
CreateCompatibleDC.GDI32 ref: 00007FF6DF1717FE
SelectObject.GDI32 ref: 00007FF6DF171836
SelectObject.GDI32 ref: 00007FF6DF171847
SetStretchBltMode.GDI32 ref: 00007FF6DF17185A
SetStretchBltMode.GDI32 ref: 00007FF6DF171868
StretchBlt.GDI32 ref: 00007FF6DF1718BF
BitBlt.GDI32 ref: 00007FF6DF171900
SelectObject.GDI32 ref: 00007FF6DF171916
SelectObject.GDI32 ref: 00007FF6DF171924

Part of subcall function 00007FF6DF171410: GetObjectW.GDI32 ref: 00007FF6DF171434

SelectObject.GDI32 ref: 00007FF6DF171962
BitBlt.GDI32 ref: 00007FF6DF1719AF
SelectObject.GDI32 ref: 00007FF6DF1719BB
SelectObject.GDI32 ref: 00007FF6DF1719D3
SelectObject.GDI32 ref: 00007FF6DF1719E9
DeleteDC.GDI32 ref: 00007FF6DF1719F2
DeleteDC.GDI32 ref: 00007FF6DF171A00

Part of subcall function 00007FF6DF170180: GetModuleHandleA.KERNEL32 ref: 00007FF6DF1701A3
Part of subcall function 00007FF6DF170180: GetProcAddress.KERNEL32 ref: 00007FF6DF1701B8

DeleteObject.GDI32 ref: 00007FF6DF171A13
DeleteObject.GDI32 ref: 00007FF6DF171A21
DeleteObject.GDI32 ref: 00007FF6DF171A37

Strings

, xrefs: 00007FF6DF1718D4
, xrefs: 00007FF6DF17187C

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Object$Select$Delete$CreateStretch$AddressCompatibleHandleModeModuleProc$Section
String ID: $
API String ID: 1582368004-227171996
Opcode ID: 3ffd73b65c89ff46401ae8caa16690e99798ce3794f630d4b7c8aef6f9bd2f90
Instruction ID: 944e167a6abf84c57c1f2c87c5def832261c1090496860dfc27a218755472527
Opcode Fuzzy Hash: 3ffd73b65c89ff46401ae8caa16690e99798ce3794f630d4b7c8aef6f9bd2f90
Instruction Fuzzy Hash: 1A814072A0C78296EB649F16E85076EB7A9FB89BC4F044036DE8D83B54DF3CE4558B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF105300 Relevance: 37.1, APIs: 16, Strings: 5, Instructions: 330synchronizationwindowCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6DF105170: SendMessageW.USER32 ref: 00007FF6DF10525F

malloc.LIBCMT ref: 00007FF6DF105346

Part of subcall function 00007FF6DF131B7C: _FF_MSGBANNER.LIBCMT ref: 00007FF6DF131BAC
Part of subcall function 00007FF6DF131B7C: RtlAllocateHeap.NTDLL(?,?,00000018,00007FF6DF10630C), ref: 00007FF6DF131BD1
Part of subcall function 00007FF6DF131B7C: _errno.LIBCMT ref: 00007FF6DF131BF5
Part of subcall function 00007FF6DF131B7C: _errno.LIBCMT ref: 00007FF6DF131C00

malloc.LIBCMT ref: 00007FF6DF105370
SendMessageW.USER32 ref: 00007FF6DF1053C2
SendMessageW.USER32 ref: 00007FF6DF1053F8
CloseHandle.KERNEL32 ref: 00007FF6DF10557F
CloseHandle.KERNEL32 ref: 00007FF6DF1055BA

Part of subcall function 00007FF6DF104D10: malloc.LIBCMT ref: 00007FF6DF104D2F
Part of subcall function 00007FF6DF104D10: GetDiskFreeSpaceExW.KERNEL32 ref: 00007FF6DF104D98
Part of subcall function 00007FF6DF104D10: free.LIBCMT ref: 00007FF6DF104DA5

SendMessageW.USER32 ref: 00007FF6DF105641
SendMessageW.USER32 ref: 00007FF6DF10565C
WaitForSingleObject.KERNEL32 ref: 00007FF6DF1056A6
WaitForSingleObject.KERNEL32 ref: 00007FF6DF10577C
ReleaseMutex.KERNEL32 ref: 00007FF6DF1057B5
ReleaseMutex.KERNEL32 ref: 00007FF6DF1056E7

Part of subcall function 00007FF6DF131878: _errno.LIBCMT ref: 00007FF6DF131896

Part of subcall function 00007FF6DF131878: _errno.LIBCMT ref: 00007FF6DF1318E9

free.LIBCMT ref: 00007FF6DF1057BE
free.LIBCMT ref: 00007FF6DF1057C6
WaitForSingleObject.KERNEL32 ref: 00007FF6DF1057F3
ReleaseMutex.KERNEL32 ref: 00007FF6DF105830

Strings

%s (%s), xrefs: 00007FF6DF105738
Unable to completely wipe free space of , xrefs: 00007FF6DF105708
Free space of all selected drives has been wiped successfully., xrefs: 00007FF6DF105689, 00007FF6DF1056C2
Wiping Free Space of (%s), xrefs: 00007FF6DF105541
Stopped, xrefs: 00007FF6DF10580B

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: MessageSend$_errno$MutexObjectReleaseSingleWaitfreemalloc$CloseHandle$AllocateDiskFreeHeapSpace
String ID: %s (%s)$Free space of all selected drives has been wiped successfully.$Stopped$Unable to completely wipe free space of $Wiping Free Space of (%s)
API String ID: 634084966-906576194
Opcode ID: d0dfea171ab7f7027ca8943f524d5546661c2881140a4acd6a373ad91990b7e0
Instruction ID: 141e11b0f60753c0f3307f86e29d73d8556c209f3cf46ab69ded927aeebb09ce
Opcode Fuzzy Hash: d0dfea171ab7f7027ca8943f524d5546661c2881140a4acd6a373ad91990b7e0
Instruction Fuzzy Hash: 23E16931A1864292FB54AB12EC502BE23A9FF91B84F904137DA0ED77A5DF7DE4B18740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF165D60 Relevance: 35.3, APIs: 16, Strings: 4, Instructions: 279windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32 ref: 00007FF6DF165DBC
SendMessageW.USER32 ref: 00007FF6DF165DDA
ImageList_DrawIndirect.COMCTL32 ref: 00007FF6DF165F14
ImageList_GetIconSize.COMCTL32 ref: 00007FF6DF165F2C
CreateCompatibleDC.GDI32 ref: 00007FF6DF165F4E
CreateBitmap.GDI32 ref: 00007FF6DF165F95
PatBlt.GDI32 ref: 00007FF6DF165FFC
ImageList_DrawIndirect.COMCTL32 ref: 00007FF6DF166085
ImageList_DrawIndirect.COMCTL32 ref: 00007FF6DF1660BA
SelectObject.GDI32 ref: 00007FF6DF1660F3
BitBlt.GDI32 ref: 00007FF6DF16613A
SelectObject.GDI32 ref: 00007FF6DF166147
SelectObject.GDI32 ref: 00007FF6DF166163
BitBlt.GDI32 ref: 00007FF6DF1661A2
SelectObject.GDI32 ref: 00007FF6DF1661AF
ImageList_DrawIndirect.COMCTL32 ref: 00007FF6DF16627E

Strings

, xrefs: 00007FF6DF166075
b, xrefs: 00007FF6DF165FE2
`, xrefs: 00007FF6DF16608B
H, xrefs: 00007FF6DF1661FC

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: ImageList_$DrawIndirectObjectSelect$CreateMessageSend$BitmapCompatibleIconSize
String ID: $H$`$b
API String ID: 737861122-2478612689
Opcode ID: 1f853157ff09d64438eb9ad3356e0b72317add4b906a492cd2d9854da371861c
Instruction ID: 4ef5aed20bf45fa600e7b21ad2f3cfc01e7def4e37952f10711a8c5b924923d2
Opcode Fuzzy Hash: 1f853157ff09d64438eb9ad3356e0b72317add4b906a492cd2d9854da371861c
Instruction Fuzzy Hash: 60D13A726086C18AE7609F16E8407AEB7A8FBC4B94F044136EA8D87B69DF7CD455CF40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF101D20 Relevance: 33.4, APIs: 16, Strings: 3, Instructions: 129fileCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 00007FF6DF101D35
OpenProcessToken.ADVAPI32 ref: 00007FF6DF101D48
LookupPrivilegeValueW.ADVAPI32 ref: 00007FF6DF101D66
AdjustTokenPrivileges.ADVAPI32 ref: 00007FF6DF101DA8
CloseHandle.KERNEL32 ref: 00007FF6DF101DB3
GetVolumePathNameW.KERNEL32 ref: 00007FF6DF101DDC
malloc.LIBCMT ref: 00007FF6DF101E35
malloc.LIBCMT ref: 00007FF6DF101E5A
GetVolumeNameForVolumeMountPointW.KERNEL32 ref: 00007FF6DF101E6E
free.LIBCMT ref: 00007FF6DF101E7B
free.LIBCMT ref: 00007FF6DF101E83
free.LIBCMT ref: 00007FF6DF101E8B
CreateFileW.KERNEL32 ref: 00007FF6DF101ED4
free.LIBCMT ref: 00007FF6DF101EE6
free.LIBCMT ref: 00007FF6DF101EEE
free.LIBCMT ref: 00007FF6DF101EF6

Strings

\, xrefs: 00007FF6DF101E12
SeBackupPrivilege, xrefs: 00007FF6DF101D5D
%s\, xrefs: 00007FF6DF101E3D

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: free$Volume$NameProcessTokenmalloc$AdjustCloseCreateCurrentFileHandleLookupMountOpenPathPointPrivilegePrivilegesValue
String ID: %s\$SeBackupPrivilege$\
API String ID: 2809452279-1301101427
Opcode ID: 5c917ed9d877f1fa8cc1537b495edab79d8722b4493691dca91e1d4b445829b7
Instruction ID: d84b41601e9e5f5318f67eed0368a30a141e0a37d49937702274fc987475b422
Opcode Fuzzy Hash: 5c917ed9d877f1fa8cc1537b495edab79d8722b4493691dca91e1d4b445829b7
Instruction Fuzzy Hash: E151C230B0864256E6509B226C086AD6398BF86FF4F544336EE7E937D9DF3CD0658740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF105970 Relevance: 31.8, APIs: 12, Strings: 6, Instructions: 300windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6DF105170: SendMessageW.USER32 ref: 00007FF6DF10525F

malloc.LIBCMT ref: 00007FF6DF1059B6

Part of subcall function 00007FF6DF131B7C: _FF_MSGBANNER.LIBCMT ref: 00007FF6DF131BAC
Part of subcall function 00007FF6DF131B7C: RtlAllocateHeap.NTDLL(?,?,00000018,00007FF6DF10630C), ref: 00007FF6DF131BD1
Part of subcall function 00007FF6DF131B7C: _errno.LIBCMT ref: 00007FF6DF131BF5
Part of subcall function 00007FF6DF131B7C: _errno.LIBCMT ref: 00007FF6DF131C00

malloc.LIBCMT ref: 00007FF6DF1059E0
SendMessageW.USER32 ref: 00007FF6DF105A2D
SendMessageW.USER32 ref: 00007FF6DF105A63
CloseHandle.KERNEL32 ref: 00007FF6DF105BAE
CloseHandle.KERNEL32 ref: 00007FF6DF105BF1

Part of subcall function 00007FF6DF131878: _errno.LIBCMT ref: 00007FF6DF131896

DeviceIoControl.KERNEL32 ref: 00007FF6DF105CB9
CloseHandle.KERNEL32 ref: 00007FF6DF105CC6
SendMessageW.USER32 ref: 00007FF6DF105D05
SendMessageW.USER32 ref: 00007FF6DF105D20
free.LIBCMT ref: 00007FF6DF105DCC
free.LIBCMT ref: 00007FF6DF105DD4

Part of subcall function 00007FF6DF104290: DeviceIoControl.KERNEL32 ref: 00007FF6DF1042D0

Strings

All selected drives are completely wiped successfully. You need to format these drives to make them usable again., xrefs: 00007FF6DF105D40
%s (%s), xrefs: 00007FF6DF105D88
Unable to lock , xrefs: 00007FF6DF105D5C
(, xrefs: 00007FF6DF105B15
and hence could not completely wipe these drives., xrefs: 00007FF6DF105DA6
Wiping Entire Disk (%s), xrefs: 00007FF6DF105B70

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: MessageSend$CloseHandle_errno$ControlDevicefreemalloc$AllocateHeap
String ID: and hence could not completely wipe these drives.$%s (%s)$($All selected drives are completely wiped successfully. You need to format these drives to make them usable again.$Unable to lock $Wiping Entire Disk (%s)
API String ID: 2784824101-4168325946
Opcode ID: 2f99b26c836c761387b443b6c9a636df30751cf9dd54f1027121dd8dd8752bb1
Instruction ID: c7aed8055fabc111a4a4cf173615b8cfe2e4b88b50d3b0fbe4e81f669b737b47
Opcode Fuzzy Hash: 2f99b26c836c761387b443b6c9a636df30751cf9dd54f1027121dd8dd8752bb1
Instruction Fuzzy Hash: E4C1E331A1864292EB54AB22EC102BE23ADFF95B94F504137DA0DD37E5DF7CE5658700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF136D34 Relevance: 29.3, APIs: 9, Strings: 7, Instructions: 1316COMMON

Download Yara Rule

APIs

_errno.LIBCMT ref: 00007FF6DF136DBE

Part of subcall function 00007FF6DF135EA0: DecodePointer.KERNEL32 ref: 00007FF6DF135EC7

Strings

L, xrefs: 00007FF6DF136F64
N, xrefs: 00007FF6DF136F69
h, xrefs: 00007FF6DF136F72
w, xrefs: 00007FF6DF136F80
*, xrefs: 00007FF6DF136F4D
I, xrefs: 00007FF6DF136F5F
F, xrefs: 00007FF6DF136F56

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: DecodePointer_errno
String ID: *$F$I$L$N$h$w
API String ID: 3485708101-1147943917
Opcode ID: c93ab31b1f24c80d273fb0e2b0078d6d075faf889ed66b828b1d038dacfec20f
Instruction ID: 936d91bb550704a6b81f71b40faf5a9c52296cb86e146c822d282bdbddb742d7
Opcode Fuzzy Hash: c93ab31b1f24c80d273fb0e2b0078d6d075faf889ed66b828b1d038dacfec20f
Instruction Fuzzy Hash: 0EC2E93691C6C286EB749B15A84027EB7E9FB80794F544237EA8D87794DF3DE864CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF13DF44 Relevance: 28.9, APIs: 19, Instructions: 377COMMONLIBRARYCODE

Download Yara Rule

APIs

LCMapStringW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6DF13E4F5), ref: 00007FF6DF13DFB6
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6DF13E4F5), ref: 00007FF6DF13DFCC
MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6DF13E4F5), ref: 00007FF6DF13E076
malloc.LIBCMT ref: 00007FF6DF13E0E7
MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6DF13E4F5), ref: 00007FF6DF13E11E
LCMapStringW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6DF13E4F5), ref: 00007FF6DF13E143
LCMapStringW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6DF13E4F5), ref: 00007FF6DF13E193
malloc.LIBCMT ref: 00007FF6DF13E1E6
LCMapStringW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6DF13E4F5), ref: 00007FF6DF13E220
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6DF13E4F5), ref: 00007FF6DF13E263
free.LIBCMT ref: 00007FF6DF13E274
free.LIBCMT ref: 00007FF6DF13E282
LCMapStringA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6DF13E4F5), ref: 00007FF6DF13E311
malloc.LIBCMT ref: 00007FF6DF13E37F
LCMapStringA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6DF13E4F5), ref: 00007FF6DF13E3C8
free.LIBCMT ref: 00007FF6DF13E410
LCMapStringA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6DF13E4F5), ref: 00007FF6DF13E430
free.LIBCMT ref: 00007FF6DF13E442
free.LIBCMT ref: 00007FF6DF13E454

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: String$free$ByteCharMultiWidemalloc$ErrorLast
String ID:
API String ID: 1837315383-0
Opcode ID: 3ecf796059dd3558e267e45c7f18654181da50f65e6fa5caada477779510848d
Instruction ID: f7e8226cda9445dbf2f3490d097ec4c9debcef976e5a2fa9e1fafab2c8d437fd
Opcode Fuzzy Hash: 3ecf796059dd3558e267e45c7f18654181da50f65e6fa5caada477779510848d
Instruction Fuzzy Hash: 70F1C332A087828AE7208F25D8401AD77E9FB48798F544636EA5DD7BD4DF3CE9658700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF1698B0 Relevance: 28.8, APIs: 19, Instructions: 297windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6DF170320: IsWindow.USER32 ref: 00007FF6DF170343
Part of subcall function 00007FF6DF170320: GetClientRect.USER32 ref: 00007FF6DF17035C

GetParent.USER32 ref: 00007FF6DF16995B
SendMessageW.USER32 ref: 00007FF6DF169985
GetFocus.USER32 ref: 00007FF6DF1699AD
SendMessageW.USER32 ref: 00007FF6DF1699C6
DrawFocusRect.USER32 ref: 00007FF6DF1699F9
GetParent.USER32 ref: 00007FF6DF169A66
SendMessageW.USER32 ref: 00007FF6DF169A90

Part of subcall function 00007FF6DF110764: GetDlgCtrlID.USER32 ref: 00007FF6DF110776

GetParent.USER32 ref: 00007FF6DF169B02
SendMessageW.USER32 ref: 00007FF6DF169B2C
GetParent.USER32 ref: 00007FF6DF169B85
SendMessageW.USER32 ref: 00007FF6DF169BAF

Part of subcall function 00007FF6DF1690C0: SendMessageW.USER32 ref: 00007FF6DF1690E6

GetParent.USER32 ref: 00007FF6DF169C21
SendMessageW.USER32 ref: 00007FF6DF169C4B
GetParent.USER32 ref: 00007FF6DF169CA4
SendMessageW.USER32 ref: 00007FF6DF169CCE
GetParent.USER32 ref: 00007FF6DF169D40
SendMessageW.USER32 ref: 00007FF6DF169D6A
GetParent.USER32 ref: 00007FF6DF169DC0
SendMessageW.USER32 ref: 00007FF6DF169DEA

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: MessageSend$Parent$FocusRect$ClientCtrlDrawWindow
String ID:
API String ID: 1775977069-0
Opcode ID: 466162e16bf56a509288ce8ee60b4bc658694e3afd65f07dea24b7492d305d99
Instruction ID: e5c665cffc32693a2c3ae14cc5d6e60ba8e4d24542783962a1902ca7bbde3183
Opcode Fuzzy Hash: 466162e16bf56a509288ce8ee60b4bc658694e3afd65f07dea24b7492d305d99
Instruction Fuzzy Hash: 00E17372608B8292DA64DB11ED503BD7364FB88B94F044136EACE87B99DF3CD565CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF103FE0 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 147fileCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 00007FF6DF10400B
OpenProcessToken.ADVAPI32 ref: 00007FF6DF10401C
LookupPrivilegeValueW.ADVAPI32 ref: 00007FF6DF104034
AdjustTokenPrivileges.ADVAPI32 ref: 00007FF6DF104072
CloseHandle.KERNEL32 ref: 00007FF6DF10407D
malloc.LIBCMT ref: 00007FF6DF104088
CreateFileW.KERNEL32 ref: 00007FF6DF104112
free.LIBCMT ref: 00007FF6DF104122
DeviceIoControl.KERNEL32 ref: 00007FF6DF10416D
GetLastError.KERNEL32 ref: 00007FF6DF104177
CloseHandle.KERNEL32 ref: 00007FF6DF10418F
DeviceIoControl.KERNEL32 ref: 00007FF6DF1041EA
DeviceIoControl.KERNEL32 ref: 00007FF6DF104236

Strings

`, xrefs: 00007FF6DF104229
\\.\, xrefs: 00007FF6DF1040AA
SeBackupPrivilege, xrefs: 00007FF6DF10402B

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: ControlDevice$CloseHandleProcessToken$AdjustCreateCurrentErrorFileLastLookupOpenPrivilegePrivilegesValuefreemalloc
String ID: SeBackupPrivilege$\\.\$`
API String ID: 1592433342-752019939
Opcode ID: 74007fca77420b22729d04e6e5953abb7e53a61a1fb4f53ac26e84c91591bd3c
Instruction ID: 744c0ab3d5dfe25685452452bacb1e32f5a26b0c9f6f63687b9fdabbf21ee117
Opcode Fuzzy Hash: 74007fca77420b22729d04e6e5953abb7e53a61a1fb4f53ac26e84c91591bd3c
Instruction Fuzzy Hash: 42717231A08B8292E750CF11FC446AE73A8FB89794F404236DA9D83B98DF7DD5A5CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF101F20 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 130COMMON

Download Yara Rule

APIs

GetVersionExW.KERNEL32 ref: 00007FF6DF101F66

Part of subcall function 00007FF6DF101BA0: malloc.LIBCMT ref: 00007FF6DF101BB4
Part of subcall function 00007FF6DF101BA0: GetDiskFreeSpaceW.KERNEL32 ref: 00007FF6DF101BF3
Part of subcall function 00007FF6DF101BA0: free.LIBCMT ref: 00007FF6DF101C00

Strings

\\.\%s, xrefs: 00007FF6DF10205F
\, xrefs: 00007FF6DF102085
\\.\PhysicalDrive%d, xrefs: 00007FF6DF102049

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: DiskFreeSpaceVersionfreemalloc
String ID: \$\\.\%s$\\.\PhysicalDrive%d
API String ID: 3692368950-766223900
Opcode ID: e5529f87aabf54d6b7ea54d2bfd43a83ffa2748f6ac5a152ec7653a47c3cdc34
Instruction ID: 7580e423df575261eac3895aed457ee3dd79ffcb0a17d120670757282700f2ee
Opcode Fuzzy Hash: e5529f87aabf54d6b7ea54d2bfd43a83ffa2748f6ac5a152ec7653a47c3cdc34
Instruction Fuzzy Hash: B351A731A0C78195E7649B12AC042AD7398FF85BA0F544236DA6DD77D9DF7CD064CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF165000 Relevance: 21.5, APIs: 14, Instructions: 469windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32 ref: 00007FF6DF1650F1

Part of subcall function 00007FF6DF164CF0: GetClientRect.USER32 ref: 00007FF6DF164D64

GetObjectW.GDI32 ref: 00007FF6DF165138
CopyRect.USER32 ref: 00007FF6DF16529B
InflateRect.USER32 ref: 00007FF6DF1652DF
DrawStateW.USER32 ref: 00007FF6DF165443
DrawStateW.USER32 ref: 00007FF6DF1654BB
SendMessageW.USER32 ref: 00007FF6DF1654DF
GetFocus.USER32 ref: 00007FF6DF165582
SendMessageW.USER32 ref: 00007FF6DF16559F
GetClientRect.USER32 ref: 00007FF6DF1655BF
CopyRect.USER32 ref: 00007FF6DF1655D5
DrawFocusRect.USER32 ref: 00007FF6DF16571E

Part of subcall function 00007FF6DF11062C: GetWindowLongW.USER32 ref: 00007FF6DF110643

InflateRect.USER32 ref: 00007FF6DF1656F2

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Rect$DrawMessageSend$ClientCopyFocusInflateState$LongObjectWindow
String ID:
API String ID: 991325804-0
Opcode ID: 2d711c371484ba6cc3de4a47491955de4aea3453bd0e3296e666a73b27d8a4ce
Instruction ID: 5e939a0abdd150370c04e0291df5cac76cc8cef9ac78821d61dc074f20701364
Opcode Fuzzy Hash: 2d711c371484ba6cc3de4a47491955de4aea3453bd0e3296e666a73b27d8a4ce
Instruction Fuzzy Hash: 4C227372A0868287E724DF29E9807BE7765FB84B90F404136EA5983B95DF3CE451CF40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF104D10 Relevance: 19.6, APIs: 9, Strings: 2, Instructions: 311filesleepCOMMON

Download Yara Rule

APIs

malloc.LIBCMT ref: 00007FF6DF104D2F

Part of subcall function 00007FF6DF131B7C: _FF_MSGBANNER.LIBCMT ref: 00007FF6DF131BAC
Part of subcall function 00007FF6DF131B7C: RtlAllocateHeap.NTDLL(?,?,00000018,00007FF6DF10630C), ref: 00007FF6DF131BD1
Part of subcall function 00007FF6DF131B7C: _errno.LIBCMT ref: 00007FF6DF131BF5
Part of subcall function 00007FF6DF131B7C: _errno.LIBCMT ref: 00007FF6DF131C00

GetDiskFreeSpaceExW.KERNEL32 ref: 00007FF6DF104D98
free.LIBCMT ref: 00007FF6DF104DA5
free.LIBCMT ref: 00007FF6DF104DC5

Part of subcall function 00007FF6DF131D18: RtlRestoreThreadPreferredUILanguages.NTDLL(?,?,00000000,00007FF6DF1357EC,?,?,00000018,00007FF6DF133831,?,?,?,?,00007FF6DF131C1A,?,?,00000018), ref: 00007FF6DF131D2E
Part of subcall function 00007FF6DF131D18: _errno.LIBCMT ref: 00007FF6DF131D38
Part of subcall function 00007FF6DF131D18: GetLastError.KERNEL32(?,?,00000000,00007FF6DF1357EC,?,?,00000018,00007FF6DF133831,?,?,?,?,00007FF6DF131C1A,?,?,00000018), ref: 00007FF6DF131D40

Part of subcall function 00007FF6DF104480: SendMessageW.USER32 ref: 00007FF6DF1044DA
Part of subcall function 00007FF6DF104480: SendMessageW.USER32 ref: 00007FF6DF1044EF
Part of subcall function 00007FF6DF104480: SendMessageW.USER32 ref: 00007FF6DF104513
Part of subcall function 00007FF6DF104480: SendMessageW.USER32 ref: 00007FF6DF10452C

malloc.LIBCMT ref: 00007FF6DF104E7B
DeleteFileW.KERNEL32 ref: 00007FF6DF105125
Sleep.KERNEL32 ref: 00007FF6DF105134
DeleteFileW.KERNEL32 ref: 00007FF6DF10513D
free.LIBCMT ref: 00007FF6DF105146

Strings

\, xrefs: 00007FF6DF104D6F
%s\PuranWipeDiskFile%d, xrefs: 00007FF6DF10510A

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: MessageSend$_errnofree$DeleteFilemalloc$AllocateDiskErrorFreeHeapLanguagesLastPreferredRestoreSleepSpaceThread
String ID: %s\PuranWipeDiskFile%d$\
API String ID: 2868879018-2574029605
Opcode ID: c7b488c0fe77c2cadc5be1919d6e9755e1c3a7923de13151dced3735fba88262
Instruction ID: bf375378150140aaf3006f7f99b4d9f688a1678548f2d157c013647130255929
Opcode Fuzzy Hash: c7b488c0fe77c2cadc5be1919d6e9755e1c3a7923de13151dced3735fba88262
Instruction Fuzzy Hash: 09B11330B08B2240FA645B3BAD9837D93895F85BE4F245737D82EC2BD8DFADA5710244

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF15D510 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 197COMMON

Download Yara Rule

APIs

CreateCompatibleDC.GDI32 ref: 00007FF6DF15D57F
GetObjectW.GDI32 ref: 00007FF6DF15D5AF
CreateDIBSection.GDI32 ref: 00007FF6DF15D61D

Part of subcall function 00007FF6DF170600: CreateCompatibleDC.GDI32 ref: 00007FF6DF170643
Part of subcall function 00007FF6DF170600: SelectObject.GDI32 ref: 00007FF6DF17065B

DrawStateW.USER32 ref: 00007FF6DF15D6A5

Part of subcall function 00007FF6DF170680: SelectObject.GDI32 ref: 00007FF6DF1706A8

DeleteObject.GDI32 ref: 00007FF6DF15D6BC
CreateDIBSection.GDI32 ref: 00007FF6DF15D74B
free.LIBCMT ref: 00007FF6DF15D84B
free.LIBCMT ref: 00007FF6DF15D85F
DeleteObject.GDI32 ref: 00007FF6DF15D86D

Strings

(, xrefs: 00007FF6DF15D5C8

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Object$Create$CompatibleDeleteSectionSelectfree$DrawState
String ID: (
API String ID: 1956878834-3887548279
Opcode ID: 806fe579caaee1bb28c0519dbb1033963e8934dcc86c65a257824d407ff1c66d
Instruction ID: 7f40656ce225e3d2e16758392ad20c587548721492d617c712d3bf586e1db68f
Opcode Fuzzy Hash: 806fe579caaee1bb28c0519dbb1033963e8934dcc86c65a257824d407ff1c66d
Instruction Fuzzy Hash: B491183290C6C186E760DB26E8503AEB7A8FBC4790F404136EA9D87BA9DF7CD455CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF139330 Relevance: 17.3, APIs: 11, Instructions: 757COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6DF1318FC: _getptd.LIBCMT ref: 00007FF6DF131912

_errno.LIBCMT ref: 00007FF6DF13939E

Part of subcall function 00007FF6DF135EA0: DecodePointer.KERNEL32 ref: 00007FF6DF135EC7

DecodePointer.KERNEL32 ref: 00007FF6DF1399BD
DecodePointer.KERNEL32 ref: 00007FF6DF139A04
DecodePointer.KERNEL32 ref: 00007FF6DF139A2E

Part of subcall function 00007FF6DF1390F8: malloc.LIBCMT ref: 00007FF6DF139117
Part of subcall function 00007FF6DF1390F8: Sleep.KERNEL32(?,?,00000000,00007FF6DF13B9E5,?,?,00000000,00007FF6DF13BA8F,?,?,00000000,00007FF6DF135721,?,?,00000000,00007FF6DF1357D8), ref: 00007FF6DF13912E

write_multi_char.LIBCMT ref: 00007FF6DF139ACA
write_multi_char.LIBCMT ref: 00007FF6DF139AFF
write_char.LIBCMT ref: 00007FF6DF139B56
write_multi_char.LIBCMT ref: 00007FF6DF139BB0
free.LIBCMT ref: 00007FF6DF139BDB
_errno.LIBCMT ref: 00007FF6DF139E8F

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: DecodePointer$write_multi_char$_errno$Sleep_getptdfreemallocwrite_char
String ID:
API String ID: 3557194103-0
Opcode ID: eeb910abd928a7e2d00b37358315a1a07cf70d02a1e59e12f1826a1f93f1aa2e
Instruction ID: 34c641bde69d45243def4304c2bdbf1d8bc8c1eee1000c86a67b6bf5ab3291ef
Opcode Fuzzy Hash: eeb910abd928a7e2d00b37358315a1a07cf70d02a1e59e12f1826a1f93f1aa2e
Instruction Fuzzy Hash: 9B62A37290C68686E7709B15988037E67EAFB81788F944137DA8EC76D4DF7DE8608B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF16E7F0 Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 309windowCOMMON

Download Yara Rule

APIs

GetClientRect.USER32 ref: 00007FF6DF16E81F
GetCapture.USER32 ref: 00007FF6DF16E82F
GetSystemMetrics.USER32 ref: 00007FF6DF16E992
InflateRect.USER32 ref: 00007FF6DF16EA6F
InflateRect.USER32 ref: 00007FF6DF16EB03
SendMessageW.USER32 ref: 00007FF6DF16EC29
GetSystemMetrics.USER32 ref: 00007FF6DF16EC7E

Strings

COMBOBOX, xrefs: 00007FF6DF16E938
BUTTON, xrefs: 00007FF6DF16EB36

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Rect$InflateMetricsSystem$CaptureClientMessageSend
String ID: BUTTON$COMBOBOX
API String ID: 1618826982-3691647030
Opcode ID: e9da4c39a837899b1a411c9023bf697f4264ad839373e55536b62d9e818470c4
Instruction ID: d54238a8087359665471191b1232c254ccda7da0bad0528265ccaa98301dd2bb
Opcode Fuzzy Hash: e9da4c39a837899b1a411c9023bf697f4264ad839373e55536b62d9e818470c4
Instruction Fuzzy Hash: A5D1C43261868687D760DF26E8407AEB765FBC5794F405136FA8E83A98DF3DD414CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF146128 Relevance: 15.1, APIs: 10, Instructions: 106COMMONLIBRARYCODE

Download Yara Rule

APIs

__doserrno.LIBCMT ref: 00007FF6DF146151
_errno.LIBCMT ref: 00007FF6DF14615A
__doserrno.LIBCMT ref: 00007FF6DF1461AB
_errno.LIBCMT ref: 00007FF6DF1461B2

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: __doserrno_errno
String ID:
API String ID: 921712934-0
Opcode ID: 503f1d8d9b5a371f5e6d69eb99ee3f2f914422770b2c541f8cbd5029d6f826e3
Instruction ID: 4f6e4276f697f8d6569b3ab28e6681a884f6be20c6cbe6cbb6aa274306247692
Opcode Fuzzy Hash: 503f1d8d9b5a371f5e6d69eb99ee3f2f914422770b2c541f8cbd5029d6f826e3
Instruction Fuzzy Hash: 5C415632E1825256E3216F71AC4153D7799AFC1728F954B3FEA2987BD2CF3DA4608704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF134A3C Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 137fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(?,?,?,?,?,00007FF6DF134C98,?,?,?,?,00007FF6DF13B9B0,?,?,00000000,00007FF6DF13BA8F), ref: 00007FF6DF134AFF
GetStdHandle.KERNEL32(?,?,?,?,?,00007FF6DF134C98,?,?,?,?,00007FF6DF13B9B0,?,?,00000000,00007FF6DF13BA8F), ref: 00007FF6DF134C0B
WriteFile.KERNEL32 ref: 00007FF6DF134C45

Strings

Runtime Error!Program: , xrefs: 00007FF6DF134ABE
..., xrefs: 00007FF6DF134B62
<program name unknown>, xrefs: 00007FF6DF134B09
Microsoft Visual C++ Runtime Library, xrefs: 00007FF6DF134BEF

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: File$HandleModuleNameWrite
String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
API String ID: 3784150691-4022980321
Opcode ID: b9b10c3229fb57b5ad28a295131aebb330dce2f259dc0dca9d468f956163b2e4
Instruction ID: cdf2241259dd116bdc1325f9a3d9c8d995e89d8cce7a646fbd949c3d271f03a9
Opcode Fuzzy Hash: b9b10c3229fb57b5ad28a295131aebb330dce2f259dc0dca9d468f956163b2e4
Instruction Fuzzy Hash: 1451AB31B1869341FB24DB22AE557BE23ADAF94784F404137DE0DC6AD5DF3CE2258200

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF13F3B0 Relevance: 12.2, APIs: 8, Instructions: 228COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 00007FF6DF13F3FB

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: _errno
String ID:
API String ID: 2918714741-0
Opcode ID: 540ed1392b23325c9b5107ad9cfa00224d34832663166b1ca69c4b4f38c1db86
Instruction ID: df6fb6d8c5f7413c4dc7ed56f0c710b19752e6d7b9a6c7bf31575d4fd7e891e8
Opcode Fuzzy Hash: 540ed1392b23325c9b5107ad9cfa00224d34832663166b1ca69c4b4f38c1db86
Instruction Fuzzy Hash: 2191D872A0C6C286EA648F15AD4413EB7ECFB91764F144237DA9D926E4DF3CE4A18B01

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF18A824 Relevance: 12.2, APIs: 8, Instructions: 192COMMON

Download Yara Rule

APIs

_errno.LIBCMT ref: 00007FF6DF18A848

Part of subcall function 00007FF6DF135EA0: DecodePointer.KERNEL32 ref: 00007FF6DF135EC7

_errno.LIBCMT ref: 00007FF6DF18A874

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: _errno$DecodePointer
String ID:
API String ID: 2310398763-0
Opcode ID: 2b8ac7e3b1b99720abec266faf9b4747f743e9fd46c483e94e3a9a253bb8a15f
Instruction ID: e476884f2f6740f1ff855f6d9dea91c0431c227ceae67374a6e9bbebffd6259f
Opcode Fuzzy Hash: 2b8ac7e3b1b99720abec266faf9b4747f743e9fd46c483e94e3a9a253bb8a15f
Instruction Fuzzy Hash: 4D711176E1C29372F7254A319F2173E6799AF81305F46953BCA4ACA9C1CF3CA0694720

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF131700 Relevance: 12.1, APIs: 8, Instructions: 67COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 00007FF6DF135AF7
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF6DF135B16
RtlVirtualUnwind.KERNEL32 ref: 00007FF6DF135B62
IsDebuggerPresent.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6DF106C39), ref: 00007FF6DF135BD4
SetUnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6DF106C39), ref: 00007FF6DF135BEC
UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6DF106C39), ref: 00007FF6DF135BF9
GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6DF106C39), ref: 00007FF6DF135C12
TerminateProcess.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6DF106C39), ref: 00007FF6DF135C20

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled$CaptureContextCurrentDebuggerEntryFunctionLookupPresentTerminateUnwindVirtual
String ID:
API String ID: 3778485334-0
Opcode ID: 0130299eba6adb42c93cc9e4965f0b45657b1daa6e334c01f1c988a09376a703
Instruction ID: dffaa5b3bbe05d4babb7daea0db3c89d657b222e9d96d34788914758e537250d
Opcode Fuzzy Hash: 0130299eba6adb42c93cc9e4965f0b45657b1daa6e334c01f1c988a09376a703
Instruction Fuzzy Hash: FB31E135A08B8685EA109B50FC8436EB3ACFB88754F50413BEA9D86765DF7CE5A4CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF1208F0 Relevance: 11.2, APIs: 7, Instructions: 714COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ff1ffa900e522d0d514720033dbb9fce5fed96683d98632c83a647d74b159db
Instruction ID: aacd66428c5e9a054e29c7e30317522b93856990854e1d38f650d563f4e78528
Opcode Fuzzy Hash: 6ff1ffa900e522d0d514720033dbb9fce5fed96683d98632c83a647d74b159db
Instruction Fuzzy Hash: 6C62C572A08A86D2E774DF65D8412FD6369FB85B80F504137DA4E93B94CF3AE8A5C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF13CFFC Relevance: 10.8, APIs: 7, Instructions: 301COMMONLIBRARYCODE

Download Yara Rule

APIs

_lock.LIBCMT ref: 00007FF6DF13D027

Part of subcall function 00007FF6DF13CF9C: _errno.LIBCMT ref: 00007FF6DF13CFA5

free.LIBCMT ref: 00007FF6DF13D11E

Part of subcall function 00007FF6DF131D18: RtlRestoreThreadPreferredUILanguages.NTDLL(?,?,00000000,00007FF6DF1357EC,?,?,00000018,00007FF6DF133831,?,?,?,?,00007FF6DF131C1A,?,?,00000018), ref: 00007FF6DF131D2E
Part of subcall function 00007FF6DF131D18: _errno.LIBCMT ref: 00007FF6DF131D38
Part of subcall function 00007FF6DF131D18: GetLastError.KERNEL32(?,?,00000000,00007FF6DF1357EC,?,?,00000018,00007FF6DF133831,?,?,?,?,00007FF6DF131C1A,?,?,00000018), ref: 00007FF6DF131D40

Part of subcall function 00007FF6DF13DE78: _errno.LIBCMT ref: 00007FF6DF13DE90

___lc_codepage_func.LIBCMT ref: 00007FF6DF13D0A7

Part of subcall function 00007FF6DF135D78: RtlCaptureContext.KERNEL32 ref: 00007FF6DF135DB7
Part of subcall function 00007FF6DF135D78: IsDebuggerPresent.KERNEL32 ref: 00007FF6DF135E55
Part of subcall function 00007FF6DF135D78: SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF6DF135E5F
Part of subcall function 00007FF6DF135D78: UnhandledExceptionFilter.KERNEL32 ref: 00007FF6DF135E6A
Part of subcall function 00007FF6DF135D78: GetCurrentProcess.KERNEL32 ref: 00007FF6DF135E80
Part of subcall function 00007FF6DF135D78: TerminateProcess.KERNEL32 ref: 00007FF6DF135E8E

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: _errno$ExceptionFilterProcessUnhandled$CaptureContextCurrentDebuggerErrorLanguagesLastPreferredPresentRestoreTerminateThread___lc_codepage_func_lockfree
String ID:
API String ID: 2691844916-0
Opcode ID: 1c04159affe213d4f491e7e183ee4af0756973397924048ed05f2e278a5d1404
Instruction ID: 7e838f65a56b34080a1013fdb8291f423adcdfa5927f3a6ef4f6781424c3f00f
Opcode Fuzzy Hash: 1c04159affe213d4f491e7e183ee4af0756973397924048ed05f2e278a5d1404
Instruction Fuzzy Hash: 50D19072A0C28685E7249F25EC517BD7BEDBB85744F404137DA4D93695CF3DE8618700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF12B460 Relevance: 10.7, APIs: 7, Instructions: 240filestringCOMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32 ref: 00007FF6DF12B4D3
PathIsUNCW.SHLWAPI ref: 00007FF6DF12B5A7
GetVolumeInformationW.KERNEL32 ref: 00007FF6DF12B5DD
CharUpperW.USER32 ref: 00007FF6DF12B620
FindFirstFileW.KERNEL32 ref: 00007FF6DF12B63A
FindClose.KERNEL32 ref: 00007FF6DF12B64D
lstrlenW.KERNEL32 ref: 00007FF6DF12B671

Part of subcall function 00007FF6DF12B400: GetLastError.KERNEL32 ref: 00007FF6DF12B41C

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: FindPath$CharCloseErrorFileFirstFullInformationLastNameUpperVolumelstrlen
String ID:
API String ID: 1546310471-0
Opcode ID: fd865f229d2c574c2c3adf841683d6771d5305d2e10956e4ae6d5d7e1704e9c4
Instruction ID: 87c91fcaf99ea4a7a3be1ec5aadd974876b9d4c6e355e9c8f9439aa087da23dd
Opcode Fuzzy Hash: fd865f229d2c574c2c3adf841683d6771d5305d2e10956e4ae6d5d7e1704e9c4
Instruction Fuzzy Hash: 0791FB31B089424AFA30D765DC4617D6399FF86BA0F544A33DA2EC76E5DF2DE8A18700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF13C014 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 171COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00007FF6DF1318FC: _getptd.LIBCMT ref: 00007FF6DF131912

_errno.LIBCMT ref: 00007FF6DF13C056

Part of subcall function 00007FF6DF135EA0: DecodePointer.KERNEL32 ref: 00007FF6DF135EC7

_errno.LIBCMT ref: 00007FF6DF13C094
_errno.LIBCMT ref: 00007FF6DF13C0DC

Strings

e+000, xrefs: 00007FF6DF13C16E
gfff, xrefs: 00007FF6DF13C1FB
-, xrefs: 00007FF6DF13C1D0

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: _errno$DecodePointer_getptd
String ID: -$e+000$gfff
API String ID: 2834218312-2620144452
Opcode ID: a7336a441364739da3792e1fb84d30f0b4ef8650b606980bfbb9551ade0da478
Instruction ID: d1bfcc7e29e2a70f53df35e511211323166d460b92dbd269e2a297a325ebf16b
Opcode Fuzzy Hash: a7336a441364739da3792e1fb84d30f0b4ef8650b606980bfbb9551ade0da478
Instruction Fuzzy Hash: 0F613937A086C186E7248B399C4126E7BD9FB85B98F488236DA4C87B85CF3ED4658700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF13F18C Relevance: 10.6, APIs: 7, Instructions: 138COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 00007FF6DF13F1D2
_errno.LIBCMT ref: 00007FF6DF13F240
_errno.LIBCMT ref: 00007FF6DF13F24B
_errno.LIBCMT ref: 00007FF6DF13F27F
WideCharToMultiByte.KERNEL32 ref: 00007FF6DF13F31A
GetLastError.KERNEL32 ref: 00007FF6DF13F33A
_errno.LIBCMT ref: 00007FF6DF13F360

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: _errno$ByteCharErrorLastMultiWide
String ID:
API String ID: 3895584640-0
Opcode ID: 3d12dfb9dde6c00ba8b50aa3945d62d989ae1ab403347d8f575bf0a59328d89f
Instruction ID: 0e5bb12c93d4e19bebda1375b93fab612470d3a57bd4bffa3355079d9e4a012a
Opcode Fuzzy Hash: 3d12dfb9dde6c00ba8b50aa3945d62d989ae1ab403347d8f575bf0a59328d89f
Instruction Fuzzy Hash: 6F51D332A0C6C28AE7749F65E84027EB7D9FB81750F548137E68C86AD5CF7CD8A18B05

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF135D78 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 00007FF6DF135DB7
IsDebuggerPresent.KERNEL32 ref: 00007FF6DF135E55
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF6DF135E5F
UnhandledExceptionFilter.KERNEL32 ref: 00007FF6DF135E6A
GetCurrentProcess.KERNEL32 ref: 00007FF6DF135E80
TerminateProcess.KERNEL32 ref: 00007FF6DF135E8E

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled$CaptureContextCurrentDebuggerPresentTerminate
String ID:
API String ID: 1269745586-0
Opcode ID: d0217621564578d0cd1713f4a36a748254c41f97ce9842d719c1093e2fb9438e
Instruction ID: d3d0cae3da44e8be75dc9c0b1ce55e89e3f26a8757b34896d1a0cddeaa674a40
Opcode Fuzzy Hash: d0217621564578d0cd1713f4a36a748254c41f97ce9842d719c1093e2fb9438e
Instruction Fuzzy Hash: 44313E32A18B8692EB248B54F8443AEB3A8FB89B45F400136D69D83A59DF7CD555CF00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF169400 Relevance: 7.7, APIs: 5, Instructions: 212windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6DF11062C: GetWindowLongW.USER32 ref: 00007FF6DF110643

SendMessageW.USER32 ref: 00007FF6DF169501
LocalSize.KERNEL32 ref: 00007FF6DF16951A
SendMessageW.USER32 ref: 00007FF6DF1695AC
SendMessageW.USER32 ref: 00007FF6DF1695C4
SendMessageW.USER32 ref: 00007FF6DF1695E1

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: MessageSend$LocalLongSizeWindow
String ID:
API String ID: 3683918697-0
Opcode ID: 0f0430a2ba6329fbea73290ec29f22d80f4d2922826778665285f47f81f73c7b
Instruction ID: 8bc7a45ac79ee3a64f6d1a716fd9a99575c21aa262dbb2ac3f23cabcdc59fbb3
Opcode Fuzzy Hash: 0f0430a2ba6329fbea73290ec29f22d80f4d2922826778665285f47f81f73c7b
Instruction Fuzzy Hash: 6D71C232B182514BEB249B26A845B6EB799FBC9B98F400136EE4D87F45DF3CE4118B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF135A30 Relevance: 7.5, APIs: 5, Instructions: 39timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF6DF135A67
GetCurrentProcessId.KERNEL32 ref: 00007FF6DF135A72
GetCurrentThreadId.KERNEL32 ref: 00007FF6DF135A7E
GetTickCount.KERNEL32 ref: 00007FF6DF135A8A
QueryPerformanceCounter.KERNEL32 ref: 00007FF6DF135A9B

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
String ID:
API String ID: 1445889803-0
Opcode ID: 954fec1375c94eef2783e2d44dbdf355892ec1604d9b1b8fff4714cca9b9fd61
Instruction ID: e2aff6e56b6522d6a56c15b3de9d5cd6f7e392e20e91be667187bf19828e42bf
Opcode Fuzzy Hash: 954fec1375c94eef2783e2d44dbdf355892ec1604d9b1b8fff4714cca9b9fd61
Instruction Fuzzy Hash: 5E015231619A0582E7418F21EC5426D6368FF49F91F446632DE5E87764DF3CDDE58340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF127B44 Relevance: 6.6, APIs: 4, Instructions: 569COMMON

Download Yara Rule

APIs

VariantClear.OLEAUT32 ref: 00007FF6DF127B87

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: ClearVariant
String ID:
API String ID: 1473721057-0
Opcode ID: 60f082bb228f73768a7d311d0fec5262955ecf62941dcc904a774f78c91ed843
Instruction ID: abc8bb32a2fc3e6a33ee41204ea8faf3c36948efa208043fea9aef74d8b7dba3
Opcode Fuzzy Hash: 60f082bb228f73768a7d311d0fec5262955ecf62941dcc904a774f78c91ed843
Instruction Fuzzy Hash: 15426B72A0464686EB68DF75D88213D27A9FB46B58F149537CB0E47399DF3EE8A0C340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF10BF28 Relevance: 6.0, APIs: 4, Instructions: 49keyboardwindowCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6DF11062C: GetWindowLongW.USER32 ref: 00007FF6DF110643

GetKeyState.USER32 ref: 00007FF6DF10BF6F
GetKeyState.USER32 ref: 00007FF6DF10BF7F
GetKeyState.USER32 ref: 00007FF6DF10BF8F
SendMessageW.USER32 ref: 00007FF6DF10BFAC

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: State$LongMessageSendWindow
String ID:
API String ID: 1063413437-0
Opcode ID: d4c5e33ad043c2056029f1da4ca16d06b75cf1a2ae5e2a3447b38a8608556fce
Instruction ID: ee4e92020b123b38bc06481e530794dc7358923f0e528069bd18151438004e89
Opcode Fuzzy Hash: d4c5e33ad043c2056029f1da4ca16d06b75cf1a2ae5e2a3447b38a8608556fce
Instruction Fuzzy Hash: 62118230B0858782F6189B57E8445BC5359AF44B80F488433EB4EC3799CFACE8B19740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF144C34 Relevance: 5.8, Strings: 4, Instructions: 795COMMONLIBRARYCODE

Download Yara Rule

Strings

1#INF, xrefs: 00007FF6DF144D78
1#QNAN, xrefs: 00007FF6DF144DB0
1#IND, xrefs: 00007FF6DF144D65
1#SNAN, xrefs: 00007FF6DF144D48

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID:
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 0-2761157908
Opcode ID: ae21e48eb80515174c41915cff8d93d114cf7bbbcd15e03fff3b99243aedbf99
Instruction ID: 2ef1a288ae6409c3453fa8bd1dc126ced6c791abf6d55be41f235f2ef8c10d21
Opcode Fuzzy Hash: ae21e48eb80515174c41915cff8d93d114cf7bbbcd15e03fff3b99243aedbf99
Instruction Fuzzy Hash: 1A620777A1C29287E7248F28D80066E7BE5F7D8748F545136EA8987A94DF3CE961CF00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF18AF14 Relevance: 4.6, APIs: 3, Instructions: 94COMMON

Download Yara Rule

APIs

_errno.LIBCMT ref: 00007FF6DF18AF3F

Part of subcall function 00007FF6DF135EA0: DecodePointer.KERNEL32 ref: 00007FF6DF135EC7

_errno.LIBCMT ref: 00007FF6DF18AF73
_errno.LIBCMT ref: 00007FF6DF18AFA7

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: _errno$DecodePointer
String ID:
API String ID: 2310398763-0
Opcode ID: 72de3384035eacdbe97a08d821c3ad95b46a8f3fec088d04000d3a353213291b
Instruction ID: d438cea9e453213731d1f6027a3f62eaba20d0e9699d1315dba5af64c921292c
Opcode Fuzzy Hash: 72de3384035eacdbe97a08d821c3ad95b46a8f3fec088d04000d3a353213291b
Instruction Fuzzy Hash: B231C435E1C24362F724DA35AE0153F6399BB84388F545436EA8ECBA85CF3EE4749740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF13B794 Relevance: 4.5, APIs: 3, Instructions: 35COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 00007FF6DF13B7D3
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF6DF13B819
UnhandledExceptionFilter.KERNEL32 ref: 00007FF6DF13B824

Part of subcall function 00007FF6DF134A3C: GetModuleFileNameA.KERNEL32(?,?,?,?,?,00007FF6DF134C98,?,?,?,?,00007FF6DF13B9B0,?,?,00000000,00007FF6DF13BA8F), ref: 00007FF6DF134AFF

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContextFileModuleName
String ID:
API String ID: 2731829486-0
Opcode ID: 8c58bb7ed797525505c44054661b417558aceb7e5a691c4289bd3773b76aa5e5
Instruction ID: 13e1a8d65ebb7ac5afac89d1eae59f124540f5201e3361ab464b867f80138b93
Opcode Fuzzy Hash: 8c58bb7ed797525505c44054661b417558aceb7e5a691c4289bd3773b76aa5e5
Instruction Fuzzy Hash: BA012D35A1CA8651E664D750EC053BE6398FF85704F00013AEA8E866E9EF2CE564C741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF17FD2D Relevance: 4.1, Strings: 3, Instructions: 386COMMON

Download Yara Rule

Strings

header crc mismatch, xrefs: 00007FF6DF180161
unknown header flags set, xrefs: 00007FF6DF17FD76
unknown compression method, xrefs: 00007FF6DF18102C

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID:
String ID: header crc mismatch$unknown compression method$unknown header flags set
API String ID: 0-1578397619
Opcode ID: df0d0e4e8df8f084efee4186e1848929024d1b45ea2204b22b84e92f51a6cc5d
Instruction ID: f433359c6c852bed6ce6a8da299e117a213c14fc33926a306f8d6abca3f7e11f
Opcode Fuzzy Hash: df0d0e4e8df8f084efee4186e1848929024d1b45ea2204b22b84e92f51a6cc5d
Instruction Fuzzy Hash: A4F16F32A083C59BE7A48F15C948A6E3BADFF44740F15453AEA5D97784DF39E510CB80

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF1860F0 Relevance: 4.1, Strings: 3, Instructions: 374COMMON

Download Yara Rule

Strings

invalid distance code, xrefs: 00007FF6DF18653C
invalid literal/length code, xrefs: 00007FF6DF186529
invalid distance too far back, xrefs: 00007FF6DF18655C

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID:
String ID: invalid distance code$invalid distance too far back$invalid literal/length code
API String ID: 0-3255898291
Opcode ID: 23732e4f6eecb6c1eb71d79162414175a8972fd44f4aa65a486f380b26b0b04a
Instruction ID: e5d354f69346b391e44a03ad594a340f7c6fb00925ed4829f8e7dfe5b236c742
Opcode Fuzzy Hash: 23732e4f6eecb6c1eb71d79162414175a8972fd44f4aa65a486f380b26b0b04a
Instruction Fuzzy Hash: B7D12432A1C6D19BD3198F28DD5427C7BA6E791350F548236EA9A837C2DF3DE919C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF17FB9E Relevance: 3.9, Strings: 3, Instructions: 188COMMON

Download Yara Rule

Strings

invalid window size, xrefs: 00007FF6DF17FCB3
incorrect header check, xrefs: 00007FF6DF17FD15
unknown compression method, xrefs: 00007FF6DF18102C

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID:
String ID: incorrect header check$invalid window size$unknown compression method
API String ID: 0-1186847913
Opcode ID: ede247ab170c48cf762a0c6376ed611aaa285cc036adc2761a3a6b5f17a87fe9
Instruction ID: 8b8dba8dc04c545d9b13834ccddeb72a5d5d1c9ddd357ed1a702fc4882a7fe11
Opcode Fuzzy Hash: ede247ab170c48cf762a0c6376ed611aaa285cc036adc2761a3a6b5f17a87fe9
Instruction Fuzzy Hash: AE819173A082C5ABE7A48F15D948B6E37ADFB44350F52413ADA59D7780DF39E850CB80

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF18BEC0 Relevance: 3.2, APIs: 2, Instructions: 228COMMONLIBRARYCODE

Download Yara Rule

APIs

_clrfp.LIBCMT ref: 00007FF6DF18C137
RaiseException.KERNEL32 ref: 00007FF6DF18C148

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: ExceptionRaise_clrfp
String ID:
API String ID: 15204871-0
Opcode ID: 82b0aaa68ebacc901a949387952a3b2324eaf63425a9911d25e270cc80c945ce
Instruction ID: a11c9479bd21448f66203fc5474c5000f82cde7a17bce1619fd70183e7a625dd
Opcode Fuzzy Hash: 82b0aaa68ebacc901a949387952a3b2324eaf63425a9911d25e270cc80c945ce
Instruction Fuzzy Hash: 57B18B33A29B8586E755CF19D58572EBBA4F784B84F158122EB9E837A4CF3DD811CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF13CC50 Relevance: 3.2, APIs: 2, Instructions: 208COMMON

Download Yara Rule

APIs

_errno.LIBCMT ref: 00007FF6DF13CC72

Part of subcall function 00007FF6DF135EA0: DecodePointer.KERNEL32 ref: 00007FF6DF135EC7

_errno.LIBCMT ref: 00007FF6DF13CCBA

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: _errno$DecodePointer
String ID:
API String ID: 2310398763-0
Opcode ID: 9a4a5cbd522ebe96e84ab7319d68946b3dbe7a3809b982694ee8c0c2bf976b96
Instruction ID: e70873581481cf762c4ce12a2e87368e1828d30cb74defcbd270b3b44151ce80
Opcode Fuzzy Hash: 9a4a5cbd522ebe96e84ab7319d68946b3dbe7a3809b982694ee8c0c2bf976b96
Instruction Fuzzy Hash: AD61E4B2F1464A47DB1C8B199C113A8A7DAE7D8744F48C137EA0ECEBD5EE3CA5114640

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF18A060 Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 00007FF6DF18A0A4
_errno.LIBCMT ref: 00007FF6DF18A285

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: _errno
String ID:
API String ID: 2918714741-0
Opcode ID: 3a79943e2908c3dbfc179b629db363d8b2d3345ec7804b87e6d6bd190e76b153
Instruction ID: 7237cb386ef10e1c8e9e22428e989542cfaa31e0c63a590e331cf8df675c042f
Opcode Fuzzy Hash: 3a79943e2908c3dbfc179b629db363d8b2d3345ec7804b87e6d6bd190e76b153
Instruction Fuzzy Hash: C551F631B0818273FA248A669E0067D6B85BB84BE0F144736DE6DDBBD4CF3DA47A5610

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF141EBC Relevance: 1.5, APIs: 1, Instructions: 20COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoA.KERNEL32 ref: 00007FF6DF141EE4

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: 2d17895697f22665b074bdedf699927bcfec02607608809bb84711e6fe8e0409
Instruction ID: 32eecf8197ff951282378651ceb7b22c38a82d964f06ccd356e5c36110bd4da9
Opcode Fuzzy Hash: 2d17895697f22665b074bdedf699927bcfec02607608809bb84711e6fe8e0409
Instruction Fuzzy Hash: 33E0E575A0C68191F6329710EC112AE2B94BFCC769F800233D98CA66A5CF2CE265CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF134A24 Relevance: 1.5, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF6DF134A2F

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: febc88fc19ce6c92fb8499cf9f0894a5fb4a33736e12b1c98f3fa80ac75d75c1
Instruction ID: 0d2caba413f9e4ff0f592a2f5bb978e6abfc699eca98cf3a74f172ad2f4b5879
Opcode Fuzzy Hash: febc88fc19ce6c92fb8499cf9f0894a5fb4a33736e12b1c98f3fa80ac75d75c1
Instruction Fuzzy Hash: BCB09224E26452C1D604AB21AC9606813A87B6C304FC20532C00EC2120DF1C92EA8700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF185DA0 Relevance: 1.4, Strings: 1, Instructions: 195COMMON

Download Yara Rule

Strings

, xrefs: 00007FF6DF185DE5

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: b36e1e7a045c60b824c1e2ebf126f30ac6b1a7dd7b7bc924fcfbb5eec67f9400
Instruction ID: 787cddbca778d020243b0b5e52fabe4fef3c1062dd66454aa4ccb9b8946b992c
Opcode Fuzzy Hash: b36e1e7a045c60b824c1e2ebf126f30ac6b1a7dd7b7bc924fcfbb5eec67f9400
Instruction Fuzzy Hash: A5716E733341B48BE7654B2EA810AAE7390F76674DFD56215EBC647B81CA3EB900CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF17DD90 Relevance: .7, Instructions: 684COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47159200a48e86628d7c9a3d603dc054422682cb0b5a1478a457b7aca4da1894
Instruction ID: 02b5c22267d707744c152caf6fb6cbe81af12e4e28f3d4fc65eb529ab9a8c19e
Opcode Fuzzy Hash: 47159200a48e86628d7c9a3d603dc054422682cb0b5a1478a457b7aca4da1894
Instruction Fuzzy Hash: 94620936D187D184D7128B3584653FC77A8FF66B89F084337EE8AA7296EF295052C720

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF17AE90 Relevance: .5, Instructions: 454COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8238e3cf193c99a362717c48055a9444ce2d5ff9030805d2da00b233e3b05233
Instruction ID: c2bfd95c9284082a4ffdf5635ecd2b9cf99c0f77a5904d72b31e3522772d567d
Opcode Fuzzy Hash: 8238e3cf193c99a362717c48055a9444ce2d5ff9030805d2da00b233e3b05233
Instruction Fuzzy Hash: 9B026562A0C2E586D7A88B269414B7DBFE8E711741F08412BEBCD87795DB3CE970D720

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF17D500 Relevance: .4, Instructions: 427COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 025b9ad99b1ff572b659c375f5b8c60de1a6015af8314bd5f0ecbdeb24a6c836
Instruction ID: 9b9bdc44051aedb217aa139ad7760265fff8f007b4e4b0f81e1afc16635bb2b5
Opcode Fuzzy Hash: 025b9ad99b1ff572b659c375f5b8c60de1a6015af8314bd5f0ecbdeb24a6c836
Instruction Fuzzy Hash: BF12D632D14B8589E3128B3594513BEB358BF96BC4F158333D94EB7766EF38A4A68700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF14AD50 Relevance: .4, Instructions: 368COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0f217c405514c0f3561c6ed046aedb4f01642007735fdc37ca391be5a3e3ae8
Instruction ID: 90dba061b6329bf156c8133dff6066449d5f2a2aed4f12f7c5ec5537d0adc2f7
Opcode Fuzzy Hash: b0f217c405514c0f3561c6ed046aedb4f01642007735fdc37ca391be5a3e3ae8
Instruction Fuzzy Hash: 52E13531D2CB8D04F123563618121BD93985FBF6C9F1ADB33F85AB56B2EF1A74A29140

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF17C770 Relevance: .4, Instructions: 359COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 029b336bf30ed2f7bec94cdb2b5a8cb17d071f6baaeaace4d145d660a0607d1a
Instruction ID: d0afef265b75dbd6f3bbe172c1e69e090c5f26b4356abe9065eede22cf83fd7a
Opcode Fuzzy Hash: 029b336bf30ed2f7bec94cdb2b5a8cb17d071f6baaeaace4d145d660a0607d1a
Instruction Fuzzy Hash: ABD15623A0D2E489DB5A972BA9202BD3FA5E756B81F084072DFDD43782DB2DD171D310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF17CEC0 Relevance: .3, Instructions: 328COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6954b6e4737ab4b2ca0fecac0228469a71fe5a65649ac50c6c8549f6564ab95
Instruction ID: 54ff05f9434afd106781efe850f712167def26572952d4c5f53f5a0b7419655d
Opcode Fuzzy Hash: d6954b6e4737ab4b2ca0fecac0228469a71fe5a65649ac50c6c8549f6564ab95
Instruction Fuzzy Hash: DDD135B3A0D1E6C9E7218A39C8113BC7FE4E712750F588267DAD8836C6DB1ED61AD310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF1899D0 Relevance: .3, Instructions: 326COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40d6a917c148eb3381e0420fb6e3fdb1c31712f2bff07ff68903fcfc993666fb
Instruction ID: eb175515054f430a34800da661f72733a67262d30e52e03b0453e7241566e69a
Opcode Fuzzy Hash: 40d6a917c148eb3381e0420fb6e3fdb1c31712f2bff07ff68903fcfc993666fb
Instruction Fuzzy Hash: 17D11730E0C38665EAB486718E407FE5B989F51FD8F904733E95EAA3C9EF2CA4605640

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF17F190 Relevance: .3, Instructions: 265COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce07593d14d62a78bfe10082920544f58778a598507beaa1df00bf7a6ada6699
Instruction ID: 7f509321249cf23223298f8590cae7187144b512c4f18de72f2cbc9b58ada3d3
Opcode Fuzzy Hash: ce07593d14d62a78bfe10082920544f58778a598507beaa1df00bf7a6ada6699
Instruction Fuzzy Hash: 49C12C76B08682A7EA5C9B65DA413BE73A5FB04BD0F10413ADB6DC7681CF28E471C784

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF13D49C Relevance: .2, Instructions: 202COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ddd27ead7e1e94c707d35bea90786384271bc90238ec97afb498045fa7f18495
Instruction ID: 36da0a84dd943558e1276c271c2217bc12e1375e3683577edf10450f0a361e7b
Opcode Fuzzy Hash: ddd27ead7e1e94c707d35bea90786384271bc90238ec97afb498045fa7f18495
Instruction Fuzzy Hash: F971A0B2F0814A4BD35CCB28DD5167CB79AE7E4305F588136D90DCAA99EF39F9208B00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF170FC0 Relevance: 47.5, APIs: 26, Strings: 1, Instructions: 243windowCOMMON

Download Yara Rule

APIs

SetBkColor.GDI32 ref: 00007FF6DF171013
SetTextColor.GDI32 ref: 00007FF6DF171028
CreateCompatibleDC.GDI32 ref: 00007FF6DF171035
CreateCompatibleDC.GDI32 ref: 00007FF6DF171052
CreateCompatibleBitmap.GDI32 ref: 00007FF6DF17107C
SelectObject.GDI32 ref: 00007FF6DF171094
BitBlt.GDI32 ref: 00007FF6DF1710D1
CreateBitmap.GDI32 ref: 00007FF6DF1710F2
SelectObject.GDI32 ref: 00007FF6DF17110A
SetBkColor.GDI32 ref: 00007FF6DF17111F
BitBlt.GDI32 ref: 00007FF6DF171149
SetBkColor.GDI32 ref: 00007FF6DF171165
SetTextColor.GDI32 ref: 00007FF6DF171173
BitBlt.GDI32 ref: 00007FF6DF17119D
BitBlt.GDI32 ref: 00007FF6DF1711F8
BitBlt.GDI32 ref: 00007FF6DF171234
StretchBlt.GDI32 ref: 00007FF6DF171285
StretchBlt.GDI32 ref: 00007FF6DF1712D2
SelectObject.GDI32 ref: 00007FF6DF1712F1
DeleteDC.GDI32 ref: 00007FF6DF17134C
SelectObject.GDI32 ref: 00007FF6DF171362
DeleteObject.GDI32 ref: 00007FF6DF17136B
DeleteDC.GDI32 ref: 00007FF6DF171379
DeleteObject.GDI32 ref: 00007FF6DF17138F
SetBkColor.GDI32 ref: 00007FF6DF17139B
SetTextColor.GDI32 ref: 00007FF6DF1713A8

Strings

, xrefs: 00007FF6DF171125

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Color$Object$CreateDeleteSelect$CompatibleText$BitmapStretch
String ID:
API String ID: 796540309-3916222277
Opcode ID: 0bf7f6db51d07c0f27094fc2f54ba82b53fc8f47f7640cd56988f8ec19832266
Instruction ID: 2858796ea3efe3ced2605e1973e9af72027add02be56badd0dce325e13f387e5
Opcode Fuzzy Hash: 0bf7f6db51d07c0f27094fc2f54ba82b53fc8f47f7640cd56988f8ec19832266
Instruction Fuzzy Hash: C0B11E75A0878187E7608F12E84476EB7A8FB88B94F14413ADE8E93B58DF3CD495CB04

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF12CAE4 Relevance: 42.0, APIs: 12, Strings: 12, Instructions: 43registryclipboardCOMMON

Download Yara Rule

APIs

RegisterClipboardFormatW.USER32 ref: 00007FF6DF12CAF4
RegisterClipboardFormatW.USER32 ref: 00007FF6DF12CB03
RegisterClipboardFormatW.USER32 ref: 00007FF6DF12CB13
RegisterClipboardFormatW.USER32 ref: 00007FF6DF12CB23
RegisterClipboardFormatW.USER32 ref: 00007FF6DF12CB33
RegisterClipboardFormatW.USER32 ref: 00007FF6DF12CB43
RegisterClipboardFormatW.USER32 ref: 00007FF6DF12CB53
RegisterClipboardFormatW.USER32 ref: 00007FF6DF12CB63
RegisterClipboardFormatW.USER32 ref: 00007FF6DF12CB73
RegisterClipboardFormatW.USER32 ref: 00007FF6DF12CB83
RegisterClipboardFormatW.USER32 ref: 00007FF6DF12CB93
RegisterClipboardFormatW.USER32 ref: 00007FF6DF12CBA3

Strings

Native, xrefs: 00007FF6DF12CAED
ObjectLink, xrefs: 00007FF6DF12CB09
Link Source, xrefs: 00007FF6DF12CB39
RichEdit Text and Objects, xrefs: 00007FF6DF12CB99
Rich Text Format, xrefs: 00007FF6DF12CB89
Object Descriptor, xrefs: 00007FF6DF12CB49
Embed Source, xrefs: 00007FF6DF12CB29
OwnerLink, xrefs: 00007FF6DF12CAFA
Link Source Descriptor, xrefs: 00007FF6DF12CB59
FileName, xrefs: 00007FF6DF12CB69
FileNameW, xrefs: 00007FF6DF12CB79
Embedded Object, xrefs: 00007FF6DF12CB19

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: ClipboardFormatRegister
String ID: Embed Source$Embedded Object$FileName$FileNameW$Link Source$Link Source Descriptor$Native$Object Descriptor$ObjectLink$OwnerLink$Rich Text Format$RichEdit Text and Objects
API String ID: 1228543026-2889995556
Opcode ID: c80660058d6ca51c997b497e3192066729456680e8f1fd282fb5b75f805b0cba
Instruction ID: 3991b6e878199e84a52bc6f80a5874e3650f5ee637174b997295ccd9b4850351
Opcode Fuzzy Hash: c80660058d6ca51c997b497e3192066729456680e8f1fd282fb5b75f805b0cba
Instruction Fuzzy Hash: 6D210D75D09A069AEF009F70EC6826C3769FB54B19B804537C52EC3664EF3CE1AAC785

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF104A30 Relevance: 38.7, APIs: 21, Strings: 1, Instructions: 190fileCOMMON

Download Yara Rule

APIs

malloc.LIBCMT ref: 00007FF6DF104A6F
CreateFileW.KERNEL32 ref: 00007FF6DF104ADB
free.LIBCMT ref: 00007FF6DF104AED

Strings

%s\PuranWipeDiskFile%d, xrefs: 00007FF6DF104A9B

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: CreateFilefreemalloc
String ID: %s\PuranWipeDiskFile%d
API String ID: 2102835821-396753683
Opcode ID: 7f0637bce656e84dc5d873c0638cc909403c0301f3c3d623cdf2a2edc2aa0db9
Instruction ID: dff979b93dae9d7d41212773b4d6d10c5e0bfd60fffa374eaec537e7eaae8d6c
Opcode Fuzzy Hash: 7f0637bce656e84dc5d873c0638cc909403c0301f3c3d623cdf2a2edc2aa0db9
Instruction Fuzzy Hash: AC71CF30A0C65292FA249B16AC9427D23A8BF86BA0F500237DD6E83791CF7CE5B58744

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF13DA64 Relevance: 36.9, APIs: 15, Strings: 6, Instructions: 130libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(?,?,?,00000000,00000000,000000FC,00000001,00007FF6DF134C04,?,?,?,?,?,00007FF6DF134C98), ref: 00007FF6DF13DAA1
GetProcAddress.KERNEL32(?,?,?,00000000,00000000,000000FC,00000001,00007FF6DF134C04,?,?,?,?,?,00007FF6DF134C98), ref: 00007FF6DF13DABD
GetProcAddress.KERNEL32(?,?,?,00000000,00000000,000000FC,00000001,00007FF6DF134C04,?,?,?,?,?,00007FF6DF134C98), ref: 00007FF6DF13DAE5
EncodePointer.KERNEL32(?,?,?,00000000,00000000,000000FC,00000001,00007FF6DF134C04,?,?,?,?,?,00007FF6DF134C98), ref: 00007FF6DF13DAEE
GetProcAddress.KERNEL32(?,?,?,00000000,00000000,000000FC,00000001,00007FF6DF134C04,?,?,?,?,?,00007FF6DF134C98), ref: 00007FF6DF13DB04
EncodePointer.KERNEL32(?,?,?,00000000,00000000,000000FC,00000001,00007FF6DF134C04,?,?,?,?,?,00007FF6DF134C98), ref: 00007FF6DF13DB0D
GetProcAddress.KERNEL32(?,?,?,00000000,00000000,000000FC,00000001,00007FF6DF134C04,?,?,?,?,?,00007FF6DF134C98), ref: 00007FF6DF13DB23
EncodePointer.KERNEL32(?,?,?,00000000,00000000,000000FC,00000001,00007FF6DF134C04,?,?,?,?,?,00007FF6DF134C98), ref: 00007FF6DF13DB2C
GetProcAddress.KERNEL32(?,?,?,00000000,00000000,000000FC,00000001,00007FF6DF134C04,?,?,?,?,?,00007FF6DF134C98), ref: 00007FF6DF13DB4A
EncodePointer.KERNEL32(?,?,?,00000000,00000000,000000FC,00000001,00007FF6DF134C04,?,?,?,?,?,00007FF6DF134C98), ref: 00007FF6DF13DB53
DecodePointer.KERNEL32(?,?,?,00000000,00000000,000000FC,00000001,00007FF6DF134C04,?,?,?,?,?,00007FF6DF134C98), ref: 00007FF6DF13DB85
DecodePointer.KERNEL32(?,?,?,00000000,00000000,000000FC,00000001,00007FF6DF134C04,?,?,?,?,?,00007FF6DF134C98), ref: 00007FF6DF13DB94
DecodePointer.KERNEL32(?,?,?,00000000,00000000,000000FC,00000001,00007FF6DF134C04,?,?,?,?,?,00007FF6DF134C98), ref: 00007FF6DF13DBEC
DecodePointer.KERNEL32(?,?,?,00000000,00000000,000000FC,00000001,00007FF6DF134C04,?,?,?,?,?,00007FF6DF134C98), ref: 00007FF6DF13DC0C
DecodePointer.KERNEL32(?,?,?,00000000,00000000,000000FC,00000001,00007FF6DF134C04,?,?,?,?,?,00007FF6DF134C98), ref: 00007FF6DF13DC25

Strings

USER32.DLL, xrefs: 00007FF6DF13DA9A
GetLastActivePopup, xrefs: 00007FF6DF13DAF3
GetUserObjectInformationA, xrefs: 00007FF6DF13DB12
GetProcessWindowStation, xrefs: 00007FF6DF13DB40
MessageBoxA, xrefs: 00007FF6DF13DAB3
GetActiveWindow, xrefs: 00007FF6DF13DAD4

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Pointer$AddressDecodeProc$Encode$LibraryLoad
String ID: GetActiveWindow$GetLastActivePopup$GetProcessWindowStation$GetUserObjectInformationA$MessageBoxA$USER32.DLL
API String ID: 3085332118-232180764
Opcode ID: 032e40bed9717ef6656ded078f46d0786ba43081002fb186fbbc3297bca9c104
Instruction ID: e49c004e5f50d65235ecc284fbfb0b0eb80b716fe19ccafeded2c706112c1c20
Opcode Fuzzy Hash: 032e40bed9717ef6656ded078f46d0786ba43081002fb186fbbc3297bca9c104
Instruction Fuzzy Hash: 1551F474A0AB6780FA55DB12AD6027C23E86F89B80F480437DC1EC3799EF7DE5A18311

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF1459A8 Relevance: 30.5, APIs: 20, Instructions: 485COMMONLIBRARYCODE

Download Yara Rule

APIs

__doserrno.LIBCMT ref: 00007FF6DF1459DB
_errno.LIBCMT ref: 00007FF6DF1459E4
__doserrno.LIBCMT ref: 00007FF6DF145A3E
_errno.LIBCMT ref: 00007FF6DF145A45

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: __doserrno_errno
String ID:
API String ID: 921712934-0
Opcode ID: 425ec1fe3d7b8caf3550a7301d09a92044506aac0cafc79d68eb52c0dccc1fe9
Instruction ID: 2db9aec12318d3ea837ca0e6621dec2b33d33f256db572d4bb6b781030ec2606
Opcode Fuzzy Hash: 425ec1fe3d7b8caf3550a7301d09a92044506aac0cafc79d68eb52c0dccc1fe9
Instruction Fuzzy Hash: 4F221632A0C68286E7219B159C442BC6B99EFC975CF988137DA5E83BD5CF3DE464C306

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF1080C0 Relevance: 29.8, APIs: 8, Strings: 9, Instructions: 76libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(?,?,00000000,00007FF6DF1082B8), ref: 00007FF6DF1080F5
GetProcAddress.KERNEL32(?,?,00000000,00007FF6DF1082B8), ref: 00007FF6DF108111
GetProcAddress.KERNEL32(?,?,00000000,00007FF6DF1082B8), ref: 00007FF6DF108131
GetProcAddress.KERNEL32(?,?,00000000,00007FF6DF1082B8), ref: 00007FF6DF108151
GetProcAddress.KERNEL32(?,?,00000000,00007FF6DF1082B8), ref: 00007FF6DF108171
GetProcAddress.KERNEL32(?,?,00000000,00007FF6DF1082B8), ref: 00007FF6DF10818D
GetProcAddress.KERNEL32(?,?,00000000,00007FF6DF1082B8), ref: 00007FF6DF1081A9
GetProcAddress.KERNEL32(?,?,00000000,00007FF6DF1082B8), ref: 00007FF6DF1081D4

Strings

GetMonitorInfoW, xrefs: 00007FF6DF1081BE
EnumDisplayDevicesW, xrefs: 00007FF6DF10819F
GetSystemMetrics, xrefs: 00007FF6DF108107
EnumDisplayMonitors, xrefs: 00007FF6DF108183
MonitorFromWindow, xrefs: 00007FF6DF108127
MonitorFromRect, xrefs: 00007FF6DF108147
MonitorFromPoint, xrefs: 00007FF6DF108167
GetMonitorInfoA, xrefs: 00007FF6DF1081CD
USER32, xrefs: 00007FF6DF1080E8

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: AddressProc$HandleModule
String ID: EnumDisplayDevicesW$EnumDisplayMonitors$GetMonitorInfoA$GetMonitorInfoW$GetSystemMetrics$MonitorFromPoint$MonitorFromRect$MonitorFromWindow$USER32
API String ID: 667068680-2451437823
Opcode ID: a489ee33c7f711672578cedcf64785d3b08a020dd0448a2438cfb71def8c7293
Instruction ID: e23f006a473c334ee29b7c3d7ff0c16530cb8795bc3799525eb126eb27cf30b8
Opcode Fuzzy Hash: a489ee33c7f711672578cedcf64785d3b08a020dd0448a2438cfb71def8c7293
Instruction Fuzzy Hash: 8641B234A0CB96A5FA00AB56BE4523C23ADAF48390F588437C86DD6364DFBDA5B4C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF16B190 Relevance: 26.7, APIs: 12, Strings: 3, Instructions: 492windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32 ref: 00007FF6DF16B1DD
SendMessageW.USER32 ref: 00007FF6DF16B2C4
SendMessageW.USER32 ref: 00007FF6DF16B38E
MultiByteToWideChar.KERNEL32 ref: 00007FF6DF16B3AE
MultiByteToWideChar.KERNEL32 ref: 00007FF6DF16B3F6
GetParent.USER32 ref: 00007FF6DF16B551
SendMessageW.USER32 ref: 00007FF6DF16B578
SendMessageW.USER32 ref: 00007FF6DF16B62B
ImageList_GetIconSize.COMCTL32 ref: 00007FF6DF16B66C
GetTextExtentPoint32W.GDI32 ref: 00007FF6DF16B6B7
GetTextExtentPoint32W.GDI32 ref: 00007FF6DF16B7DD
OffsetRect.USER32 ref: 00007FF6DF16B954

Strings

d, xrefs: 00007FF6DF16B4B6
., xrefs: 00007FF6DF16B354
., xrefs: 00007FF6DF16B237

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: MessageSend$ByteCharExtentMultiPoint32TextWide$IconImageList_OffsetParentRectSize
String ID: .$.$d
API String ID: 3116280252-510095644
Opcode ID: 5951448b9fbf5c1d6f91aca1fca1b29b82e463f5bf795594a1dc37a88dbd407a
Instruction ID: f6e6bf18c94469a1fbd6eccb1af52f67c0c667bcf0d92ce1f94a8ff40a0d2df2
Opcode Fuzzy Hash: 5951448b9fbf5c1d6f91aca1fca1b29b82e463f5bf795594a1dc37a88dbd407a
Instruction Fuzzy Hash: 71325D76A096818BD764CF15E8446AEB7A9FB88784F108136EB8D83B58DF3CE455CF40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF13AE40 Relevance: 26.6, APIs: 11, Strings: 4, Instructions: 337COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00007FF6DF1329E4: RtlLookupFunctionEntry.KERNEL32 ref: 00007FF6DF132A58

__GetUnwindTryBlock.LIBCMT ref: 00007FF6DF13AEB1
__SetUnwindTryBlock.LIBCMT ref: 00007FF6DF13AED9

Part of subcall function 00007FF6DF13304C: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FF6DF1D1660,00007FF6DF11155D), ref: 00007FF6DF1330CC

__GetUnwindTryBlock.LIBCMT ref: 00007FF6DF13AEE3
_getptd.LIBCMT ref: 00007FF6DF13AF38
_getptd.LIBCMT ref: 00007FF6DF13AF4A
_getptd.LIBCMT ref: 00007FF6DF13AF56
_SetThrowImageBase.LIBCMT ref: 00007FF6DF13AF73
_getptd.LIBCMT ref: 00007FF6DF13AFC3
_getptd.LIBCMT ref: 00007FF6DF13AFD5
_getptd.LIBCMT ref: 00007FF6DF13AFE1
_getptd.LIBCMT ref: 00007FF6DF13B322

Strings

csm, xrefs: 00007FF6DF13B0BF
bad exception, xrefs: 00007FF6DF13B06F
csm, xrefs: 00007FF6DF13AF8F
csm, xrefs: 00007FF6DF13AEF9

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: _getptd$BlockUnwind$BaseEntryExceptionFunctionImageLookupRaiseThrow
String ID: bad exception$csm$csm$csm
API String ID: 2351602029-820278400
Opcode ID: 45ef3f16e0891f493f2dd99fd84e8b5de8bdb17462aebeeaad4cc207523dbbbc
Instruction ID: df8c552cb7b196896a57abe474b86edc6fde5d7ad456063c3c63b1f779550354
Opcode Fuzzy Hash: 45ef3f16e0891f493f2dd99fd84e8b5de8bdb17462aebeeaad4cc207523dbbbc
Instruction Fuzzy Hash: A8E1B372A0C68286DA70EB21A8402BD77E8FB54784F444537DE8D87B96DF3CE4A5C701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF14674C Relevance: 24.3, APIs: 16, Instructions: 348COMMON

Download Yara Rule

APIs

CompareStringW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DF146C8E), ref: 00007FF6DF1467B9
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DF146C8E), ref: 00007FF6DF1467CD
GetCPInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DF146C8E), ref: 00007FF6DF1468D0

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: CompareErrorInfoLastString
String ID:
API String ID: 3723911898-0
Opcode ID: eb9027418c2ec171599165fc7e36d26424f4518fea93dd2071e1fae54b24c63e
Instruction ID: fbf83a57cb8418c4e8e338a9fa809f96deab0afe575dd73a9afe113d7bae2de3
Opcode Fuzzy Hash: eb9027418c2ec171599165fc7e36d26424f4518fea93dd2071e1fae54b24c63e
Instruction Fuzzy Hash: A4E19072B082829AEB309F119C542BDAB99FB8979CF544537DA5D87BC4DF3CA964C300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF10AFC8 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 156windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6DF11062C: GetWindowLongW.USER32 ref: 00007FF6DF110643

GetParent.USER32 ref: 00007FF6DF10B003
SendMessageW.USER32 ref: 00007FF6DF10B02C
GetWindowRect.USER32 ref: 00007FF6DF10B042
GetWindowLongW.USER32 ref: 00007FF6DF10B05F
CopyRect.USER32 ref: 00007FF6DF10B0CC
GetWindowRect.USER32 ref: 00007FF6DF10B0DC

Part of subcall function 00007FF6DF1082A4: MonitorFromWindow.USER32 ref: 00007FF6DF1082C1

Part of subcall function 00007FF6DF108324: GetMonitorInfoW.USER32 ref: 00007FF6DF108343
Part of subcall function 00007FF6DF108324: MultiByteToWideChar.KERNEL32 ref: 00007FF6DF108376

CopyRect.USER32 ref: 00007FF6DF10B109
GetParent.USER32 ref: 00007FF6DF10B115
GetClientRect.USER32 ref: 00007FF6DF10B126
GetClientRect.USER32 ref: 00007FF6DF10B134
MapWindowPoints.USER32 ref: 00007FF6DF10B14B

Part of subcall function 00007FF6DF1109D0: SetWindowPos.USER32 ref: 00007FF6DF110A0A

Strings

(, xrefs: 00007FF6DF10B074

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Window$Rect$ClientCopyLongMonitorParent$ByteCharFromInfoMessageMultiPointsSendWide
String ID: (
API String ID: 3022328850-3887548279
Opcode ID: 53564732b50cef48a7ed8e5e7b4b446322397c95c0391bc59363f08241d6e09a
Instruction ID: 864a596031e7f1d4555940345cf077a5dc700bff509c2570b6429c6f2e295701
Opcode Fuzzy Hash: 53564732b50cef48a7ed8e5e7b4b446322397c95c0391bc59363f08241d6e09a
Instruction Fuzzy Hash: 5061863271C64287DA14DB26E94452EB769FB85B90F544432DB9EC3B48DFBDE8648B00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF102CC0 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 149registrywindowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32 ref: 00007FF6DF102CEE
malloc.LIBCMT ref: 00007FF6DF102CFC

Part of subcall function 00007FF6DF131B7C: _FF_MSGBANNER.LIBCMT ref: 00007FF6DF131BAC
Part of subcall function 00007FF6DF131B7C: RtlAllocateHeap.NTDLL(?,?,00000018,00007FF6DF10630C), ref: 00007FF6DF131BD1
Part of subcall function 00007FF6DF131B7C: _errno.LIBCMT ref: 00007FF6DF131BF5
Part of subcall function 00007FF6DF131B7C: _errno.LIBCMT ref: 00007FF6DF131C00

malloc.LIBCMT ref: 00007FF6DF102D26
malloc.LIBCMT ref: 00007FF6DF102D4D
RegCreateKeyExW.ADVAPI32 ref: 00007FF6DF102E78
RegSetValueExW.ADVAPI32 ref: 00007FF6DF102EA1
free.LIBCMT ref: 00007FF6DF102EAA

Part of subcall function 00007FF6DF131D18: RtlRestoreThreadPreferredUILanguages.NTDLL(?,?,00000000,00007FF6DF1357EC,?,?,00000018,00007FF6DF133831,?,?,?,?,00007FF6DF131C1A,?,?,00000018), ref: 00007FF6DF131D2E
Part of subcall function 00007FF6DF131D18: _errno.LIBCMT ref: 00007FF6DF131D38
Part of subcall function 00007FF6DF131D18: GetLastError.KERNEL32(?,?,00000000,00007FF6DF1357EC,?,?,00000018,00007FF6DF133831,?,?,?,?,00007FF6DF131C1A,?,?,00000018), ref: 00007FF6DF131D40

free.LIBCMT ref: 00007FF6DF102EB2
free.LIBCMT ref: 00007FF6DF102EBA

Strings

Software\Puran Software\Wipe Disk, xrefs: 00007FF6DF102E3C
(, xrefs: 00007FF6DF102DD4
?, xrefs: 00007FF6DF102E6B
Drives, xrefs: 00007FF6DF102E8E

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: _errnofreemalloc$AllocateCreateErrorHeapLanguagesLastMessagePreferredRestoreSendThreadValue
String ID: ($?$Drives$Software\Puran Software\Wipe Disk
API String ID: 1367556934-788298795
Opcode ID: d1af78d707189605f5a496485526758ef621454073d8eec6577254be7c98705c
Instruction ID: 1dc01c146ac527a95a6e38b738e40119caff42eec779fd68ebc303205384de2a
Opcode Fuzzy Hash: d1af78d707189605f5a496485526758ef621454073d8eec6577254be7c98705c
Instruction Fuzzy Hash: 3B515630B0868251EB60AB27AC0457E23D8FF8AB94F44463AED5D87BD5DFBCE4618300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF16CE70 Relevance: 19.7, APIs: 13, Instructions: 234windowtimeCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6DF1062E0: malloc.LIBCMT ref: 00007FF6DF106307

GetParent.USER32 ref: 00007FF6DF16CED3
SetCapture.USER32 ref: 00007FF6DF16D01C
SetCapture.USER32 ref: 00007FF6DF16D07E
CopyRect.USER32 ref: 00007FF6DF16D09B
GetCapture.USER32 ref: 00007FF6DF16D0C3
GetCapture.USER32 ref: 00007FF6DF16D0D3
GetMessageW.USER32 ref: 00007FF6DF16D0F0
ScreenToClient.USER32 ref: 00007FF6DF16D15B

Part of subcall function 00007FF6DF1614A0: GetWindowRect.USER32 ref: 00007FF6DF17077A
Part of subcall function 00007FF6DF1614A0: GetWindowLongW.USER32 ref: 00007FF6DF170798

TranslateMessage.USER32 ref: 00007FF6DF16D187
DispatchMessageW.USER32 ref: 00007FF6DF16D192
GetCapture.USER32 ref: 00007FF6DF16D198
GetCapture.USER32 ref: 00007FF6DF16D1B3
KillTimer.USER32 ref: 00007FF6DF16D1D0

Part of subcall function 00007FF6DF16CA70: PtInRect.USER32 ref: 00007FF6DF16CAB7
Part of subcall function 00007FF6DF16CA70: GetKeyState.USER32 ref: 00007FF6DF16CB0A

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Capture$MessageRect$Window$ClientCopyDispatchKillLongParentScreenStateTimerTranslatemalloc
String ID:
API String ID: 588806548-0
Opcode ID: f09f453828eb5e2c256e88ca83d2588bc432ca37f911848e15289cf82a16c5a6
Instruction ID: 2d9ada901e0e82a86550f9579bd2e7dc3dce469f0820cf9b172a443ab0338256
Opcode Fuzzy Hash: f09f453828eb5e2c256e88ca83d2588bc432ca37f911848e15289cf82a16c5a6
Instruction Fuzzy Hash: ACB14E72A086428BE764DF25D98466D77A9FB44748F100036EB4EC7A94CF7DE8A5CB80

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF135828 Relevance: 18.1, APIs: 12, Instructions: 82COMMON

Download Yara Rule

APIs

free.LIBCMT ref: 00007FF6DF135847

Part of subcall function 00007FF6DF131D18: RtlRestoreThreadPreferredUILanguages.NTDLL(?,?,00000000,00007FF6DF1357EC,?,?,00000018,00007FF6DF133831,?,?,?,?,00007FF6DF131C1A,?,?,00000018), ref: 00007FF6DF131D2E
Part of subcall function 00007FF6DF131D18: _errno.LIBCMT ref: 00007FF6DF131D38
Part of subcall function 00007FF6DF131D18: GetLastError.KERNEL32(?,?,00000000,00007FF6DF1357EC,?,?,00000018,00007FF6DF133831,?,?,?,?,00007FF6DF131C1A,?,?,00000018), ref: 00007FF6DF131D40

free.LIBCMT ref: 00007FF6DF135855
free.LIBCMT ref: 00007FF6DF135863
free.LIBCMT ref: 00007FF6DF135871
free.LIBCMT ref: 00007FF6DF13587F
free.LIBCMT ref: 00007FF6DF13588D
free.LIBCMT ref: 00007FF6DF13589E
free.LIBCMT ref: 00007FF6DF1358B6
_lock.LIBCMT ref: 00007FF6DF1358C0
free.LIBCMT ref: 00007FF6DF1358EE
_lock.LIBCMT ref: 00007FF6DF135903
free.LIBCMT ref: 00007FF6DF13594D

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: free$_lock$ErrorLanguagesLastPreferredRestoreThread_errno
String ID:
API String ID: 2088697859-0
Opcode ID: a840553ce773c269e8613abe1f3d1d80e3558e475fecb416cb7e99904ce02521
Instruction ID: c9892a7d01dc9bbc03c99faceb345b76a31ea91d3166adce274510d8357a4701
Opcode Fuzzy Hash: a840553ce773c269e8613abe1f3d1d80e3558e475fecb416cb7e99904ce02521
Instruction Fuzzy Hash: A7312B31E0A60345FE98EBA2986177C23D9AF82F54F440137D90EA76D6DF1CF8608351

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF1048C0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 107fileCOMMON

Download Yara Rule

APIs

malloc.LIBCMT ref: 00007FF6DF1048E4

Part of subcall function 00007FF6DF131B7C: _FF_MSGBANNER.LIBCMT ref: 00007FF6DF131BAC
Part of subcall function 00007FF6DF131B7C: RtlAllocateHeap.NTDLL(?,?,00000018,00007FF6DF10630C), ref: 00007FF6DF131BD1
Part of subcall function 00007FF6DF131B7C: _errno.LIBCMT ref: 00007FF6DF131BF5
Part of subcall function 00007FF6DF131B7C: _errno.LIBCMT ref: 00007FF6DF131C00

GetDiskFreeSpaceExW.KERNEL32 ref: 00007FF6DF104952
free.LIBCMT ref: 00007FF6DF10495F
free.LIBCMT ref: 00007FF6DF104974

Part of subcall function 00007FF6DF131D18: RtlRestoreThreadPreferredUILanguages.NTDLL(?,?,00000000,00007FF6DF1357EC,?,?,00000018,00007FF6DF133831,?,?,?,?,00007FF6DF131C1A,?,?,00000018), ref: 00007FF6DF131D2E
Part of subcall function 00007FF6DF131D18: _errno.LIBCMT ref: 00007FF6DF131D38
Part of subcall function 00007FF6DF131D18: GetLastError.KERNEL32(?,?,00000000,00007FF6DF1357EC,?,?,00000018,00007FF6DF133831,?,?,?,?,00007FF6DF131C1A,?,?,00000018), ref: 00007FF6DF131D40

malloc.LIBCMT ref: 00007FF6DF104986

Part of subcall function 00007FF6DF131B7C: _errno.LIBCMT ref: 00007FF6DF131C15

WriteFile.KERNEL32 ref: 00007FF6DF1049E4
GetLastError.KERNEL32 ref: 00007FF6DF1049EE
FlushFileBuffers.KERNEL32 ref: 00007FF6DF104A11
free.LIBCMT ref: 00007FF6DF104A1A

Strings

\, xrefs: 00007FF6DF104929

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: _errno$free$ErrorFileLastmalloc$AllocateBuffersDiskFlushFreeHeapLanguagesPreferredRestoreSpaceThreadWrite
String ID: \
API String ID: 2403176548-2967466578
Opcode ID: 314c115252fdbc078caa11815e2b3e60a7e992633f3fea663c27067fd874c285
Instruction ID: e0166343750a6123adf6a1cd3f41e12711d4fa75efa1849d37e05b2cdcaaf933
Opcode Fuzzy Hash: 314c115252fdbc078caa11815e2b3e60a7e992633f3fea663c27067fd874c285
Instruction Fuzzy Hash: C041E231E0865252FA10EB67AC442BE6398AF8ABD0F444236EE5D877D5DF7CE5608740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF116CA0 Relevance: 17.5, APIs: 5, Strings: 5, Instructions: 28libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF6DF116CB9
GetProcAddress.KERNEL32 ref: 00007FF6DF116CDB
GetProcAddress.KERNEL32 ref: 00007FF6DF116CF6
GetProcAddress.KERNEL32 ref: 00007FF6DF116D11
GetProcAddress.KERNEL32 ref: 00007FF6DF116D2C

Strings

DeactivateActCtx, xrefs: 00007FF6DF116D1E
ActivateActCtx, xrefs: 00007FF6DF116D03
KERNEL32, xrefs: 00007FF6DF116CB2
CreateActCtxW, xrefs: 00007FF6DF116CD1
ReleaseActCtx, xrefs: 00007FF6DF116CE8

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: AddressProc$HandleModule
String ID: ActivateActCtx$CreateActCtxW$DeactivateActCtx$KERNEL32$ReleaseActCtx
API String ID: 667068680-2424895508
Opcode ID: 0814977d456032269ffc6379a3a7f687600fb83caac84a6c9da8ae7ebea7b3a6
Instruction ID: b93a45d1c274cb3efdad15ad438a8f8d2cc6e24f9e4f8a03a95bb6d2963bb98c
Opcode Fuzzy Hash: 0814977d456032269ffc6379a3a7f687600fb83caac84a6c9da8ae7ebea7b3a6
Instruction Fuzzy Hash: E1014074E09B03B1FA009B95EC9527C23BCAF98B60F40117BC82D92620EF7CA5A98740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF172950 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 100COMMON

Download Yara Rule

APIs

GetDIBits.GDI32 ref: 00007FF6DF1729CA
malloc.LIBCMT ref: 00007FF6DF1729FA
malloc.LIBCMT ref: 00007FF6DF172A10
free.LIBCMT ref: 00007FF6DF172A25

Strings

(, xrefs: 00007FF6DF172997
, xrefs: 00007FF6DF1729D8

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: malloc$Bitsfree
String ID: $(
API String ID: 3506180579-55695022
Opcode ID: e7e3901304c1e74da3cb5554f5cd7ae10b9270396a5c2d17a441affe8987d126
Instruction ID: cf3424fe33dda39229217af9ee20e8019d56f2df45af5926ffbfeb2b7263d23a
Opcode Fuzzy Hash: e7e3901304c1e74da3cb5554f5cd7ae10b9270396a5c2d17a441affe8987d126
Instruction Fuzzy Hash: 45415B36A09B82C5EB748B11E81462E73A8FF89B84F144136DE9D87B48DF3CD861CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF141F10 Relevance: 15.2, APIs: 10, Instructions: 177COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCPInfo.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,?,?,00000000,?,00000000,?), ref: 00007FF6DF141F66
GetCPInfo.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,?,?,00000000,?,00000000,?), ref: 00007FF6DF141F85
MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,?,?,00000000,?,00000000,?), ref: 00007FF6DF14202A
malloc.LIBCMT ref: 00007FF6DF142041
MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,?,?,00000000,?,00000000,?), ref: 00007FF6DF142089
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,?,?,00000000,?,00000000,?), ref: 00007FF6DF1420C4
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,?,?,00000000,?,00000000,?), ref: 00007FF6DF142100
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,?,?,00000000,?,00000000,?), ref: 00007FF6DF142140
free.LIBCMT ref: 00007FF6DF14214E
free.LIBCMT ref: 00007FF6DF142170

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: ByteCharMultiWide$Infofree$malloc
String ID:
API String ID: 1309074677-0
Opcode ID: ef819cfeb5afac628c42719ed4b99e4577e9c213019e1096756b285992efc8d9
Instruction ID: 84cd4250b21a07b2905b4f25d48608f46f5ad775ceac7ccaecfa19dbcf2a3f85
Opcode Fuzzy Hash: ef819cfeb5afac628c42719ed4b99e4577e9c213019e1096756b285992efc8d9
Instruction Fuzzy Hash: D061A072A0878186EB248B559C4017DA7D9FFC8BA8F144636EE5D87BD4CF3DE4E18600

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF172E60 Relevance: 15.1, APIs: 10, Instructions: 112COMMON

Download Yara Rule

APIs

malloc.LIBCMT ref: 00007FF6DF172E97

Part of subcall function 00007FF6DF131B7C: _FF_MSGBANNER.LIBCMT ref: 00007FF6DF131BAC
Part of subcall function 00007FF6DF131B7C: RtlAllocateHeap.NTDLL(?,?,00000018,00007FF6DF10630C), ref: 00007FF6DF131BD1
Part of subcall function 00007FF6DF131B7C: _errno.LIBCMT ref: 00007FF6DF131BF5
Part of subcall function 00007FF6DF131B7C: _errno.LIBCMT ref: 00007FF6DF131C00

malloc.LIBCMT ref: 00007FF6DF172EBA

Part of subcall function 00007FF6DF131B7C: _errno.LIBCMT ref: 00007FF6DF131C15

CreateCompatibleDC.GDI32 ref: 00007FF6DF172EEE
CreateDIBSection.GDI32 ref: 00007FF6DF172F30
free.LIBCMT ref: 00007FF6DF172F66
free.LIBCMT ref: 00007FF6DF172F6E
free.LIBCMT ref: 00007FF6DF172F9B

Part of subcall function 00007FF6DF131D18: RtlRestoreThreadPreferredUILanguages.NTDLL(?,?,00000000,00007FF6DF1357EC,?,?,00000018,00007FF6DF133831,?,?,?,?,00007FF6DF131C1A,?,?,00000018), ref: 00007FF6DF131D2E
Part of subcall function 00007FF6DF131D18: _errno.LIBCMT ref: 00007FF6DF131D38
Part of subcall function 00007FF6DF131D18: GetLastError.KERNEL32(?,?,00000000,00007FF6DF1357EC,?,?,00000018,00007FF6DF133831,?,?,?,?,00007FF6DF131C1A,?,?,00000018), ref: 00007FF6DF131D40

free.LIBCMT ref: 00007FF6DF172FA3
free.LIBCMT ref: 00007FF6DF172FBF
free.LIBCMT ref: 00007FF6DF172FCC

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: free$_errno$Createmalloc$AllocateCompatibleErrorHeapLanguagesLastPreferredRestoreSectionThread
String ID:
API String ID: 1606178934-0
Opcode ID: fe09bd63e6b99c0ef6b2f3cd00872b7c54452a8cd92517289554f0ba3fa06dce
Instruction ID: 9ca343b17bed685e9e71c1a54d1f8e0399304944a70f5a489524882302cb48d2
Opcode Fuzzy Hash: fe09bd63e6b99c0ef6b2f3cd00872b7c54452a8cd92517289554f0ba3fa06dce
Instruction Fuzzy Hash: AF41C631F096C284EBA8AB21DD552BD63989F86BD0F084136ED5EC77C6DF2CE4618740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF12A8EC Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 67COMMON

Download Yara Rule

APIs

GetStockObject.GDI32 ref: 00007FF6DF12A92E
GetStockObject.GDI32 ref: 00007FF6DF12A93F
GetObjectW.GDI32 ref: 00007FF6DF12A957
GetDC.USER32 ref: 00007FF6DF12A969
GetDeviceCaps.GDI32 ref: 00007FF6DF12A989
MulDiv.KERNEL32 ref: 00007FF6DF12A99B
ReleaseDC.USER32 ref: 00007FF6DF12A9A9

Strings

System, xrefs: 00007FF6DF12A927

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Object$Stock$CapsDeviceRelease
String ID: System
API String ID: 46613423-3470857405
Opcode ID: 16b8dee7fb4b56a709a4506ff239c1ac80dacfb60e61d9d6f3b1722e422b7042
Instruction ID: feff78c61252eae3b4b3f602c826e1a6dfe5c1e09a036f1fb2b719c87d800562
Opcode Fuzzy Hash: 16b8dee7fb4b56a709a4506ff239c1ac80dacfb60e61d9d6f3b1722e422b7042
Instruction Fuzzy Hash: 9221B735A0864196EB24DB11FC2436E73A9FB49B88F804137E95E87754CF3DE959CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF171BF0 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 38COMMON

Download Yara Rule

APIs

FindResourceW.KERNEL32 ref: 00007FF6DF171C14
LoadResource.KERNEL32 ref: 00007FF6DF171C30

Strings

G, xrefs: 00007FF6DF171C0F
N, xrefs: 00007FF6DF171C0A
P, xrefs: 00007FF6DF171C05
PNG, xrefs: 00007FF6DF171BF6

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Resource$FindLoad
String ID: G$N$P$PNG
API String ID: 2619053042-1416769634
Opcode ID: 18b5eef577bd9aab66f48af287cd83f76d0f473b5a0208b5bfdd6fc509e94635
Instruction ID: 8d6c205811edfd9011d3610f632e68edd09725c6a18ee32b5c3176a376788ddd
Opcode Fuzzy Hash: 18b5eef577bd9aab66f48af287cd83f76d0f473b5a0208b5bfdd6fc509e94635
Instruction Fuzzy Hash: 7E01F771A1D781C3EB15C756A84432D67A8EB5D790F080036DF5D87744DF2DD8E88B10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF15FEB0 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 31libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(?,?,00000000,00007FF6DF160382,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF6DF15FED3
GetProcAddress.KERNEL32(?,?,00000000,00007FF6DF160382,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF6DF15FEEB
GetProcAddress.KERNEL32(?,?,00000000,00007FF6DF160382,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF6DF15FEFF
GetProcAddress.KERNEL32(?,?,00000000,00007FF6DF160382,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF6DF15FF13

Strings

Module32NextW, xrefs: 00007FF6DF15FF05
CreateToolhelp32Snapshot, xrefs: 00007FF6DF15FEE1
KERNEL32, xrefs: 00007FF6DF15FECC
Module32FirstW, xrefs: 00007FF6DF15FEF1

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: AddressProc$HandleModule
String ID: CreateToolhelp32Snapshot$KERNEL32$Module32FirstW$Module32NextW
API String ID: 667068680-1738367729
Opcode ID: 9112086063f14b93d16778525fd874811449fb521f2824673a5f6525de16bfd0
Instruction ID: a39c8c2241a2aa34b74a03d48c3f54d1e06a8a811b22b5c6e15c2f728cb85e8a
Opcode Fuzzy Hash: 9112086063f14b93d16778525fd874811449fb521f2824673a5f6525de16bfd0
Instruction Fuzzy Hash: 05014431A08B4291EB048F21FD5416C33A8FF09BA8B400236D97D827A8DF3CD5AAC340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF136784 Relevance: 13.8, APIs: 11, Instructions: 90COMMONLIBRARYCODE

Download Yara Rule

APIs

free.LIBCMT ref: 00007FF6DF1367D0

Part of subcall function 00007FF6DF131D18: RtlRestoreThreadPreferredUILanguages.NTDLL(?,?,00000000,00007FF6DF1357EC,?,?,00000018,00007FF6DF133831,?,?,?,?,00007FF6DF131C1A,?,?,00000018), ref: 00007FF6DF131D2E
Part of subcall function 00007FF6DF131D18: _errno.LIBCMT ref: 00007FF6DF131D38
Part of subcall function 00007FF6DF131D18: GetLastError.KERNEL32(?,?,00000000,00007FF6DF1357EC,?,?,00000018,00007FF6DF133831,?,?,?,?,00007FF6DF131C1A,?,?,00000018), ref: 00007FF6DF131D40

Part of subcall function 00007FF6DF13EA48: free.LIBCMT ref: 00007FF6DF13EA66
Part of subcall function 00007FF6DF13EA48: free.LIBCMT ref: 00007FF6DF13EA78
Part of subcall function 00007FF6DF13EA48: free.LIBCMT ref: 00007FF6DF13EA8A
Part of subcall function 00007FF6DF13EA48: free.LIBCMT ref: 00007FF6DF13EA9C
Part of subcall function 00007FF6DF13EA48: free.LIBCMT ref: 00007FF6DF13EAAE
Part of subcall function 00007FF6DF13EA48: free.LIBCMT ref: 00007FF6DF13EAC0
Part of subcall function 00007FF6DF13EA48: free.LIBCMT ref: 00007FF6DF13EAD2

free.LIBCMT ref: 00007FF6DF1367F2
free.LIBCMT ref: 00007FF6DF13680A
free.LIBCMT ref: 00007FF6DF136816
free.LIBCMT ref: 00007FF6DF13683A
free.LIBCMT ref: 00007FF6DF13684E
free.LIBCMT ref: 00007FF6DF13685D
free.LIBCMT ref: 00007FF6DF136869
free.LIBCMT ref: 00007FF6DF136896
free.LIBCMT ref: 00007FF6DF1368BE
free.LIBCMT ref: 00007FF6DF1368D8

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: free$ErrorLanguagesLastPreferredRestoreThread_errno
String ID:
API String ID: 3144437221-0
Opcode ID: 61a77045185bcc81b903a4e1c51f93bdc14bcc0e974ddfeddaf675565c1f947a
Instruction ID: 137ca9877b45c649d7e9562f8a162d7f790d080accb692f3973ef2753cfc7374
Opcode Fuzzy Hash: 61a77045185bcc81b903a4e1c51f93bdc14bcc0e974ddfeddaf675565c1f947a
Instruction Fuzzy Hash: 2F412C32E0964294FF95DF66C8547BC23E8AF89B44F584433DA0DAB295CF2CE8A1C350

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF146DCC Relevance: 13.8, APIs: 9, Instructions: 256COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 00007FF6DF146DF4

Part of subcall function 00007FF6DF135EA0: DecodePointer.KERNEL32 ref: 00007FF6DF135EC7

__wtomb_environ.LIBCMT ref: 00007FF6DF146EED
_errno.LIBCMT ref: 00007FF6DF146EF7
free.LIBCMT ref: 00007FF6DF146FE9
SetEnvironmentVariableA.KERNEL32 ref: 00007FF6DF147134
_errno.LIBCMT ref: 00007FF6DF147142
free.LIBCMT ref: 00007FF6DF147150
free.LIBCMT ref: 00007FF6DF14715D
free.LIBCMT ref: 00007FF6DF14716F

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: free$_errno$DecodeEnvironmentPointerVariable__wtomb_environ
String ID:
API String ID: 3451773520-0
Opcode ID: 87cf0bd06ac15381408739866e94ce706ced0c0429e1f098819393ea32f7039e
Instruction ID: 0c4945bade313e31bc1a2318140169d1816128db83769a37165c8f3e826518b5
Opcode Fuzzy Hash: 87cf0bd06ac15381408739866e94ce706ced0c0429e1f098819393ea32f7039e
Instruction Fuzzy Hash: 5BA1D035E0A64241FA14AB24AD1027EA399BFC9B9CF148637D98DD77C5CF3DA8B58300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF174850 Relevance: 13.7, APIs: 9, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cadf37aa061b27ce41cc2607c6c7dba6730f0347c30d3d63f3d45f455281f735
Instruction ID: e04d45a0cf4abae887e5ab30221f029377d86660866ec552b31aaa753968f2e1
Opcode Fuzzy Hash: cadf37aa061b27ce41cc2607c6c7dba6730f0347c30d3d63f3d45f455281f735
Instruction Fuzzy Hash: A8A18E32A08692D6EB24DF15D9803BE7369FB84B80F404136DA8E87B95DF3CE564CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF12EE70 Relevance: 13.6, APIs: 9, Instructions: 128timeCOMMON

Download Yara Rule

APIs

GetFileTime.KERNEL32 ref: 00007FF6DF12EEF0
GetFileSizeEx.KERNEL32 ref: 00007FF6DF12EF0A
GetFileAttributesW.KERNEL32 ref: 00007FF6DF12EF2C
FileTimeToLocalFileTime.KERNEL32 ref: 00007FF6DF12EF48
FileTimeToSystemTime.KERNEL32 ref: 00007FF6DF12EF5C
FileTimeToLocalFileTime.KERNEL32 ref: 00007FF6DF12EF8E
FileTimeToSystemTime.KERNEL32 ref: 00007FF6DF12EFA2
FileTimeToLocalFileTime.KERNEL32 ref: 00007FF6DF12EFD6
FileTimeToSystemTime.KERNEL32 ref: 00007FF6DF12EFEA

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Time$File$LocalSystem$AttributesSize
String ID:
API String ID: 3680005166-0
Opcode ID: f7d6b63b00821c37fe4b11225ffd16104b49ead261e7cd723ab311d61a6be39e
Instruction ID: 07817199cc13d82acdef2c5ff1ed666800e7217508392956eb5844ec67c8ee37
Opcode Fuzzy Hash: f7d6b63b00821c37fe4b11225ffd16104b49ead261e7cd723ab311d61a6be39e
Instruction Fuzzy Hash: 6F51B332A08A4692EB318F64D84107D7369FB85B94F500633D69DC75E8DF2DD6A5C780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF133D04 Relevance: 13.6, APIs: 9, Instructions: 98COMMON

Download Yara Rule

APIs

_lock.LIBCMT ref: 00007FF6DF133D2D
DecodePointer.KERNEL32 ref: 00007FF6DF133D60
DecodePointer.KERNEL32 ref: 00007FF6DF133D7D
DecodePointer.KERNEL32 ref: 00007FF6DF133DBC
DecodePointer.KERNEL32 ref: 00007FF6DF133DD5
DecodePointer.KERNEL32 ref: 00007FF6DF133DE4
_initterm.LIBCMT ref: 00007FF6DF133E23
_initterm.LIBCMT ref: 00007FF6DF133E36
ExitProcess.KERNEL32 ref: 00007FF6DF133E6F

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: DecodePointer$_initterm$ExitProcess_lock
String ID:
API String ID: 2551688548-0
Opcode ID: d918234e483dcd1c57d6a2e4a2e7c62cac7ea455800b17303a87515cbe1e7e2b
Instruction ID: a8025d75195b4acfd7c541e0f4e4f15eaab5ce0fef8bc2ce2b9817f2a53dcc14
Opcode Fuzzy Hash: d918234e483dcd1c57d6a2e4a2e7c62cac7ea455800b17303a87515cbe1e7e2b
Instruction Fuzzy Hash: 27413971A0AA5291E6509B11EC411BD63ECBF88B94F440037EA8DC77A5EF3CE4B18705

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF18BD8C Relevance: 13.6, APIs: 9, Instructions: 89COMMON

Download Yara Rule

APIs

__doserrno.LIBCMT ref: 00007FF6DF18BDB5
_errno.LIBCMT ref: 00007FF6DF18BDBE
__doserrno.LIBCMT ref: 00007FF6DF18BE0D
_errno.LIBCMT ref: 00007FF6DF18BE14

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: __doserrno_errno
String ID:
API String ID: 921712934-0
Opcode ID: 90de682daac991f9e9c3f88239bc44b77a877870729aeb4e2b8e9c47b20093d5
Instruction ID: 4a49b5a6a62eb05f573815431fa3d77f38a205518b9747ba16b352cf6dd02648
Opcode Fuzzy Hash: 90de682daac991f9e9c3f88239bc44b77a877870729aeb4e2b8e9c47b20093d5
Instruction Fuzzy Hash: F631F232E182525AF3119F36AD4153D3799ABC0B50FA14A36EA2D87BE2CF3DE4618744

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF175E00 Relevance: 13.6, APIs: 9, Instructions: 68windowCOMMON

Download Yara Rule

APIs

FindResourceW.KERNEL32 ref: 00007FF6DF175E1C
LoadResource.KERNEL32 ref: 00007FF6DF175E35
LockResource.KERNEL32 ref: 00007FF6DF175E48
LookupIconIdFromDirectoryEx.USER32 ref: 00007FF6DF175E68
FindResourceW.KERNEL32 ref: 00007FF6DF175E7A
LoadResource.KERNEL32 ref: 00007FF6DF175E8E

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Resource$FindLoad$DirectoryFromIconLockLookup
String ID:
API String ID: 1773820622-0
Opcode ID: 8deaceaccb124c092f9cdbf85880c626278beac505314297dda7f9b272a4387f
Instruction ID: f0c86f6265c9b0dbd2094e35701813d53e12404d9d00c4f18f23b9191e7447b9
Opcode Fuzzy Hash: 8deaceaccb124c092f9cdbf85880c626278beac505314297dda7f9b272a4387f
Instruction Fuzzy Hash: 4921AC31B0D74186EB548B12F91473EA7A8AB88FD4F04403ADD9E87B58EF3CE4918B01

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF168AC0 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 203COMMON

Download Yara Rule

Strings

COMBOBOX, xrefs: 00007FF6DF168AC4
TAB, xrefs: 00007FF6DF168B5E

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Color$ObjectText
String ID: COMBOBOX$TAB
API String ID: 829078354-44663176
Opcode ID: fb8e8a5e251e2ef32f6fa85e37a906df39527ad74173cd79fb2ac169166bc09d
Instruction ID: 09282f1fa425e3422e342dc2eca6fb5cf8488dad99a17a66baede8ff1ab67d2c
Opcode Fuzzy Hash: fb8e8a5e251e2ef32f6fa85e37a906df39527ad74173cd79fb2ac169166bc09d
Instruction Fuzzy Hash: F8919472608A8286DB14DF25E8403AE7765FBC5BA4F004236EA6D87BE6DF3CD455CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF160A60 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 71COMMON

Download Yara Rule

APIs

FindResourceW.KERNEL32 ref: 00007FF6DF160A94
LoadResource.KERNEL32 ref: 00007FF6DF160ABD

Strings

_ini, xrefs: 00007FF6DF160B39
TEXTFILE, xrefs: 00007FF6DF160A82
[File., xrefs: 00007FF6DF160AE8
THEMES_INI, xrefs: 00007FF6DF160A89

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Resource$FindLoad
String ID: TEXTFILE$THEMES_INI$[File.$_ini
API String ID: 2619053042-1752206548
Opcode ID: 6d2ee17903bf124655d0ec5611910c8f87298e3dac997c5cf198bb4bf3f60063
Instruction ID: ed16411a4ef826347528344c6af2cd2d251ab69dcd4f2b0f719895a1fdafbf1b
Opcode Fuzzy Hash: 6d2ee17903bf124655d0ec5611910c8f87298e3dac997c5cf198bb4bf3f60063
Instruction Fuzzy Hash: E6318135A09B4791EE009F19EC1017D23A9BF86BE4F584632DA2D877E5EF3CE4658740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF103120 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 67registrywindowCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6DF115B40: GetActiveWindow.USER32(?,?,?,?,00007FF6DF103132), ref: 00007FF6DF115B56

Part of subcall function 00007FF6DF110578: GetDlgItem.USER32 ref: 00007FF6DF11058A

SendMessageW.USER32 ref: 00007FF6DF103151
RegCreateKeyExW.ADVAPI32 ref: 00007FF6DF103191
RegSetValueExW.ADVAPI32 ref: 00007FF6DF1031C9
SendMessageW.USER32 ref: 00007FF6DF1031E1

Strings

Pass, xrefs: 00007FF6DF1031AC, 00007FF6DF1031E7
?, xrefs: 00007FF6DF10317B
Software\Puran Software\Wipe Disk, xrefs: 00007FF6DF103165, 00007FF6DF1031EE, 00007FF6DF10322F

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: MessageSend$ActiveCreateItemValueWindow
String ID: ?$Pass$Software\Puran Software\Wipe Disk
API String ID: 1031482357-3204077852
Opcode ID: 9885b529ddfb446473068b87db587f57472413c39c93ee0f0c2e484bebc3b5ca
Instruction ID: cf0a690857f28ecfefa1606a2300eadb071ab617c1bd2f6b45a319f78c34ab28
Opcode Fuzzy Hash: 9885b529ddfb446473068b87db587f57472413c39c93ee0f0c2e484bebc3b5ca
Instruction Fuzzy Hash: 6331DF31A08A4382EB60DB21EC916BD2369EB85754F840637E91DC7BE4DF7DE168C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF171A60 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 50fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DF175719), ref: 00007FF6DF171A8F
ReadFile.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DF175719), ref: 00007FF6DF171ABB
ReadFile.KERNEL32 ref: 00007FF6DF171AE8
CloseHandle.KERNEL32 ref: 00007FF6DF171B09
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DF175719), ref: 00007FF6DF171B25

Strings

(, xrefs: 00007FF6DF171AF2
, xrefs: 00007FF6DF171AFC

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: File$CloseHandleRead$Create
String ID: $(
API String ID: 128752009-55695022
Opcode ID: ee247c044828971552aaaf16053c18354d080bab8c6057a8e514ef0d72be096f
Instruction ID: 0e2eda80ee81171564e800f1e686caf77a888aebcb8a2413f1f515dbd8bd34a5
Opcode Fuzzy Hash: ee247c044828971552aaaf16053c18354d080bab8c6057a8e514ef0d72be096f
Instruction Fuzzy Hash: 7B115B31A0C64296D7708F25F9447AE73A4FB84754F445235D6AD83A94DF3CD5ADCB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF171B40 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 45fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,?,?,?,?,?,00007FF6DF1756A4), ref: 00007FF6DF171B6C
ReadFile.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DF1756A4), ref: 00007FF6DF171BA5
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DF1756A4), ref: 00007FF6DF171BC5
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DF1756A4), ref: 00007FF6DF171BDB

Strings

G, xrefs: 00007FF6DF171B9B
P, xrefs: 00007FF6DF171B91
N, xrefs: 00007FF6DF171B96

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: CloseFileHandle$CreateRead
String ID: G$N$P
API String ID: 2564258376-3810941877
Opcode ID: 3fd4ba49e9ca94fae32725a29632b3e15e816a0f01e821da978972632a3d10fe
Instruction ID: 162c730f9bbc7da280a1cd0d5c92d59a105578600d7ce98546086c394744bd5f
Opcode Fuzzy Hash: 3fd4ba49e9ca94fae32725a29632b3e15e816a0f01e821da978972632a3d10fe
Instruction Fuzzy Hash: 24119D7260C78186E7108B65F80432EB7A4FB947A4F440225E6AD43A98DF7CD4A4CB41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF189360 Relevance: 12.1, APIs: 8, Instructions: 149COMMON

Download Yara Rule

APIs

_errno.LIBCMT ref: 00007FF6DF18939E

Part of subcall function 00007FF6DF13EBE8: LCMapStringW.KERNEL32 ref: 00007FF6DF13EC5C

_errno.LIBCMT ref: 00007FF6DF18940E
_errno.LIBCMT ref: 00007FF6DF18941A
_errno.LIBCMT ref: 00007FF6DF189459
malloc.LIBCMT ref: 00007FF6DF1894BB
_errno.LIBCMT ref: 00007FF6DF1894DC
_errno.LIBCMT ref: 00007FF6DF189531
free.LIBCMT ref: 00007FF6DF189549

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: _errno$Stringfreemalloc
String ID:
API String ID: 1896083584-0
Opcode ID: 3807c4cca8c347a597d1fb64e45e094b65d0f6cee47139a356deff5c0ae5ee43
Instruction ID: 835e349b58dcf4e3a415cfe13ff25e08a1d2582ab90b411805dcfd71396b45fd
Opcode Fuzzy Hash: 3807c4cca8c347a597d1fb64e45e094b65d0f6cee47139a356deff5c0ae5ee43
Instruction Fuzzy Hash: 36519032B08642A6EB109F21DA4027D3B99FB45B98F944633EA1E977D5DF3CE461C701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF1890F4 Relevance: 12.1, APIs: 8, Instructions: 148COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 00007FF6DF189132

Part of subcall function 00007FF6DF13EBE8: LCMapStringW.KERNEL32 ref: 00007FF6DF13EC5C

_errno.LIBCMT ref: 00007FF6DF1891A2
_errno.LIBCMT ref: 00007FF6DF1891AE
_errno.LIBCMT ref: 00007FF6DF1891ED
malloc.LIBCMT ref: 00007FF6DF18924F
_errno.LIBCMT ref: 00007FF6DF189270
_errno.LIBCMT ref: 00007FF6DF1892C5
free.LIBCMT ref: 00007FF6DF1892DD

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: _errno$Stringfreemalloc
String ID:
API String ID: 1896083584-0
Opcode ID: 1922acd9f36e2e8b105acbfcbd3d159f31c90209ded7729e6dbc5b26aaf647dc
Instruction ID: f1e8945d0b2992bb22686ac8c25d649c13202f41dcaabe0ea84ce24036afa40f
Opcode Fuzzy Hash: 1922acd9f36e2e8b105acbfcbd3d159f31c90209ded7729e6dbc5b26aaf647dc
Instruction Fuzzy Hash: 1C51B232B0824295FB109F21DA442AD3B99FB45FA8F944636EA1E977D6CF3CE4618300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF14F110 Relevance: 12.1, APIs: 8, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39fdbc59390451085d62a2345c8045192367bd466d6bb1f0c9ecca6d5b3dd8b4
Instruction ID: fd359297989dda66f5e5d5af2cda884935f7e663578a11c6a843e9d8fa2aa1f3
Opcode Fuzzy Hash: 39fdbc59390451085d62a2345c8045192367bd466d6bb1f0c9ecca6d5b3dd8b4
Instruction Fuzzy Hash: C3419C71B0969242EA15DB16AC1062E6398BF89FE4F484135DE6D87B94DF3CD462CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF1249E0 Relevance: 12.1, APIs: 8, Instructions: 108memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,?,?,?,00007FF6DF124DB2), ref: 00007FF6DF124A0E
TlsGetValue.KERNEL32 ref: 00007FF6DF124A27
LocalAlloc.KERNEL32(?,?,?,?,?,00007FF6DF124DB2), ref: 00007FF6DF124AA9
LocalReAlloc.KERNEL32(?,?,?,?,?,00007FF6DF124DB2), ref: 00007FF6DF124ADC
LeaveCriticalSection.KERNEL32(?,?,?,?,?,00007FF6DF124DB2), ref: 00007FF6DF124AEE
TlsSetValue.KERNEL32(?,?,?,?,?,00007FF6DF124DB2), ref: 00007FF6DF124B27
LeaveCriticalSection.KERNEL32(?,?,?,?,?,00007FF6DF124DB2), ref: 00007FF6DF124B43
LeaveCriticalSection.KERNEL32(?,?,?,?,?,00007FF6DF124DB2), ref: 00007FF6DF124B4F

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: CriticalSection$Leave$AllocLocalValue$Enter
String ID:
API String ID: 2344649020-0
Opcode ID: 52c1c96615101e043f963beeff168340fb2a20113f7a00fb18c1562acb297ad0
Instruction ID: 8cef7e5c2216b3a42941ba7c1d759715f26a27f6013b678cc8784fb2017dcd0d
Opcode Fuzzy Hash: 52c1c96615101e043f963beeff168340fb2a20113f7a00fb18c1562acb297ad0
Instruction Fuzzy Hash: 4A419E36A08B5696EB28CF61D85123D7368FB45B64F104136CA2E837D5CF3DE9B18780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF13FAC0 Relevance: 12.1, APIs: 8, Instructions: 89COMMONLIBRARYCODE

Download Yara Rule

APIs

__doserrno.LIBCMT ref: 00007FF6DF13FAE9
_errno.LIBCMT ref: 00007FF6DF13FAF2
__doserrno.LIBCMT ref: 00007FF6DF13FB42
_errno.LIBCMT ref: 00007FF6DF13FB49

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: __doserrno_errno
String ID:
API String ID: 921712934-0
Opcode ID: bd8630455dd80d6f99d50470fb5ce1ca41020bf0570ccc73881b1c51786f8a39
Instruction ID: 27cc9a98f72a046459f7c387de23c92827642c8cdc70820477ae4829167cfe2a
Opcode Fuzzy Hash: bd8630455dd80d6f99d50470fb5ce1ca41020bf0570ccc73881b1c51786f8a39
Instruction Fuzzy Hash: DF312432E1829241E7155F32AC5123D3799AB80B70FA04B36EE3D87BD6CF3D94618705

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF147238 Relevance: 12.1, APIs: 8, Instructions: 79COMMONLIBRARYCODE

Download Yara Rule

APIs

__doserrno.LIBCMT ref: 00007FF6DF147257
_errno.LIBCMT ref: 00007FF6DF147260
__doserrno.LIBCMT ref: 00007FF6DF1472B0
_errno.LIBCMT ref: 00007FF6DF1472B7

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: __doserrno_errno
String ID:
API String ID: 921712934-0
Opcode ID: 7c920dad25422fd6d0fb67f61390a9d165096d6b9e8bfd7f7ef15f7ff6e0ec34
Instruction ID: 152b7e254a42e1b9254d4b30e722ee4eff409bea3ab100a0907b27c61a47e95f
Opcode Fuzzy Hash: 7c920dad25422fd6d0fb67f61390a9d165096d6b9e8bfd7f7ef15f7ff6e0ec34
Instruction Fuzzy Hash: 8831D132E0829246F3215F35BC4153D6799EFC5B14FA04B36EA5987BD2CF3DA4618704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF162E60 Relevance: 12.1, APIs: 8, Instructions: 79windowCOMMON

Download Yara Rule

APIs

SetCapture.USER32 ref: 00007FF6DF162E76
GetCapture.USER32 ref: 00007FF6DF162E9C
GetMessageW.USER32 ref: 00007FF6DF162EBD
TranslateMessage.USER32 ref: 00007FF6DF162F30
DispatchMessageW.USER32 ref: 00007FF6DF162F3B

Part of subcall function 00007FF6DF1614A0: GetWindowRect.USER32 ref: 00007FF6DF17077A
Part of subcall function 00007FF6DF1614A0: GetWindowLongW.USER32 ref: 00007FF6DF170798

Part of subcall function 00007FF6DF162D30: PtInRect.USER32 ref: 00007FF6DF162DD7

GetCapture.USER32 ref: 00007FF6DF162F41
ReleaseCapture.USER32 ref: 00007FF6DF162F7F
SendMessageW.USER32 ref: 00007FF6DF162FA1

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: CaptureMessage$RectWindow$DispatchLongReleaseSendTranslate
String ID:
API String ID: 1335917148-0
Opcode ID: 73f61002eb658a07893cf72362cba81489205fa77c794349d29e341a0e926cec
Instruction ID: 6ae4f91565c5dbc41be90577d76fb94cb90e72ca4bbc2355c25d5b2287c11609
Opcode Fuzzy Hash: 73f61002eb658a07893cf72362cba81489205fa77c794349d29e341a0e926cec
Instruction Fuzzy Hash: C9315232A08A8292EF549B21E95537D7369FB84F84F444133EE4EC7659CF3CE4658780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF121F34 Relevance: 10.7, APIs: 7, Instructions: 219COMMONLIBRARYCODE

Download Yara Rule

APIs

VariantClear.OLEAUT32 ref: 00007FF6DF122043
CoTaskMemFree.OLE32 ref: 00007FF6DF122112
CoTaskMemFree.OLE32 ref: 00007FF6DF122121
CoTaskMemFree.OLE32 ref: 00007FF6DF12215E
CoTaskMemFree.OLE32 ref: 00007FF6DF12216C
CoTaskMemFree.OLE32 ref: 00007FF6DF1221A4
CoTaskMemFree.OLE32 ref: 00007FF6DF1221B2

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: FreeTask$ClearVariant
String ID:
API String ID: 903088277-0
Opcode ID: 738864eafe04157c96cce52036ab566ecb7b892d8148dbbbce936d29c9bba25a
Instruction ID: f6193df143ed3f783006bf2df4bbf54d1f44f7955287800d6b49d181d2f7fae6
Opcode Fuzzy Hash: 738864eafe04157c96cce52036ab566ecb7b892d8148dbbbce936d29c9bba25a
Instruction Fuzzy Hash: 05A12632604A4692EB68DB66D89157C7368FB85F84F944132CF1E97764CF3AE8B5C340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF122FC0 Relevance: 10.6, APIs: 7, Instructions: 131COMMON

Download Yara Rule

APIs

VariantClear.OLEAUT32 ref: 00007FF6DF123090
VariantClear.OLEAUT32 ref: 00007FF6DF1230F4
VariantClear.OLEAUT32 ref: 00007FF6DF12311C
SysFreeString.OLEAUT32 ref: 00007FF6DF1231A1
SysFreeString.OLEAUT32 ref: 00007FF6DF1231B4
SysFreeString.OLEAUT32 ref: 00007FF6DF1231C7
VariantClear.OLEAUT32 ref: 00007FF6DF1231D5

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: ClearVariant$FreeString
String ID:
API String ID: 3697210081-0
Opcode ID: fd586ae70a4161ebfb7d8df66e98cde196d609ae45318a8912dce75c10d692df
Instruction ID: a9b8a96cd7608110fc0660517c2e12074d0c740f7aa9efbf61f846f3618f586c
Opcode Fuzzy Hash: fd586ae70a4161ebfb7d8df66e98cde196d609ae45318a8912dce75c10d692df
Instruction Fuzzy Hash: 7651C372608B8192EB34CF51E8453AEB378FB85B94F504132CA9D87A98DF7ED099C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF107B38 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108comCOMMON

Download Yara Rule

APIs

GetStockObject.GDI32 ref: 00007FF6DF107B8F
GetStockObject.GDI32 ref: 00007FF6DF107BA2
GetObjectW.GDI32 ref: 00007FF6DF107BE3
GetDeviceCaps.GDI32 ref: 00007FF6DF107C72
OleCreateFontIndirect.OLEAUT32 ref: 00007FF6DF107CAF

Strings

(, xrefs: 00007FF6DF107BE9

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Object$Stock$CapsCreateDeviceFontIndirect
String ID: (
API String ID: 545130359-3887548279
Opcode ID: 7a61bfe414384972dfad132ab452064d79e177df17c19e6530800d47e0acc298
Instruction ID: b7a1ba8b6518ccc9a8c87fac961ba58f6227737d5693e08473065b7df4f54f01
Opcode Fuzzy Hash: 7a61bfe414384972dfad132ab452064d79e177df17c19e6530800d47e0acc298
Instruction Fuzzy Hash: CE519472618B8686E720CF21E8403AEB7A4FB88750F444336E6AD837A5DF7CD564CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF172C90 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 106COMMON

Download Yara Rule

APIs

CreateCompatibleDC.GDI32 ref: 00007FF6DF172CF6

Part of subcall function 00007FF6DF111658: GetLastError.KERNEL32 ref: 00007FF6DF11166F
Part of subcall function 00007FF6DF111658: SetLastError.KERNEL32 ref: 00007FF6DF11169A

GetDIBits.GDI32 ref: 00007FF6DF172D39
malloc.LIBCMT ref: 00007FF6DF172D69
malloc.LIBCMT ref: 00007FF6DF172DB2
GetDIBits.GDI32 ref: 00007FF6DF172E05

Strings

(, xrefs: 00007FF6DF172CDE

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: BitsErrorLastmalloc$CompatibleCreate
String ID: (
API String ID: 2385541558-3887548279
Opcode ID: 89a407fc42db4e0b74974e051616241da0c49a9255ec354584a26ef8bc5ee2c0
Instruction ID: 0d7e8782f5e52baca2c2b759c716027681d4adfba7e67e5ffb5b8bbe5d13da96
Opcode Fuzzy Hash: 89a407fc42db4e0b74974e051616241da0c49a9255ec354584a26ef8bc5ee2c0
Instruction Fuzzy Hash: E5417036A08B8291E7709F15E8407AEB3A8FB94784F444136DE9D83795DF3CD465CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF112E84 Relevance: 10.6, APIs: 7, Instructions: 93COMMONLIBRARYCODE

Download Yara Rule

APIs

GlobalDeleteAtom.KERNEL32 ref: 00007FF6DF112F63
GlobalDeleteAtom.KERNEL32 ref: 00007FF6DF112F75
free.LIBCMT ref: 00007FF6DF112FB9
free.LIBCMT ref: 00007FF6DF112FC5
free.LIBCMT ref: 00007FF6DF112FD1
free.LIBCMT ref: 00007FF6DF112FDD
free.LIBCMT ref: 00007FF6DF112FE9

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: free$AtomDeleteGlobal
String ID:
API String ID: 622211665-0
Opcode ID: 26e05cbfa9dfd8c04ee08b9a69dece8d0b01374482f3c9c2d833688166e35bd8
Instruction ID: f1d5e28f1fc3ac8717fb8c0be457701ccd02b1f201f47973a181050f1eb7d4cb
Opcode Fuzzy Hash: 26e05cbfa9dfd8c04ee08b9a69dece8d0b01374482f3c9c2d833688166e35bd8
Instruction Fuzzy Hash: 24416D32A08A8290EB54DB21DC503BC73A9EF95F94F554232DA5E877A5CF2DE8A0C310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF13401C Relevance: 10.6, APIs: 7, Instructions: 70memoryCOMMON

Download Yara Rule

APIs

_errno.LIBCMT ref: 00007FF6DF13403B

Part of subcall function 00007FF6DF135EA0: DecodePointer.KERNEL32 ref: 00007FF6DF135EC7

_errno.LIBCMT ref: 00007FF6DF134067
HeapSize.KERNEL32(?,?,?,?,?,00007FF6DF125041), ref: 00007FF6DF13408C
HeapReAlloc.KERNEL32(?,?,?,?,?,00007FF6DF125041), ref: 00007FF6DF1340A7
HeapQueryInformation.KERNEL32 ref: 00007FF6DF1340DF
_errno.LIBCMT ref: 00007FF6DF1340F5
GetLastError.KERNEL32(?,?,?,?,?,00007FF6DF125041), ref: 00007FF6DF1340FD

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Heap_errno$AllocDecodeErrorInformationLastPointerQuerySize
String ID:
API String ID: 3929725371-0
Opcode ID: 3ded3256c14fb62f75b116d95ab00d07554ede703091f98707094e04f39d00e1
Instruction ID: 290ed7cac01d656b00e9092f076c3eb21c8c8f95cb789bc090fe06f44b7bdfd2
Opcode Fuzzy Hash: 3ded3256c14fb62f75b116d95ab00d07554ede703091f98707094e04f39d00e1
Instruction Fuzzy Hash: 11218031B0869286FB209B61AC002BE63E9EB85B94F444632DA6DC7B95DF3DE5618700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF128880 Relevance: 10.6, APIs: 7, Instructions: 62windowCOMMON

Download Yara Rule

APIs

GetCapture.USER32 ref: 00007FF6DF12888D
SendMessageW.USER32 ref: 00007FF6DF1288A3
GetFocus.USER32 ref: 00007FF6DF1288C2
SendMessageW.USER32 ref: 00007FF6DF1288D8

Part of subcall function 00007FF6DF10D538: GetParent.USER32 ref: 00007FF6DF10D55E

GetLastActivePopup.USER32 ref: 00007FF6DF12890A
SendMessageW.USER32 ref: 00007FF6DF128920

Part of subcall function 00007FF6DF10D538: GetWindowLongW.USER32 ref: 00007FF6DF10D582
Part of subcall function 00007FF6DF10D538: GetParent.USER32 ref: 00007FF6DF10D591

SendMessageW.USER32 ref: 00007FF6DF12894D

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: MessageSend$Parent$ActiveCaptureFocusLastLongPopupWindow
String ID:
API String ID: 3194460488-0
Opcode ID: 98eec9f8b3616b1c63c1b81cfaf3bbd6c92b4e5ac1f481d937b64608750b5580
Instruction ID: 99f83bcbd7262040cbaa3b0a86762a0bf763b0b4b01d90e2bc92e5b2bc8961d6
Opcode Fuzzy Hash: 98eec9f8b3616b1c63c1b81cfaf3bbd6c92b4e5ac1f481d937b64608750b5580
Instruction Fuzzy Hash: 24214F30B0964352FE695B52BC62B7D13AC9F86B95F089437DD1E86B81EF2DA8714700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF13B984 Relevance: 10.6, APIs: 7, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

_FF_MSGBANNER.LIBCMT ref: 00007FF6DF13B9AB

Part of subcall function 00007FF6DF134A3C: GetModuleFileNameA.KERNEL32(?,?,?,?,?,00007FF6DF134C98,?,?,?,?,00007FF6DF13B9B0,?,?,00000000,00007FF6DF13BA8F), ref: 00007FF6DF134AFF

Part of subcall function 00007FF6DF133BB4: ExitProcess.KERNEL32 ref: 00007FF6DF133BC3

Part of subcall function 00007FF6DF1390F8: malloc.LIBCMT ref: 00007FF6DF139117
Part of subcall function 00007FF6DF1390F8: Sleep.KERNEL32(?,?,00000000,00007FF6DF13B9E5,?,?,00000000,00007FF6DF13BA8F,?,?,00000000,00007FF6DF135721,?,?,00000000,00007FF6DF1357D8), ref: 00007FF6DF13912E

_errno.LIBCMT ref: 00007FF6DF13B9ED
_lock.LIBCMT ref: 00007FF6DF13BA01
free.LIBCMT ref: 00007FF6DF13BA23
_errno.LIBCMT ref: 00007FF6DF13BA28
LeaveCriticalSection.KERNEL32(?,?,00000000,00007FF6DF13BA8F,?,?,00000000,00007FF6DF135721,?,?,00000000,00007FF6DF1357D8,?,?,00000018,00007FF6DF133831), ref: 00007FF6DF13BA4E

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: _errno$CriticalExitFileLeaveModuleNameProcessSectionSleep_lockfreemalloc
String ID:
API String ID: 1024173049-0
Opcode ID: 606bcd1683ceada143e1e1444a9589bdfc80a7c8fb06f0d19a773041cfda98d3
Instruction ID: 9e7c02c3717c593d8f3f18ea633b551b1778a1300acc2d675817f448367aa354
Opcode Fuzzy Hash: 606bcd1683ceada143e1e1444a9589bdfc80a7c8fb06f0d19a773041cfda98d3
Instruction Fuzzy Hash: 66213831E09A8282F664EB11AC4477D63DCEF85794F445136EA4EC67D6EF7CE4608344

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF125820 Relevance: 10.5, APIs: 7, Instructions: 27COMMONLIBRARYCODE

Download Yara Rule

APIs

GetSysColor.USER32 ref: 00007FF6DF12582E
GetSysColor.USER32 ref: 00007FF6DF12583C
GetSysColor.USER32 ref: 00007FF6DF12584A
GetSysColor.USER32 ref: 00007FF6DF125858
GetSysColor.USER32 ref: 00007FF6DF125866
GetSysColorBrush.USER32 ref: 00007FF6DF125874
GetSysColorBrush.USER32 ref: 00007FF6DF125883

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Color$Brush
String ID:
API String ID: 2798902688-0
Opcode ID: 528d0962dfefea9aaee6e0d62c3eada7fc49475c032f6f3514a60521d3bed87b
Instruction ID: 83dde980f260a2c0edd8322a62c338faccdec90d03eeaa87ce5c97e0667b36c6
Opcode Fuzzy Hash: 528d0962dfefea9aaee6e0d62c3eada7fc49475c032f6f3514a60521d3bed87b
Instruction Fuzzy Hash: ACF0C475D0470193E7145FB0A86822C2BA9FB48B05F00213ACA5A87394DF3D98E48780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF1680A0 Relevance: 9.3, APIs: 6, Instructions: 315windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32 ref: 00007FF6DF168176
SendMessageW.USER32 ref: 00007FF6DF168215
MultiByteToWideChar.KERNEL32 ref: 00007FF6DF16823A
MultiByteToWideChar.KERNEL32 ref: 00007FF6DF168287
GetTextExtentPoint32W.GDI32 ref: 00007FF6DF168400
SendMessageW.USER32 ref: 00007FF6DF168483

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: MessageSend$ByteCharMultiWide$ExtentPoint32Text
String ID:
API String ID: 4238442269-0
Opcode ID: 0f353173857a4f24810393c5cab9b3bde2bd0b798802cd2b347396b8c39a7aae
Instruction ID: 8250d1e88c64170b8aeb901598dbe41c53f37afbf611ec7f2a9bc5f0661899b0
Opcode Fuzzy Hash: 0f353173857a4f24810393c5cab9b3bde2bd0b798802cd2b347396b8c39a7aae
Instruction Fuzzy Hash: 24D19376608A8186D724CF2AE84436E77A8FB84B94F148136EB5D87B98DF7CD850CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF1735E0 Relevance: 9.2, APIs: 6, Instructions: 214windowCOMMON

Download Yara Rule

APIs

CreateBitmap.GDI32 ref: 00007FF6DF173680
CreateBitmap.GDI32 ref: 00007FF6DF17375C
DrawStateW.USER32 ref: 00007FF6DF173852
SelectObject.GDI32 ref: 00007FF6DF173865
DeleteObject.GDI32 ref: 00007FF6DF173872
DeleteObject.GDI32 ref: 00007FF6DF17387C

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Object$BitmapCreateDelete$DrawSelectState
String ID:
API String ID: 3598260159-0
Opcode ID: 173fc66c00ffd66da6beb057395e325198f0425f64b9e45a60d562a34178df26
Instruction ID: da69b447fb7ea66e563efc57a23900a3c8e6a7e37c295c6eaf71a6e407db370b
Opcode Fuzzy Hash: 173fc66c00ffd66da6beb057395e325198f0425f64b9e45a60d562a34178df26
Instruction Fuzzy Hash: 1EA15A76A08791DBD714CF1AE94066EB7A4F788B94F14812AEB4D83B54CF39E4B1CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF175010 Relevance: 9.2, APIs: 6, Instructions: 172windowCOMMON

Download Yara Rule

APIs

GetIconInfo.USER32 ref: 00007FF6DF1750C6
DeleteObject.GDI32 ref: 00007FF6DF1750F5
DeleteObject.GDI32 ref: 00007FF6DF175100
GetObjectW.GDI32 ref: 00007FF6DF1751CB
DeleteObject.GDI32 ref: 00007FF6DF175287
DeleteObject.GDI32 ref: 00007FF6DF175290

Part of subcall function 00007FF6DF172FF0: free.LIBCMT ref: 00007FF6DF17307E
Part of subcall function 00007FF6DF172FF0: free.LIBCMT ref: 00007FF6DF173090

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Object$Delete$free$IconInfo
String ID:
API String ID: 2019044569-0
Opcode ID: 5107310ceb9cc3fea3334640e95fd952fd4f2369cb2141eee99e02917581af58
Instruction ID: 27db07ec96bf8eeb3ea245b339a6559f3b0b01559f708dbff4d6ffe421d8b8a5
Opcode Fuzzy Hash: 5107310ceb9cc3fea3334640e95fd952fd4f2369cb2141eee99e02917581af58
Instruction Fuzzy Hash: BC615F31E1C682C1EA20EB52EC512BEA359EF95BD0F444133EE4E8779ADF2CD5558740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF15B3A0 Relevance: 9.1, APIs: 6, Instructions: 143COMMON

Download Yara Rule

APIs

GetPixel.GDI32 ref: 00007FF6DF15B42C
GetPixel.GDI32 ref: 00007FF6DF15B447
GetPixel.GDI32 ref: 00007FF6DF15B49A
GetPixel.GDI32 ref: 00007FF6DF15B4DA
GetPixel.GDI32 ref: 00007FF6DF15B51A
GetPixel.GDI32 ref: 00007FF6DF15B53B

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Pixel
String ID:
API String ID: 3195210534-0
Opcode ID: 94e7f5d96fb854f9fecc48e57c9c5071b52b81d2f8b7cf645e040d13a5144028
Instruction ID: 42724c9c5dadf84e6a671b16ea0a849295c25d8013f5d39654b19e4a7ff59d5f
Opcode Fuzzy Hash: 94e7f5d96fb854f9fecc48e57c9c5071b52b81d2f8b7cf645e040d13a5144028
Instruction Fuzzy Hash: 5751B132B18A9186D320CF25E88463E77A9FB94B80F559036DE4EC3745CF7AE8958B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF166B70 Relevance: 9.1, APIs: 6, Instructions: 91windowCOMMON

Download Yara Rule

APIs

GetClientRect.USER32 ref: 00007FF6DF166BBA

Part of subcall function 00007FF6DF170AD0: CreateCompatibleDC.GDI32 ref: 00007FF6DF170B3E
Part of subcall function 00007FF6DF170AD0: CreateCompatibleBitmap.GDI32 ref: 00007FF6DF170B60
Part of subcall function 00007FF6DF170AD0: SelectObject.GDI32 ref: 00007FF6DF170B81

Part of subcall function 00007FF6DF12BD28: SetBkColor.GDI32 ref: 00007FF6DF12BD60
Part of subcall function 00007FF6DF12BD28: ExtTextOutW.GDI32 ref: 00007FF6DF12BD8B

SendMessageW.USER32 ref: 00007FF6DF166C0B
SelectObject.GDI32 ref: 00007FF6DF166C1C

Part of subcall function 00007FF6DF110764: GetDlgCtrlID.USER32 ref: 00007FF6DF110776

GetParent.USER32 ref: 00007FF6DF166C87
SendMessageW.USER32 ref: 00007FF6DF166CB1

Part of subcall function 00007FF6DF166A00: SendMessageW.USER32 ref: 00007FF6DF166A2F
Part of subcall function 00007FF6DF166A00: SendMessageW.USER32 ref: 00007FF6DF166A63
Part of subcall function 00007FF6DF166A00: SendMessageW.USER32 ref: 00007FF6DF166A97

SelectObject.GDI32 ref: 00007FF6DF166CD2

Part of subcall function 00007FF6DF170BB0: BitBlt.GDI32 ref: 00007FF6DF170C10
Part of subcall function 00007FF6DF170BB0: SelectObject.GDI32 ref: 00007FF6DF170C1E

Part of subcall function 00007FF6DF14C650: EndPaint.USER32 ref: 00007FF6DF14C67E

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: MessageSend$ObjectSelect$CompatibleCreate$BitmapClientColorCtrlPaintParentRectText
String ID:
API String ID: 1922078713-0
Opcode ID: bcd2e8d9d14620a96c3bff9e81976fcfa57da782559f83fae389c4c1b8504a60
Instruction ID: a0667a94b5271cac9a2c0168d3e4aef74845b53f6c3be0913defedfa978b7570
Opcode Fuzzy Hash: bcd2e8d9d14620a96c3bff9e81976fcfa57da782559f83fae389c4c1b8504a60
Instruction Fuzzy Hash: 3A416332608BC592DB20DB21EC502AE7369FBC9B94F404132DA9E87B59DF3DD955CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF1168EC Relevance: 9.1, APIs: 6, Instructions: 80COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32 ref: 00007FF6DF116959
GetParent.USER32 ref: 00007FF6DF116968
GetParent.USER32 ref: 00007FF6DF116987
GetLastActivePopup.USER32 ref: 00007FF6DF11699F
IsWindowEnabled.USER32 ref: 00007FF6DF1169B5
EnableWindow.USER32(?,?,?,00007FF6DF114C27), ref: 00007FF6DF1169CC

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Window$Parent$ActiveEnableEnabledLastLongPopup
String ID:
API String ID: 670545878-0
Opcode ID: 8df2bea0b6606931e5b22fe9c2b9e1bf3ba78115104372450cb8ee8a840d1948
Instruction ID: c535b28f59a06b91a1cd80753e1c0e49eebc273ef65ede99ca207551a0941df0
Opcode Fuzzy Hash: 8df2bea0b6606931e5b22fe9c2b9e1bf3ba78115104372450cb8ee8a840d1948
Instruction Fuzzy Hash: 3E313031A0EA5686ED555B16AD2027C73986F64F90F0C4436DE4E87755EF2DE4608240

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF129024 Relevance: 9.1, APIs: 6, Instructions: 75windowCOMMON

Download Yara Rule

APIs

GetParent.USER32 ref: 00007FF6DF12904B
GetWindow.USER32 ref: 00007FF6DF12907A
GetWindow.USER32 ref: 00007FF6DF129096
GetWindowLongW.USER32 ref: 00007FF6DF1290B0
IsWindowVisible.USER32 ref: 00007FF6DF1290C6
GetTopWindow.USER32 ref: 00007FF6DF1290EE

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Window$LongParentVisible
String ID:
API String ID: 506644340-0
Opcode ID: 5892a98dc3194ad4a4c90beb44e44539ee8e7eaa49d8d5e5ae88b9b1584d5c0a
Instruction ID: 0285b5dae72a5a073721a084a679384f50af7c9b3a2c3cc9dacab94a184f79b6
Opcode Fuzzy Hash: 5892a98dc3194ad4a4c90beb44e44539ee8e7eaa49d8d5e5ae88b9b1584d5c0a
Instruction Fuzzy Hash: 92215E30B09A0281EE28D79B9D2633C535DAF8ABD4F484036DD4EC7785EF2EE4609200

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF161A80 Relevance: 9.1, APIs: 6, Instructions: 72COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6DF170200: IsWindow.USER32 ref: 00007FF6DF170213
Part of subcall function 00007FF6DF170200: GetWindowRect.USER32 ref: 00007FF6DF170223

GetWindowLongW.USER32 ref: 00007FF6DF161AD8
GetWindowLongW.USER32 ref: 00007FF6DF161AEC
GetWindowLongW.USER32 ref: 00007FF6DF161B00
GetParent.USER32 ref: 00007FF6DF161B15
GetWindowLongW.USER32 ref: 00007FF6DF161B35
ClientToScreen.USER32 ref: 00007FF6DF161B5F

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Window$Long$ClientParentRectScreen
String ID:
API String ID: 609460086-0
Opcode ID: aea63a67090b5f7d2b520d00bd11cf90e3a2fb941350990ad6e39579c75540f1
Instruction ID: 0b0d7c0b67755212f2f28a8a6c7e5be9009d5d27b6a8004e2742d00bca7e35f2
Opcode Fuzzy Hash: aea63a67090b5f7d2b520d00bd11cf90e3a2fb941350990ad6e39579c75540f1
Instruction Fuzzy Hash: 0D21C335A0C68182EA00CB15E95527EB365FF88FE0F445132EDAED7B99DF2CE4658780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF167D00 Relevance: 9.1, APIs: 6, Instructions: 60windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32 ref: 00007FF6DF167D2B
SendMessageW.USER32 ref: 00007FF6DF167D51
PtInRect.USER32 ref: 00007FF6DF167D61
SendMessageW.USER32 ref: 00007FF6DF167D7C
InvalidateRect.USER32 ref: 00007FF6DF167DAF
_TrackMouseEvent.COMCTL32 ref: 00007FF6DF167DE4

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: MessageSend$Rect$EventInvalidateMouseTrack
String ID:
API String ID: 1843465466-0
Opcode ID: edbd54dd6b96909cf3f03a4aff5bb0bab0d2008a8d79903492b5a30d5570f12a
Instruction ID: efe874c10bda63f5326d99c1fe07f02c02f9d25a842a018c1c57a7bb74460005
Opcode Fuzzy Hash: edbd54dd6b96909cf3f03a4aff5bb0bab0d2008a8d79903492b5a30d5570f12a
Instruction Fuzzy Hash: 06215832608642C2E7608F25F85467E7768FBC4B98F440732EA9D87B98DF3CD5558B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF142E14 Relevance: 9.1, APIs: 6, Instructions: 58COMMONLIBRARYCODE

Download Yara Rule

APIs

__initconout.LIBCMT ref: 00007FF6DF142E42

Part of subcall function 00007FF6DF14629C: CreateFileA.KERNEL32 ref: 00007FF6DF1462C5

WriteConsoleW.KERNEL32 ref: 00007FF6DF142E6E
GetLastError.KERNEL32 ref: 00007FF6DF142E89
GetConsoleOutputCP.KERNEL32(?,?,?,?,00007FF6DF13FF20,?,?,?,00000001,00000000,?,00000001,00007FF6DF140424), ref: 00007FF6DF142E9B
WideCharToMultiByte.KERNEL32 ref: 00007FF6DF142ECE
WriteConsoleA.KERNEL32 ref: 00007FF6DF142EF4

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Console$Write$ByteCharCreateErrorFileLastMultiOutputWide__initconout
String ID:
API String ID: 2210154019-0
Opcode ID: 1a357aaeceec765fd3aba9e4cb0b200eb9afee255f0be4bac46e82fe312230d6
Instruction ID: 02bf8af3da91f026ad8635f77b77059d988d570fafe5361d794a2aad148656dd
Opcode Fuzzy Hash: 1a357aaeceec765fd3aba9e4cb0b200eb9afee255f0be4bac46e82fe312230d6
Instruction Fuzzy Hash: 85314531A08A8282E7108B50EC5437E6368FFC9779F900336EA6D865E4DF7DE995C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF16BFC0 Relevance: 9.1, APIs: 6, Instructions: 53windowCOMMON

Download Yara Rule

APIs

GetSysColor.USER32 ref: 00007FF6DF16BFED
SendMessageW.USER32 ref: 00007FF6DF16C002
GetSysColor.USER32 ref: 00007FF6DF16C020
SendMessageW.USER32 ref: 00007FF6DF16C035
GetSysColor.USER32 ref: 00007FF6DF16C053
SendMessageW.USER32 ref: 00007FF6DF16C068

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: ColorMessageSend
String ID:
API String ID: 879081977-0
Opcode ID: 65fa9f70540e21ad267a5a61cc827bc762bce14a5712cc6ce44531ed95401996
Instruction ID: 5cf90f65ca750a9f51b607cf781e40d0792a31fe3938e49c8fe49382325f42cc
Opcode Fuzzy Hash: 65fa9f70540e21ad267a5a61cc827bc762bce14a5712cc6ce44531ed95401996
Instruction Fuzzy Hash: 95117F35B1899283E3649B5A9C1073E575DEFC4B85F145036ED1E83B84DF3ED8514780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF167050 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 292windowCOMMON

Download Yara Rule

APIs

GetClientRect.USER32 ref: 00007FF6DF167086
SendMessageW.USER32 ref: 00007FF6DF1670FD
SendMessageW.USER32 ref: 00007FF6DF16714B
GetWindowLongW.USER32 ref: 00007FF6DF167162

Part of subcall function 00007FF6DF12BF1C: SetBkColor.GDI32 ref: 00007FF6DF12BF46
Part of subcall function 00007FF6DF12BF1C: ExtTextOutW.GDI32 ref: 00007FF6DF12BF92

Strings

EDIT, xrefs: 00007FF6DF1671A1, 00007FF6DF167256

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: MessageSend$ClientColorLongRectTextWindow
String ID: EDIT
API String ID: 3055576931-3080729518
Opcode ID: 988e9cc7b602324d3ebc1dc5cb5679065bcb6b382ffbd292864b381f667c7349
Instruction ID: 5903c110aea5d8dc14de7e881e90e34d7a35dae8827e5c9d66ec5b39f85f9f0d
Opcode Fuzzy Hash: 988e9cc7b602324d3ebc1dc5cb5679065bcb6b382ffbd292864b381f667c7349
Instruction Fuzzy Hash: A5C19432A1C68287DB24DF15E84066EB765FB94754F005236FB8D87A89DF7CE854CB80

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF135780 Relevance: 9.0, APIs: 6, Instructions: 37threadCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00000018,00007FF6DF133831,?,?,?,?,00007FF6DF131C1A,?,?,00000018,00007FF6DF10630C), ref: 00007FF6DF13578A
FlsGetValue.KERNEL32(?,?,00000018,00007FF6DF133831,?,?,?,?,00007FF6DF131C1A,?,?,00000018,00007FF6DF10630C), ref: 00007FF6DF135798
SetLastError.KERNEL32(?,?,00000018,00007FF6DF133831,?,?,?,?,00007FF6DF131C1A,?,?,00000018,00007FF6DF10630C), ref: 00007FF6DF1357F0

Part of subcall function 00007FF6DF139164: Sleep.KERNEL32(?,?,00000000,00007FF6DF1357B3,?,?,00000018,00007FF6DF133831,?,?,?,?,00007FF6DF131C1A,?,?,00000018), ref: 00007FF6DF1391A9

FlsSetValue.KERNEL32(?,?,00000018,00007FF6DF133831,?,?,?,?,00007FF6DF131C1A,?,?,00000018,00007FF6DF10630C), ref: 00007FF6DF1357C4
free.LIBCMT ref: 00007FF6DF1357E7

Part of subcall function 00007FF6DF1356CC: _lock.LIBCMT ref: 00007FF6DF13571C
Part of subcall function 00007FF6DF1356CC: _lock.LIBCMT ref: 00007FF6DF13573C

GetCurrentThreadId.KERNEL32 ref: 00007FF6DF1357D8

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: ErrorLastValue_lock$CurrentSleepThreadfree
String ID:
API String ID: 3106088686-0
Opcode ID: 1f2af31ef81b004980eed92e759c964de1504de27b8f3224ed7b07ded4e48da5
Instruction ID: 040f35c329f76175d54bb10b29b798db9a20f89e2807442e68b108cb32a28c9e
Opcode Fuzzy Hash: 1f2af31ef81b004980eed92e759c964de1504de27b8f3224ed7b07ded4e48da5
Instruction Fuzzy Hash: 1E012134E0974382FB549B659C4403C63E9AF48BA0F584635D93DC63D5EF3CF4A58650

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF12516C Relevance: 9.0, APIs: 6, Instructions: 37COMMON

Download Yara Rule

APIs

ClientToScreen.USER32 ref: 00007FF6DF12517E
GetWindow.USER32 ref: 00007FF6DF12518C
GetDlgCtrlID.USER32 ref: 00007FF6DF12519D
GetWindowLongW.USER32 ref: 00007FF6DF1251B2
GetWindowRect.USER32 ref: 00007FF6DF1251C6
PtInRect.USER32 ref: 00007FF6DF1251D6

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Window$Rect$ClientCtrlLongScreen
String ID:
API String ID: 1315500227-0
Opcode ID: ce26e5db21f842cd8ae7bde679594abbcfa8ba941b15f1965145b091253dd1e5
Instruction ID: c8b76b50a1627d2ecd96507903c8e15b76ad983044283e14ddcc2355144a80e0
Opcode Fuzzy Hash: ce26e5db21f842cd8ae7bde679594abbcfa8ba941b15f1965145b091253dd1e5
Instruction Fuzzy Hash: 1501A234A1860382FA208B55AC5513E936CBF86B88F540432CD9FC67A8DF3DDAA4D640

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF169230 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6DF170320: IsWindow.USER32 ref: 00007FF6DF170343
Part of subcall function 00007FF6DF170320: GetClientRect.USER32 ref: 00007FF6DF17035C

Part of subcall function 00007FF6DF11062C: GetWindowLongW.USER32 ref: 00007FF6DF110643

SendMessageW.USER32 ref: 00007FF6DF169295
GetSystemMetrics.USER32 ref: 00007FF6DF1692BF
GetSystemMetrics.USER32 ref: 00007FF6DF1692E4
GetSystemMetrics.USER32 ref: 00007FF6DF1692FB

Strings

VUUU, xrefs: 00007FF6DF1692CD

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: MetricsSystem$Window$ClientLongMessageRectSend
String ID: VUUU
API String ID: 2794521419-2040033107
Opcode ID: fcfb9e3f2ca7773f574b09e52db66199ff241fc7a6cb3a8fbab3c018467fa589
Instruction ID: d4b230ae448397d3aba99380335b23a2d7f04d0615fa77c9184a289f5619a903
Opcode Fuzzy Hash: fcfb9e3f2ca7773f574b09e52db66199ff241fc7a6cb3a8fbab3c018467fa589
Instruction Fuzzy Hash: 6B513B72A086818BD724CF29E44576EB7A4F789748F404236EB8987B98DF3DE911CF40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF105170 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 89windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32 ref: 00007FF6DF10525F

Part of subcall function 00007FF6DF115B40: GetActiveWindow.USER32(?,?,?,?,00007FF6DF103132), ref: 00007FF6DF115B56

Part of subcall function 00007FF6DF110578: GetDlgItem.USER32 ref: 00007FF6DF11058A

Part of subcall function 00007FF6DF11083C: EnableWindow.USER32 ref: 00007FF6DF11084E

SendMessageW.USER32 ref: 00007FF6DF10529F
SendMessageW.USER32 ref: 00007FF6DF1052B4

Part of subcall function 00007FF6DF1106F4: IsWindow.USER32 ref: 00007FF6DF110713
Part of subcall function 00007FF6DF1106F4: SetWindowTextW.USER32 ref: 00007FF6DF11073E

Strings

Stop, xrefs: 00007FF6DF10520E
Puran Wipe Disk, xrefs: 00007FF6DF1052D0

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Window$MessageSend$ActiveEnableItemText
String ID: Puran Wipe Disk$Stop
API String ID: 940483171-1265279063
Opcode ID: 367bab6e617e9a2d2ea722bb25bcde3e57521005ccbb68d2fd6e625705046afd
Instruction ID: 361b9350784908ed37daae82a071c4aa2d95df94da2c83a2a21dbb2db03d75ef
Opcode Fuzzy Hash: 367bab6e617e9a2d2ea722bb25bcde3e57521005ccbb68d2fd6e625705046afd
Instruction Fuzzy Hash: 2F416D31E0864382FB54EB62EC616BD2369AFE4744F90403AD91D8B7A6EF3DE565C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF10BB1C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 88windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32 ref: 00007FF6DF10BC08
GetWindowLongPtrW.USER32 ref: 00007FF6DF10BC17
GetWindowLongPtrW.USER32 ref: 00007FF6DF10BC31
SetWindowLongPtrW.USER32 ref: 00007FF6DF10BC59

Strings

@, xrefs: 00007FF6DF10BBF8

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: LongWindow$MessageSend
String ID: @
API String ID: 2178440468-2766056989
Opcode ID: 1fb19332bb60143d614d93c56f39c6d22e10b1b0207f11254e770c2d1ea1fc7c
Instruction ID: 031c68db7b2686c7b1eb3c60d0bbb2fa5d4925ca63736c2bb7fd55c037c9891d
Opcode Fuzzy Hash: 1fb19332bb60143d614d93c56f39c6d22e10b1b0207f11254e770c2d1ea1fc7c
Instruction Fuzzy Hash: B4415B32A08A4292EB64DB26D95437C33A8FF84B94F184136DA1D87795CF7DE8B4C340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF103DE0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 52COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6DF101350: malloc.LIBCMT ref: 00007FF6DF101367
Part of subcall function 00007FF6DF101350: GetModuleFileNameW.KERNEL32 ref: 00007FF6DF101396

ShellExecuteW.SHELL32 ref: 00007FF6DF103E51
free.LIBCMT ref: 00007FF6DF103E5A

Strings

Open, xrefs: 00007FF6DF103E48
Help not found. Please re-install, xrefs: 00007FF6DF103E23
help\Wipe_Disk.chm, xrefs: 00007FF6DF103E09

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: ExecuteFileModuleNameShellfreemalloc
String ID: Help not found. Please re-install$Open$help\Wipe_Disk.chm
API String ID: 3573483854-604648083
Opcode ID: daf41f81c8d50b14ee57fbc1fff30c580ab33c7be8de1bdb9f01082dbdbc0160
Instruction ID: 467cbc97bfcb778f08b549b922973334e1a479cc1e4745cf433ab9772be16c64
Opcode Fuzzy Hash: daf41f81c8d50b14ee57fbc1fff30c580ab33c7be8de1bdb9f01082dbdbc0160
Instruction Fuzzy Hash: A5219F32A1864692E7209B11EC507BD2368EF96B90F504233D96C83BD5DF7DE966C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF102BE0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 51COMMON

Download Yara Rule

APIs

malloc.LIBCMT ref: 00007FF6DF102C27

Part of subcall function 00007FF6DF131B7C: _FF_MSGBANNER.LIBCMT ref: 00007FF6DF131BAC
Part of subcall function 00007FF6DF131B7C: RtlAllocateHeap.NTDLL(?,?,00000018,00007FF6DF10630C), ref: 00007FF6DF131BD1
Part of subcall function 00007FF6DF131B7C: _errno.LIBCMT ref: 00007FF6DF131BF5
Part of subcall function 00007FF6DF131B7C: _errno.LIBCMT ref: 00007FF6DF131C00

ShellExecuteW.SHELL32 ref: 00007FF6DF102C88
free.LIBCMT ref: 00007FF6DF102C91

Strings

Open, xrefs: 00007FF6DF102C69
-default-browser-puran, xrefs: 00007FF6DF102C08, 00007FF6DF102C5A

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: _errno$AllocateExecuteHeapShellfreemalloc
String ID: -default-browser-puran$Open
API String ID: 684486406-464411665
Opcode ID: 74e74d4c8b068e43fa950759ed56a41fc99dcc8de950ca3577b53c1f5e3996c2
Instruction ID: 7f84ffdbf1bf5d2ca793b58d4a66374488eb5c4b3f5a4e3d59718eda2d3f9656
Opcode Fuzzy Hash: 74e74d4c8b068e43fa950759ed56a41fc99dcc8de950ca3577b53c1f5e3996c2
Instruction Fuzzy Hash: F2114C31A0874291EA149F16AC001AEA7A4EF8ABC0F48453AEE8D57759DFBDE4B18744

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF13EA48 Relevance: 8.8, APIs: 7, Instructions: 36COMMONLIBRARYCODE

Download Yara Rule

APIs

free.LIBCMT ref: 00007FF6DF13EA66

Part of subcall function 00007FF6DF131D18: RtlRestoreThreadPreferredUILanguages.NTDLL(?,?,00000000,00007FF6DF1357EC,?,?,00000018,00007FF6DF133831,?,?,?,?,00007FF6DF131C1A,?,?,00000018), ref: 00007FF6DF131D2E
Part of subcall function 00007FF6DF131D18: _errno.LIBCMT ref: 00007FF6DF131D38
Part of subcall function 00007FF6DF131D18: GetLastError.KERNEL32(?,?,00000000,00007FF6DF1357EC,?,?,00000018,00007FF6DF133831,?,?,?,?,00007FF6DF131C1A,?,?,00000018), ref: 00007FF6DF131D40

free.LIBCMT ref: 00007FF6DF13EA78
free.LIBCMT ref: 00007FF6DF13EA8A
free.LIBCMT ref: 00007FF6DF13EA9C
free.LIBCMT ref: 00007FF6DF13EAAE
free.LIBCMT ref: 00007FF6DF13EAC0
free.LIBCMT ref: 00007FF6DF13EAD2

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: free$ErrorLanguagesLastPreferredRestoreThread_errno
String ID:
API String ID: 3144437221-0
Opcode ID: 7ae3fbd4cc79a0d219619f1d4fadf229309072047e352cf68c8c90a873d5fdfd
Instruction ID: 8bec240d222d64aa4f1390c17fd8620249d5efd43916cf739aca5b797b34c3b5
Opcode Fuzzy Hash: 7ae3fbd4cc79a0d219619f1d4fadf229309072047e352cf68c8c90a873d5fdfd
Instruction Fuzzy Hash: CA018772E0890291EA94EB61DCA507C63A9BF96745F540033E50EE7596CF6DF8B48390

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF15DDB0 Relevance: 7.8, APIs: 5, Instructions: 259COMMON

Download Yara Rule

APIs

CreateCompatibleDC.GDI32 ref: 00007FF6DF15DE61

Part of subcall function 00007FF6DF111658: GetLastError.KERNEL32 ref: 00007FF6DF11166F
Part of subcall function 00007FF6DF111658: SetLastError.KERNEL32 ref: 00007FF6DF11169A

Part of subcall function 00007FF6DF171670: CreateDIBSection.GDI32 ref: 00007FF6DF1716E5

Part of subcall function 00007FF6DF170600: CreateCompatibleDC.GDI32 ref: 00007FF6DF170643
Part of subcall function 00007FF6DF170600: SelectObject.GDI32 ref: 00007FF6DF17065B

DrawStateW.USER32 ref: 00007FF6DF15DF18

Part of subcall function 00007FF6DF170680: SelectObject.GDI32 ref: 00007FF6DF1706A8

Part of subcall function 00007FF6DF1116C0: GetLastError.KERNEL32 ref: 00007FF6DF1116CA
Part of subcall function 00007FF6DF1116C0: SetLastError.KERNEL32 ref: 00007FF6DF1116F5

Part of subcall function 00007FF6DF119254: DeleteDC.GDI32 ref: 00007FF6DF119271

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: ErrorLast$Create$CompatibleObjectSelect$DeleteDrawSectionState
String ID:
API String ID: 2556459923-0
Opcode ID: 81c2085d1321aed01ada75518cc3c173be58e0db285cc657fa38be7e0aff245e
Instruction ID: c531c79b022a12b85cc154b908253c05351abd1d69f38fb447b517b0230b8900
Opcode Fuzzy Hash: 81c2085d1321aed01ada75518cc3c173be58e0db285cc657fa38be7e0aff245e
Instruction Fuzzy Hash: 83C12972A087C186E724DF15E8403AEB7A4FBD8754F10413AEB9983B98DF78E455CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF135328 Relevance: 7.7, APIs: 5, Instructions: 199COMMON

Download Yara Rule

APIs

GetStartupInfoA.KERNEL32 ref: 00007FF6DF13534D

Part of subcall function 00007FF6DF139164: Sleep.KERNEL32(?,?,00000000,00007FF6DF1357B3,?,?,00000018,00007FF6DF133831,?,?,?,?,00007FF6DF131C1A,?,?,00000018), ref: 00007FF6DF1391A9

GetFileType.KERNEL32 ref: 00007FF6DF1354CA

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: FileInfoSleepStartupType
String ID:
API String ID: 1527402494-0
Opcode ID: 602ddde4b7225cc84213495808662997d4c2921db4f952810da9f66e68df7727
Instruction ID: 2b0163f5cfce2b90e4c10760283550822aba5fee874169edcaa1bb497a3986e0
Opcode Fuzzy Hash: 602ddde4b7225cc84213495808662997d4c2921db4f952810da9f66e68df7727
Instruction Fuzzy Hash: A4915B32A1869285EB148B24DC4822C3BEDBB45B74F658736C67E862D1DF3DF8628711

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF12DB4C Relevance: 7.6, APIs: 5, Instructions: 147memoryCOMMON

Download Yara Rule

APIs

SysAllocString.OLEAUT32 ref: 00007FF6DF12DBDA
SysAllocString.OLEAUT32 ref: 00007FF6DF12DC1F
SysAllocString.OLEAUT32 ref: 00007FF6DF12DC89
SysAllocString.OLEAUT32 ref: 00007FF6DF12DCD1
SysAllocString.OLEAUT32 ref: 00007FF6DF12DD26

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: AllocString
String ID:
API String ID: 2525500382-0
Opcode ID: 47971ee5ab7e75ca9b29295316f3df9081757052e6ff31c4aff780ce4bc51429
Instruction ID: 2f5a541d6891888a44cb14111020f2365f9b2d487bdc30901d40e2e07b2d9e75
Opcode Fuzzy Hash: 47971ee5ab7e75ca9b29295316f3df9081757052e6ff31c4aff780ce4bc51429
Instruction Fuzzy Hash: 2061A276A05E4583E710DB2AE84126D73A4FB89BB4F444232DA2D837D1DF7CE8A5C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF188B8C Relevance: 7.6, APIs: 5, Instructions: 93COMMON

Download Yara Rule

APIs

__doserrno.LIBCMT ref: 00007FF6DF188BB8
__doserrno.LIBCMT ref: 00007FF6DF188C16
__doserrno.LIBCMT ref: 00007FF6DF188C40
__doserrno.LIBCMT ref: 00007FF6DF188C6A
__doserrno.LIBCMT ref: 00007FF6DF188C93

Part of subcall function 00007FF6DF18B328: _errno.LIBCMT ref: 00007FF6DF18B350

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: __doserrno$_errno
String ID:
API String ID: 1214080605-0
Opcode ID: bc0c8343481da9a59b2524b4b824e3dfdb8fbfff4c3a4743df2b44f31171fcca
Instruction ID: dc0c4bc81bd4a92f329c718a2e6f3278a928582df5c3aa0c2bcecb2b978ca0e3
Opcode Fuzzy Hash: bc0c8343481da9a59b2524b4b824e3dfdb8fbfff4c3a4743df2b44f31171fcca
Instruction Fuzzy Hash: 8031D272A0454542E718AB66DD421AC2365FF88B90F684636DB2D837DBCF29E8728340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF131FE8 Relevance: 7.6, APIs: 5, Instructions: 72COMMONLIBRARYCODE

Download Yara Rule

APIs

DecodePointer.KERNEL32(?,?,?,00007FF6DF1320F9), ref: 00007FF6DF132011
DecodePointer.KERNEL32(?,?,?,00007FF6DF1320F9), ref: 00007FF6DF132020

Part of subcall function 00007FF6DF134124: _errno.LIBCMT ref: 00007FF6DF13412D

EncodePointer.KERNEL32(?,?,?,00007FF6DF1320F9), ref: 00007FF6DF13209D

Part of subcall function 00007FF6DF1391E8: realloc.LIBCMT ref: 00007FF6DF139213
Part of subcall function 00007FF6DF1391E8: Sleep.KERNEL32(?,?,00000000,00007FF6DF13208D,?,?,?,00007FF6DF1320F9), ref: 00007FF6DF13922F

EncodePointer.KERNEL32(?,?,?,00007FF6DF1320F9), ref: 00007FF6DF1320AC
EncodePointer.KERNEL32(?,?,?,00007FF6DF1320F9), ref: 00007FF6DF1320B8

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Pointer$Encode$Decode$Sleep_errnorealloc
String ID:
API String ID: 1310268301-0
Opcode ID: 0f633847f963d530646c041c3f415f8e43f4716d31fe4f6651b5600fd95f55a4
Instruction ID: 4bfda50d06db00d63c1fc8975cc84a251af2beec657bd5ce91a38a79912a3097
Opcode Fuzzy Hash: 0f633847f963d530646c041c3f415f8e43f4716d31fe4f6651b5600fd95f55a4
Instruction Fuzzy Hash: 4B219071B0A6A644EE10AB62EC440BE63E9BB45BC0F444837D94D9B79ADF7DF4A5C300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF16E000 Relevance: 7.6, APIs: 5, Instructions: 54windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32 ref: 00007FF6DF16E02A
SendMessageW.USER32 ref: 00007FF6DF16E04F
SendMessageW.USER32 ref: 00007FF6DF16E074
SendMessageW.USER32 ref: 00007FF6DF16E099
SendMessageW.USER32 ref: 00007FF6DF16E0BE

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 790c762cb1f2df870c286a68caafb5f458f5fb39338b556792379a9a9db5af25
Instruction ID: 7cf3a7b659bc21190475c43e88f402645f5c5d618a129a8f425e54ce56ec2472
Opcode Fuzzy Hash: 790c762cb1f2df870c286a68caafb5f458f5fb39338b556792379a9a9db5af25
Instruction Fuzzy Hash: 41112B3470464282F758AB26E821B6E1759EBCDF9AF105032CD0ECBB86DF3ED4964744

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF16DED0 Relevance: 7.6, APIs: 5, Instructions: 54windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32 ref: 00007FF6DF16DEFA
SendMessageW.USER32 ref: 00007FF6DF16DF1F
SendMessageW.USER32 ref: 00007FF6DF16DF44
SendMessageW.USER32 ref: 00007FF6DF16DF69
SendMessageW.USER32 ref: 00007FF6DF16DF8E

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 762f913d0566ccd507898376ad7e4d4c86f4bbd60b153d0fcbf4667dad962c0a
Instruction ID: 9c3e1ea434ca01e089c4e9b5f7fb664ed596aaa5470540e58229e7fd5857f721
Opcode Fuzzy Hash: 762f913d0566ccd507898376ad7e4d4c86f4bbd60b153d0fcbf4667dad962c0a
Instruction Fuzzy Hash: 4611193470454283F758AB26E811B6A175AABCDF9AF105032CD0ECBB86EE2ED4A54744

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF12BD9C Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

GetMapMode.GDI32 ref: 00007FF6DF12BDBA
GetDeviceCaps.GDI32 ref: 00007FF6DF12BDFD
GetDeviceCaps.GDI32 ref: 00007FF6DF12BE0E

Part of subcall function 00007FF6DF118F88: GetWindowExtEx.GDI32 ref: 00007FF6DF118FA1
Part of subcall function 00007FF6DF118F88: GetViewportExtEx.GDI32 ref: 00007FF6DF118FB0
Part of subcall function 00007FF6DF118F88: MulDiv.KERNEL32 ref: 00007FF6DF118FD1
Part of subcall function 00007FF6DF118F88: MulDiv.KERNEL32 ref: 00007FF6DF118FF5

MulDiv.KERNEL32 ref: 00007FF6DF12BE30
MulDiv.KERNEL32 ref: 00007FF6DF12BE40

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: CapsDevice$ModeViewportWindow
String ID:
API String ID: 2598972148-0
Opcode ID: 45c260396cc728098895194882a1cfafcfac19045e40a755d43fc14a00f4144d
Instruction ID: 19aceeb9b728ea70303d68d9122e1a1c5166206d9b0b064af1d948e3fcade7ab
Opcode Fuzzy Hash: 45c260396cc728098895194882a1cfafcfac19045e40a755d43fc14a00f4144d
Instruction Fuzzy Hash: 8C111F76B18A4287EB18CF66EC5412D6369FB89F84F188032CA5E87B54CF3DE852C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF101C30 Relevance: 7.6, APIs: 5, Instructions: 54fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32 ref: 00007FF6DF101C86
GetLastError.KERNEL32 ref: 00007FF6DF101C95
DeviceIoControl.KERNEL32 ref: 00007FF6DF101CD8
GetLastError.KERNEL32 ref: 00007FF6DF101CE2
CloseHandle.KERNEL32 ref: 00007FF6DF101CED

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: ErrorLast$CloseControlCreateDeviceFileHandle
String ID:
API String ID: 1177325624-0
Opcode ID: 181a124a645c35343a7e9937ea0715b9d2e7130ecec8c84e0203ba197909b20b
Instruction ID: 452e0c1293480a008b007da3f85f52bcf81a10fbb236b75534053780d11d933b
Opcode Fuzzy Hash: 181a124a645c35343a7e9937ea0715b9d2e7130ecec8c84e0203ba197909b20b
Instruction Fuzzy Hash: 8221603261874096E360CF55F84461EB7A8FB887A4F604236EB9D83B98DF3CD4558F40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF12BE5C Relevance: 7.6, APIs: 5, Instructions: 53COMMON

Download Yara Rule

APIs

GetMapMode.GDI32 ref: 00007FF6DF12BE7A
GetDeviceCaps.GDI32 ref: 00007FF6DF12BEBD
GetDeviceCaps.GDI32 ref: 00007FF6DF12BECE

Part of subcall function 00007FF6DF118F04: GetWindowExtEx.GDI32 ref: 00007FF6DF118F1D
Part of subcall function 00007FF6DF118F04: GetViewportExtEx.GDI32 ref: 00007FF6DF118F2C
Part of subcall function 00007FF6DF118F04: MulDiv.KERNEL32 ref: 00007FF6DF118F4D
Part of subcall function 00007FF6DF118F04: MulDiv.KERNEL32 ref: 00007FF6DF118F71

MulDiv.KERNEL32 ref: 00007FF6DF12BEEE
MulDiv.KERNEL32 ref: 00007FF6DF12BF01

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: CapsDevice$ModeViewportWindow
String ID:
API String ID: 2598972148-0
Opcode ID: 353575c8707eebe4e85f4c469c1c9a5abaae9418d80fad67e303f0a7df7e9099
Instruction ID: 59a90444d183aa441de99b9e9da041242ab307e6a7958ca9fd38a8d0e5d1ee04
Opcode Fuzzy Hash: 353575c8707eebe4e85f4c469c1c9a5abaae9418d80fad67e303f0a7df7e9099
Instruction Fuzzy Hash: CC110A76B08A4287EB18CB65E85412D6369FB89F84F148432DA6E87B54CF3DE856C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF12C85C Relevance: 7.6, APIs: 5, Instructions: 50windowCOMMON

Download Yara Rule

APIs

IsWindow.USER32 ref: 00007FF6DF12C872
SendMessageW.USER32 ref: 00007FF6DF12C89E
SendMessageW.USER32 ref: 00007FF6DF12C8C5
SendMessageW.USER32 ref: 00007FF6DF12C8E6
InvalidateRect.USER32 ref: 00007FF6DF12C908

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: MessageSend$InvalidateRectWindow
String ID:
API String ID: 3225880595-0
Opcode ID: a43be802315aa461b1c1261998f6b88561a2b4bd61f41b3bb91df088268fec62
Instruction ID: 392ea24f7e9227353629a7dec1c124aab623d0c0a38007451a22a9a576c60214
Opcode Fuzzy Hash: a43be802315aa461b1c1261998f6b88561a2b4bd61f41b3bb91df088268fec62
Instruction Fuzzy Hash: 85117F3261865182E3548F2AE85127E73A9F789B45F405032EF8EC7A58DF39C8A5CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF16F280 Relevance: 7.5, APIs: 5, Instructions: 46windowCOMMON

Download Yara Rule

APIs

GetDC.USER32 ref: 00007FF6DF16F2B4
SelectPalette.GDI32 ref: 00007FF6DF16F2C6
CreateDIBitmap.GDI32 ref: 00007FF6DF16F2F0
SelectPalette.GDI32 ref: 00007FF6DF16F302
ReleaseDC.USER32 ref: 00007FF6DF16F30D

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: PaletteSelect$BitmapCreateRelease
String ID:
API String ID: 2278447429-0
Opcode ID: 0992cf5a85814dadb1e814b68434adee0cf7256c037c9ac1836ffed29f6baf45
Instruction ID: f04eead1128498f34172221ab11e4d9217fda96d2836d2fa49d56202da23ba4d
Opcode Fuzzy Hash: 0992cf5a85814dadb1e814b68434adee0cf7256c037c9ac1836ffed29f6baf45
Instruction Fuzzy Hash: C311A575704B9186EB109B16EC5422EA368FB49FD8F444136DE4D87B68DF3CD495CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF171410 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 160COMMON

Download Yara Rule

APIs

GetObjectW.GDI32 ref: 00007FF6DF171434
GetObjectW.GDI32 ref: 00007FF6DF171458
GetObjectW.GDI32 ref: 00007FF6DF171474

Strings

, xrefs: 00007FF6DF1714AA

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Object
String ID:
API String ID: 2936123098-3916222277
Opcode ID: c1babceb4e21dc6c878a1775a3690297d03aa76d04a55047d5fc33ebcf25b804
Instruction ID: 4fda60e4c271ebc593dd4078ebabf6ae0123acd50450f5d9cba557965e0c20e3
Opcode Fuzzy Hash: c1babceb4e21dc6c878a1775a3690297d03aa76d04a55047d5fc33ebcf25b804
Instruction Fuzzy Hash: F151B432B086C296D7688A25E8007BE67A5FB85744F484136DA8DD7B98DF3CD865CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF12A738 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 144stringCOMMON

Download Yara Rule

APIs

GlobalLock.KERNEL32 ref: 00007FF6DF12A770
lstrlenW.KERNEL32 ref: 00007FF6DF12A7B8

Strings

System, xrefs: 00007FF6DF12A74A

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: GlobalLocklstrlen
String ID: System
API String ID: 1144527523-3470857405
Opcode ID: f754b27c140ba6e839655c6e6fffbe8b758f37205894e6e9a95c6e84f4178730
Instruction ID: 14af50a3d60b33736a3798f23975080308fd537058c7d359287b78d45806980e
Opcode Fuzzy Hash: f754b27c140ba6e839655c6e6fffbe8b758f37205894e6e9a95c6e84f4178730
Instruction Fuzzy Hash: E2512C31A0414366F6389BA68C4217D7368EF06B94F148533DE1EDB5D1EF3EE8B98600

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF1495B0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 143COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6DF1186E8: SetBkMode.GDI32 ref: 00007FF6DF118703
Part of subcall function 00007FF6DF1186E8: SetBkMode.GDI32 ref: 00007FF6DF118714

CopyRect.USER32 ref: 00007FF6DF149643
GetTextColor.GDI32 ref: 00007FF6DF149696
OffsetRect.USER32 ref: 00007FF6DF14978D

Strings

J, xrefs: 00007FF6DF149718

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: ModeRect$ColorCopyOffsetText
String ID: J
API String ID: 70482984-905890253
Opcode ID: e2a970a902ea345bd76f0f807a4114a0138ceaddf49ca6ad18af62907ef98697
Instruction ID: c7b01935e1e823b3fb923cf41ab259dca10455977e77f61042bb86aa5d0f2f62
Opcode Fuzzy Hash: e2a970a902ea345bd76f0f807a4114a0138ceaddf49ca6ad18af62907ef98697
Instruction Fuzzy Hash: 3F5146766187C08AD720DF26E44469EB7A9F7C8B98F108126EE8983B18DF7DC955CF00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF13ABFC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 143COMMONLIBRARYCODE

Download Yara Rule

APIs

_getptd.LIBCMT ref: 00007FF6DF13AC2D
_getptd.LIBCMT ref: 00007FF6DF13AC4C
_CallSETranslator.LIBCMT ref: 00007FF6DF13AC8D

Part of subcall function 00007FF6DF132D10: _getptd.LIBCMT ref: 00007FF6DF132D37

Strings

MOC, xrefs: 00007FF6DF13AC62

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: _getptd$CallTranslator
String ID: MOC
API String ID: 3569367362-624257665
Opcode ID: 930cb2f36988f73dc11b623604e56b1bcc3f3150dc142f4bfbb0ed4211826924
Instruction ID: e9e2996241037513962d196091565c2c05e5a4733ca18d4ec0d588b8bad958ff
Opcode Fuzzy Hash: 930cb2f36988f73dc11b623604e56b1bcc3f3150dc142f4bfbb0ed4211826924
Instruction Fuzzy Hash: DC618472A08AC696DB20EB15D8903AD77E4FB80B89F044536DB4E87A95DF7CE165C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF1489E0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 125COMMON

Download Yara Rule

APIs

std::rethrow_exception.LIBCMT ref: 00007FF6DF148AF1
GetModuleHandleW.KERNEL32 ref: 00007FF6DF148B26
DeleteCriticalSection.KERNEL32 ref: 00007FF6DF148B7E

Strings

USER32, xrefs: 00007FF6DF148B1F

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: CriticalDeleteHandleModuleSectionstd::rethrow_exception
String ID: USER32
API String ID: 2769773280-1836903325
Opcode ID: 65f49505580dfce7426e0825a5c272d213f00a2a6b9921f8ffbb18fcefba8d6e
Instruction ID: 8f053dc1f1ff15e412181decbe2e90f7dda015b11f27889215a950d8324fb885
Opcode Fuzzy Hash: 65f49505580dfce7426e0825a5c272d213f00a2a6b9921f8ffbb18fcefba8d6e
Instruction Fuzzy Hash: AC516D3260AA4686EB04AF65D8513BD3368EFC4F98F588236DA1E877A5DF3CD855C340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF1431E0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00007FF6DF140774: _errno.LIBCMT ref: 00007FF6DF14077D

_errno.LIBCMT ref: 00007FF6DF14320B
_errno.LIBCMT ref: 00007FF6DF143229
_getbuf.LIBCMT ref: 00007FF6DF143296

Strings

, xrefs: 00007FF6DF143216

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: _errno$_getbuf
String ID:
API String ID: 606515832-3916222277
Opcode ID: 0fc581bf8608be1c93a22deec3c22dfd7e05207a190bfdfb86b596a51753aaca
Instruction ID: c656627f189336c70cfef50577cca26db31b39693ee733a9929bbba27b9a3f8a
Opcode Fuzzy Hash: 0fc581bf8608be1c93a22deec3c22dfd7e05207a190bfdfb86b596a51753aaca
Instruction Fuzzy Hash: D241C672A0860645EB249F29D84127D7798EFC8B98F184236D92DC73D5DF3CD8A1D740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF13F72C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 00007FF6DF13F79D
_errno.LIBCMT ref: 00007FF6DF13F7AB
_errno.LIBCMT ref: 00007FF6DF13F7EC

Strings

P, xrefs: 00007FF6DF13F7FB

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: _errno
String ID: P
API String ID: 2918714741-3110715001
Opcode ID: 9210fa493ce0490eb35a6cd59cee7dd61b713f77c452dca5a6a5221fbedbfa8a
Instruction ID: b2ce15e13b3f79c64748a2a51ab26564385458aa39763e75d7a5e890fc96b8a9
Opcode Fuzzy Hash: 9210fa493ce0490eb35a6cd59cee7dd61b713f77c452dca5a6a5221fbedbfa8a
Instruction Fuzzy Hash: 4F21B176A0C7C241FA198A669A0027DA3D9AF557E0F584732DE6C877D6DF3CA4608700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF163A90 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 64COMMON

Download Yara Rule

APIs

SetRectEmpty.USER32 ref: 00007FF6DF163AD4
SetRectEmpty.USER32 ref: 00007FF6DF163AE1

Strings

WINDOW, xrefs: 00007FF6DF163AF6, 00007FF6DF163B07
tooltips_class32, xrefs: 00007FF6DF163A95

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: EmptyRect
String ID: WINDOW$tooltips_class32
API String ID: 2270935405-2154660721
Opcode ID: f1b0a4fe707df8122157aaf5a9177f1d63a3efe3cf74e1b8f4775b858df47941
Instruction ID: 7d31975e3e6171ab9a4c17cb9ffac494487b5b6454203de05116334f24b6dbfc
Opcode Fuzzy Hash: f1b0a4fe707df8122157aaf5a9177f1d63a3efe3cf74e1b8f4775b858df47941
Instruction Fuzzy Hash: 4E315672518B9196E7108F24E8442DD37B8F748F28F58033BEB688B6E8CF799155CB60

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF105890 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 57windowthreadCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6DF110578: GetDlgItem.USER32 ref: 00007FF6DF11058A

SendMessageW.USER32 ref: 00007FF6DF1058BB

Part of subcall function 00007FF6DF117A3C: SendMessageW.USER32(?,?,?,?,00007FF6DF102D9A), ref: 00007FF6DF117A52

CreateThread.KERNEL32 ref: 00007FF6DF105929

Strings

It is recommended that you do not use the selected drives during this operarion. Should this operation continue?, xrefs: 00007FF6DF1058F5
No drive is selected, xrefs: 00007FF6DF10594B

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: MessageSend$CreateItemThread
String ID: It is recommended that you do not use the selected drives during this operarion. Should this operation continue?$No drive is selected
API String ID: 1653028482-1895253445
Opcode ID: fe9c9de646f17da2e9f3df16c853a348adc626ee72b92a4d231120967cc5c350
Instruction ID: 17366815f0d2e621fe511357da7381ae5ca460094b5af19cca2fca04e40f4ff1
Opcode Fuzzy Hash: fe9c9de646f17da2e9f3df16c853a348adc626ee72b92a4d231120967cc5c350
Instruction Fuzzy Hash: F921D131E0864286F7509B16FC5077E23A8FB847A4F505532DA0DC3B95DF7DD5A58B00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF105E40 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 54windowthreadCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6DF110578: GetDlgItem.USER32 ref: 00007FF6DF11058A

SendMessageW.USER32 ref: 00007FF6DF105E6B

Part of subcall function 00007FF6DF117A3C: SendMessageW.USER32(?,?,?,?,00007FF6DF102D9A), ref: 00007FF6DF117A52

CreateThread.KERNEL32 ref: 00007FF6DF105ED0

Strings

WARNING: All contents of the selected drive(s) will be erased including the file system. Are you sure you want to continue?, xrefs: 00007FF6DF105E9C
No drive is selected, xrefs: 00007FF6DF105EE9

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: MessageSend$CreateItemThread
String ID: No drive is selected$WARNING: All contents of the selected drive(s) will be erased including the file system. Are you sure you want to continue?
API String ID: 1653028482-1163221811
Opcode ID: 778fc74956ae75242c1b6a8b5f35eef6753731ddaa4c2389cc7b29772359137e
Instruction ID: 8b52e154c47fc7394a792b82d17225280156abef4c6883f7ba66a8ea2dc2f78d
Opcode Fuzzy Hash: 778fc74956ae75242c1b6a8b5f35eef6753731ddaa4c2389cc7b29772359137e
Instruction Fuzzy Hash: 2D11E132F0865282F7509B26F85076E6368FB84794F544132DA5CC3B99DF7DD5658B00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF10D2C0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 54libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6DF125294: EnterCriticalSection.KERNEL32 ref: 00007FF6DF1252D2
Part of subcall function 00007FF6DF125294: InitializeCriticalSection.KERNEL32 ref: 00007FF6DF1252EE
Part of subcall function 00007FF6DF125294: LeaveCriticalSection.KERNEL32 ref: 00007FF6DF125302

GetProcAddress.KERNEL32 ref: 00007FF6DF10D33A
FreeLibrary.KERNEL32 ref: 00007FF6DF10D34D

Strings

HtmlHelpW, xrefs: 00007FF6DF10D330
hhctrl.ocx, xrefs: 00007FF6DF10D317

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: CriticalSection$AddressEnterFreeInitializeLeaveLibraryProc
String ID: HtmlHelpW$hhctrl.ocx
API String ID: 3379933665-3773518134
Opcode ID: 1657ca998949f21186d87194e295b2686e8792c2c23e8be6e1115f27896e3cbe
Instruction ID: 0afb62c48d60d1e3c1f9144fc267124ab1c854897801640661fd482fb4cb7b34
Opcode Fuzzy Hash: 1657ca998949f21186d87194e295b2686e8792c2c23e8be6e1115f27896e3cbe
Instruction Fuzzy Hash: 50215E71A19B4281FA149B52EC5137CB3A8FB49B84F845436EA1D8B795DF7CE470C780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF1012A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46registryCOMMON

Download Yara Rule

APIs

RegCreateKeyExW.ADVAPI32 ref: 00007FF6DF1012FD
RegSetValueExW.ADVAPI32 ref: 00007FF6DF101334

Strings

?, xrefs: 00007FF6DF1012E3
Software\Puran Software\Wipe Disk, xrefs: 00007FF6DF1012EF

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: CreateValue
String ID: ?$Software\Puran Software\Wipe Disk
API String ID: 2259555733-2396020753
Opcode ID: 23d378da4f7a693b5c23acaba0b8469da2eb54590c0efdc858a73292436687c6
Instruction ID: 4da6692531d011895cfec13c54278c19d3742b31ac76603ef1d5ef5d27f9c665
Opcode Fuzzy Hash: 23d378da4f7a693b5c23acaba0b8469da2eb54590c0efdc858a73292436687c6
Instruction Fuzzy Hash: 6D114632B1865182E720CB29F84051AB7A5F794BB4F184725FBA943BD8CF7CC1958F00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF125058 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32 ref: 00007FF6DF12508B
GetClassNameW.USER32 ref: 00007FF6DF1250A6
CompareStringW.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6DF1096BC), ref: 00007FF6DF1250CF

Strings

combobox, xrefs: 00007FF6DF1250B0

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: ClassCompareLongNameStringWindow
String ID: combobox
API String ID: 1414938635-2240613097
Opcode ID: 21c6aabd828a796ae984355fbc9db5e5d5940ea2d4b53cbe3c8a583cdcdb2f37
Instruction ID: df8a96b9d16089482d2f8e57ec61073d7cea963d32ad3a96ebdfa87db7c95c1f
Opcode Fuzzy Hash: 21c6aabd828a796ae984355fbc9db5e5d5940ea2d4b53cbe3c8a583cdcdb2f37
Instruction Fuzzy Hash: FB018833619B4182E720CB55FC5106EB3A9EB857E0F544232D6AE877A4DF3DD591C780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF12E130 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF6DF12E152
LoadLibraryW.KERNEL32 ref: 00007FF6DF12E165
GetProcAddress.KERNEL32 ref: 00007FF6DF12E183

Strings

ImageList_Draw, xrefs: 00007FF6DF12E17C

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: AddressHandleLibraryLoadModuleProc
String ID: ImageList_Draw
API String ID: 310444273-2074868843
Opcode ID: b7b1adb46865a52139cb9d1d9a3e90f8d074fa998f16aa806a5d4a59550d6d2b
Instruction ID: 58120cdef0a3169fdcd8462520b618315832140d37280ee9eb4c9830eb95ff51
Opcode Fuzzy Hash: b7b1adb46865a52139cb9d1d9a3e90f8d074fa998f16aa806a5d4a59550d6d2b
Instruction Fuzzy Hash: E101FB32606B4685FB548F65E98132C63A8FB59F88F188036CA5C86364DF38D8E5C380

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF117E80 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF6DF117EA2
LoadLibraryW.KERNEL32 ref: 00007FF6DF117EB5
GetProcAddress.KERNEL32 ref: 00007FF6DF117ED3

Strings

ImageList_Destroy, xrefs: 00007FF6DF117ECC

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: AddressHandleLibraryLoadModuleProc
String ID: ImageList_Destroy
API String ID: 310444273-3359732376
Opcode ID: 8cb5e5e66a3dabbf1b2a63dceba1b000edd13e30e6cbda349fa7280e51496065
Instruction ID: 8176c92ad69711b8f6838bb7f56189e60ad239eaf33e8e95ba3e22a77c6e4105
Opcode Fuzzy Hash: 8cb5e5e66a3dabbf1b2a63dceba1b000edd13e30e6cbda349fa7280e51496065
Instruction Fuzzy Hash: 5901BB32606B4685EF548F25E98432C73A8EB68F98F189036CA5D86364DF3CDDE5D380

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF117D18 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF6DF117D3A
LoadLibraryW.KERNEL32 ref: 00007FF6DF117D4D
GetProcAddress.KERNEL32 ref: 00007FF6DF117D6B

Strings

ImageList_Create, xrefs: 00007FF6DF117D64

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: AddressHandleLibraryLoadModuleProc
String ID: ImageList_Create
API String ID: 310444273-2409378823
Opcode ID: 65eb4796b29141193f5768bfece6da44560f7fc29cccc3e63d334b3191a5275d
Instruction ID: b6e9af54d7d6238736a8f73ede30037b629c2ce8c0884b210ef0090a9bb6a784
Opcode Fuzzy Hash: 65eb4796b29141193f5768bfece6da44560f7fc29cccc3e63d334b3191a5275d
Instruction Fuzzy Hash: AD01B432606F4985EF548F25E98436C73B8EB58F48F145136DA5D86354DF38D9E5C340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF165BE0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31COMMON

Download Yara Rule

APIs

ImageList_GetImageInfo.COMCTL32 ref: 00007FF6DF165C0B
GetObjectW.GDI32 ref: 00007FF6DF165C24
ImageList_GetBkColor.COMCTL32 ref: 00007FF6DF165C35

Strings

, xrefs: 00007FF6DF165C2A

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Image$List_$ColorInfoObject
String ID:
API String ID: 1626647351-3916222277
Opcode ID: 51cd068e69e9e95d690ceb136b918b42b1fe4b45a6709fee21e6557b999da185
Instruction ID: a8068362a19b4f38374daf0e24ae96be01a9dc662628bd3f1320ae243588ebbe
Opcode Fuzzy Hash: 51cd068e69e9e95d690ceb136b918b42b1fe4b45a6709fee21e6557b999da185
Instruction Fuzzy Hash: 5FF0E072B44641C3EB044B25AC442BE6365FF84B55F284036D62EC62E0DF3DC8E5C640

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF10B650 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF6DF10B672
LoadLibraryW.KERNEL32 ref: 00007FF6DF10B685
GetProcAddress.KERNEL32 ref: 00007FF6DF10B6A3

Strings

InitNetworkAddressControl, xrefs: 00007FF6DF10B69C

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: AddressHandleLibraryLoadModuleProc
String ID: InitNetworkAddressControl
API String ID: 310444273-1573002242
Opcode ID: 4d3c2e895f28e6d04db78b723a73a340b1841d8bf58e46a878db3b003ab241d6
Instruction ID: c4b44fc42939c9abfcdded39ee993c91434ef44bc1db75e796d70d3d6acbe45f
Opcode Fuzzy Hash: 4d3c2e895f28e6d04db78b723a73a340b1841d8bf58e46a878db3b003ab241d6
Instruction Fuzzy Hash: 9201FB32606B4685EF548F26E98036C63B8FB58F88F188036DA5C87368DF38D8B5C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF10B43C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(?,?,?,?,?,?,00080000,00007FF6DF10C134), ref: 00007FF6DF10B45E
LoadLibraryW.KERNEL32(?,?,?,?,?,?,00080000,00007FF6DF10C134), ref: 00007FF6DF10B471
GetProcAddress.KERNEL32(?,?,?,?,?,?,00080000,00007FF6DF10C134), ref: 00007FF6DF10B48F

Strings

InitCommonControls, xrefs: 00007FF6DF10B488

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: AddressHandleLibraryLoadModuleProc
String ID: InitCommonControls
API String ID: 310444273-2489084829
Opcode ID: d4ad2e660f6ee9a49651bdf9ac1684127d1411cd9bd5aa3fcca4579b1c9e0be2
Instruction ID: ebcae564ac3859c5068a3e4cc64beee06710d65e4073cb0a8842ef3ec3c3fc2f
Opcode Fuzzy Hash: d4ad2e660f6ee9a49651bdf9ac1684127d1411cd9bd5aa3fcca4579b1c9e0be2
Instruction Fuzzy Hash: 1501AC32605B4685EF548F25E94432C63A8EB58F88F148136CA5D86365DF78D9A5C340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF10B528 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(?,?,00080000,00007FF6DF10C0EF), ref: 00007FF6DF10B54A
LoadLibraryW.KERNEL32(?,?,00080000,00007FF6DF10C0EF), ref: 00007FF6DF10B55D
GetProcAddress.KERNEL32(?,?,00080000,00007FF6DF10C0EF), ref: 00007FF6DF10B57B

Strings

InitCommonControlsEx, xrefs: 00007FF6DF10B574

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: AddressHandleLibraryLoadModuleProc
String ID: InitCommonControlsEx
API String ID: 310444273-2357626986
Opcode ID: bd2cb75868328fe0e4ba273b5665f4f062ec74ce9d7c8f9ac4c10aa8df12defe
Instruction ID: ed929e34ca97e301b3640831af48fb6de0e5666a0dbd6f1b51715696f3fd1fc2
Opcode Fuzzy Hash: bd2cb75868328fe0e4ba273b5665f4f062ec74ce9d7c8f9ac4c10aa8df12defe
Instruction Fuzzy Hash: 7001BF32605B45C5EB548F25E98432C63B8EB58F98F188036CA5D86365EF78DDF5C780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF173270 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF6DF173292
LoadLibraryW.KERNEL32 ref: 00007FF6DF1732A5
GetProcAddress.KERNEL32 ref: 00007FF6DF1732C3

Strings

ImageList_Add, xrefs: 00007FF6DF1732BC

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: AddressHandleLibraryLoadModuleProc
String ID: ImageList_Add
API String ID: 310444273-2139371048
Opcode ID: 7ed6dae2d38c9496a85a30b1d579edaa8e234ac6e6c25ca91146a1368bfceb79
Instruction ID: 1482c301296a1d9fd808b8f65bbb15961e99b6f26d8baf55a398094b2c2baa19
Opcode Fuzzy Hash: 7ed6dae2d38c9496a85a30b1d579edaa8e234ac6e6c25ca91146a1368bfceb79
Instruction Fuzzy Hash: D101FF32A05F85C5EF548F25E94036C73A9EB58F88F54813ACA5C86764DF38D8E9C340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF16B060 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF6DF16B082
LoadLibraryW.KERNEL32 ref: 00007FF6DF16B095
GetProcAddress.KERNEL32 ref: 00007FF6DF16B0B3

Strings

ImageList_GetImageCount, xrefs: 00007FF6DF16B0AC

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: AddressHandleLibraryLoadModuleProc
String ID: ImageList_GetImageCount
API String ID: 310444273-4246500564
Opcode ID: abf80f935dae377d94e185980dd664459d0be28140c6d75743439d4cee79f842
Instruction ID: b77106ebec0223885a9cf90992bfcc2540bb6cdf76e32682ba4dcac584537238
Opcode Fuzzy Hash: abf80f935dae377d94e185980dd664459d0be28140c6d75743439d4cee79f842
Instruction Fuzzy Hash: 4801FF32606B45C5EF548F25E94032C77B8EB58F88F188036DA5C86364EF39D8A5C340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF1707E0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF6DF170805
LoadLibraryW.KERNEL32 ref: 00007FF6DF170818
GetProcAddress.KERNEL32 ref: 00007FF6DF170836

Strings

ImageList_GetIcon, xrefs: 00007FF6DF17082F

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: AddressHandleLibraryLoadModuleProc
String ID: ImageList_GetIcon
API String ID: 310444273-3623868649
Opcode ID: 98377bab0fa58b76404dcb4fbdfa5461689a1e9317156c4fc90900950247a94f
Instruction ID: e6e7bd2017af1be65acd7f9d51224c88504e061fc4d2dcef8d4a1b95aa1f05f0
Opcode Fuzzy Hash: 98377bab0fa58b76404dcb4fbdfa5461689a1e9317156c4fc90900950247a94f
Instruction Fuzzy Hash: FF013B32A06F46D5EF448F25E98436C73A8EB58F88F188036CA5D86354DF38D9E6C380

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF119C4C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF6DF119C8E
GetProcAddress.KERNEL32 ref: 00007FF6DF119CA3

Strings

mfcm90u.dll, xrefs: 00007FF6DF119C61
AfxmReleaseManagedReferences, xrefs: 00007FF6DF119C99

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: AfxmReleaseManagedReferences$mfcm90u.dll
API String ID: 1646373207-4255917271
Opcode ID: f16a19e82302ac277cc2756cb23a9774caf54b36d6be54c5000585357835a72b
Instruction ID: f6c8a1b757d485f24cdcabdc3ad482f39c6fe19abdd07903f4a9d96bd73e144c
Opcode Fuzzy Hash: f16a19e82302ac277cc2756cb23a9774caf54b36d6be54c5000585357835a72b
Instruction Fuzzy Hash: 2FF01971A1AF0681EE408B15EC5127D73A8FF88B94B94403BC9AE87360DF3CE1A5C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF15FC60 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 29libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetProcAddress.KERNEL32(?,?,00000000,00007FF6DF160355,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF6DF15FC99
GetProcAddress.KERNEL32(?,?,00000000,00007FF6DF160355,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF6DF15FCAE

Strings

EnumProcessModules, xrefs: 00007FF6DF15FC8F
GetModuleInformation, xrefs: 00007FF6DF15FCA3

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: AddressProc
String ID: EnumProcessModules$GetModuleInformation
API String ID: 190572456-3228267512
Opcode ID: 9029c6dd82778b6983b826262f79088f0e2c06fb15d61f8f5af515e3e85b8ce5
Instruction ID: e2cb6c7712940bac6fdce36d2ae77254a34f6840f85742bb774e60191530140e
Opcode Fuzzy Hash: 9029c6dd82778b6983b826262f79088f0e2c06fb15d61f8f5af515e3e85b8ce5
Instruction Fuzzy Hash: 38F0EFB6904B4292EB548F25F98106873BCFB58B98B501136CE9C83769CF38D5A5C780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF170110 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 25libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32 ref: 00007FF6DF17012D
GetProcAddress.KERNEL32 ref: 00007FF6DF170142

Strings

GetLayout, xrefs: 00007FF6DF170138
GDI32.DLL, xrefs: 00007FF6DF170126

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: GDI32.DLL$GetLayout
API String ID: 1646373207-2396518106
Opcode ID: 1719436a3bcd9868eebee4f066a008cc49b974662078bcd81eedfb426d22a756
Instruction ID: da774c329727f4c9df82af7f40f705edc795958257c63d29e8dea7168d54fd14
Opcode Fuzzy Hash: 1719436a3bcd9868eebee4f066a008cc49b974662078bcd81eedfb426d22a756
Instruction Fuzzy Hash: EDF09830E19B0791FE558B66BC953792398AF08B70F4C1736C93D863E0EF6CA5A58640

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF133B78 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 17libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(?,?,000000FF,00007FF6DF133BC1,?,?,00000000,00007FF6DF13B9C2,?,?,00000000,00007FF6DF13BA8F,?,?,00000000,00007FF6DF135721), ref: 00007FF6DF133B87
GetProcAddress.KERNEL32(?,?,000000FF,00007FF6DF133BC1,?,?,00000000,00007FF6DF13B9C2,?,?,00000000,00007FF6DF13BA8F,?,?,00000000,00007FF6DF135721), ref: 00007FF6DF133B9C

Strings

CorExitProcess, xrefs: 00007FF6DF133B92
mscoree.dll, xrefs: 00007FF6DF133B80

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 1646373207-1276376045
Opcode ID: eea547ba8cec4b0259605249bee0d93d1ec48b55216cfeccbe24098ef4ed7da5
Instruction ID: 8d1b0385ba230bda98a15e4bb2db519047ddd7f440c7ff7c0a7ff45531544f70
Opcode Fuzzy Hash: eea547ba8cec4b0259605249bee0d93d1ec48b55216cfeccbe24098ef4ed7da5
Instruction Fuzzy Hash: E4E01230F25A0751FE19DB51ACC513C13AC6F48B01F48103EC43E863A0DF2CAAEA8344

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF12C09C Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 226stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6DF12C3C5), ref: 00007FF6DF12C13A
lstrlenW.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6DF12C3C5), ref: 00007FF6DF12C1E7

Strings

1, xrefs: 00007FF6DF12C227
1, xrefs: 00007FF6DF12C0E3

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: lstrlen
String ID: 1$1
API String ID: 1659193697-2061416233
Opcode ID: 26c14d82eb049b35b072bb632ddb72ff7dffe7202dbbc5428360b1167df81e23
Instruction ID: 677e277d6dba08edff2c0b1e1703febc572337692bf3bfa99757c29cf27486a9
Opcode Fuzzy Hash: 26c14d82eb049b35b072bb632ddb72ff7dffe7202dbbc5428360b1167df81e23
Instruction Fuzzy Hash: 80810636E0864281EB386B95DC4217D6399FF46BA4F544137DF5E87395CF7EE8A18200

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF173C80 Relevance: 6.2, APIs: 4, Instructions: 160COMMON

Download Yara Rule

APIs

CreateCompatibleDC.GDI32 ref: 00007FF6DF173CC5
CreateDIBSection.GDI32 ref: 00007FF6DF173D5A
free.LIBCMT ref: 00007FF6DF173EA9
free.LIBCMT ref: 00007FF6DF173EB6

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Createfree$CompatibleSection
String ID:
API String ID: 1235571583-0
Opcode ID: c50e91bd4fbc49ea6d4803fb2756972bd032e4e5a7b99eafb60784183ddd57c6
Instruction ID: 2739611a8aa053a6e63ce066997f9d03fc04f94e892879887b3f1d39089b6caf
Opcode Fuzzy Hash: c50e91bd4fbc49ea6d4803fb2756972bd032e4e5a7b99eafb60784183ddd57c6
Instruction Fuzzy Hash: 5651E032E0D69281E7689B15EC407AEB798EB85790F144137EE8D83B99DF3CE495CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF1216FC Relevance: 6.2, APIs: 4, Instructions: 158windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32 ref: 00007FF6DF121746
GetDesktopWindow.USER32 ref: 00007FF6DF121758
GetWindowRect.USER32 ref: 00007FF6DF12176F
GetWindowRect.USER32 ref: 00007FF6DF12177E

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Window$Rect$DesktopVisible
String ID:
API String ID: 1055025324-0
Opcode ID: 68ba4d9667f1dbf6460de8ce9c2691b7ea06f5c0f560ea761e2c54d0eee3a859
Instruction ID: 784874c612d63d20505b4c6f3805cf75c2dd9cf76fbba0917a953ab2d8b2aeb5
Opcode Fuzzy Hash: 68ba4d9667f1dbf6460de8ce9c2691b7ea06f5c0f560ea761e2c54d0eee3a859
Instruction Fuzzy Hash: FC61A136708A4693EB14DB6AE84066E77A4FB85B84F104036EF4E83B64DF3DE465CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF142B00 Relevance: 6.1, APIs: 4, Instructions: 139COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6DF13B984: _FF_MSGBANNER.LIBCMT ref: 00007FF6DF13B9AB

_lock.LIBCMT ref: 00007FF6DF142B3E
_lock.LIBCMT ref: 00007FF6DF142B97
EnterCriticalSection.KERNEL32 ref: 00007FF6DF142BD6
LeaveCriticalSection.KERNEL32 ref: 00007FF6DF142BE6

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: CriticalSection_lock$EnterLeave
String ID:
API String ID: 2641352136-0
Opcode ID: b1a647afb83fd25a6aade8177ae3b8636dee339ded25d46fe8ed7f0665f5866b
Instruction ID: ae3470c1d3ed77677ec7e40cd32c68e96a095de222e08c5f6846d9151240fd4a
Opcode Fuzzy Hash: b1a647afb83fd25a6aade8177ae3b8636dee339ded25d46fe8ed7f0665f5866b
Instruction Fuzzy Hash: FC51AF72A0868286EB248F55DC4037E67A8FB98768F544236DE6E867D4DF3CE5A0C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF1688B0 Relevance: 6.1, APIs: 4, Instructions: 131windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6DF167B10: GetClientRect.USER32 ref: 00007FF6DF167B24
Part of subcall function 00007FF6DF167B10: SendMessageW.USER32 ref: 00007FF6DF167B39
Part of subcall function 00007FF6DF167B10: SendMessageW.USER32 ref: 00007FF6DF167B50

Part of subcall function 00007FF6DF11062C: GetWindowLongW.USER32 ref: 00007FF6DF110643

SendMessageW.USER32 ref: 00007FF6DF1689EF
SendMessageW.USER32 ref: 00007FF6DF168A31
SendMessageW.USER32 ref: 00007FF6DF168A61
SendMessageW.USER32 ref: 00007FF6DF168A7A

Part of subcall function 00007FF6DF170BB0: BitBlt.GDI32 ref: 00007FF6DF170C10
Part of subcall function 00007FF6DF170BB0: SelectObject.GDI32 ref: 00007FF6DF170C1E

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: MessageSend$ClientLongObjectRectSelectWindow
String ID:
API String ID: 1096065411-0
Opcode ID: 5f5cbd0b6cffd59192217aeafb3ffb37f80b970deadc0a5e893ba7903df94c18
Instruction ID: ad717a168ed93c7ef3460e9ecc2f82dd50395c4ab6d85031b07be57bb655424b
Opcode Fuzzy Hash: 5f5cbd0b6cffd59192217aeafb3ffb37f80b970deadc0a5e893ba7903df94c18
Instruction Fuzzy Hash: AF51C372A1868293EB60DB50E9607AEB364FBC47A4F009133EA5D83B85CF3CD565CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF11DB44 Relevance: 6.1, APIs: 4, Instructions: 114COMMON

Download Yara Rule

APIs

VariantClear.OLEAUT32 ref: 00007FF6DF11DBFF
SysFreeString.OLEAUT32 ref: 00007FF6DF11DCC1
SysFreeString.OLEAUT32 ref: 00007FF6DF11DCD4
SysFreeString.OLEAUT32 ref: 00007FF6DF11DCE7

Part of subcall function 00007FF6DF116D40: DeactivateActCtx.KERNEL32(?,?,?,?,?,?,?,00080000,00007FF6DF10C134), ref: 00007FF6DF116D52

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: FreeString$ClearDeactivateVariant
String ID:
API String ID: 1781111353-0
Opcode ID: 6feee5b5efbcf6cf8fed69432df9d922818233e73eedb9b97c1170c86abd7131
Instruction ID: 7801c4830680cc8573bf931cc71010e35d5d2630eeb820da5ec09cbb696c23bc
Opcode Fuzzy Hash: 6feee5b5efbcf6cf8fed69432df9d922818233e73eedb9b97c1170c86abd7131
Instruction Fuzzy Hash: 8F514F77A08B8695DB649F25E8403EE73A9FB94B84F544037DA8E83A58CF7CD494CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF163150 Relevance: 6.1, APIs: 4, Instructions: 106COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6DF1614A0: GetWindowRect.USER32 ref: 00007FF6DF17077A
Part of subcall function 00007FF6DF1614A0: GetWindowLongW.USER32 ref: 00007FF6DF170798

Part of subcall function 00007FF6DF11062C: GetWindowLongW.USER32 ref: 00007FF6DF110643

PtInRect.USER32 ref: 00007FF6DF16319A
PtInRect.USER32 ref: 00007FF6DF1631DB
PtInRect.USER32 ref: 00007FF6DF16325B
PtInRect.USER32 ref: 00007FF6DF163295

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Rect$Window$Long
String ID:
API String ID: 439567308-0
Opcode ID: 6e93a43f7983b766a7ae7c1110720b776847dc8321c4b0d69502bcc61048eddc
Instruction ID: af405a6a38634314e2a3eb66a2aa5ca72440d43b687c03222388987a2eb19b79
Opcode Fuzzy Hash: 6e93a43f7983b766a7ae7c1110720b776847dc8321c4b0d69502bcc61048eddc
Instruction Fuzzy Hash: 73413336B0868282EB508F59F84436D63A4FB84B88F0D003AEE5D87799DF7CD4A5CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF173AE0 Relevance: 6.1, APIs: 4, Instructions: 103COMMON

Download Yara Rule

APIs

CreateCompatibleDC.GDI32 ref: 00007FF6DF173B0D

Part of subcall function 00007FF6DF111658: GetLastError.KERNEL32 ref: 00007FF6DF11166F
Part of subcall function 00007FF6DF111658: SetLastError.KERNEL32 ref: 00007FF6DF11169A

CreateDIBSection.GDI32 ref: 00007FF6DF173BAC
free.LIBCMT ref: 00007FF6DF173C4A
free.LIBCMT ref: 00007FF6DF173C57

Part of subcall function 00007FF6DF1116C0: GetLastError.KERNEL32 ref: 00007FF6DF1116CA
Part of subcall function 00007FF6DF1116C0: SetLastError.KERNEL32 ref: 00007FF6DF1116F5

Part of subcall function 00007FF6DF119254: DeleteDC.GDI32 ref: 00007FF6DF119271

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: ErrorLast$Createfree$CompatibleDeleteSection
String ID:
API String ID: 2404574015-0
Opcode ID: e042d577bc5c639f36c05febf6fff95356e4c49217ecaeab66e565175ab25a39
Instruction ID: 8abc86b5faa54f3b077d1f97547048b6bd81e3ac3ecb792be77cdffcd5a40424
Opcode Fuzzy Hash: e042d577bc5c639f36c05febf6fff95356e4c49217ecaeab66e565175ab25a39
Instruction Fuzzy Hash: 1B419232A1C7C191EB609B11E8407AEB369FB95790F545133EA9E83B99DF3CE464CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF16CB40 Relevance: 6.1, APIs: 4, Instructions: 96timeCOMMON

Download Yara Rule

APIs

PtInRect.USER32 ref: 00007FF6DF16CBBA
GetDoubleClickTime.USER32 ref: 00007FF6DF16CBDE
GetDoubleClickTime.USER32 ref: 00007FF6DF16CC18
SetTimer.USER32 ref: 00007FF6DF16CC48

Part of subcall function 00007FF6DF16C4C0: SendMessageW.USER32(?,?,?,?,00007FF6DF16CA14,?,?,?,?,?,00007FF6DF16CAF7), ref: 00007FF6DF16C4F5

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: ClickDoubleTime$MessageRectSendTimer
String ID:
API String ID: 2866914813-0
Opcode ID: 0e868970f636cbbbcf98a0d88bec7fc0ed9e64c24d87e0289bf67c79a2a8fb2f
Instruction ID: cfffe71155a5da96aa50310a7a873e81a3809633542f7da6159ea0459ba42a30
Opcode Fuzzy Hash: 0e868970f636cbbbcf98a0d88bec7fc0ed9e64c24d87e0289bf67c79a2a8fb2f
Instruction Fuzzy Hash: 0F319777A0864286E764DF2AD84023D77A9FB88B96F144032EE4DC7758DF38E861C790

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF12C9AC Relevance: 6.1, APIs: 4, Instructions: 90COMMON

Download Yara Rule

APIs

FindResourceW.KERNEL32 ref: 00007FF6DF12C9DD
LoadResource.KERNEL32 ref: 00007FF6DF12C9F8
LockResource.KERNEL32 ref: 00007FF6DF12CA09
FreeResource.KERNEL32 ref: 00007FF6DF12CAC3

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Resource$FindFreeLoadLock
String ID:
API String ID: 1078018258-0
Opcode ID: cbd25a6cd156ba663c286425f102fe4113b8aadab5e37f6e2f9f4bd74304e228
Instruction ID: a9a1d3233b72d864d00c47ee07d6c2397cfedd7f01fcdb737b966c55fe158b99
Opcode Fuzzy Hash: cbd25a6cd156ba663c286425f102fe4113b8aadab5e37f6e2f9f4bd74304e228
Instruction Fuzzy Hash: 0831D272A0825281DB24DF66B80507EB794EB49FE4F084136EE5ACB785EF3CE491C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF1214B0 Relevance: 6.1, APIs: 4, Instructions: 83memoryCOMMON

Download Yara Rule

APIs

CoTaskMemFree.OLE32 ref: 00007FF6DF121537
CoTaskMemFree.OLE32 ref: 00007FF6DF121546
CoTaskMemFree.OLE32 ref: 00007FF6DF1215A4
CoTaskMemAlloc.OLE32 ref: 00007FF6DF1215C3

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Task$Free$Alloc
String ID:
API String ID: 1499894389-0
Opcode ID: 0433b202b8b2337242f8b51802bfa8bb1b5074b670c85b6fd3be51985311d4ac
Instruction ID: 81fae0d1c799ff718756317d9a76bb49f5ef78cf7ed3cbe41f4e66acdaeee4ea
Opcode Fuzzy Hash: 0433b202b8b2337242f8b51802bfa8bb1b5074b670c85b6fd3be51985311d4ac
Instruction Fuzzy Hash: 4B418A32B08A4592EB689F62D84136C7368FB4AB94F140236DF5E87795CF39E8718700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF110C78 Relevance: 6.1, APIs: 4, Instructions: 80windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32 ref: 00007FF6DF110CB8
SendMessageW.USER32 ref: 00007FF6DF110D21
SendMessageW.USER32 ref: 00007FF6DF110D3B
SendMessageW.USER32 ref: 00007FF6DF110D6B

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: ee7df95a0ecc9050664df8e1e9b0814a38c728844fefa8225b8029c8a2899235
Instruction ID: 3f541a00691fb088261ac3d9c221521f26e1881fa9e66f36ac76e8ed1a341cde
Opcode Fuzzy Hash: ee7df95a0ecc9050664df8e1e9b0814a38c728844fefa8225b8029c8a2899235
Instruction Fuzzy Hash: 02312D32F1858682FF648B25D95477D3369EF54B94F4C5532DA1D87E89CF28E4A18700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF169790 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32 ref: 00007FF6DF1697D8
GetCapture.USER32 ref: 00007FF6DF169825
GetFocus.USER32 ref: 00007FF6DF16983C
SendMessageW.USER32 ref: 00007FF6DF169855

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: MessageSend$CaptureFocus
String ID:
API String ID: 4140602889-0
Opcode ID: 2d7c4cfc39f7d2f628747e985b632a68abbd4fc6c2fa06f229fe6f8a8a72d3a1
Instruction ID: 229ed9cb03435e0e78427af3660aba03f7ef495fa81ffb1b8615311f82f0f667
Opcode Fuzzy Hash: 2d7c4cfc39f7d2f628747e985b632a68abbd4fc6c2fa06f229fe6f8a8a72d3a1
Instruction Fuzzy Hash: 23218072B18B4687EB609B56FC5176E2359FB84799F440032EE4E87B41CF7CE8658780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF11F1E4 Relevance: 6.1, APIs: 4, Instructions: 74COMMONLIBRARYCODE

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32 ref: 00007FF6DF11F216
CoTaskMemFree.OLE32 ref: 00007FF6DF11F2C8

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: ArrayDestroyFreeSafeTask
String ID:
API String ID: 3253174383-0
Opcode ID: 4680c160be8da6105c94dca3089d262845dfc1764db060693addee57b0dc202e
Instruction ID: a0d86929748e60c1640c951f5d5310f47b199b56e191f8f56b10e820c49969c9
Opcode Fuzzy Hash: 4680c160be8da6105c94dca3089d262845dfc1764db060693addee57b0dc202e
Instruction Fuzzy Hash: D421217AA19A8681FE999B65D85437C37A8EF95F80F14513BDA0FC7A94CF2CD8648300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF172AD0 Relevance: 6.1, APIs: 4, Instructions: 73COMMON

Download Yara Rule

APIs

CreateCompatibleDC.GDI32 ref: 00007FF6DF172AFC
CreateDIBSection.GDI32 ref: 00007FF6DF172B7D
free.LIBCMT ref: 00007FF6DF172BB7
free.LIBCMT ref: 00007FF6DF172BC4

Part of subcall function 00007FF6DF119254: DeleteDC.GDI32 ref: 00007FF6DF119271

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Createfree$CompatibleDeleteSection
String ID:
API String ID: 3414120477-0
Opcode ID: ae6f3a42f892ec957451ab341f251cb98a9f07d3d25eea1443f396114fa424a4
Instruction ID: ee774b0f2ca36d38500392632022ac4b3a614b07cb89308bffcba388c8ca52ca
Opcode Fuzzy Hash: ae6f3a42f892ec957451ab341f251cb98a9f07d3d25eea1443f396114fa424a4
Instruction Fuzzy Hash: 13315032A08B8195EA609F11E8402EEB3A8EF857D0F544137EE9D87BA9DF3CD555CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF176930 Relevance: 6.1, APIs: 4, Instructions: 73COMMON

Download Yara Rule

APIs

FindResourceW.KERNEL32 ref: 00007FF6DF17696E
LoadResource.KERNEL32 ref: 00007FF6DF176989
LockResource.KERNEL32 ref: 00007FF6DF17699C
SizeofResource.KERNEL32 ref: 00007FF6DF1769B0

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Resource$FindLoadLockSizeof
String ID:
API String ID: 3473537107-0
Opcode ID: f54c0db4abcc32aea61d268fe1b91b256a3f919c621f194d6aeacae96f7ec928
Instruction ID: 9a9216da64e15334dbf3839212691db2742943e7f2a2c212caf222001195403c
Opcode Fuzzy Hash: f54c0db4abcc32aea61d268fe1b91b256a3f919c621f194d6aeacae96f7ec928
Instruction Fuzzy Hash: 5421B031F0965285EA159B13DC1117DA399AFA9FD0F084033ED4E8B789EF3CE8618304

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF167B10 Relevance: 6.1, APIs: 4, Instructions: 71windowCOMMON

Download Yara Rule

APIs

GetClientRect.USER32 ref: 00007FF6DF167B24
SendMessageW.USER32 ref: 00007FF6DF167B39
SendMessageW.USER32 ref: 00007FF6DF167B50

Part of subcall function 00007FF6DF11062C: GetWindowLongW.USER32 ref: 00007FF6DF110643

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: MessageSend$ClientLongRectWindow
String ID:
API String ID: 3446042433-0
Opcode ID: 0d165987ebb8774ddfd5e5f3ea2d8f2193571d956d75927f4ee8ae5681e5a2af
Instruction ID: 14c49e4e6be52141206f4866333342cf30f1504d9099970b19c23ea3ddaa8b42
Opcode Fuzzy Hash: 0d165987ebb8774ddfd5e5f3ea2d8f2193571d956d75927f4ee8ae5681e5a2af
Instruction Fuzzy Hash: 3E214136A18651CBD7649F19F8505AEB3A4F788B94F154032EF8D87F55CE3CE5918B00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF142D1C Relevance: 6.1, APIs: 4, Instructions: 71COMMON

Download Yara Rule

APIs

GetFileType.KERNEL32 ref: 00007FF6DF142D56
GetLastError.KERNEL32 ref: 00007FF6DF142D60
_errno.LIBCMT ref: 00007FF6DF142D98
__doserrno.LIBCMT ref: 00007FF6DF142DA3

Part of subcall function 00007FF6DF142850: SetStdHandle.KERNEL32 ref: 00007FF6DF1428C1

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: ErrorFileHandleLastType__doserrno_errno
String ID:
API String ID: 1724351316-0
Opcode ID: 25ca5128ebe7ee520eac9a2dd86d1d9f1fc36b729db5c442a23532911c34c83f
Instruction ID: 67e48d0e2a836700690bea0438e4b85c12744052d740877160db17f35a1af9f4
Opcode Fuzzy Hash: 25ca5128ebe7ee520eac9a2dd86d1d9f1fc36b729db5c442a23532911c34c83f
Instruction Fuzzy Hash: BC212632A1869246EA104B55CC812AC7B98ABC8BA4F540633DE5C877E5CF7CE4E0C755

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF121D14 Relevance: 6.1, APIs: 4, Instructions: 68COMMON

Download Yara Rule

APIs

GetRgnBox.GDI32 ref: 00007FF6DF121D70
IntersectRect.USER32 ref: 00007FF6DF121D87
EqualRect.USER32 ref: 00007FF6DF121D97
InvalidateRgn.USER32 ref: 00007FF6DF121DDC

Part of subcall function 00007FF6DF116D40: DeactivateActCtx.KERNEL32(?,?,?,?,?,?,?,00080000,00007FF6DF10C134), ref: 00007FF6DF116D52

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Rect$DeactivateEqualIntersectInvalidate
String ID:
API String ID: 2116622085-0
Opcode ID: 87bdc74e62bb6a9c97edfd6968fdb631f2ce378d354eabefb2b2983ae09a8d64
Instruction ID: 5f2c3dc1455d2d6ad60f88f71b242dce48e69d76731666c3dd71ae58894cc2da
Opcode Fuzzy Hash: 87bdc74e62bb6a9c97edfd6968fdb631f2ce378d354eabefb2b2983ae09a8d64
Instruction Fuzzy Hash: 12318132708A86D2DB10CB56E8492AD7368FB89B84F544037DE4D87758CF39D955C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF163960 Relevance: 6.1, APIs: 4, Instructions: 60COMMON

Download Yara Rule

APIs

GetWindowRect.USER32 ref: 00007FF6DF1639A2
GetCursorPos.USER32 ref: 00007FF6DF1639AD
GetCapture.USER32 ref: 00007FF6DF1639B3
PtInRect.USER32 ref: 00007FF6DF163A12

Part of subcall function 00007FF6DF161940: SetWindowLongW.USER32 ref: 00007FF6DF161986
Part of subcall function 00007FF6DF161940: SendMessageW.USER32 ref: 00007FF6DF1619C9
Part of subcall function 00007FF6DF161940: SetWindowLongW.USER32 ref: 00007FF6DF1619DB

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Window$LongRect$CaptureCursorMessageSend
String ID:
API String ID: 1311547018-0
Opcode ID: efd3c210a494121df44217f12bb0084c5baa06742e6d2ab747e4382f2d2a358e
Instruction ID: d03720ca80cd7ee1de1600b8a7e7de51ff3f82e76795c0330502fb1cb613e340
Opcode Fuzzy Hash: efd3c210a494121df44217f12bb0084c5baa06742e6d2ab747e4382f2d2a358e
Instruction Fuzzy Hash: 44215071E1954281FE109B19E81433DA368EB81BA5F040537EA9DC6BE5DF6CD4A58780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF114E94 Relevance: 6.1, APIs: 4, Instructions: 60COMMON

Download Yara Rule

APIs

FindResourceW.KERNEL32 ref: 00007FF6DF114EE2
LoadResource.KERNEL32 ref: 00007FF6DF114EEE
LockResource.KERNEL32 ref: 00007FF6DF114EFF
FreeResource.KERNEL32 ref: 00007FF6DF114F57

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Resource$FindFreeLoadLock
String ID:
API String ID: 1078018258-0
Opcode ID: 4892889680d4089b303e30763fea474d4a00b77b24795d2d0d691837aa29b6ef
Instruction ID: 20ca12b9e1e26eb0e92d2129f9696cb00a52c216e1c91e3165b7bda80e17c376
Opcode Fuzzy Hash: 4892889680d4089b303e30763fea474d4a00b77b24795d2d0d691837aa29b6ef
Instruction Fuzzy Hash: 3421713660579286E6589B06D90417E7369FB59F90F088032DF5987748DF3CE9B1C340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF10BD70 Relevance: 6.1, APIs: 4, Instructions: 52COMMON

Download Yara Rule

APIs

GetDlgItem.USER32 ref: 00007FF6DF10BD8C
GetTopWindow.USER32 ref: 00007FF6DF10BD9D

Part of subcall function 00007FF6DF10BD70: GetWindow.USER32 ref: 00007FF6DF10BDF5

GetTopWindow.USER32 ref: 00007FF6DF10BDD5

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Window$Item
String ID:
API String ID: 369458955-0
Opcode ID: 9e3867cad16ed48f557cd6d7cf0eaa35ada2bc2bfba9088c97ed9b2b89fb14a6
Instruction ID: ba90f4c1840432c4375a6fce7c3e23e507f62679c70696525ccb535c140fbdaa
Opcode Fuzzy Hash: 9e3867cad16ed48f557cd6d7cf0eaa35ada2bc2bfba9088c97ed9b2b89fb14a6
Instruction Fuzzy Hash: 47114F30B1DB4281EE58DB17685017DA3D8AF95B84F18443ADE4EC2745EF7CE8B14780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF124EC4 Relevance: 6.1, APIs: 4, Instructions: 52stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32 ref: 00007FF6DF124F06
GetWindowTextW.USER32 ref: 00007FF6DF124F38
lstrcmpW.KERNEL32 ref: 00007FF6DF124F4A
SetWindowTextW.USER32 ref: 00007FF6DF124F5A

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: TextWindow$lstrcmplstrlen
String ID:
API String ID: 330964273-0
Opcode ID: 69d18a2a9ffbdadfca216270877de2511303831bb47e73f151029279d4c5b939
Instruction ID: 7e72178272a40e72c7ddce5f2c5f7eef2c3213936677157d3ca49117b1231e3c
Opcode Fuzzy Hash: 69d18a2a9ffbdadfca216270877de2511303831bb47e73f151029279d4c5b939
Instruction Fuzzy Hash: F5112731B0C55641FA349B91FC553BEB359BF8ABC0F440032DD5D87A95CF2CD6A48680

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF173420 Relevance: 6.0, APIs: 4, Instructions: 50COMMON

Download Yara Rule

APIs

GetDC.USER32 ref: 00007FF6DF173493
CreateCompatibleDC.GDI32 ref: 00007FF6DF17349F
ReleaseDC.USER32 ref: 00007FF6DF1734B6
InitializeCriticalSection.KERNEL32 ref: 00007FF6DF1734C3

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: CompatibleCreateCriticalInitializeReleaseSection
String ID:
API String ID: 1900397320-0
Opcode ID: a1df7cf2e74842fef4b99572b679d9308268f2761e2acfd612715f82faf290c7
Instruction ID: 6eeb57af24d4242b9bbe20e59b42d1d01529e898f5cbc333dbf5ade86bc9ec53
Opcode Fuzzy Hash: a1df7cf2e74842fef4b99572b679d9308268f2761e2acfd612715f82faf290c7
Instruction Fuzzy Hash: 8C111C32605B4196DA209F66F84416EB368FB45BA0F54453ADBEE82BA1DF3CE4A5C340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF12B148 Relevance: 6.0, APIs: 4, Instructions: 50COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6DF1062E0: malloc.LIBCMT ref: 00007FF6DF106307

GetCurrentProcess.KERNEL32 ref: 00007FF6DF12B187
GetCurrentProcess.KERNEL32 ref: 00007FF6DF12B190
DuplicateHandle.KERNEL32 ref: 00007FF6DF12B1B7
GetLastError.KERNEL32 ref: 00007FF6DF12B1D8

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: CurrentProcess$DuplicateErrorHandleLastmalloc
String ID:
API String ID: 1283020281-0
Opcode ID: ced7bb256b8bf55923c06e44a852ad3315c2e6b879760da316264641103f3ac3
Instruction ID: 12f1d3f33f731a0e72970061f9cb5d640f2eb92d0a45f2d12aad3ba2b8669507
Opcode Fuzzy Hash: ced7bb256b8bf55923c06e44a852ad3315c2e6b879760da316264641103f3ac3
Instruction Fuzzy Hash: 51114531A1974187E720DB66F94522D73A5FB89BD4F140235DB6D83B95DF3CE4618B00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF1011D0 Relevance: 6.0, APIs: 4, Instructions: 49fileCOMMON

Download Yara Rule

APIs

PathFileExistsW.SHLWAPI ref: 00007FF6DF1011FD
CreateFileW.KERNEL32 ref: 00007FF6DF10122D
CreateFileW.KERNEL32 ref: 00007FF6DF10125D
CloseHandle.KERNEL32 ref: 00007FF6DF10127E

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: File$Create$CloseExistsHandlePath
String ID:
API String ID: 848265301-0
Opcode ID: 71ed6227632d87ea9f3803cc1fe9ce261eb9572da5634b24d4a93b6c96408bcd
Instruction ID: 491cf1b6982718d7fc9b69c8eb2b8e4bc01c82f7dea17aef08eab0c679fa7d72
Opcode Fuzzy Hash: 71ed6227632d87ea9f3803cc1fe9ce261eb9572da5634b24d4a93b6c96408bcd
Instruction Fuzzy Hash: 41117231A0864292E7508B52F81036A77A4FB947B4F544335DA7D87BD8CF7CD4A58B00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF16CC90 Relevance: 6.0, APIs: 4, Instructions: 46timeCOMMON

Download Yara Rule

APIs

GetCursorPos.USER32 ref: 00007FF6DF16CCB2
ScreenToClient.USER32 ref: 00007FF6DF16CCD1
GetDoubleClickTime.USER32 ref: 00007FF6DF16CCEB
SetTimer.USER32 ref: 00007FF6DF16CD0E

Part of subcall function 00007FF6DF1614A0: GetWindowRect.USER32 ref: 00007FF6DF17077A
Part of subcall function 00007FF6DF1614A0: GetWindowLongW.USER32 ref: 00007FF6DF170798

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Window$ClickClientCursorDoubleLongRectScreenTimeTimer
String ID:
API String ID: 3095869666-0
Opcode ID: 08d87d125ff3689829a0f8560cdb3fb792e7f9d583340b15489720e633c4ec12
Instruction ID: 53cb3254912c88c36fb426424eb6c1e69b38529c7db4d4fdd0b4d49d6bbe2d53
Opcode Fuzzy Hash: 08d87d125ff3689829a0f8560cdb3fb792e7f9d583340b15489720e633c4ec12
Instruction Fuzzy Hash: 86118F76A08A8297D754DF1AE91426D67B8FB89B89F440032EF5D83B58DF3DE460C780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF10967C Relevance: 6.0, APIs: 4, Instructions: 45COMMON

Download Yara Rule

APIs

GetObjectW.GDI32 ref: 00007FF6DF1096CD
SetBkColor.GDI32 ref: 00007FF6DF1096DA
GetSysColor.USER32 ref: 00007FF6DF1096EE
SetTextColor.GDI32 ref: 00007FF6DF1096F9

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Color$ObjectText
String ID:
API String ID: 829078354-0
Opcode ID: 1a7f354631e6da238d70930fb397ec2165a8ed02ad67672844b778730a97f893
Instruction ID: 4a4cbd0192d5832ffaf568e5cfbde441b26ea81f4231786a058944c99a817c47
Opcode Fuzzy Hash: 1a7f354631e6da238d70930fb397ec2165a8ed02ad67672844b778730a97f893
Instruction Fuzzy Hash: 21019B39F1814682EA648B17AD3477D53999F847D8F944232ED1DC2794DF6DE8708A40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF1356A4 Relevance: 6.0, APIs: 4, Instructions: 44COMMON

Download Yara Rule

APIs

FlsFree.KERNEL32(?,?,?,?,00007FF6DF1359D9,?,?,00000000,00007FF6DF1315D4), ref: 00007FF6DF1356B3
DeleteCriticalSection.KERNEL32(?,?,?,00000001,?,?,?,?,?,?,?,?,?,00007FF6DF1359D9), ref: 00007FF6DF13B91E
free.LIBCMT ref: 00007FF6DF13B927
DeleteCriticalSection.KERNEL32(?,?,?,00000001,?,?,?,?,?,?,?,?,?,00007FF6DF1359D9), ref: 00007FF6DF13B947

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: CriticalDeleteSection$Freefree
String ID:
API String ID: 1250194111-0
Opcode ID: 3b5365591b2c64e46361927a4a4a499e098743d0e004c9f29d0e649946309766
Instruction ID: 98093515389909536f07a68eb21ca22ba12604dc384cd7ac27c1e13d3267a4f2
Opcode Fuzzy Hash: 3b5365591b2c64e46361927a4a4a499e098743d0e004c9f29d0e649946309766
Instruction Fuzzy Hash: 9F118F31E0AA42C2FA14CB11EC6427C63A8FF00B90F584132D66D83B99DF2CE9B1CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF172C00 Relevance: 6.0, APIs: 4, Instructions: 44windowCOMMON

Download Yara Rule

APIs

GetIconInfo.USER32 ref: 00007FF6DF172C20
GetObjectW.GDI32 ref: 00007FF6DF172C39
DeleteObject.GDI32 ref: 00007FF6DF172C6F
DeleteObject.GDI32 ref: 00007FF6DF172C7F

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Object$Delete$IconInfo
String ID:
API String ID: 507670407-0
Opcode ID: 1f10de048fe04674b73593fbe7d26eabf7d2d20fc83583f2f7d792aeef9b7dba
Instruction ID: 466d5e0a1303ae7cde2384ef9e761d6ef3ef247b0464f328802c24ac78a7b160
Opcode Fuzzy Hash: 1f10de048fe04674b73593fbe7d26eabf7d2d20fc83583f2f7d792aeef9b7dba
Instruction Fuzzy Hash: B8015E75F09782C6EF548F65D95022D67A8EB98B80F088036EE4EC7758DF3CE4518A10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF11D738 Relevance: 6.0, APIs: 4, Instructions: 43COMMON

Download Yara Rule

APIs

IntersectRect.USER32 ref: 00007FF6DF11D785
EqualRect.USER32 ref: 00007FF6DF11D793
IsRectEmpty.USER32 ref: 00007FF6DF11D79E
InvalidateRect.USER32 ref: 00007FF6DF11D7BF

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Rect$EmptyEqualIntersectInvalidate
String ID:
API String ID: 3354205298-0
Opcode ID: be5d2899a0fa71b25947192f096302d4485c549d126d74fd3f1b921fad6cf021
Instruction ID: bf8fd30ceee3d3fe94279f4c318de5ac9dbdd1fba55f9213341229114917b058
Opcode Fuzzy Hash: be5d2899a0fa71b25947192f096302d4485c549d126d74fd3f1b921fad6cf021
Instruction Fuzzy Hash: 4D118972B08A8281EB108B15E5441BD7364FB98BD8F404132DF8E87B58DF3DD559CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF11543E Relevance: 6.0, APIs: 4, Instructions: 42COMMON

Download Yara Rule

APIs

EnableWindow.USER32 ref: 00007FF6DF115487
GetActiveWindow.USER32 ref: 00007FF6DF115492
SetActiveWindow.USER32 ref: 00007FF6DF1154A1
FreeResource.KERNEL32 ref: 00007FF6DF1154C8

Part of subcall function 00007FF6DF11083C: EnableWindow.USER32 ref: 00007FF6DF11084E

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Window$ActiveEnable$FreeResource
String ID:
API String ID: 253586258-0
Opcode ID: 081c9a45f59a04814698c2685ba7ca64bccfe7af2ab66128132f077216af7c04
Instruction ID: c4542b704f070c14e31763d3f00be9e36c95827142c9ed4443d4741c53369ec5
Opcode Fuzzy Hash: 081c9a45f59a04814698c2685ba7ca64bccfe7af2ab66128132f077216af7c04
Instruction Fuzzy Hash: F6116136609A8281EB659F12A90037D7729FB91FAAF084032CD1E47B58CF3CD4E6C701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF101BA0 Relevance: 6.0, APIs: 4, Instructions: 41COMMON

Download Yara Rule

APIs

malloc.LIBCMT ref: 00007FF6DF101BB4

Part of subcall function 00007FF6DF131B7C: _FF_MSGBANNER.LIBCMT ref: 00007FF6DF131BAC
Part of subcall function 00007FF6DF131B7C: RtlAllocateHeap.NTDLL(?,?,00000018,00007FF6DF10630C), ref: 00007FF6DF131BD1
Part of subcall function 00007FF6DF131B7C: _errno.LIBCMT ref: 00007FF6DF131BF5
Part of subcall function 00007FF6DF131B7C: _errno.LIBCMT ref: 00007FF6DF131C00

GetDiskFreeSpaceW.KERNEL32 ref: 00007FF6DF101BF3
free.LIBCMT ref: 00007FF6DF101C00

Part of subcall function 00007FF6DF131D18: RtlRestoreThreadPreferredUILanguages.NTDLL(?,?,00000000,00007FF6DF1357EC,?,?,00000018,00007FF6DF133831,?,?,?,?,00007FF6DF131C1A,?,?,00000018), ref: 00007FF6DF131D2E
Part of subcall function 00007FF6DF131D18: _errno.LIBCMT ref: 00007FF6DF131D38
Part of subcall function 00007FF6DF131D18: GetLastError.KERNEL32(?,?,00000000,00007FF6DF1357EC,?,?,00000018,00007FF6DF133831,?,?,?,?,00007FF6DF131C1A,?,?,00000018), ref: 00007FF6DF131D40

free.LIBCMT ref: 00007FF6DF101C10

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: _errno$free$AllocateDiskErrorFreeHeapLanguagesLastPreferredRestoreSpaceThreadmalloc
String ID:
API String ID: 3848721514-0
Opcode ID: 69658439a25e1c9cbb6d3a46580b5987b8700e1afc2cdb2f3efbee26da84285e
Instruction ID: 2cce711dcc0f342a732fec6e35834ef80bb9e557987b1fa18c273de3e7c94f1c
Opcode Fuzzy Hash: 69658439a25e1c9cbb6d3a46580b5987b8700e1afc2cdb2f3efbee26da84285e
Instruction Fuzzy Hash: 7301D467A1869192E701DB65E5004AEF364FF89BA0F048132EF5883794EF7CD5A4CB54

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF16F110 Relevance: 6.0, APIs: 4, Instructions: 38windowCOMMON

Download Yara Rule

APIs

GetIconInfo.USER32 ref: 00007FF6DF16F132
GetObjectW.GDI32 ref: 00007FF6DF16F14B
DeleteObject.GDI32 ref: 00007FF6DF16F174
DeleteObject.GDI32 ref: 00007FF6DF16F184

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Object$Delete$IconInfo
String ID:
API String ID: 507670407-0
Opcode ID: b02f58122072c4f11824045667007e1a4509ae97129d01318d30e75f0b05dc60
Instruction ID: 47137c7cb828a3bac73f49f48cbe2f9e8b08d6ec1d628c73de9503751294a4b3
Opcode Fuzzy Hash: b02f58122072c4f11824045667007e1a4509ae97129d01318d30e75f0b05dc60
Instruction Fuzzy Hash: 7E011276A0874297EB508F64E95422D77B8FB88B80F144032EA59C3694DF3CD464CB80

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF129E08 Relevance: 6.0, APIs: 4, Instructions: 36windowCOMMON

Download Yara Rule

APIs

IsWindow.USER32 ref: 00007FF6DF129EAF
GetFocus.USER32 ref: 00007FF6DF129EB9

Part of subcall function 00007FF6DF1291CC: IsWindow.USER32 ref: 00007FF6DF1291EE
Part of subcall function 00007FF6DF1291CC: GetParent.USER32 ref: 00007FF6DF129211

IsWindow.USER32 ref: 00007FF6DF129ED7
GetFocus.USER32 ref: 00007FF6DF129EE1

Part of subcall function 00007FF6DF129454: IsChild.USER32 ref: 00007FF6DF129484
Part of subcall function 00007FF6DF129454: GetWindowLongW.USER32 ref: 00007FF6DF1294A0

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Window$Focus$ChildLongParent
String ID:
API String ID: 1766597969-0
Opcode ID: 9427a9955bf5fded7a016e168270616a84cc86e95809865c8726a03f218a8c48
Instruction ID: a5d516a8f2c0cb3fec534d69d1cc5215830fb4741330917dcb2b3c13f783bce9
Opcode Fuzzy Hash: 9427a9955bf5fded7a016e168270616a84cc86e95809865c8726a03f218a8c48
Instruction Fuzzy Hash: E0F0A932B0814242EB11EB956C9517C6359AF82FA5F400433DD5EC7755CF3DD8E69300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF171C80 Relevance: 6.0, APIs: 4, Instructions: 36COMMON

Download Yara Rule

APIs

FindResourceW.KERNEL32 ref: 00007FF6DF171C8F
LoadResource.KERNEL32 ref: 00007FF6DF171CAB
LockResource.KERNEL32 ref: 00007FF6DF171CBC

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Resource$FindLoadLock
String ID:
API String ID: 2752051264-0
Opcode ID: 916f66552b55b9421068f7be729818ab4c964c04d23c12c64399b7bb66d9d9c7
Instruction ID: 29f47d9b57f88349bf8c11215757019221e8fed538f64f1d376808484defeb64
Opcode Fuzzy Hash: 916f66552b55b9421068f7be729818ab4c964c04d23c12c64399b7bb66d9d9c7
Instruction Fuzzy Hash: 2AF06D61F1A74282EE554B62A94863953D8AF58BD5F0C2039CD1D97744EF2CE8E48700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF1429AC Relevance: 6.0, APIs: 4, Instructions: 36COMMONLIBRARYCODE

Download Yara Rule

APIs

__doserrno.LIBCMT ref: 00007FF6DF1429B5
_errno.LIBCMT ref: 00007FF6DF1429BD

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: __doserrno_errno
String ID:
API String ID: 921712934-0
Opcode ID: 0ed87cafb91f4f08d84005bbcd9e2b2d332083dd671d9e79280ace3b663e0b5f
Instruction ID: a60663549387c526fbc3ca605516616806e69c7ee770b2d8be087fd405117ec5
Opcode Fuzzy Hash: 0ed87cafb91f4f08d84005bbcd9e2b2d332083dd671d9e79280ace3b663e0b5f
Instruction Fuzzy Hash: 6C01F572E1859241FB141FA4CC6133C23959FD0B26F514336D92D867E1CF6C60A08214

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF118F88 Relevance: 6.0, APIs: 4, Instructions: 35COMMON

Download Yara Rule

APIs

GetWindowExtEx.GDI32 ref: 00007FF6DF118FA1
GetViewportExtEx.GDI32 ref: 00007FF6DF118FB0
MulDiv.KERNEL32 ref: 00007FF6DF118FD1
MulDiv.KERNEL32 ref: 00007FF6DF118FF5

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: ViewportWindow
String ID:
API String ID: 1589084482-0
Opcode ID: 6edf7280b7243ae9b195b24feeb93f350fb2884adaa9504d087cfd503d096b04
Instruction ID: 93d315d8ffebc4b142cd4ea4252d4b4df2fefc48583112f60b5ce757b91c78cb
Opcode Fuzzy Hash: 6edf7280b7243ae9b195b24feeb93f350fb2884adaa9504d087cfd503d096b04
Instruction Fuzzy Hash: A7018035B1830187C7089B20E88446D77B9FB88B80F405036EA1A87759CF3CE8A0CB80

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF118F04 Relevance: 6.0, APIs: 4, Instructions: 35COMMON

Download Yara Rule

APIs

GetWindowExtEx.GDI32 ref: 00007FF6DF118F1D
GetViewportExtEx.GDI32 ref: 00007FF6DF118F2C
MulDiv.KERNEL32 ref: 00007FF6DF118F4D
MulDiv.KERNEL32 ref: 00007FF6DF118F71

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: ViewportWindow
String ID:
API String ID: 1589084482-0
Opcode ID: a96398fea6f87c4feacb6d087e56771bff8adaa1ea5515e521d7c9420f991f8d
Instruction ID: 443ce3e5dad1e42c59477017764ee9990dcd8640e1d241addf1be716236c782d
Opcode Fuzzy Hash: a96398fea6f87c4feacb6d087e56771bff8adaa1ea5515e521d7c9420f991f8d
Instruction Fuzzy Hash: C3018035B1830187C7089B20E88446D77B9FB88B80F405036EA1A87759CF3CE8A0CB80

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF10D538 Relevance: 6.0, APIs: 4, Instructions: 34COMMON

Download Yara Rule

APIs

GetParent.USER32 ref: 00007FF6DF10D55E
GetWindowLongW.USER32 ref: 00007FF6DF10D582
GetParent.USER32 ref: 00007FF6DF10D591
GetWindow.USER32 ref: 00007FF6DF10D59E

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: ParentWindow$Long
String ID:
API String ID: 941798831-0
Opcode ID: c0e4ceda479c788c9b748ebea99c25d9b8b1a7f8cfa3403fb11ea0541707ebb1
Instruction ID: 55c25e5bd0e7e0bdf003f53659791794d04f0395aadef9e708e7951797cbd51b
Opcode Fuzzy Hash: c0e4ceda479c788c9b748ebea99c25d9b8b1a7f8cfa3403fb11ea0541707ebb1
Instruction Fuzzy Hash: 07F04975A1864242ED109B57E95413C2769AF84F94F140532EE5F87795CFBCE4B18A01

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF169E20 Relevance: 6.0, APIs: 4, Instructions: 33windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32 ref: 00007FF6DF169E3E
PtInRect.USER32 ref: 00007FF6DF169E4E
InvalidateRect.USER32 ref: 00007FF6DF169E6B
_TrackMouseEvent.COMCTL32 ref: 00007FF6DF169EA0

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Rect$EventInvalidateMessageMouseSendTrack
String ID:
API String ID: 1980475169-0
Opcode ID: 6527b7b37b6223edf0d9460399366a4f35945fcd4cad0df57306c82cbb0bdaf5
Instruction ID: cd78123eced9a39596d0a11c8c7b4bde082bc6d918c8f439e702e95d3fab5d3b
Opcode Fuzzy Hash: 6527b7b37b6223edf0d9460399366a4f35945fcd4cad0df57306c82cbb0bdaf5
Instruction Fuzzy Hash: E201B532518642C3E710DF25E88866D7364F784B48F440132FA9E87AA8DF3DC495CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF124E18 Relevance: 6.0, APIs: 4, Instructions: 32COMMON

Download Yara Rule

APIs

TlsFree.KERNEL32 ref: 00007FF6DF124E4C
GlobalHandle.KERNEL32 ref: 00007FF6DF124E5B
GlobalUnlock.KERNEL32 ref: 00007FF6DF124E67
GlobalFree.KERNEL32 ref: 00007FF6DF124E70

Part of subcall function 00007FF6DF124B90: EnterCriticalSection.KERNEL32 ref: 00007FF6DF124C21
Part of subcall function 00007FF6DF124B90: LeaveCriticalSection.KERNEL32 ref: 00007FF6DF124C39
Part of subcall function 00007FF6DF124B90: LocalFree.KERNEL32 ref: 00007FF6DF124C43
Part of subcall function 00007FF6DF124B90: TlsSetValue.KERNEL32 ref: 00007FF6DF124C5D

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: FreeGlobal$CriticalSection$EnterHandleLeaveLocalUnlockValue
String ID:
API String ID: 1402163063-0
Opcode ID: 085728b0800e5b0b16db0286887f545a65ba737963f2ba16225a33af3165bac9
Instruction ID: 6cdd4cb870e6780edaa7a2b8c8a3d1187a8f28deedf6e8d461023edd379a6cc7
Opcode Fuzzy Hash: 085728b0800e5b0b16db0286887f545a65ba737963f2ba16225a33af3165bac9
Instruction Fuzzy Hash: FEF0AD75B08A1282FE28CF56E95413C2368FF0ABA0F084132CA2D47751DF2CD9B4CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF16DC90 Relevance: 6.0, APIs: 4, Instructions: 30COMMON

Download Yara Rule

APIs

GetClientRect.USER32 ref: 00007FF6DF16DCAB
PtInRect.USER32 ref: 00007FF6DF16DCBB
InvalidateRect.USER32 ref: 00007FF6DF16DCD8
_TrackMouseEvent.COMCTL32 ref: 00007FF6DF16DD0D

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Rect$ClientEventInvalidateMouseTrack
String ID:
API String ID: 3992450985-0
Opcode ID: f3e030f1eb4d8ce145a231721ef5e164381bf651e6d0b8207a3b6c8981344ab8
Instruction ID: 10a2f9ab7e2d3e25b2291f34dfd095c7b40dc74505ece29db400cb324af4fa82
Opcode Fuzzy Hash: f3e030f1eb4d8ce145a231721ef5e164381bf651e6d0b8207a3b6c8981344ab8
Instruction Fuzzy Hash: 0E018432918A46C3E720DF25E88925D7778FB80B49F140132EA9D876A8DF3DD494CB80

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF12CC2C Relevance: 6.0, APIs: 4, Instructions: 20COMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 00007FF6DF12CC46
GetTickCount.KERNEL32 ref: 00007FF6DF12CC58
CoFreeUnusedLibraries.OLE32 ref: 00007FF6DF12CC6B
GetTickCount.KERNEL32 ref: 00007FF6DF12CC71

Part of subcall function 00007FF6DF12CBB8: CoFreeUnusedLibraries.OLE32 ref: 00007FF6DF12CC11
Part of subcall function 00007FF6DF12CBB8: OleUninitialize.OLE32 ref: 00007FF6DF12CC17

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: CountTick$FreeLibrariesUnused$Uninitialize
String ID:
API String ID: 685759847-0
Opcode ID: 5361b143fd90f95ff7a55bff770c25e17141d53aab04e907431e55f6149cf923
Instruction ID: 716100c48fc7ccad8e815ebbf41482bf20d79e6fb6eeb099b653df7731913d21
Opcode Fuzzy Hash: 5361b143fd90f95ff7a55bff770c25e17141d53aab04e907431e55f6149cf923
Instruction Fuzzy Hash: 2CF01C34D1E18396F6296BA4AC5A13C236DAF42B51F00503BC51EC16A4CF3E39F98B00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF13B3C0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 146COMMONLIBRARYCODE

Download Yara Rule

APIs

_getptd.LIBCMT ref: 00007FF6DF13B3E4

Strings

csm, xrefs: 00007FF6DF13B51B
csm, xrefs: 00007FF6DF13B411

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: _getptd
String ID: csm$csm
API String ID: 3186804695-3733052814
Opcode ID: 3d800590c437a792dd1cdc1526f8ef752963299a87db544d8048e35d47348bde
Instruction ID: 68d891acfdc6a9879ed6dc52b0566406e694b5db7256f41172589cb5b7f0456c
Opcode Fuzzy Hash: 3d800590c437a792dd1cdc1526f8ef752963299a87db544d8048e35d47348bde
Instruction Fuzzy Hash: DF519F729086828AEB60DF26984037D77D8FB54B94F054136DA4DD7B86EF3CE4A0CB05

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF16ED00 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 102COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6DF110660: GetWindowLongW.USER32 ref: 00007FF6DF110677

GetCapture.USER32 ref: 00007FF6DF16ED36
OffsetRect.USER32 ref: 00007FF6DF16EDFC

Strings

COMBOBOX, xrefs: 00007FF6DF16ED5A

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: CaptureLongOffsetRectWindow
String ID: COMBOBOX
API String ID: 1925817764-1136563877
Opcode ID: 8b406933eb193b357f8346bce9a259d905819bc66ce7130c2d6c8ea2e5044178
Instruction ID: 2defaf3ead7f6e00cbb9c5907282b9ab5ae6e31310eb7448c45597651a4590f4
Opcode Fuzzy Hash: 8b406933eb193b357f8346bce9a259d905819bc66ce7130c2d6c8ea2e5044178
Instruction Fuzzy Hash: 7141E372A1868187E760DF26E8406AFB3A5FB95B94F444136FE5E83B89DF3CD4118B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF15D8A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 98windowCOMMON

Download Yara Rule

APIs

BitBlt.GDI32 ref: 00007FF6DF15D99A

Part of subcall function 00007FF6DF15D4A0: StretchBlt.GDI32 ref: 00007FF6DF15D505

Strings

, xrefs: 00007FF6DF15D979
, xrefs: 00007FF6DF15D9A6

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Stretch
String ID: $
API String ID: 3460941471-227171996
Opcode ID: 5870faa82f940cd8b88083bed75ef050f2a890bdcee2f3da6d57892aaebe3768
Instruction ID: 1e6e24d39e9606cf817a80834e3b988097b41bef2aee49fe598758a04aa5ccec
Opcode Fuzzy Hash: 5870faa82f940cd8b88083bed75ef050f2a890bdcee2f3da6d57892aaebe3768
Instruction Fuzzy Hash: F7417E7661C6C58AD7249E02A54463EB7B9FB48BC4F54403AEF8993B44CF38E960CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF158970 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 91COMMON

Download Yara Rule

APIs

AdjustWindowRectEx.USER32 ref: 00007FF6DF1589EC

Strings

d, xrefs: 00007FF6DF1589E4
d, xrefs: 00007FF6DF1589DC

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: AdjustRectWindow
String ID: d$d
API String ID: 2418899032-195624457
Opcode ID: 1889641ab80257389d213109df0e6966ae59da5a8bb9dcf5d8ce0e3be5c37d1b
Instruction ID: 144cc7e41277034d139279aa5174468e61899b0143f432e1f59dd3e44aeaa931
Opcode Fuzzy Hash: 1889641ab80257389d213109df0e6966ae59da5a8bb9dcf5d8ce0e3be5c37d1b
Instruction Fuzzy Hash: 82416C736282918BD780CF19D440BADB7B8F784B94F55D026FA4987B58DB39E8618F40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF141B98 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 00007FF6DF141BAE
_errno.LIBCMT ref: 00007FF6DF141BF0

Strings

1, xrefs: 00007FF6DF141C40

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: _errno
String ID: 1
API String ID: 2918714741-2212294583
Opcode ID: 62f69d29a69c071de9f0f2b75cfa70afe1b55d52abaa1ad218cea344e61acd52
Instruction ID: 6ab7b6d0db2527ac442ec2369406dfeaa317701c6598828b8eefb273c7a7981b
Opcode Fuzzy Hash: 62f69d29a69c071de9f0f2b75cfa70afe1b55d52abaa1ad218cea344e61acd52
Instruction Fuzzy Hash: 2221D872A1C2D266FB17CB248C1037C6B989F89748FA48433C64DD66C3DF1EA560C711

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF151BA0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 58COMMON

Download Yara Rule

Strings

UXTHEME.DLL, xrefs: 00007FF6DF151BEE
UxTheme.dll, xrefs: 00007FF6DF151C34

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID:
String ID: UXTHEME.DLL$UxTheme.dll
API String ID: 0-4289123061
Opcode ID: dead407cf223f481b3278d651eaf3836f9fbd1666e5522462b3670b37a769c5c
Instruction ID: 86c342574d71cc4fd2414dd42b1def1fb27187189da3a4e0ac809509e61a1f79
Opcode Fuzzy Hash: dead407cf223f481b3278d651eaf3836f9fbd1666e5522462b3670b37a769c5c
Instruction Fuzzy Hash: 1E218B71A0C687A1FA629752EC503BE53A8BF88BC4F540137DA4E97BD6DF2CE1218700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF1628C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57windowCOMMON

Download Yara Rule

APIs

InvalidateRect.USER32 ref: 00007FF6DF162982

Part of subcall function 00007FF6DF161940: SetWindowLongW.USER32 ref: 00007FF6DF161986
Part of subcall function 00007FF6DF161940: SendMessageW.USER32 ref: 00007FF6DF1619C9
Part of subcall function 00007FF6DF161940: SetWindowLongW.USER32 ref: 00007FF6DF1619DB

SendMessageW.USER32 ref: 00007FF6DF1628F1

Strings

7, xrefs: 00007FF6DF162905

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: LongMessageSendWindow$InvalidateRect
String ID: 7
API String ID: 2008876139-1790921346
Opcode ID: 35d277e1af4ca2add8400f4b52b8a8effafb986c03b3818a50f03f166b9a1132
Instruction ID: 037bba85236752a184c1a876d38612d25ed0c43a9e7f373e772a59b820f853ef
Opcode Fuzzy Hash: 35d277e1af4ca2add8400f4b52b8a8effafb986c03b3818a50f03f166b9a1132
Instruction Fuzzy Hash: 8C214832A1869686D710DF2AE450A1EB7A5FBC8B84F144136EB8D83B18DF39E410CF80

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF169020 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54COMMON

Download Yara Rule

APIs

GetSystemMetrics.USER32 ref: 00007FF6DF16903C
GetSystemMetrics.USER32 ref: 00007FF6DF16904D

Strings

gfff, xrefs: 00007FF6DF169074

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: MetricsSystem
String ID: gfff
API String ID: 4116985748-1553575800
Opcode ID: d5c77ddf97092c6689b424a39c6b4fb8e336f1e2578049590473857db04826df
Instruction ID: 30a4ddb6252ad0f6fb959923a556c6e6efae972228f5cd582802ff4155dcd5da
Opcode Fuzzy Hash: d5c77ddf97092c6689b424a39c6b4fb8e336f1e2578049590473857db04826df
Instruction Fuzzy Hash: ED11A372A1464287D3588F2EF84536D7795E788784F488131EB49CB799DF3DE8518B00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF109020 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6DF12516C: ClientToScreen.USER32 ref: 00007FF6DF12517E
Part of subcall function 00007FF6DF12516C: GetWindow.USER32 ref: 00007FF6DF12518C
Part of subcall function 00007FF6DF12516C: GetDlgCtrlID.USER32 ref: 00007FF6DF12519D
Part of subcall function 00007FF6DF12516C: GetWindowLongW.USER32 ref: 00007FF6DF1251B2
Part of subcall function 00007FF6DF12516C: GetWindowRect.USER32 ref: 00007FF6DF1251C6
Part of subcall function 00007FF6DF12516C: PtInRect.USER32 ref: 00007FF6DF1251D6

GetDlgCtrlID.USER32 ref: 00007FF6DF10904E
SendMessageW.USER32 ref: 00007FF6DF109083

Strings

@, xrefs: 00007FF6DF10905B

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Window$CtrlRect$ClientLongMessageScreenSend
String ID: @
API String ID: 1956310361-2766056989
Opcode ID: 106584a0c2e0a54040e126c9c552653aedb76a71ce280c278031c75cf28f50ad
Instruction ID: 8be07140e82435934f5df3e975e46f458bb7da39ce8d147ddc7611a4897d21d4
Opcode Fuzzy Hash: 106584a0c2e0a54040e126c9c552653aedb76a71ce280c278031c75cf28f50ad
Instruction Fuzzy Hash: 3A01A532618B81C2EB148F26A81512D7768EB45FB8F184331EABD87BD8CF3DD4618704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF18EFF6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6DF132F04: _getptd.LIBCMT ref: 00007FF6DF132F11
Part of subcall function 00007FF6DF132F04: _getptd.LIBCMT ref: 00007FF6DF132F24

_getptd.LIBCMT ref: 00007FF6DF18F059
_getptd.LIBCMT ref: 00007FF6DF18F06C

Strings

csm, xrefs: 00007FF6DF18F00F

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: _getptd
String ID: csm
API String ID: 3186804695-1018135373
Opcode ID: 692da55b57d28d272fc0623dbe24d7e6abadf720f9f5d753525392da69e51a07
Instruction ID: 85e41260c58a43a2e53ff06a22030133f446b7da36902033562c29320340bec9
Opcode Fuzzy Hash: 692da55b57d28d272fc0623dbe24d7e6abadf720f9f5d753525392da69e51a07
Instruction Fuzzy Hash: AA019232904282DDDB749F72DC443BC23A9EB58B49F484137DA0D9A645CF7AE8A0C301

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF170BB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37windowCOMMONLIBRARYCODE

Download Yara Rule

APIs

BitBlt.GDI32 ref: 00007FF6DF170C10
SelectObject.GDI32 ref: 00007FF6DF170C1E

Strings

, xrefs: 00007FF6DF170BF6

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: ObjectSelect
String ID:
API String ID: 1517587568-3916222277
Opcode ID: ba99b2cab816d7387d509cd1aa76e3c510538144d43d9b084549d548b93a3079
Instruction ID: 2a2000f861f4828cff588930a61f9aebd6eb06f398cd61fb820f2b91ef703f76
Opcode Fuzzy Hash: ba99b2cab816d7387d509cd1aa76e3c510538144d43d9b084549d548b93a3079
Instruction Fuzzy Hash: FE118272605B42C6DB24CF25E84042D7768FB44B68F145236DE6D43768DF3CD4A5CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF161A00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON

Download Yara Rule

APIs

IsWindow.USER32 ref: 00007FF6DF161A20
SetWindowRgn.USER32 ref: 00007FF6DF161A34

Part of subcall function 00007FF6DF1109D0: SetWindowPos.USER32 ref: 00007FF6DF110A0A

Strings

7, xrefs: 00007FF6DF161A3D

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: Window
String ID: 7
API String ID: 2353593579-1790921346
Opcode ID: 60d8e814a551f286899c506562666568b35ab47ab36c5316bef00dfbf1ce0847
Instruction ID: a33fed73f7720cb5cf7829770356a655cdfa8f43ea6f19c6c7c3027dba20dc28
Opcode Fuzzy Hash: 60d8e814a551f286899c506562666568b35ab47ab36c5316bef00dfbf1ce0847
Instruction Fuzzy Hash: 99016732A1859186E7108F26D81062DB759FBD8B84F188032EA4D87654DF3DD9218B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6DF124B90 Relevance: 5.1, APIs: 4, Instructions: 69COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00007FF6DF124C21
LeaveCriticalSection.KERNEL32 ref: 00007FF6DF124C39
LocalFree.KERNEL32 ref: 00007FF6DF124C43
TlsSetValue.KERNEL32 ref: 00007FF6DF124C5D

Memory Dump Source

Source File: 00000006.00000002.2915552310.00007FF6DF101000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6DF100000, based on PE: true

Associated: 00000006.00000002.2915511440.00007FF6DF100000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915626095.00007FF6DF193000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915691526.00007FF6DF1C9000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.2915726596.00007FF6DF1D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6df100000_Puran Wipe Disk.jbxd

Similarity

API ID: CriticalSection$EnterFreeLeaveLocalValue
String ID:
API String ID: 2949335588-0
Opcode ID: 80ba30083810e9cb52b292d19ef5aaa1b7f502956e87ea925683fdd6531b1932
Instruction ID: 61fe1d94acb1113d0d969df2a7a1595f8a5197530d797fa24aed0e51364e9f8c
Opcode Fuzzy Hash: 80ba30083810e9cb52b292d19ef5aaa1b7f502956e87ea925683fdd6531b1932
Instruction Fuzzy Hash: E5217836A04A1582E7248F5AE98532D7768FB8AF80F454032CE1D83795CF39E9A1C380

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Driver: Driver Load, File: File Metadata, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Service: Service Creation, Service: Service Modification, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use bootkits to persist on systems. Bootkits reside at a layer below the operating system and may make it difficult to perform full remediation unless an organization suspects one was used and can act accordingly.
Tactics:	Defense Evasion, Persistence
Data Sources:	Drive: Drive Modification
Platforms:	Linux, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report PuranWipeDiskSetup.exe

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files\Puran Wipe Disk\Default.cjstyles (copy)

C:\Program Files\Puran Wipe Disk\Help\Wipe_Disk.chm (copy)

C:\Program Files\Puran Wipe Disk\Help\is-JQLMN.tmp

C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.exe (copy)

C:\Program Files\Puran Wipe Disk\Puran Wipe Disk.url

C:\Program Files\Puran Wipe Disk\home.html (copy)

C:\Program Files\Puran Wipe Disk\home.png (copy)

C:\Program Files\Puran Wipe Disk\homebutton.html (copy)

C:\Program Files\Puran Wipe Disk\is-6S64H.tmp

C:\Program Files\Puran Wipe Disk\is-7J9I7.tmp

C:\Program Files\Puran Wipe Disk\is-E3G21.tmp

C:\Program Files\Puran Wipe Disk\is-II2TT.tmp

C:\Program Files\Puran Wipe Disk\is-JRBGR.tmp

C:\Program Files\Puran Wipe Disk\is-UDJ45.tmp

C:\Program Files\Puran Wipe Disk\unins000.dat

C:\Program Files\Puran Wipe Disk\unins000.exe (copy)

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Puran Wipe Disk\Puran Wipe Disk on the Web.lnk

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Puran Wipe Disk\Puran Wipe Disk.lnk

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT

Windows Analysis Report
PuranWipeDiskSetup.exe

Function 00007FF6DF14BAC0 Relevance: 54.3, Strings: 43, Instructions: 593
COMMON

Function 00007FF6DF112724 Relevance: 52.8, APIs: 25, Strings: 5, Instructions: 288
libraryloaderCOMMON

Function 00007FF6DF147EF0 Relevance: 44.0, APIs: 24, Strings: 1, Instructions: 273
COMMON

Function 00007FF6DF15C920 Relevance: 42.5, APIs: 11, Strings: 13, Instructions: 502
COMMON

Function 00007FF6DF1034D0 Relevance: 31.8, APIs: 16, Strings: 2, Instructions: 320
COMMON

Function 00007FF6DF103A30 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 228
windowtimeCOMMON

Function 00007FF6DF102EE0 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 157
registrywindowCOMMON

Function 00007FF6DF15C5F0 Relevance: 15.2, APIs: 10, Instructions: 191
COMMON

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre