Edit tour

Windows Analysis Report
ArchivePlayer.exe

Overview

General Information

Sample name:	ArchivePlayer.exe
Analysis ID:	1428280
MD5:	9fc7930a0e24916b1f136c2ec0832ca8
SHA1:	ad64c6eb86d06729f5657e9e97d12bac096b0f1e
SHA256:	527b331af189dd4fb9d2e9049ec002dbb5ad4a3b6da9bd06b38d80f1fc911f6c
Infos:

Detection

Score:	29
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Signatures

Potentially malicious time measurement code found

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to record screenshots

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Extensive use of GetProcAddress (often used to hide API calls)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

PE file contains sections with non-standard names

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Classification

Analysis Advice

Sample has a GUI, but Joe Sandbox has not found any clickable buttons, likely more UI automation may extend behavior

Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior

Process Tree

System is w10x64

ArchivePlayer.exe (PID: 2408 cmdline: "C:\Users\user\Desktop\ArchivePlayer.exe" MD5: 9FC7930A0E24916B1F136C2EC0832CA8)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Source: C:\Users\user\Desktop\ArchivePlayer.exe

Code function: 0_2_005E9C00 CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,__read,__close,__read,__close,_clock,_clock,_clock,_abort,

0_2_005E9C00

Source: ArchivePlayer.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source:	Binary string: E:\VSS\ArchivePlayer\Release\ArchivePlayer.pdb source: ArchivePlayer.exe
Source:	Binary string: E:\VSS\ArchivePlayer\Release\ArchivePlayer.pdb* source: ArchivePlayer.exe

Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_008163F1 __EH_prolog3,_strlen,__cftof,FtpFindFirstFileA,FtpSetCurrentDirectoryA,FtpSetCurrentDirectoryA,FtpSetCurrentDirectoryA,	0_2_008163F1
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_0081D90B __EH_prolog3_GS,GetFullPathNameA,__cftof,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,_strlen,	0_2_0081D90B
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_007BF980 _memset,_memmove,FindFirstFileA,FindClose,DeleteFileA,CreateDirectoryA,	0_2_007BF980

Source: C:\Users\user\Desktop\ArchivePlayer.exe

Code function: 0_2_007A42A0 __WSAFDIsSet,_memset,recvfrom,WSAGetLastError,htonl,htons,select,htons,htons,htons,htons,

0_2_007A42A0

Source: ArchivePlayer.exe

String found in binary or memory: http://%s:%d/cgi-bin/%smpeg4?USER=%s&PWD=%s&DIO_OUTPUT=0x%.2x%smpeg4?USER=%s&PWD=%s&CHANNEL=%d&DIO_O

Source: C:\Users\user\Desktop\ArchivePlayer.exe

Code function: 0_2_007CA6F0 GdipGetImageEncodersSize,_malloc,GdipGetImageEncoders,PathFindExtensionA,GdipSaveImageToFile,GdipDisposeImage,GdipCreateBitmapFromHBITMAP,GdipSaveImageToFile,GdipDisposeImage,GdipDisposeImage,_free,_memmove,_memset,_memset,_memset,_strtok,_strtok,__snprintf,GetDC,SendMessageA,GetDC,CreateDIBitmap,ReleaseDC,CreateCompatibleDC,GetClientRect,CreateCompatibleBitmap,SelectObject,GetDC,BitBlt,CreateFontA,SetBkColor,SelectObject,SetTextColor,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,TextOutA,DeleteObject,GetDC,GetDC,CreateDIBitmap,ReleaseDC,CreateCompatibleDC,GetClientRect,CreateCompatibleBitmap,SelectObject,GetDC,BitBlt,CreateFontA,SetBkColor,SelectObject,SetTextColor,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,GetDC,TextOutA,DeleteObject,

0_2_007CA6F0

Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_00796030	0_2_00796030
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_007AA010	0_2_007AA010
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_007F6010	0_2_007F6010
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_007EC0F0	0_2_007EC0F0
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_007FA0B0	0_2_007FA0B0
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_007F8080	0_2_007F8080
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_007B6160	0_2_007B6160
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_007DE100	0_2_007DE100
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_00798230	0_2_00798230
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_0077E2F0	0_2_0077E2F0
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_007F0290	0_2_007F0290
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_0096C314	0_2_0096C314
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_007A03D0	0_2_007A03D0
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_008144D5	0_2_008144D5
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_007C84B0	0_2_007C84B0
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_007EA490	0_2_007EA490
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_00418550	0_2_00418550
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_0093855B	0_2_0093855B
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_007F65A0	0_2_007F65A0
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_007CA6F0	0_2_007CA6F0
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_00974672	0_2_00974672
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_0078C690	0_2_0078C690
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_007B8680	0_2_007B8680
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_0074E750	0_2_0074E750
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_0092A700	0_2_0092A700
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_007C87A0	0_2_007C87A0
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_007DA7A0	0_2_007DA7A0
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_0079E840	0_2_0079E840
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_009548E0	0_2_009548E0
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_007A28D0	0_2_007A28D0
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_007A88B0	0_2_007A88B0
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_0077A9C0	0_2_0077A9C0
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_0093A970	0_2_0093A970
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_00418B70	0_2_00418B70
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_007FAB30	0_2_007FAB30
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_00780BE0	0_2_00780BE0
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_006CCBD0	0_2_006CCBD0
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_007E4CF0	0_2_007E4CF0
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_007E6CF0	0_2_007E6CF0
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_007B8F10	0_2_007B8F10
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_007A3060	0_2_007A3060
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_00425020	0_2_00425020
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_007E7000	0_2_007E7000
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_0094506D	0_2_0094506D
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_007F72E0	0_2_007F72E0
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_004192E0	0_2_004192E0
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_0093F40D	0_2_0093F40D
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_007A3520	0_2_007A3520
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_0094B680	0_2_0094B680
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_00785730	0_2_00785730
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_007E1700	0_2_007E1700
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_007A97C0	0_2_007A97C0
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_007F7860	0_2_007F7860
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_00857846	0_2_00857846
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_007B5930	0_2_007B5930
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_0084B9D2	0_2_0084B9D2
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_0070DA40	0_2_0070DA40
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_007A1A00	0_2_007A1A00
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_00977B04	0_2_00977B04
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_00945B51	0_2_00945B51
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_0093BCA5	0_2_0093BCA5
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_005E9C00	0_2_005E9C00
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_00955CE0	0_2_00955CE0
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_00973C05	0_2_00973C05
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_007ABC90	0_2_007ABC90
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_0092FC6E	0_2_0092FC6E
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_00949DF0	0_2_00949DF0

Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: String function: 0092F7E0 appears 49 times
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: String function: 0092A9B0 appears 95 times
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: String function: 00815A52 appears 178 times
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: String function: 00929E20 appears 62 times
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: String function: 0092F701 appears 75 times
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: String function: 0092AFF6 appears 73 times
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: String function: 00948D41 appears 31 times
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: String function: 0092C730 appears 49 times
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: String function: 0092AF72 appears 149 times

Source: ArchivePlayer.exe

Binary or memory string: OriginalFilename vs ArchivePlayer.exe

Source: ArchivePlayer.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: classification engine

Classification label: sus29.evad.winEXE@1/0@0/0

Source: C:\Users\user\Desktop\ArchivePlayer.exe

Code function: 0_2_008140DB __EH_prolog3_GS,_memset,GetVersionExA,_malloc,_memset,__cftof,CoInitializeEx,CoCreateInstance,

0_2_008140DB

Source: C:\Users\user\Desktop\ArchivePlayer.exe

Code function: 0_2_0080ADE2 __EH_prolog3_catch,FindResourceA,LoadResource,LockResource,GetDesktopWindow,IsWindowEnabled,EnableWindow,EnableWindow,GetActiveWindow,SetActiveWindow,FreeResource,

0_2_0080ADE2

Source: C:\Users\user\Desktop\ArchivePlayer.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\ArchivePlayer.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Section loaded: oledlg.dll	Jump to behavior
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Section loaded: avifil32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Section loaded: msvfw32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Section loaded: textshaping.dll	Jump to behavior

Source: C:\Users\user\Desktop\ArchivePlayer.exe

Window detected: Number of UI elements: 36

Source: ArchivePlayer.exe

Static PE information: More than 390 > 100 exports found

Source: ArchivePlayer.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: ArchivePlayer.exe

Static file information: File size 7742976 > 1048576

Source: ArchivePlayer.exe	Static PE information: Raw size of .text is bigger than: 0x100000 < 0x56b000
Source: ArchivePlayer.exe	Static PE information: Raw size of .rdata is bigger than: 0x100000 < 0x180a00

Source: ArchivePlayer.exe

Static PE information: More than 200 imports for USER32.dll

Source: ArchivePlayer.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: E:\VSS\ArchivePlayer\Release\ArchivePlayer.pdb source: ArchivePlayer.exe
Source:	Binary string: E:\VSS\ArchivePlayer\Release\ArchivePlayer.pdb* source: ArchivePlayer.exe

Source: C:\Users\user\Desktop\ArchivePlayer.exe

Code function: 0_2_007F4460 FreeLibrary,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_007F4460

Source: ArchivePlayer.exe	Static PE information: section name: .text.un
Source: ArchivePlayer.exe	Static PE information: section name: .drectve
Source: ArchivePlayer.exe	Static PE information: section name: .rodata

Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_0092F6CF push ecx; ret	0_2_0092F6E2
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_0092F825 push ecx; ret	0_2_0092F838
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_0070BD00 push dword ptr [eax+04h]; ret	0_2_0070BD2F

Source: C:\Users\user\Desktop\ArchivePlayer.exe

Code function: 0_2_007C99C0 GetFileAttributesExA,_memset,_sprintf,IsIconic,SendMessageA,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetClientRect,DrawIcon,

0_2_007C99C0

Source: C:\Users\user\Desktop\ArchivePlayer.exe

0_2_007F4460

Source: C:\Users\user\Desktop\ArchivePlayer.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Source: C:\Users\user\Desktop\ArchivePlayer.exe

Code function: 0_2_007ED160 rdtsc

0_2_007ED160

Source: C:\Users\user\Desktop\ArchivePlayer.exe

API coverage: 6.6 %

Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_008163F1 __EH_prolog3,_strlen,__cftof,FtpFindFirstFileA,FtpSetCurrentDirectoryA,FtpSetCurrentDirectoryA,FtpSetCurrentDirectoryA,	0_2_008163F1
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_0081D90B __EH_prolog3_GS,GetFullPathNameA,__cftof,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,_strlen,	0_2_0081D90B
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_007BF980 _memset,_memmove,FindFirstFileA,FindClose,DeleteFileA,CreateDirectoryA,	0_2_007BF980

Source: ArchivePlayer.exe, 00000000.00000002.3282904864.0000000000FDD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll/>
Source: ArchivePlayer.exe	Binary or memory string: xvmcidct
Source: ArchivePlayer.exe	Binary or memory string: d->log2_chroma_h <= 3d->nb_components <= 4d->name && d->name[0](d->nb_components==4 \|\| d->nb_components==2) == !!(d->flags & (1 << 7))!c->plane && !c->step_minus1 && !c->offset_plus1 && !c->shift && !c->depth_minus1c->step_minus1 >= c->depth_minus18*(c->step_minus1+1) >= c->depth_minus1+1bayer_tmp[0] == 0 && tmp[1] == 0beyuv420pyuyv422rgb24bgr24yuv422pyuv444pyuv410pyuv411pgraygray8,y8monowmonobpal8yuvj420pyuvj422pyuvj444pxvmcmcxvmcidctuyvy422uyyvyy411bgr8bgr4bgr4_bytergb8rgb4rgb4_bytenv12nv21argbabgrgray16bey16begray16ley16leyuv440pyuvj440pyuva420pvdpau_h264vdpau_mpeg1vdpau_mpeg2vdpau_wmv3vdpau_vc1rgb48bergb48lergb565bergb565lergb555bergb555lebgr565bebgr565lebgr555bebgr555levaapi_mocovaapi_idctvaapi_vldyuv420p16leyuv420p16beyuv422p16leyuv422p16beyuv444p16leyuv444p16bevdpau_mpeg4dxva2_vldrgb444lergb444bebgr444lebgr444beya8gray8abgr48bebgr48leyuv420p9beyuv420p9leyuv420p10beyuv420p10leyuv422p10beyuv422p10leyuv444p9beyuv444p9leyuv444p10beyuv444p10leyuv422p9beyuv422p9levda_vldgbrpgbrp9begbrp9legbrp10begbrp10legbrp16begbrp16leyuva420p9beyuva420p9leyuva422p9beyuva422p9leyuva444p9beyuva444p9leyuva420p10beyuva420p10leyuva422p10beyuva422p10leyuva444p10beyuva444p10leyuva420p16beyuva420p16leyuva422p16beyuva422p16leyuva444p16beyuva444p16levdpauxyz12lexyz12benv16nv20lenv20beyvyu422vdaya16beya16leqsvmmald3d11va_vldrgba64bergba64lebgra64bebgra64le0rgbrgb00bgrbgr0yuva444pyuva422pyuv420p12beyuv420p12leyuv420p14beyuv420p14leyuv422p12beyuv422p12leyuv422p14beyuv422p14leyuv444p12beyuv444p12leyuv444p14beyuv444p14legbrp12begbrp12legbrp14begbrp14legbrapgbrap16begbrap16leyuvj411pbayer_bggr8bayer_rggb8bayer_gbrg8bayer_grbg8bayer_bggr16lebayer_bggr16bebayer_rggb16lebayer_rggb16bebayer_gbrg16lebayer_gbrg16bebayer_grbg16lebayer_grbg16beyuv440p10leyuv440p10beyuv440p12leyuv440p12be
Source: ArchivePlayer.exe	Binary or memory string: VMware Screen Codec / VMware Video

Source: C:\Users\user\Desktop\ArchivePlayer.exe

API call chain: ExitProcess graph end node

graph_0-76219

Anti Debugging

Potentially malicious time measurement code found

Source: C:\Users\user\Desktop\ArchivePlayer.exe

Code function: 0_2_005E9C00 Start: 005E9D3A End: 005E9D46

0_2_005E9C00

Source: C:\Users\user\Desktop\ArchivePlayer.exe

Code function: 0_2_007ED160 rdtsc

0_2_007ED160

Source: C:\Users\user\Desktop\ArchivePlayer.exe

Code function: 0_2_0092A4DF IsDebuggerPresent,

0_2_0092A4DF

Source: C:\Users\user\Desktop\ArchivePlayer.exe

Code function: 0_2_0080999F OutputDebugStringA,GetLastError,

0_2_0080999F

Source: C:\Users\user\Desktop\ArchivePlayer.exe

0_2_007F4460

Source: C:\Users\user\Desktop\ArchivePlayer.exe

Code function: 0_2_00948514 __lseeki64_nolock,__lseeki64_nolock,GetProcessHeap,HeapAlloc,__setmode_nolock,__write_nolock,__setmode_nolock,GetProcessHeap,HeapFree,__lseeki64_nolock,SetEndOfFile,GetLastError,__lseeki64_nolock,

0_2_00948514

Source: C:\Users\user\Desktop\ArchivePlayer.exe

Code function: 0_2_009352BB SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_009352BB

Source: C:\Users\user\Desktop\ArchivePlayer.exe

Code function: 0_2_005E9900 cpuid

0_2_005E9900

Source: C:\Users\user\Desktop\ArchivePlayer.exe

Code function: 0_2_0092CB13 GetSystemTimeAsFileTime,__aulldiv,

0_2_0092CB13

Source: C:\Users\user\Desktop\ArchivePlayer.exe

Code function: 0_2_0092CDB1 GetSystemTimeAsFileTime,__aulldiv,GetTimeZoneInformation,__aulldiv,__aullrem,__aulldiv,__invoke_watson,

0_2_0092CDB1

Source: C:\Users\user\Desktop\ArchivePlayer.exe

Code function: 0_2_008140DB __EH_prolog3_GS,_memset,GetVersionExA,_malloc,_memset,__cftof,CoInitializeEx,CoCreateInstance,

0_2_008140DB

Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_007A03D0 swprintf,getaddrinfo,_wprintf,_wprintf,_wprintf,_wprintf,_wprintf,_wprintf,_wprintf,_wprintf,socket,freeaddrinfo,bind,freeaddrinfo,shutdown,closesocket,freeaddrinfo,setsockopt,	0_2_007A03D0
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_007B4540 socket,setsockopt,setsockopt,htons,htonl,bind,inet_addr,setsockopt,setsockopt,recvfrom,_memmove,	0_2_007B4540
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_007B4860 socket,setsockopt,setsockopt,htons,htonl,bind,inet_addr,setsockopt,setsockopt,	0_2_007B4860
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_007BAA00 socket,htonl,htons,bind,setsockopt,setsockopt,setsockopt,inet_addr,htonl,setsockopt,setsockopt,	0_2_007BAA00
Source: C:\Users\user\Desktop\ArchivePlayer.exe	Code function: 0_2_007BAB50 socket,freeaddrinfo,bind,freeaddrinfo,freeaddrinfo,setsockopt,	0_2_007BAB50

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Native API	1 DLL Side-Loading	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	OS Credential Dumping	2 System Time Discovery	Remote Services	1 Screen Capture	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	2 Obfuscated Files or Information	LSASS Memory	41 Security Software Discovery	Remote Desktop Protocol	1 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 DLL Side-Loading	Security Account Manager	1 Application Window Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	1 File and Directory Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	13 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
ArchivePlayer.exe	2%	ReversingLabs

Name	Source	Malicious	Antivirus Detection	Reputation
http://%s:%d/cgi-bin/%smpeg4?USER=%s&PWD=%s&DIO_OUTPUT=0x%.2x%smpeg4?USER=%s&PWD=%s&CHANNEL=%d&DIO_O	ArchivePlayer.exe	false		low

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1428280
Start date and time:	2024-04-18 18:58:59 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 35s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	4
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	ArchivePlayer.exe
Detection:	SUS
Classification:	sus29.evad.winEXE@1/0@0/0
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 76% Number of executed functions: 47 Number of non-executed functions: 237
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Report size exceeded maximum capacity and may have missing disassembly code.
VT rate limit hit for: ArchivePlayer.exe

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.748383314638453
TrID:	Win32 Executable (generic) a (10002005/4) 99.55% Win32 EXE PECompact compressed (generic) (41571/9) 0.41% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	ArchivePlayer.exe
File size:	7'742'976 bytes
MD5:	9fc7930a0e24916b1f136c2ec0832ca8
SHA1:	ad64c6eb86d06729f5657e9e97d12bac096b0f1e
SHA256:	527b331af189dd4fb9d2e9049ec002dbb5ad4a3b6da9bd06b38d80f1fc911f6c
SHA512:	bd16e10424366008f97e54e6b819d82465e0bf640c55239c65359120d5dcc90586a5f1267d64d0d2384872286296cab0b077ede68b895a71d4f28a84bb89bf8d
SSDEEP:	196608:VQeJEEccgNWMh66h6t/1meZTbPI5qv+SG5/OofY:zjxU0ofY
TLSH:	F876AE80F6C381F5CC030930542FF76F67395A198634CAE7EB942B1EFDB2692553A25A
File Content Preview:	MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......................&V......&V......&V......e.........#...............".&.....#...............'.........v...&V........#............

File Icon


Icon Hash:	496d4b5906554327

Static PE Info

General

Entrypoint:	0x92c347
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x58DB5C7B [Wed Mar 29 07:04:27 2017 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	83224c19972cbd9bfe9d13c53ab5af9a

Entrypoint Preview

Instruction
call 00007FD2786DF5E2h
jmp 00007FD2786D1A15h
push 00000014h
push 00B067A0h
call 00007FD2786D4E98h
call 00007FD2786DA606h
movzx esi, ax
push 00000002h
call 00007FD2786DF575h
pop ecx
mov eax, 00005A4Dh
cmp word ptr [00400000h], ax
je 00007FD2786D1A16h
xor ebx, ebx
jmp 00007FD2786D1A45h
mov eax, dword ptr [0040003Ch]
cmp dword ptr [eax+00400000h], 00004550h
jne 00007FD2786D19FDh
mov ecx, 0000010Bh
cmp word ptr [eax+00400018h], cx
jne 00007FD2786D19EFh
xor ebx, ebx
cmp dword ptr [eax+00400074h], 0Eh
jbe 00007FD2786D1A1Bh
cmp dword ptr [eax+004000E8h], ebx
setne bl
mov dword ptr [ebp-1Ch], ebx
call 00007FD2786DD285h
test eax, eax
jne 00007FD2786D1A1Ah
push 0000001Ch
call 00007FD2786D1AF1h
pop ecx
call 00007FD2786D94C8h
test eax, eax
jne 00007FD2786D1A1Ah
push 00000010h
call 00007FD2786D1AE0h
pop ecx
call 00007FD2786DF5EEh
and dword ptr [ebp-04h], 00000000h
call 00007FD2786DEF38h
test eax, eax
jns 00007FD2786D1A1Ah
push 0000001Bh
call 00007FD2786D1AC6h
pop ecx
call dword ptr [0098D498h]
mov dword ptr [00C0DA3Ch], eax
call 00007FD2786DF609h
mov dword ptr [00B40B24h], eax
call 00007FD2786DF1C6h
test eax, eax
jns 00007FD2786D1A1Ah

Rich Headers

Programming Language:

[C++] VS2013 build 21005
[ASM] VS2013 build 21005
[ C ] VS2013 build 21005
[C++] VS2013 UPD4 build 31101
[EXP] VS2013 UPD4 build 31101
[RES] VS2013 build 21005
[LNK] VS2013 UPD4 build 31101

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x707150	0x2a8c	.rdata
IMAGE_DIRECTORY_ENTRY_IMPORT	0x709bdc	0x1a4	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x810000	0x274b8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x58dea0	0x38	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x6e8070	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x58d000	0xb8c	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x56affc	0x56b000	6b21ee9c40c44ef27cb50cbaadaf9a6b	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.text.un	0x56c000	0x2094c	0x20a00	2b425bdc812bd24c2ee8fa4b02e33eb7	False	0.45438966714559387	data	6.134719709842019	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x58d000	0x1809c6	0x180a00	e8581d6701e04ef54c976828620c35b3	False	0.5601349224081899	data	6.869654698291933	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x70e000	0xffa40	0x2d200	2f265fed23ce24c68522cc081f8ff400	False	0.07713491170360111	data	3.5209762676968777	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.drectve	0x80e000	0x5d4	0x600	22bad3bf562c2a05101e4c427848d34d	False	0.24283854166666666	data	4.8868926459910575	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rodata	0x80f000	0xf40	0x1000	d5849f7c4b3b0b410741d8ec6d5524c2	False	0.341064453125	data	5.163558006475463	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x810000	0x274b8	0x27600	9c50bd2918990215311069673e86fa2e	False	0.3013268849206349	data	4.693155961819127	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_CURSOR	0x833e10	0x134	Targa image data - RGB 64 x 65536 x 1 +32 "\001"	Chinese	Taiwan	0.4805194805194805
RT_CURSOR	0x833f48	0xb4	Targa image data - Map 32 x 65536 x 1 +16 "\001"	Chinese	Taiwan	0.7
RT_CURSOR	0x834028	0x134	AmigaOS bitmap font "(", fc_YSize 4294967264, 5120 elements, 2nd "\377\360?\377\377\370\177\377\377\374\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rd	Chinese	Taiwan	0.36363636363636365
RT_CURSOR	0x834178	0x134	Targa image data - RLE 64 x 65536 x 1 +32 "\001"	Chinese	Taiwan	0.35714285714285715
RT_CURSOR	0x8342c8	0x134	data	Chinese	Taiwan	0.37337662337662336
RT_CURSOR	0x834418	0x134	data	Chinese	Taiwan	0.37662337662337664
RT_CURSOR	0x834568	0x134	Targa image data 64 x 65536 x 1 +32 "\001"	Chinese	Taiwan	0.36688311688311687
RT_CURSOR	0x8346b8	0x134	Targa image data 64 x 65536 x 1 +32 "\001"	Chinese	Taiwan	0.37662337662337664
RT_CURSOR	0x834808	0x134	Targa image data - Mono - RLE 64 x 65536 x 1 +32 "\001"	Chinese	Taiwan	0.36688311688311687
RT_CURSOR	0x834958	0x134	Targa image data - RGB - RLE 64 x 65536 x 1 +32 "\001"	Chinese	Taiwan	0.38636363636363635
RT_CURSOR	0x834aa8	0x134	data	Chinese	Taiwan	0.44155844155844154
RT_CURSOR	0x834bf8	0x134	data	Chinese	Taiwan	0.4155844155844156
RT_CURSOR	0x834d48	0x134	AmigaOS bitmap font "(", fc_YSize 4294966847, 3840 elements, 2nd "\377?\374\377\377\300\003\377\377\300\003\377\377\340\007\377\377\360\017\377\377\370\037\377\377\374?\377\377\376\177\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rd	Chinese	Taiwan	0.5422077922077922
RT_CURSOR	0x834e98	0x134	data	Chinese	Taiwan	0.2662337662337662
RT_CURSOR	0x834fe8	0x134	data	Chinese	Taiwan	0.2824675324675325
RT_CURSOR	0x835138	0x134	data	Chinese	Taiwan	0.3246753246753247
RT_BITMAP	0x8353a8	0xb8	Device independent bitmap graphic, 12 x 10 x 4, image size 80	Chinese	Taiwan	0.44565217391304346
RT_BITMAP	0x835460	0x144	Device independent bitmap graphic, 33 x 11 x 4, image size 220	Chinese	Taiwan	0.37962962962962965
RT_ICON	0x810c60	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1024	Chinese	Taiwan	0.6303191489361702
RT_ICON	0x8110c8	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2304	Chinese	Taiwan	0.5409836065573771
RT_ICON	0x811a50	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4096	Chinese	Taiwan	0.49882739212007504
RT_ICON	0x812af8	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9216	Chinese	Taiwan	0.4299792531120332
RT_ICON	0x8150a0	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 16384	Chinese	Taiwan	0.38704534718941896
RT_ICON	0x8192c8	0x94a8	Device independent bitmap graphic, 96 x 192 x 32, image size 36864	Chinese	Taiwan	0.3360573891107841
RT_ICON	0x822770	0x10828	Device independent bitmap graphic, 128 x 256 x 32, image size 65536	Chinese	Taiwan	0.2294451673961907
RT_DIALOG	0x833000	0x140	data	Chinese	Taiwan	0.58125
RT_DIALOG	0x833140	0xab8	data	Chinese	Taiwan	0.37900874635568516
RT_DIALOG	0x835288	0xe8	data	Chinese	Taiwan	0.6336206896551724
RT_DIALOG	0x835370	0x34	data	Chinese	Taiwan	0.9038461538461539
RT_STRING	0x8355a8	0x68	data	Chinese	Taiwan	0.8173076923076923
RT_STRING	0x835610	0x82	StarOffice Gallery theme p, 536899072 objects, 1st n	Chinese	Taiwan	0.7153846153846154
RT_STRING	0x835698	0x2a	data	Chinese	Taiwan	0.5476190476190477
RT_STRING	0x8356c8	0x184	data	Chinese	Taiwan	0.48711340206185566
RT_STRING	0x835850	0x4e6	data	Chinese	Taiwan	0.37719298245614036
RT_STRING	0x8360c8	0x264	data	Chinese	Taiwan	0.3333333333333333
RT_STRING	0x835de8	0x2da	data	Chinese	Taiwan	0.3698630136986301
RT_STRING	0x836b10	0x8a	data	Chinese	Taiwan	0.6594202898550725
RT_STRING	0x835d38	0xac	data	Chinese	Taiwan	0.45348837209302323
RT_STRING	0x836a00	0xde	data	Chinese	Taiwan	0.536036036036036
RT_STRING	0x836330	0x4a8	data	Chinese	Taiwan	0.3221476510067114
RT_STRING	0x8367d8	0x228	data	Chinese	Taiwan	0.4003623188405797
RT_STRING	0x836ae0	0x2c	data	Chinese	Taiwan	0.5227272727272727
RT_STRING	0x836ba0	0x53c	data	Chinese	Taiwan	0.2947761194029851
RT_GROUP_CURSOR	0x834000	0x22	Lotus unknown worksheet or configuration, revision 0x2	Chinese	Taiwan	1.0294117647058822
RT_GROUP_CURSOR	0x8347f0	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	Taiwan	1.3
RT_GROUP_CURSOR	0x834160	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	Taiwan	1.3
RT_GROUP_CURSOR	0x8346a0	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	Taiwan	1.3
RT_GROUP_CURSOR	0x834550	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	Taiwan	1.3
RT_GROUP_CURSOR	0x834e80	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	Taiwan	1.3
RT_GROUP_CURSOR	0x834400	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	Taiwan	1.3
RT_GROUP_CURSOR	0x834a90	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	Taiwan	1.3
RT_GROUP_CURSOR	0x8342b0	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	Taiwan	1.3
RT_GROUP_CURSOR	0x834940	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	Taiwan	1.3
RT_GROUP_CURSOR	0x834be0	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	Taiwan	1.3
RT_GROUP_CURSOR	0x834d30	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	Taiwan	1.3
RT_GROUP_CURSOR	0x834fd0	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	Taiwan	1.3
RT_GROUP_CURSOR	0x835120	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	Taiwan	1.3
RT_GROUP_CURSOR	0x835270	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	Taiwan	1.3
RT_GROUP_ICON	0x832f98	0x68	data	Chinese	Taiwan	0.7403846153846154
RT_VERSION	0x833bf8	0x214	data	Chinese	Taiwan	0.4755639097744361
RT_MANIFEST	0x8370e0	0x3d6	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (906), with CRLF line terminators	English	United States	0.4989816700610998

Imports

DLL	Import
KERNEL32.dll	OutputDebugStringW, WriteConsoleW, GetCurrentDirectoryW, CreateFileW, SetEnvironmentVariableA, GetLastError, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionEx, DeleteCriticalSection, LoadResource, LockResource, FindResourceW, MultiByteToWideChar, WideCharToMultiByte, GetTickCount, DecodePointer, RaiseException, HeapAlloc, HeapReAlloc, HeapFree, HeapSize, InterlockedExchange, GetProcessAffinityMask, GetConsoleScreenBufferInfo, SetConsoleTextAttribute, CreateDirectoryA, LCMapStringW, GetTimeFormatW, SizeofResource, GetDateFormatW, GetProcessHeap, InitializeCriticalSectionAndSpinCount, OutputDebugStringA, CloseHandle, InitializeCriticalSection, SetEvent, ResetEvent, WaitForSingleObject, CreateEventA, Sleep, CreateThread, GetLocalTime, VirtualFree, GetTimeZoneInformation, ReleaseSemaphore, CreateSemaphoreA, QueryPerformanceCounter, QueryPerformanceFrequency, SetWaitableTimer, CancelWaitableTimer, GetCurrentProcess, GetCurrentThread, SetThreadPriority, GetThreadPriority, SetPriorityClass, GetPriorityClass, GetVersionExA, CreateWaitableTimerA, FreeLibrary, GetProcAddress, LoadLibraryA, FindResourceA, EncodePointer, SetLastError, GetCurrentThreadId, GetSystemDirectoryW, FreeResource, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleW, LoadLibraryExW, GlobalDeleteAtom, lstrcmpW, LoadLibraryW, GlobalAddAtomA, GlobalFindAtomA, GlobalGetAtomNameA, CompareStringA, GlobalLock, GlobalUnlock, GlobalFree, ResumeThread, GetModuleFileNameA, GlobalAlloc, lstrcmpA, GetPrivateProfileIntA, GetPrivateProfileStringA, WritePrivateProfileStringA, GetCurrentProcessId, GlobalSize, LocalFree, MulDiv, FormatMessageA, CopyFileA, FileTimeToLocalFileTime, LocalAlloc, FileTimeToSystemTime, GlobalFlags, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GlobalReAlloc, GlobalHandle, LocalReAlloc, CompareStringW, GetLocaleInfoW, GetSystemDefaultUILanguage, GetUserDefaultUILanguage, GetOEMCP, GetCPInfo, GetACP, GetCurrentDirectoryA, DeleteFileA, CreateFileA, FindClose, FindFirstFileA, FlushFileBuffers, GetFileSize, GetFullPathNameA, LockFile, ReadFile, SetEndOfFile, SetFilePointer, UnlockFile, WriteFile, DuplicateHandle, lstrcmpiA, GetVolumeInformationA, GetThreadLocale, GetFileAttributesA, GetFileSizeEx, GetFileTime, SetErrorMode, FindNextFileA, GetWindowsDirectoryA, lstrcpyA, VerSetConditionMask, VerifyVersionInfoA, GetTempPathA, GetTempFileNameA, GetProfileIntA, SearchPathA, VirtualProtect, FindResourceExW, RtlUnwind, IsDebuggerPresent, IsProcessorFeaturePresent, GetSystemInfo, VirtualAlloc, VirtualQuery, GetCommandLineA, GetSystemTimeAsFileTime, ExitThread, ExitProcess, GetModuleHandleExW, AreFileApisANSI, HeapQueryInformation, SetStdHandle, GetFileType, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, GetStartupInfoW, IsValidCodePage, GetStdHandle, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetStringTypeW, GetConsoleCP, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetDriveTypeW, GetFileAttributesExA
USER32.dll	CreatePopupMenu, MessageBeep, GetNextDlgGroupItem, IsRectEmpty, IntersectRect, SetRect, InvalidateRgn, CopyAcceleratorTableA, OffsetRect, CharNextA, LoadCursorW, ReleaseCapture, SetCapture, CharUpperA, DestroyIcon, InvalidateRect, DeleteMenu, CopyImage, LoadCursorA, GetSysColorBrush, RealChildWindowFromPoint, SystemParametersInfoA, InflateRect, GetMenuItemInfoA, DestroyMenu, ClientToScreen, EndPaint, BeginPaint, GetWindowDC, TabbedTextOutA, GrayStringA, DrawTextExA, DrawTextA, RemoveMenu, InsertMenuA, GetMenuState, GetMenuStringA, KillTimer, SetTimer, WaitMessage, WindowFromPoint, MapVirtualKeyA, GetKeyNameTextA, MapDialogRect, SetWindowContextHelpId, GetWindowThreadProcessId, SetCursor, ShowOwnedPopups, PostQuitMessage, GetMessageA, GetDesktopWindow, GetActiveWindow, GetNextDlgTabItem, EndDialog, CreateDialogIndirectParamA, IsDialogMessageA, SetWindowTextA, IsWindowEnabled, SendDlgItemMessageA, CheckRadioButton, CheckDlgButton, MoveWindow, ShowWindow, GetMonitorInfoA, MonitorFromWindow, WinHelpA, GetScrollInfo, SetScrollInfo, GetMenuDefaultItem, CallNextHookEx, UnhookWindowsHookEx, SetWindowsHookExA, GetWindow, GetLastActivePopup, GetTopWindow, GetClassNameA, GetClassLongA, SetWindowLongA, DestroyCursor, EqualRect, GetSysColor, MapWindowPoints, ScreenToClient, MessageBoxA, AdjustWindowRectEx, GetWindowRect, GetWindowTextLengthA, GetWindowTextA, RemovePropA, GetPropA, SetPropA, ShowScrollBar, GetScrollRange, SetScrollRange, GetScrollPos, SetScrollPos, ScrollWindow, RedrawWindow, ValidateRect, SetForegroundWindow, GetForegroundWindow, SetActiveWindow, UpdateWindow, TrackPopupMenu, GetMenuItemCount, GetMenuItemID, GetSubMenu, SetMenu, GetMenu, GetCapture, GetKeyState, SetFocus, GetDlgCtrlID, GetDlgItem, IsWindowVisible, EndDeferWindowPos, DeferWindowPos, CreateMenu, EnableWindow, SendMessageA, IsIconic, GetSystemMetrics, GetSystemMenu, BeginDeferWindowPos, SetWindowPlacement, GetWindowPlacement, SetWindowPos, DestroyWindow, IsChild, IsWindow, CreateWindowExA, GetClassInfoExA, GetClassInfoA, RegisterClassA, CallWindowProcA, PostMessageA, GetMessageTime, GetMessagePos, RegisterWindowMessageA, BringWindowToTop, LoadAcceleratorsA, TranslateAcceleratorA, LoadMenuA, InsertMenuItemA, SetRectEmpty, LoadImageA, UnpackDDElParam, ReuseDDElParam, RegisterClipboardFormatA, DrawFocusRect, DrawIconEx, GetIconInfo, GetAsyncKeyState, LoadBitmapW, GetParent, EnableScrollBar, HideCaret, InvertRect, NotifyWinEvent, LoadIconA, GetWindowRgn, AppendMenuA, DrawIcon, GetDC, ReleaseDC, GetClientRect, GetCursorPos, FillRect, PtInRect, LoadIconW, UnregisterClassA, DefWindowProcA, ShowCursor, wvsprintfA, TranslateMessage, DispatchMessageA, PeekMessageA, CopyRect, GetFocus, CheckMenuItem, UnionRect, EnableMenuItem, SetMenuItemBitmaps, GetMenuCheckMarkDimensions, SetMenuItemInfoA, SubtractRect, GetUpdateRect, IsClipboardFormatAvailable, TranslateMDISysAccel, DefMDIChildProcA, DefFrameProcA, DrawMenuBar, FrameRect, CharUpperBuffA, ModifyMenuA, SetMenuDefaultItem, CopyIcon, GetDoubleClickTime, SetClassLongA, SetCursorPos, DestroyAcceleratorTable, CreateAcceleratorTableA, LoadAcceleratorsW, ToAsciiEx, GetKeyboardState, LockWindowUpdate, MapVirtualKeyExA, IsCharLowerA, GetKeyboardLayout, IsZoomed, GetComboBoxInfo, LoadMenuW, TrackMouseEvent, MonitorFromPoint, UpdateLayeredWindow, IsMenu, SetWindowRgn, DrawFrameControl, DrawEdge, LoadImageW, DrawStateA, EmptyClipboard, SetClipboardData, CloseClipboard, OpenClipboard, EnumDisplayMonitors, SetLayeredWindowAttributes, PostThreadMessageA, SetParent, GetWindowLongA
GDI32.dll	GetTextFaceA, GetViewportOrgEx, LPtoDP, GetWindowOrgEx, GetBoundsRect, FillRgn, SetPaletteEntries, ExtFloodFill, SetPixelV, PtInRegion, FrameRgn, RoundRect, CreateRoundRectRgn, OffsetRgn, EnumFontFamiliesExA, Polyline, Polygon, CreatePolygonRgn, Ellipse, CreateEllipticRgn, SetDIBColorTable, CreateDIBSection, StretchBlt, SetPixel, GetTextCharsetInfo, EnumFontFamiliesA, StretchDIBits, RealizePalette, GetSystemPaletteEntries, GetPaletteEntries, GetNearestPaletteIndex, CreatePalette, DPtoLP, SetRectRgn, GetMapMode, CombineRgn, GetRgnBox, GetTextColor, GetBkColor, GetTextMetricsA, GetTextExtentPoint32A, ScaleWindowExtEx, ScaleViewportExtEx, OffsetWindowOrgEx, OffsetViewportOrgEx, SetWindowOrgEx, SetWindowExtEx, SetViewportOrgEx, SetViewportExtEx, ExtTextOutA, MoveToEx, SetTextAlign, SetStretchBltMode, SetROP2, SetPolyFillMode, GetLayout, SetLayout, SetMapMode, SelectPalette, ExtSelectClipRgn, SelectClipRgn, SaveDC, RestoreDC, RectVisible, PtVisible, LineTo, IntersectClipRect, GetWindowExtEx, GetViewportExtEx, GetStockObject, GetPixel, GetObjectType, GetClipBox, ExcludeClipRect, Escape, CreateRectRgn, CreatePatternBrush, CreateHatchBrush, CreateDCA, CopyMetaFileA, PatBlt, CreateRectRgnIndirect, CreateBitmap, TextOutW, SetBkMode, CreateFontW, CreateFontIndirectA, TextOutA, GetObjectA, SetTextColor, SetBkColor, SelectObject, Rectangle, GetDeviceCaps, DeleteObject, DeleteDC, CreateSolidBrush, CreatePen, CreateFontA, CreateDIBitmap, CreateCompatibleDC, CreateCompatibleBitmap, BitBlt
MSIMG32.dll	TransparentBlt, AlphaBlend
WINSPOOL.DRV	OpenPrinterA, DocumentPropertiesA, ClosePrinter
ADVAPI32.dll	CryptAcquireContextA, RegOpenKeyExA, RegQueryValueExA, RegCreateKeyExA, RegDeleteKeyA, RegDeleteValueA, RegSetValueExA, RegEnumKeyA, RegQueryValueA, RegEnumValueA, RegEnumKeyExA, RegCloseKey, CryptReleaseContext, CryptGenRandom
SHELL32.dll	SHBrowseForFolderA, DragAcceptFiles, SHGetFileInfoA, SHGetPathFromIDListA, SHGetSpecialFolderLocation, SHGetDesktopFolder, DragFinish, SHAppBarMessage, DragQueryFileA, ShellExecuteA
COMCTL32.dll
SHLWAPI.dll	PathFindExtensionA, PathFindExtensionW, PathFindFileNameA, PathRemoveFileSpecW, PathIsUNCA, PathStripToRootA, StrFormatKBSizeA
UxTheme.dll	GetThemeColor, GetWindowTheme, GetThemeSysColor, DrawThemeText, DrawThemeBackground, IsThemeBackgroundPartiallyTransparent, DrawThemeParentBackground, OpenThemeData, CloseThemeData, GetCurrentThemeName, GetThemePartSize, IsAppThemed
ole32.dll	CoTaskMemFree, OleDuplicateData, ReleaseStgMedium, CoInitializeEx, CoDisconnectObject, CoGetClassObject, StgCreateDocfileOnILockBytes, StgOpenStorageOnILockBytes, CreateILockBytesOnHGlobal, CoFreeUnusedLibraries, OleInitialize, OleUninitialize, CoRevokeClassObject, OleFlushClipboard, OleIsCurrentClipboard, CoRegisterMessageFilter, CreateStreamOnHGlobal, DoDragDrop, OleLockRunning, OleCreateMenuDescriptor, OleDestroyMenuDescriptor, OleTranslateAccelerator, IsAccelerator, OleGetClipboard, CoLockObjectExternal, RegisterDragDrop, RevokeDragDrop, CLSIDFromProgID, CLSIDFromString, CoInitialize, CoCreateInstance, CoCreateGuid, CoUninitialize, CoTaskMemAlloc
OLEAUT32.dll	SysAllocString, SysStringLen, SystemTimeToVariantTime, VariantTimeToSystemTime, SafeArrayDestroy, LoadTypeLib, OleCreateFontIndirect, VariantCopy, VarBstrFromDate, SysAllocStringByteLen, VariantChangeType, SysFreeString, VariantClear, VariantInit, SysAllocStringLen
oledlg.dll
WS2_32.dll	getsockname, htonl, htons, inet_addr, ntohs, recvfrom, sendto, WSAStartup, WSACleanup, WSASetLastError, __WSAFDIsSet, shutdown, ntohl, closesocket, connect, ioctlsocket, getsockopt, select, send, setsockopt, socket, WSAGetLastError, getaddrinfo, freeaddrinfo, recv, bind
gdiplus.dll	GdipCreateBitmapFromStream, GdipBitmapLockBits, GdipBitmapUnlockBits, GdipDeleteGraphics, GdipDrawImageI, GdipCreateFromHDC, GdipSetInterpolationMode, GdipDrawImageRectI, GdipGetImagePixelFormat, GdipGetImageHeight, GdipGetImageWidth, GdipGetImageGraphicsContext, GdipGetImageEncoders, GdipGetImageEncodersSize, GdipCreateBitmapFromHBITMAP, GdipCreateBitmapFromScan0, GdipSaveImageToFile, GdipDisposeImage, GdipCloneImage, GdiplusShutdown, GdiplusStartup, GdipFree, GdipAlloc, GdipGetImagePalette, GdipGetImagePaletteSize
OLEACC.dll	AccessibleObjectFromWindow, LresultFromObject, CreateStdAccessibleObject
IMM32.dll	ImmGetContext, ImmGetOpenStatus, ImmReleaseContext
WINMM.dll	waveInReset, waveInGetPosition, waveOutWrite, waveOutReset, waveInStart, waveOutGetNumDevs, PlaySoundA, timeEndPeriod, timeBeginPeriod, waveOutUnprepareHeader, waveOutPrepareHeader, waveInAddBuffer, waveInPrepareHeader, waveInClose, waveInOpen, waveOutClose, waveOutGetVolume, waveOutSetVolume, waveOutOpen, waveInGetNumDevs
WININET.dll	InternetCloseHandle, InternetConnectA, InternetOpenA, HttpQueryInfoA, HttpSendRequestA, HttpOpenRequestA, FtpGetCurrentDirectoryA, FtpSetCurrentDirectoryA, FtpOpenFileA, InternetReadFile, FtpFindFirstFileA, InternetSetStatusCallback, InternetGetLastResponseInfoA, InternetSetOptionExA, InternetFindNextFileA, InternetQueryDataAvailable, InternetWriteFile, InternetSetFilePointer
AVIFIL32.dll	AVIFileInit, AVIStreamWrite, AVIStreamEndStreaming, AVIFileExit, AVIFileOpenA, AVIFileRelease, AVIFileGetStream, AVIStreamRelease, AVIStreamInfoA, AVIStreamStart, AVIStreamLength, AVIStreamReadFormat, AVIStreamRead, AVIFileOpenW, AVIFileCreateStreamA, AVIStreamSetFormat

Exports

Name	Ordinal	Address
CDECAudioDecodeExtra	1	0x7c3ef0
CDECAudioStart	2	0x7c4720
CDECCreate	3	0x7c1d30
CDECDecStreamParameter	4	0x7c3e10
CDECDecode	5	0x7c3de0
CDECDecodeEX	6	0x7c3d80
CDECDecodeExtra	7	0x7c37b0
CDECDigitalReScaleExtra	8	0x7c2610
CDECDigitalReScaleYUVExtra	9	0x7c2fa0
CDECEncode	10	0x7c4650
CDECEncodeExtra	11	0x7c4250
CDECGetFrameRate	12	0x7c4850
CDECGetResolution	13	0x7c4820
CDECReScaleExtra	14	0x7c2200
CDECReScaleYUVExtra	15	0x7c2b60
CDECRelease	16	0x7c2140
CDECRotateExtra	17	0x7c3540
CDECSetAudioCodecUseage	18	0x7c1fb0
CDECSetCodecUseage	19	0x7c1dc0
CDECSetDeblock	20	0x7c4780
CDECSetFormat	21	0x7c4760
CDECSetQuality	22	0x7c47b0
CDECSetReScaleType	23	0x7c48a0
CDECSetReductionRatio	24	0x7c48e0
CDECSetResolution	25	0x7c47d0
CDECSetRotateType	26	0x7c48c0
CDECStart	27	0x7c46d0
DCreate	28	0x7bc060
DEPTZRender	29	0x7bc2a0
DEPTZRender3	30	0x7bc2e0
DEnableFullScreen	31	0x7bc0b0
DExit	32	0x774c30
DGetVersion	33	0x7753a0
DInit	34	0x7747c0
DNotifyFullScreenWindow	35	0x7bc110
DRegisterAfterBitbltCB	36	0x7bc270
DRender	37	0x7bc160
DRender2	38	0x7bc1a0
DRender3	39	0x7bc2e0
DRender4	40	0x7bc320
DRender5	41	0x7bc370
DRenderFillRect	42	0x7bc1e0
DRenderFillRect2	43	0x7bc220
DSetImageLeftToRight	44	0x7bc410
DSetImageUpToDown	45	0x7bc3e0
DSetRenderInfo	46	0x775370
DSetStretchMode	47	0x7bc0e0
FCreate	48	0x7bf660
FExit	49	0x774c30
FGetTotalFrameSize	50	0x7bf810
FGetVersion	51	0x7753a0
FInit	52	0x7747c0
FResetFrameTime	53	0x7bf6f0
FStartRecord	54	0x7bf720
FStartRecord2	55	0x7bf770
FStopRecord	56	0x774ec0
FWriteData	57	0x7bf7c0
FishEye_CloseInterface	58	0x9530c0
FishEye_GetCircle	59	0x9530e0
FishEye_GetCoordinate	60	0x953130
FishEye_Initial	61	0x9532a0
FishEye_OpenInterface	62	0x953b40
FishEye_Release	63	0x953b60
FishEye_Transform	64	0x953bc0
FishEye_UserSetCircle	65	0x953d30
KCODECCreate	66	0x7d0bb0
KCODECDecode1	67	0x7d0c60
KCODECDecode2	68	0x7d0cb0
KCODECRelease	69	0x7d0d00
KCODECReset	70	0x7d0c00
KCloseInterface	71	0x7cd510
KConnect	72	0x7cd190
KDecodeFrame	73	0x7cfd80
KDecodeFrame2	74	0x7cfda0
KDecodeFrame3	75	0x7cfdf0
KDigitalPTZEnable	76	0x7cfe70
KDigitalPTZTo	77	0x7cfea0
KDisconnect	78	0x7cd350
KDisplayChildScreen	79	0x7d0320
KDropNextPFrameTillIFrame	80	0x7d00b0
KEnableDITrigger	81	0x7d0500
KEnableDaylightTime	82	0x7d0230
KEnableDecoder	83	0x7cd840
KEnableDeleteFileAfterClose	84	0x7d0590
KEnableDisplayTime	85	0x7d0390
KEnableFishEye	86	0x7d0680
KEnableFishEyeSubWindow	87	0x7d06c0
KEnableFixJitter	88	0x7d0650
KEnableFullScreen	89	0x7cd760
KEnableJitterLessMode	90	0x7cffa0
KEnableLocalTime	91	0x7d0200
KEnablePTZProtocol	92	0x7cf630
KEnablePrivacyMask	93	0x7cffc0
KEnableRender	94	0x7cd810
KEnableStretchMode	95	0x7cd7e0
KEnableSubWindow	96	0x7d0b50
KFishEyeGetCircle	97	0x7d0a00
KFishEyeGetDefaultCircle	98	0x7d0a60
KFishEyeMoveTo	99	0x7d0920
KFishEyeRelativeMove	100	0x7d08e0
KFishEyeSetCircle	101	0x7d09a0
KFishEyeWindowRelativeMove	102	0x7d0960
KFlipImage	103	0x7cff70
KFreeAudioToken	104	0x7cd680
KGetAudioToken	105	0x7cd630
KGetBeginTime	106	0x7ce710
KGetBeginTimeUTC	107	0x7ce770
KGetCameraName	108	0x7ce910
KGetCurrentFilePos	109	0x7d04b0
KGetCurrentTime	110	0x7cdf60
KGetCurrentTimeUTC	111	0x7cdfb0
KGetDIDefaultValueByHTTP	112	0x7ce7d0
KGetDIOStatusByHTTP	113	0x7ceb70
KGetDIOStatusByHTTPEx	114	0x7ceb10
KGetDeviceTypeByHTTP	115	0x7cdca0
KGetEndTime	116	0x7ce740
KGetEndTimeUTC	117	0x7ce7a0
KGetFishEyeCurrentCoordinate	118	0x7d08a0
KGetFishEyePTZMoveTo	119	0x7d0740
KGetFishEyeRotationAngle	120	0x7d0860
KGetFishEyeRotationAngleEx	121	0x7d0b10
KGetFrameRateMode	122	0x7cf330
KGetLastError	123	0x7ce990
KGetLastFrame	124	0x7d0130
KGetLastFrame2	125	0x7d0180
KGetLastFrame3	126	0x7d01b0
KGetMotionInfo	127	0x7cd3e0
KGetMotionInfoEx	128	0x7cd440
KGetNextIFrame	129	0x7cf290
KGetNumberOfChannelByHTTP	130	0x7cdcf0
KGetPIRConfig	131	0x7cd4c0
KGetPortInfoByHTTP	132	0x7cdd40
KGetPrevIFrame	133	0x7cf2e0
KGetRawFileInfo2	134	0x7d0410
KGetRawFileInfo3	135	0x7d0460
KGetSubWindowInfo	136	0x7d0b80
KGetTCPTypeByHTTP	137	0x7cdc50
KGetTotalReceiveAudioFrameCount	138	0x7ce8c0
KGetTotalReceiveSize	139	0x7ce820
KGetTotalReceiveVideoFrameCount	140	0x7ce870
KGetVersion	141	0x7ccce0
KGetVideoConfig	142	0x7cd000
KGetVideoConfig2	143	0x7cd050
KGetVideoConfig3	144	0x7cd0a0
KGetVideoFrameCount	145	0x7d02d0
KGetVolume	146	0x7cd570
KMirrorImage	147	0x7cff40
KNotifyFullScreenWindow	148	0x7cd790
KOpenInterface	149	0x7ccd40
KPCI4100Get4100ChannelCount	150	0x7cf460
KPCI4100GetCardCount	151	0x7cf410
KPCI4100GetChannelHSync	152	0x7cf550
KPCI4100SearchCapCard	153	0x7cf4b0
KPCI4100SearchCapChannel	154	0x7cf500
KPCI4100SetDICallback	155	0x7cf3e0
KPTZBLC	156	0x7cf8b0
KPTZDayNight	157	0x7cf900
KPTZDegreeToUnit	158	0x7cfc60
KPTZEnumerateFunctions	159	0x7cfa90
KPTZEnumerateProtocol	160	0x7cf9f0
KPTZEnumerateVender	161	0x7cfa40
KPTZFocus	162	0x7cf950
KPTZGetAbsPTZCommand	163	0x7cfb40
KPTZGetAbsPTZCommandByUnit	164	0x7cfbc0
KPTZGetCommand	165	0x7cfae0
KPTZGetRequestAbsPTZCommand	166	0x7cfd10
KPTZGetUnitFromBuffer	167	0x7cfcc0
KPTZIris	168	0x7cf9a0
KPTZLoadProtocol	169	0x7cf680
KPTZMove	170	0x7cf720
KPTZOSD	171	0x7cf860
KPTZPreset	172	0x7cf810
KPTZSetZoomSpeed	173	0x7cf7c0
KPTZUnitToDegree	174	0x7cfc20
KPTZUnloadProtocol	175	0x7cf6d0
KPTZZoom	176	0x7cf770
KPause	177	0x7cd2c0
KPlay	178	0x7cd260
KQuadGetBrightness	179	0x7cef70
KQuadGetContrast	180	0x7cf010
KQuadGetDisplayMode	181	0x7cebf0
KQuadGetHue	182	0x7cf150
KQuadGetMotionDetectionEnable	183	0x7ced90
KQuadGetMotionSensitive	184	0x7cee30
KQuadGetOSDEnable	185	0x7cecf0
KQuadGetSaturation	186	0x7cf0b0
KQuadGetTitleName	187	0x7ceed0
KQuadSetBrightness	188	0x7cefc0
KQuadSetContrast	189	0x7cf060
KQuadSetDisplayMode	190	0x7ceca0
KQuadSetHue	191	0x7cf1a0
KQuadSetMotionDetectionEnable	192	0x7cede0
KQuadSetMotionSensitive	193	0x7cee80
KQuadSetOSDEnable	194	0x7ced40
KQuadSetSaturation	195	0x7cf100
KQuadSetTitleName	196	0x7cef20
KReplaceTimeCodeByLocalTime	197	0x7d0260
KReverseImageLeftToRight	198	0x7cfee0
KReverseImageUpToDown	199	0x7cff10
KSEStartStreaming	200	0x7cd290
KSaveReboot	201	0x7ce180
KSendAudio	202	0x7cf1f0
KSendAudioToSE	203	0x7cf240
KSendCommand	204	0x7ceae0
KSendCommandToSE	205	0x7cd9b0
KSendCommandToStreamingEngine	206	0x7cd960
KSendControlCommand	207	0x7ce1b0
KSendDO	208	0x7cddd0
KSendPTZCommand	209	0x7cdea0
KSendRS232Command	210	0x7cde70
KSendRS232Setting	211	0x7cde30
KSendURLCommand	212	0x7ce1f0
KSendURLCommandToDevice	213	0x7cf380
KSetAfterRenderCallback	214	0x7cd8a0
KSetAfterRenderCallbackEx	215	0x7cd8d0
KSetAutoDropFrameByCPUPerformance	216	0x7d0080
KSetBitRate	217	0x7ce0c0
KSetBrightness	218	0x7ce000
KSetCODECType	219	0x7cda00
KSetContrast	220	0x7ce030
KSetControlDataCallback	221	0x7ce590
KSetCurrentPosition	222	0x7cded0
KSetCurrentTime	223	0x7cdf00
KSetCurrentTimeUTC	224	0x7cdf30
KSetDICallback	225	0x7ce4d0
KSetDICallback2	226	0x7ce500
KSetDICallback3	227	0x7ce530
KSetDIConfig	228	0x7ce4a0
KSetDIDefaultValue	229	0x7ce440
KSetDIDefaultValue2	230	0x7ce470
KSetDO	231	0x7cde00
KSetDeblock	232	0x7d05f0
KSetDebugMessageLevel	233	0x7cd5d0
KSetDecodeIFrameOnly	234	0x7cd600
KSetDownloadLocalFileName	235	0x7d0560
KSetDownloadProgressCallback	236	0x7d0530
KSetDrawerType	237	0x7ce960
KSetEvent_AfterRender	238	0x7ce6e0
KSetEvent_ImageRefresh	239	0x7ce6b0
KSetEvent_MotionDetection	240	0x7ce680
KSetFPS	241	0x7ce120
KSetFilePlayCompleteCallback	242	0x7cebc0
KSetFileWriterType	243	0x7cda30
KSetFirstB2Callback	244	0x7d0050
KSetFishEyeMode	245	0x7d0780
KSetFishEyeModule	246	0x7d07c0
KSetFishEyePTZMoveTo	247	0x7d0700
KSetFishEyeRotationAngle	248	0x7d0810
KSetFishEyeRotationAngleEx	249	0x7d0ac0
KSetFormat	250	0x7d05c0
KSetHue	251	0x7ce090
KSetImageCallback3	252	0x7cd870
KSetMediaConfig	253	0x7cce00
KSetMediaConfig2	254	0x7cce90
KSetMediaConfig3	255	0x7ccf20
KSetMediaConfig4	256	0x7ccfb0
KSetMotionDetectionCallback	257	0x7ce350
KSetMotionDetectionCallback2	258	0x7ce380
KSetMotionDetectionCallback3	259	0x7ce3b0
KSetMotionInfo	260	0x7cd3b0
KSetMotionInfoEx	261	0x7cd410
KSetMotionVectorCallback	262	0x7ce410
KSetMute	263	0x7cd5a0
KSetNetworkLossCallback	264	0x7ce320
KSetOSDText	265	0x7d03c0
KSetPIRConfig	266	0x7cd470
KSetPauseAfterCompleted	267	0x7cd2f0
KSetPlayDirection	268	0x7ce5f0
KSetPlayRate	269	0x7ce5c0
KSetPrerecordTime	270	0x7cdc20
KSetQuadMotionDetectionCallback	271	0x7ce3e0
KSetQuadVideoLossCallback	272	0x7cf5a0
KSetQuadVideoRecoveryCallback	273	0x7cf5d0
KSetQuality	274	0x7d0620
KSetRS232DataCallback	275	0x7ce560
KSetRawDataCallback	276	0x7cd730
KSetRecordConfig	277	0x7cdae0
KSetRecordingStatusCallback	278	0x7cdbb0
KSetRenderInfo	279	0x7cd380
KSetResolution	280	0x7ce0f0
KSetResolutionChangeCallback	281	0x7cd900
KSetResolutionChangeCallback2	282	0x7cd930
KSetSaturation	283	0x7ce060
KSetSequenceHeaderChecker	284	0x7ce9e0
KSetSmoothFastPlayback	285	0x7d02a0
KSetStreamingEngineMediaConfig	286	0x7cea10
KSetStreamingEngineMediaConfig2	287	0x7cea60
KSetTCPType	288	0x7cdda0
KSetTargetDeviceType	289	0x7cf600
KSetTextOut	290	0x7cec40
KSetTimeCodeCallback	291	0x7ce230
KSetTimeCodeCallbackEx	292	0x7d0020
KSetVariableFPS	293	0x7ce150
KSetVideoConfig	294	0x7cd0f0
KSetVideoConfig2	295	0x7cd140
KSetVideoLossCallback	296	0x7ce260
KSetVideoLossCallback2	297	0x7ce2c0
KSetVideoRecoveryCallback	298	0x7ce290
KSetVideoRecoveryCallback2	299	0x7ce2f0
KSetVideoStreamControlCallback	300	0x7d0360
KSetVideoTransformConfig	301	0x7ceab0
KSetVolume	302	0x7cd540
KShowLastFrame	303	0x7d00e0
KStartAudioTransfer	304	0x7cd6b0
KStartDecodeMode	305	0x7cfd60
KStartRecord	306	0x7cda60
KStartRecord2	307	0x7cdb20
KStartStreaming	308	0x7cd1e0
KStepNextFrame	309	0x7ce650
KStepPrevFrame	310	0x7ce620
KStop	311	0x7cd320
KStopAudioTransfer	312	0x7cd700
KStopDecodeMode	313	0x7cfe50
KStopRecord	314	0x7cdab0
KStopRecord2	315	0x7cdb80
KStopStreaming	316	0x7cd230
PTZCloseInterface	317	0x7f9390
PTZDegreeToUnit	318	0x7f93d0
PTZEnumerateFunction	319	0x7f9430
PTZEnumerateProtocol	320	0x7f9480
PTZEnumerateVender	321	0x7f94d0
PTZGetAbsPTZCommand	322	0x7f9520
PTZGetAbsPTZCommandByUnit	323	0x7f95a0
PTZGetCommand	324	0x7f9600
PTZGetCommandExt	325	0x7f9660
PTZGetCommandStr	326	0x7f96c0
PTZGetProtocolStr	327	0x7f9710
PTZGetRequestAbsPTZCommand	328	0x7f9760
PTZGetUnitFromBuffer	329	0x7f97b0
PTZGetVenderProtocolStr	330	0x7f9800
PTZGetVenderStr	331	0x7f9850
PTZLoadProtocolFile	332	0x7f98a0
PTZLoadProtocolRS	333	0x7f98f0
PTZOpenInterface	334	0x7f9940
PTZUnitToDegree	335	0x7f9990
PTZUnloadProtocol	336	0x7f99d0
XConnect	337	0x774c60
XCreate	338	0x7747e0
XDisconnect	339	0x774cb0
XEnableDeleteFileAfterClose	340	0x7759c0
XExit	341	0x774c30
XGetBeginTime	342	0x775520
XGetBeginTimeUTC	343	0x775570
XGetCurrentPos	344	0x775840
XGetCurrentTime	345	0x775700
XGetCurrentTimeUTC	346	0x775750
XGetEndTime	347	0x7755c0
XGetEndTimeUTC	348	0x775610
XGetErrMsg	349	0x775010
XGetMotionInfo	350	0x775420
XGetNextFrame	351	0x7750c0
XGetNextFrame2	352	0x775110
XGetNextIFrame	353	0x775200
XGetNextIFrame2	354	0x775250
XGetPrevFrame	355	0x775160
XGetPrevFrame2	356	0x7751b0
XGetPrevIFrame	357	0x7752a0
XGetPrevIFrame2	358	0x7752f0
XGetRawFileInfo2	359	0x7757a0
XGetRawFileInfo3	360	0x7757f0
XGetSendDataType	361	0x775a20
XGetSessionID	362	0x7754d0
XGetStatusCode	363	0x774fc0
XGetSupportEvents	364	0x7759f0
XGetVideoConfig	365	0x775370
XGetVideoConfig2	366	0x7753a0
XGetVideoConfig3	367	0x7753c0
XGetXSession	368	0x774f70
XInit	369	0x7747c0
XLiveCheck	370	0x7758d0
XSendAudioData	371	0x775a70
XSendCommand	372	0x775450
XSendData	373	0x775900
XSetControlDataCallBack	374	0x7754a0
XSetCurrentTime	375	0x775660
XSetCurrentTimeUTC	376	0x7756b0
XSetDownloadLocalFileName	377	0x775990
XSetDownloadProgressCallback	378	0x775950
XSetEngineConfig	379	0x774ce0
XSetEngineConfig2	380	0x774d10
XSetMediaConfig	381	0x774d40
XSetMediaConfig2	382	0x774dc0
XSetMediaConfig3	383	0x774e40
XSetMediaConfig4	384	0x774ec0
XSetMotionInfo	385	0x7753f0
XSetVideoConfig	386	0x775340
XSetVideoTransformConfig	387	0x7758a0
XStartStreaming	388	0x774ef0
XStartTransferStreamingEngineData	389	0x775090
XStop	390	0x775060
XStopStreaming	391	0x774f40

Possible Origin

Language of compilation system	Country where language is spoken	Map
Chinese	Taiwan
English	United States

Target ID:	0
Start time:	18:59:48
Start date:	18/04/2024
Path:	C:\Users\user\Desktop\ArchivePlayer.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\ArchivePlayer.exe"
Imagebase:	0x400000
File size:	7'742'976 bytes
MD5 hash:	9FC7930A0E24916B1F136C2EC0832CA8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	2%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	6.2%
Total number of Nodes:	1674
Total number of Limit Nodes:	87

Executed Functions

Function 0080ADE2 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 132
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3_catch.LIBCMT ref: 0080ADE9
FindResourceA.KERNEL32(?,?,00000005), ref: 0080AE25
LoadResource.KERNEL32(?,00000000), ref: 0080AE2D

Part of subcall function 008040B3: UnhookWindowsHookEx.USER32(?), ref: 008040DD

LockResource.KERNEL32(?,00000028,007C4F63,?,00000000,0098E220), ref: 0080AE3D
GetDesktopWindow.USER32 ref: 0080AE75
IsWindowEnabled.USER32(00000000), ref: 0080AE80
EnableWindow.USER32(00000000,00000000), ref: 0080AE8C

Part of subcall function 0080A445: IsWindowEnabled.USER32(?), ref: 0080A451

Part of subcall function 00809E07: EnableWindow.USER32(?,007BC6AB), ref: 00809E19

EnableWindow.USER32(00000000,00000001), ref: 0080AF61
GetActiveWindow.USER32 ref: 0080AF6B
SetActiveWindow.USER32(00000000), ref: 0080AF77
FreeResource.KERNEL32(?), ref: 0080AF93

Strings

cO|, xrefs: 0080AE48, 0080AEE4

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: Window$Resource$Enable$ActiveEnabled$DesktopFindFreeH_prolog3_catchHookLoadLockUnhookWindows
String ID: cO|
API String ID: 964565984-2609038006
Opcode ID: c29e818bfa3ccb350fbe798e98529258cf9cb20626e9d880ba48ee3d99316134
Instruction ID: a0382be8e6ac695aee220e429921f67e7af62805bbfb0bda4ea3dbea98642981
Opcode Fuzzy Hash: c29e818bfa3ccb350fbe798e98529258cf9cb20626e9d880ba48ee3d99316134
Instruction Fuzzy Hash: F0513C70A007059FCB55AFB8DC89AAEBBB5FF48710F140529E516E32E1DB349841DF62

Uniqueness

Uniqueness Score: -1.00%

Function 007C99C0 Relevance: 19.6, APIs: 9, Strings: 2, Instructions: 312
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesExA.KERNEL32(?,00000000,00000000,000000FF,?,6838016B,?), ref: 007C9A46
_memset.LIBCMT ref: 007C9A6A
_sprintf.LIBCMT ref: 007C9A81

Part of subcall function 00805C0C: MessageBoxA.USER32(?,?,00000000,007C8222), ref: 00805C34

Part of subcall function 00781F60: InitializeCriticalSectionAndSpinCount.KERNEL32(00000001,00000000,00000000,6838016B,0000676C,?,00000000,009593D8,000000FF,?,00000000,?,0078034D,00000000), ref: 00781FC3
Part of subcall function 00781F60: GetLastError.KERNEL32(?,00000000,009593D8,000000FF,?,00000000,?,0078034D,00000000,?,?,00000000), ref: 00781FCD

IsIconic.USER32(?), ref: 007C9D06

Part of subcall function 00811CD6: __EH_prolog3.LIBCMT ref: 00811CDD
Part of subcall function 00811CD6: BeginPaint.USER32(?,?,00000004,0080B203,?,00000058,007C9DAA), ref: 00811D09

SendMessageA.USER32(?,00000027,?,00000000), ref: 007C9D29
GetSystemMetrics.USER32(0000000B), ref: 007C9D37
GetSystemMetrics.USER32(0000000C), ref: 007C9D3D
GetClientRect.USER32(?,?), ref: 007C9D50
DrawIcon.USER32(?,?,?,?), ref: 007C9D7D

Part of subcall function 00811E26: __EH_prolog3.LIBCMT ref: 00811E2D
Part of subcall function 00811E26: EndPaint.USER32(?,?,00000004,0080B229,?,?,00000058,007C9DAA), ref: 00811E48

Strings

Failed to open %s , xrefs: 007C9A7B
Failed to open file, xrefs: 007C9A93

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: H_prolog3MessageMetricsPaintSystem$AttributesBeginClientCountCriticalDrawErrorFileIconIconicInitializeLastRectSectionSendSpin_memset_sprintf
String ID: Failed to open %s $Failed to open file
API String ID: 1738568364-3141027142
Opcode ID: 7302ada5075807da8204d6291f98b6910b72ac56316877022c600b7ab7dd065f
Instruction ID: 059ed20aba662959fc2a86d6d72d9b465ff0333af855de2dffcacc29be140259
Opcode Fuzzy Hash: 7302ada5075807da8204d6291f98b6910b72ac56316877022c600b7ab7dd065f
Instruction Fuzzy Hash: 11C19B71A006199BDB24DF28CC59BEEF7B5FF45310F10829CE959AB291DB346E44CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0080999F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMON

Download Yara Rule

APIs

OutputDebugStringA.KERNEL32(IsolationAware function called after IsolationAwareCleanup,-00000034,?,0081716F,00000000,00AF81D8,00000010,008281AC,?,?,?,00AE688C,?,00000001,0000000C,00828205), ref: 008099B3
GetLastError.KERNEL32(?,-00000034,?,0081716F,00000000,00AF81D8,00000010,008281AC,?,?,?,00AE688C,?,00000001,0000000C,00828205), ref: 008099EA

Strings

IsolationAware function called after IsolationAwareCleanup, xrefs: 008099AE

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: DebugErrorLastOutputString
String ID: IsolationAware function called after IsolationAwareCleanup
API String ID: 4132100945-2690750368
Opcode ID: bb87df127207f39b29304619964548f945007e403f735f6a1abafa375b7ddecf
Instruction ID: 335bc548f9f877d82c3af7b468fb0780f465272064306a3e23ebe84bf88f7471
Opcode Fuzzy Hash: bb87df127207f39b29304619964548f945007e403f735f6a1abafa375b7ddecf
Instruction Fuzzy Hash: A6F0B4312011348BCBB05BAC9C41D6F7E98FB16B413200215FE80C21F2DB60CC2097D1

Uniqueness

Uniqueness Score: -1.00%

Function 00846494 Relevance: 72.1, APIs: 36, Strings: 5, Instructions: 382
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3_GS.LIBCMT ref: 0084649E

Part of subcall function 00811D73: __EH_prolog3.LIBCMT ref: 00811D7A
Part of subcall function 00811D73: GetWindowDC.USER32(00000000,00000004,00846A05,00000000,?,?,?,00000000,00B3D508), ref: 00811DA6

GetDeviceCaps.GDI32(?,00000058), ref: 008464BE
DeleteObject.GDI32(00000000), ref: 0084652E
DeleteObject.GDI32(00000000), ref: 00846548
DeleteObject.GDI32(00000000), ref: 00846562
DeleteObject.GDI32(00000000), ref: 0084657C
DeleteObject.GDI32(00000000), ref: 00846596
DeleteObject.GDI32(00000000), ref: 008465B0
DeleteObject.GDI32(00000000), ref: 008465CA
DeleteObject.GDI32(00000000), ref: 008465E4
DeleteObject.GDI32(00000000), ref: 008465FE
DeleteObject.GDI32(00000000), ref: 00846618
_memset.LIBCMT ref: 00846639
GetTextCharsetInfo.GDI32(?,00000000,00000000,?,?,?,?,00000000,00B3D508), ref: 00846649
lstrcpyA.KERNEL32(?,?), ref: 0084669E
EnumFontFamiliesA.GDI32(?,00000000,00845FC8,Segoe UI), ref: 008466C5
lstrcpyA.KERNEL32(?,Segoe UI), ref: 008466D4
EnumFontFamiliesA.GDI32(?,00000000,00845FC8,Tahoma), ref: 008466EE
lstrcpyA.KERNEL32(?,MS Sans Serif), ref: 00846704
CreateFontIndirectA.GDI32(?), ref: 00846710
CreateFontIndirectA.GDI32(?), ref: 0084676C
CreateFontIndirectA.GDI32(?), ref: 008467B1
CreateFontIndirectA.GDI32(?), ref: 008467D9
CreateFontIndirectA.GDI32(?), ref: 008467F6
GetSystemMetrics.USER32(00000048), ref: 00846811
lstrcpyA.KERNEL32(?,Marlett), ref: 00846824
CreateFontIndirectA.GDI32(?), ref: 0084682A
GetStockObject.GDI32(00000011), ref: 00846856
GetObjectA.GDI32(00000000,0000003C,?), ref: 00846873
lstrcpyA.KERNEL32(?,Arial), ref: 008468AB
CreateFontIndirectA.GDI32(?), ref: 008468B1
CreateFontIndirectA.GDI32(?), ref: 008468CE
GetStockObject.GDI32(00000011), ref: 008468E2
GetObjectA.GDI32(?,0000003C,?), ref: 008468F7
CreateFontIndirectA.GDI32(?), ref: 00846901
CreateFontIndirectA.GDI32(?), ref: 00846922

Part of subcall function 00846D6B: __EH_prolog3_GS.LIBCMT ref: 00846D72
Part of subcall function 00846D6B: GetTextMetricsA.GDI32(?,?), ref: 00846DAF
Part of subcall function 00846D6B: GetTextMetricsA.GDI32(?,?), ref: 00846DF0

Part of subcall function 0081092F: __CxxThrowException@8.LIBCMT ref: 00810943

Strings

Tahoma, xrefs: 008466DC, 008466F7
Segoe UI, xrefs: 008466AE, 008466CB
Marlett, xrefs: 0084681E
Arial, xrefs: 00846897
MS Sans Serif, xrefs: 008466FE

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: Object$Font$CreateDeleteIndirect$lstrcpy$MetricsText$EnumFamiliesH_prolog3_Stock$CapsCharsetDeviceException@8H_prolog3InfoSystemThrowWindow_memset
String ID: Arial$MS Sans Serif$Marlett$Segoe UI$Tahoma
API String ID: 93597958-1395034203
Opcode ID: 27c626a1bcde063f9a59c37a26e00fbba5315982ed812beabdac1b6bb6869050
Instruction ID: 2e2698eb3344dfe3c0e62719967c970efdf6de0999b98d9c74ebae68a7883b66
Opcode Fuzzy Hash: 27c626a1bcde063f9a59c37a26e00fbba5315982ed812beabdac1b6bb6869050
Instruction Fuzzy Hash: FEE17DB190120C9BDF25ABA4DD98BDEBBB8FF05304F0544A9E446E3291EB749A54CF12

Uniqueness

Uniqueness Score: -1.00%

Function 008469A7 Relevance: 64.8, APIs: 43, Instructions: 316
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3.LIBCMT ref: 008469AE
GetSysColor.USER32(00000016), ref: 008469C0
GetSysColor.USER32(0000000F), ref: 008469CD
GetSysColor.USER32(00000015), ref: 008469E0
GetSysColor.USER32(0000000F), ref: 008469E8
GetDeviceCaps.GDI32(00831CA7,0000000C), ref: 00846A0E
GetSysColor.USER32(0000000F), ref: 00846A1C
GetSysColor.USER32(00000010), ref: 00846A26
GetSysColor.USER32(00000015), ref: 00846A30
GetSysColor.USER32(00000016), ref: 00846A3A
GetSysColor.USER32(00000014), ref: 00846A44
GetSysColor.USER32(00000012), ref: 00846A4E
GetSysColor.USER32(00000011), ref: 00846A58
GetSysColor.USER32(00000006), ref: 00846A5F
GetSysColor.USER32(0000000D), ref: 00846A66
GetSysColor.USER32(0000000E), ref: 00846A6D
GetSysColor.USER32(00000005), ref: 00846A74
GetSysColor.USER32(00000008), ref: 00846A7E
GetSysColor.USER32(00000009), ref: 00846A85
GetSysColor.USER32(00000007), ref: 00846A8C
GetSysColor.USER32(00000002), ref: 00846A93
GetSysColor.USER32(00000003), ref: 00846A9A
GetSysColor.USER32(0000001B), ref: 00846AA4
GetSysColor.USER32(0000001C), ref: 00846AAE
GetSysColor.USER32(0000000A), ref: 00846AB8
GetSysColor.USER32(0000000B), ref: 00846AC2
GetSysColor.USER32(00000013), ref: 00846ACC
GetSysColor.USER32(0000001A), ref: 00846AEA
GetSysColorBrush.USER32(00000010), ref: 00846B05
GetSysColorBrush.USER32(00000014), ref: 00846B1C
GetSysColorBrush.USER32(00000005), ref: 00846B2E
CreateSolidBrush.GDI32(00000143), ref: 00846B54
CreateSolidBrush.GDI32(00000010), ref: 00846B6E
CreateSolidBrush.GDI32(?), ref: 00846B88
CreateSolidBrush.GDI32(?), ref: 00846BA5
CreateSolidBrush.GDI32(?), ref: 00846BBF
CreateSolidBrush.GDI32(?), ref: 00846BD9
CreateSolidBrush.GDI32(?), ref: 00846BF3
CreatePen.GDI32(00000000,00000001,00000000), ref: 00846C1A
CreatePen.GDI32(00000000,00000001,00000000), ref: 00846C3B

Part of subcall function 0081270B: DeleteObject.GDI32(00000000), ref: 0081271A

CreatePen.GDI32(00000000,00000001,00000000), ref: 00846C5C
CreateSolidBrush.GDI32(000000FF), ref: 00846CE4
CreatePatternBrush.GDI32(00000000), ref: 00846D2D

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: Color$BrushCreate$Solid$CapsDeleteDeviceH_prolog3ObjectPattern
String ID:
API String ID: 3754413814-0
Opcode ID: 0fde9f2c76b77b6a437e3be0d845c56250efd302b8bcde2903529f759623ee61
Instruction ID: b6d67301f37722d7d880c47c6892fe400e35f3ef810b8ff878f49ead87728dbb
Opcode Fuzzy Hash: 0fde9f2c76b77b6a437e3be0d845c56250efd302b8bcde2903529f759623ee61
Instruction Fuzzy Hash: 29B19F70A002189ADF55AF748C95BAE3EA5FF04700F04446AED09DF2C6EB748955DF92

Uniqueness

Uniqueness Score: -1.00%

Function 00804B8F Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 190
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0080A305: GetWindowLongA.USER32(?,000000F0), ref: 0080A313

GetParent.USER32(?), ref: 00804BC5
SendMessageA.USER32(00000000,0000036B,00000000,00000000), ref: 00804BE8
GetWindowRect.USER32(?,00000000), ref: 00804C0B
GetWindowLongA.USER32(00000000,000000F0), ref: 00804C3E
MonitorFromWindow.USER32(00000000,00000001), ref: 00804C72
GetMonitorInfoA.USER32(00000000), ref: 00804C79
CopyRect.USER32(?,?), ref: 00804C8D
CopyRect.USER32(?,?), ref: 00804C97
GetWindowRect.USER32(00000000,?), ref: 00804CA0
MonitorFromWindow.USER32(00000000,00000002), ref: 00804CAD
GetMonitorInfoA.USER32(00000000), ref: 00804CB4
CopyRect.USER32(?,?), ref: 00804CC2

Strings

(, xrefs: 00804C54

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: Window$Rect$Monitor$Copy$FromInfoLong$MessageParentSend
String ID: (
API String ID: 783970248-3887548279
Opcode ID: 57771958ab427e866f1ef9c8801e43be6945667d9485a69c61a7426eb7e258f0
Instruction ID: 284fc6c6b1f4a033fb3c702852c5922476087e9d612cae340c8384883c5cff21
Opcode Fuzzy Hash: 57771958ab427e866f1ef9c8801e43be6945667d9485a69c61a7426eb7e258f0
Instruction Fuzzy Hash: 376119B290120DAFDB50DFE8DD88BAEBBB9FF48314F145125E605E7290DB74A944CB60

Uniqueness

Uniqueness Score: -1.00%

Function 007C9460 Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 252
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemMenu.USER32(?,00000000,6838016B), ref: 007C949F
AppendMenuA.USER32(00000000,00000800,00000000,00000000), ref: 007C952B
AppendMenuA.USER32(00000000,00000000,00000010,00000010), ref: 007C953B
SendMessageA.USER32(?,00000080,00000001,?), ref: 007C957A
SendMessageA.USER32(?,00000080,00000000,?), ref: 007C958C
_memset.LIBCMT ref: 007C95AD
SendMessageA.USER32(?,00000405,00000001,00000002), ref: 007C961F
_memset.LIBCMT ref: 007C962F
CreateSolidBrush.GDI32 ref: 007C96D7
CreatePen.GDI32(00000000,00000000,00000000), ref: 007C96E9
_memset.LIBCMT ref: 007C9721
SendMessageA.USER32(?,000000F1,00000001,00000000), ref: 007C977E
SendMessageA.USER32(?,000000C5,00000014,00000000), ref: 007C9822
DragAcceptFiles.SHELL32(?,00000001), ref: 007C9847

Part of subcall function 00781F60: InitializeCriticalSectionAndSpinCount.KERNEL32(00000001,00000000,00000000,6838016B,0000676C,?,00000000,009593D8,000000FF,?,00000000,?,0078034D,00000000), ref: 00781FC3
Part of subcall function 00781F60: GetLastError.KERNEL32(?,00000000,009593D8,000000FF,?,00000000,?,0078034D,00000000,?,?,00000000), ref: 00781FCD

Strings

ArchivePlayer v2.1.18.60, xrefs: 007C984D

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: MessageSend$Menu_memset$AppendCreate$AcceptBrushCountCriticalDragErrorFilesInitializeLastSectionSolidSpinSystem
String ID: ArchivePlayer v2.1.18.60
API String ID: 3300540420-3317027810
Opcode ID: 0bd2d53086690139dd500d42bbeb19fd5b7c8a075d890e7493b45eefd6508493
Instruction ID: 5640248fdb235fa62b8c847c75a8ef82df11a1775eca115fbcde50aeec0fe1b7
Opcode Fuzzy Hash: 0bd2d53086690139dd500d42bbeb19fd5b7c8a075d890e7493b45eefd6508493
Instruction Fuzzy Hash: 1CB1BA70A04B06AAEB689F24CC09BE9FBA4FF05314F10836CE1686B6D1DBB56555CFC0

Uniqueness

Uniqueness Score: -1.00%

Function 00818A31 Relevance: 22.7, APIs: 15, Instructions: 172
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

EnterCriticalSection.KERNEL32(00B3D160,?,?,?,00B3D144,?,00818D44,00000004,00811B76,0080502F,00807E61,00000024,007C6B2B,00000001,00000000), ref: 00818A3E
GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,00B3D144,?,00818D44,00000004,00811B76,0080502F,00807E61,00000024,007C6B2B,00000001,00000000), ref: 00818A96
GlobalHandle.KERNEL32(00FA2518), ref: 00818AA1
GlobalUnlock.KERNEL32(00000000,?,?,?,00B3D144,?,00818D44,00000004,00811B76,0080502F,00807E61,00000024,007C6B2B,00000001,00000000), ref: 00818AAA
GlobalReAlloc.KERNEL32(00000000,00000000,00002002), ref: 00818AC3
GlobalLock.KERNEL32(00000000,?,?,?,00B3D144,?,00818D44,00000004,00811B76,0080502F,00807E61,00000024,007C6B2B,00000001,00000000), ref: 00818AD8
_memset.LIBCMT ref: 00818AF2
LeaveCriticalSection.KERNEL32(00B3D160), ref: 00818B1F
GlobalHandle.KERNEL32(00FA2518), ref: 00818B31
GlobalLock.KERNEL32(00000000,?,?,?,00B3D144,?,00818D44,00000004,00811B76,0080502F,00807E61,00000024,007C6B2B,00000001,00000000), ref: 00818B38
LeaveCriticalSection.KERNEL32(00B3D160,?,?,?,00B3D144,?,00818D44,00000004,00811B76,0080502F,00807E61,00000024,007C6B2B,00000001,00000000), ref: 00818B3F
EnterCriticalSection.KERNEL32(?,00B3D144,00B3D160,00000001,?,?,?,?,?,00B3D144,?,00818D44,00000004,00811B76,0080502F,00807E61), ref: 00818BB0
LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,00B3D144,?,00818D44,00000004,00811B76,0080502F,00807E61,00000024,007C6B2B), ref: 00818BC0
LocalFree.KERNEL32(00000000,?,?,?,?,?,00B3D144,?,00818D44,00000004,00811B76,0080502F,00807E61,00000024,007C6B2B,00000001), ref: 00818BC9
TlsSetValue.KERNEL32(?,00000000,?,?,?,?,?,00B3D144,?,00818D44,00000004,00811B76,0080502F,00807E61,00000024,007C6B2B), ref: 00818BDB

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: Global$CriticalSection$Leave$AllocEnterHandleLock$FreeLocalUnlockValue_memset
String ID:
API String ID: 290045166-0
Opcode ID: 10cba77e480ae10accba6fbd2be285045653fa6d534619795b99eeaf5d14c009
Instruction ID: 53076b66483cb99d0c4ec906fa207b32f56c9e81704fbdc5a525d8fb497664de
Opcode Fuzzy Hash: 10cba77e480ae10accba6fbd2be285045653fa6d534619795b99eeaf5d14c009
Instruction Fuzzy Hash: 0951EDB1205615FFCB14DF64DC8AEA9B7B8FF04321B10422AF916C7691CB70E991CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0092C347 Relevance: 19.6, APIs: 13, Instructions: 89
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

___security_init_cookie.LIBCMT ref: 0092C347
___crtGetShowWindowMode.LIBCMT ref: 0092C35D

Part of subcall function 00934F53: GetStartupInfoW.KERNEL32(?), ref: 00934F5D

_fast_error_exit.LIBCMT ref: 0092C3C0
_fast_error_exit.LIBCMT ref: 0092C3D1
__RTC_Initialize.LIBCMT ref: 0092C3D7
__ioinit.LIBCMT ref: 0092C3E0
_fast_error_exit.LIBCMT ref: 0092C3EB
GetCommandLineA.KERNEL32(00B067A0,00000014), ref: 0092C3F1
___crtGetEnvironmentStringsA.LIBCMT ref: 0092C3FC
__setargv.LIBCMT ref: 0092C406
__setenvp.LIBCMT ref: 0092C417
__cinit.LIBCMT ref: 0092C42A
__wincmdln.LIBCMT ref: 0092C43B

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _fast_error_exit$___crt$CommandEnvironmentInfoInitializeLineModeShowStartupStringsWindow___security_init_cookie__cinit__ioinit__setargv__setenvp__wincmdln
String ID:
API String ID: 1579532436-0
Opcode ID: 0938dccd81def68f5c4851ce7ff00a29242cbfc73b54686a49e7b08be9d3d7aa
Instruction ID: 95f0d1f1b809cc2e4989b5e0303627769d0fae2d75b1276f499c920eeccb6207
Opcode Fuzzy Hash: 0938dccd81def68f5c4851ce7ff00a29242cbfc73b54686a49e7b08be9d3d7aa
Instruction Fuzzy Hash: 5221FDB060033595EB20B7B1BCA7B7E22A45F90755F108879F504EA1EBEFB4C9408B55

Uniqueness

Uniqueness Score: -1.00%

Function 007C5540 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 288
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00781F60: InitializeCriticalSectionAndSpinCount.KERNEL32(00000001,00000000,00000000,6838016B,0000676C,?,00000000,009593D8,000000FF,?,00000000,?,0078034D,00000000), ref: 00781FC3
Part of subcall function 00781F60: GetLastError.KERNEL32(?,00000000,009593D8,000000FF,?,00000000,?,0078034D,00000000,?,?,00000000), ref: 00781FCD

_memset.LIBCMT ref: 007C59E0
_memset.LIBCMT ref: 007C59FA
swprintf.LIBCMT ref: 007C5A11
_strtok.LIBCMT ref: 007C5A22
swprintf.LIBCMT ref: 007C5A3A
LoadIconW.USER32(?,00000080), ref: 007C5A55

Strings

*, xrefs: 007C59D9
<O|, xrefs: 007C5AAC

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memsetswprintf$CountCriticalErrorIconInitializeLastLoadSectionSpin_strtok
String ID: *$<O|
API String ID: 4093036633-1629522680
Opcode ID: 0f531b77e59e094e5cd599bbeab3fadfd5719830e719672003baa9b8428253f5
Instruction ID: bc484895143b72b216883b7c5e9a9315ca683ad9dd27434ed4e53088148ee391
Opcode Fuzzy Hash: 0f531b77e59e094e5cd599bbeab3fadfd5719830e719672003baa9b8428253f5
Instruction Fuzzy Hash: 16E18174601786EAD708EBB8C919BDDFBA4BF15308F00415CE42997392DBB46718DBA2

Uniqueness

Uniqueness Score: -1.00%

Function 00809AF7 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 119
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameW.KERNEL32(?,?,00000105,?,0081716F,00000000,00AF81D8,00000010,008281AC,?,?,?,00AE688C,?,00000001,0000000C), ref: 00809BC4
SetLastError.KERNEL32(0000006F,?,0081716F,00000000,00AF81D8,00000010,008281AC,?,?,?,00AE688C,?,00000001,0000000C,00828205,00000000), ref: 00809BD8

Part of subcall function 00809A0F: GetProcAddress.KERNEL32(75920AA0,?), ref: 00809A31

GetLastError.KERNEL32(00000020), ref: 00809C2F
LoadLibraryW.KERNEL32(Comctl32.dll,00000000,00000000,00000002,Comctl32.dll,00000040), ref: 00809CAA

Strings

GetModuleHandleExW, xrefs: 00809B81
QueryActCtxW, xrefs: 00809B30
Comctl32.dll, xrefs: 00809C96, 00809C9B, 00809CA9

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: ErrorLast$AddressFileLibraryLoadModuleNameProc
String ID: Comctl32.dll$GetModuleHandleExW$QueryActCtxW
API String ID: 3640817601-2998613672
Opcode ID: 519133b682974a0b3a7c3b141f495d1a81d7174259ce6e796e555984573c6f90
Instruction ID: 23e63ee15a782378b771ee27984d6a512512515bd24d9b15ae2c9ccfd6417ab5
Opcode Fuzzy Hash: 519133b682974a0b3a7c3b141f495d1a81d7174259ce6e796e555984573c6f90
Instruction Fuzzy Hash: 16417370D40215AAEFB0AB699C49B9E76E8FF44B10F100299E488E62D1DB749F80CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00803D7C Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 87
libraryloaderthreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00818CF3: __EH_prolog3.LIBCMT ref: 00818CFA

GetCurrentThreadId.KERNEL32 ref: 00803DA4
SetWindowsHookExA.USER32(00000005,0080828D,00000000,00000000), ref: 00803DB4
GetProcAddress.KERNEL32(00000000,HtmlHelpA), ref: 00803E17
FreeLibrary.KERNEL32(?,?,Function_0040502F,?,00000000,?,00804FC7,00000000), ref: 00803E27
CompareStringA.KERNEL32(0000007F,00000001,00000000,000000FF,00804FC7,000000FF,?,0080501A,0000000C,00000000,?,Function_0040502F,?,00000000,?,00804FC7), ref: 00803E65

Strings

HtmlHelpA, xrefs: 00803E11
hhctrl.ocx, xrefs: 00803DFB

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: AddressCompareCurrentFreeH_prolog3HookLibraryProcStringThreadWindows
String ID: HtmlHelpA$hhctrl.ocx
API String ID: 2453009749-63838506
Opcode ID: 8b751956207a276ba8f914458a285fc4438a758fc22a2916a96b50bb79b6aa3f
Instruction ID: cb57749eb6b902dde7a6b1d78c9fbab7d5c5f45098df6846d8f1c0fa3ba35cb9
Opcode Fuzzy Hash: 8b751956207a276ba8f914458a285fc4438a758fc22a2916a96b50bb79b6aa3f
Instruction Fuzzy Hash: FC214731514B06BBDB612FA9DC06F5B7BACFF00B61F004629FA19D55D1CB70D5808BA2

Uniqueness

Uniqueness Score: -1.00%

Function 0081798A Relevance: 12.0, APIs: 8, Instructions: 38
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

KiUserCallbackDispatcher.NTDLL(0000000B), ref: 00817997
GetSystemMetrics.USER32(0000000C), ref: 0081799E
GetSystemMetrics.USER32(00000002), ref: 008179A5
GetSystemMetrics.USER32(00000003), ref: 008179AF
GetDC.USER32(00000000), ref: 008179B9
GetDeviceCaps.GDI32(00000000,00000058), ref: 008179CA
GetDeviceCaps.GDI32(00000000,0000005A), ref: 008179D2
ReleaseDC.USER32(00000000,00000000), ref: 008179DA

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: MetricsSystem$CapsDevice$CallbackDispatcherReleaseUser
String ID:
API String ID: 1031845853-0
Opcode ID: 5907d1ca35c2246f78730de9e6f0c0159b00a42f1cf82cd6eeeef96b6c448b10
Instruction ID: 8d5f08c425a8475f25b03742b9a8b13434329521f03ac2b55edd5a6db4b6e48b
Opcode Fuzzy Hash: 5907d1ca35c2246f78730de9e6f0c0159b00a42f1cf82cd6eeeef96b6c448b10
Instruction Fuzzy Hash: FAF03071E45314AAEB146F71AC4DF2B3FA8EB41B61F10405BEA049F2D0DAB48801DFD0

Uniqueness

Uniqueness Score: -1.00%

Function 008078CD Relevance: 10.6, APIs: 7, Instructions: 120
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetParent.USER32(?), ref: 008078F7
PeekMessageA.USER32(0098E220,00000000,00000000,00000000,00000000), ref: 0080791B
UpdateWindow.USER32(?), ref: 00807935
SendMessageA.USER32(?,00000121,00000000,?), ref: 00807958
SendMessageA.USER32(?,0000036A,00000000,00000000), ref: 0080796F
UpdateWindow.USER32(?), ref: 008079B9
PeekMessageA.USER32(0098E220,00000000,00000000,00000000,00000000), ref: 008079F0

Part of subcall function 0080A305: GetWindowLongA.USER32(?,000000F0), ref: 0080A313

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: Message$Window$PeekSendUpdate$LongParent
String ID:
API String ID: 2853195852-0
Opcode ID: ce5823de604fb29bc398bf2c6ee3d4c89d739b9ed2954ce8491cbf5bb183731b
Instruction ID: 2b40ee3a548552151df43cf4d806b7c28dfae4c4460d01ee284f9fbb75067234
Opcode Fuzzy Hash: ce5823de604fb29bc398bf2c6ee3d4c89d739b9ed2954ce8491cbf5bb183731b
Instruction Fuzzy Hash: 9C41A270B08308ABEBA09F69CC49B6EBFA4FF40714F244568F545DA1D0DB75AE40D744

Uniqueness

Uniqueness Score: -1.00%

Function 008173D9 Relevance: 9.1, APIs: 6, Instructions: 61
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_strlen.LIBCMT ref: 008173FE
_memset.LIBCMT ref: 0081741A
GetWindowTextA.USER32(00000000,00000000,00000100), ref: 00817434
lstrcmpA.KERNEL32(00000000,00813EDB,?,?,?,00000000), ref: 00817446
SetWindowTextA.USER32(00000000,00813EDB), ref: 00817452
GetLastError.KERNEL32(?,?,00000000), ref: 00817471

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: TextWindow$ErrorLast_memset_strlenlstrcmp
String ID:
API String ID: 602903878-0
Opcode ID: 4b2c8f18fa77bfa268b3428e867814d29b2b87e3b229c3665a5ba879fdb21960
Instruction ID: 64680d3a4d3258c97c69b027c4adb237fe13c7e71aac0ca2977a21d3425c7935
Opcode Fuzzy Hash: 4b2c8f18fa77bfa268b3428e867814d29b2b87e3b229c3665a5ba879fdb21960
Instruction Fuzzy Hash: 611125B560511867DB10EB78AC84BFF7BBCFF44700F004069FA05E3241EA749E8097A5

Uniqueness

Uniqueness Score: -1.00%

Function 00828CA4 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 142COMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(?,?,00000104,?,?,?), ref: 00828CDF
PathFindExtensionA.KERNELBASE(?,?,?,?), ref: 00828CF9

Part of subcall function 00810949: __CxxThrowException@8.LIBCMT ref: 0081095D

Strings

.CHM, xrefs: 00828DE4
.HLP, xrefs: 00828DEB
.INI, xrefs: 00828E1B

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: Exception@8ExtensionFileFindModuleNamePathThrow
String ID: .CHM$.HLP$.INI
API String ID: 1938139466-4017452060
Opcode ID: 9d06a2d4d80541e8c43e5a6ce3dfca608326f4228750f36465c44bc9c43d9962
Instruction ID: 007b4b23a8dfe9ae4225e5437a922c35c73beacfb38b411f2a2ce754a7ca8edc
Opcode Fuzzy Hash: 9d06a2d4d80541e8c43e5a6ce3dfca608326f4228750f36465c44bc9c43d9962
Instruction Fuzzy Hash: 414180B5901725DADF20EB64E845B96B3ECFF54704F10086AA585D3681EF74D9C8CB21

Uniqueness

Uniqueness Score: -1.00%

Function 007C4FA0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 80COMMON

Download Yara Rule

Strings

Edit, xrefs: 0080B35D

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID:
String ID: Edit
API String ID: 0-554135844
Opcode ID: 8956826d842c6d837d66e35d6f42b585393edaf380320dd04687e66928840f0f
Instruction ID: 5915219ee35d27e1eea02bbe8e6606f89fd0fdbd2e460ebf482b66e081a74c2d
Opcode Fuzzy Hash: 8956826d842c6d837d66e35d6f42b585393edaf380320dd04687e66928840f0f
Instruction Fuzzy Hash: 6A21AE30205205EBEB618B24CD49FA677E9FF01369F3A802DE48AD62E1D775D880D751

Uniqueness

Uniqueness Score: -1.00%

Function 0080AB30 Relevance: 7.6, APIs: 5, Instructions: 143COMMON

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 0080AB37
GlobalLock.KERNEL32(00000000,?,?), ref: 0080AC23
DestroyWindow.USER32(?,?,?,?,0080A946,00000000), ref: 0080ACDA
GlobalUnlock.KERNEL32(00000000,?,?,?,0080A946,00000000), ref: 0080ACEA
GlobalFree.KERNEL32(00000000), ref: 0080ACF1

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: Global$DestroyFreeH_prolog3_catchLockUnlockWindow
String ID:
API String ID: 571947920-0
Opcode ID: a19f93d503a1a31fcb17043efcb47116e5eb11bcd6e8778fd9ce51992d8e4475
Instruction ID: d67e8d4c87c1e0e3b48c73aaf3bb1e81b1644fee8e5f1bce7943c80e235ae658
Opcode Fuzzy Hash: a19f93d503a1a31fcb17043efcb47116e5eb11bcd6e8778fd9ce51992d8e4475
Instruction Fuzzy Hash: 8F515830A0130A9FDB59EFA8C885AEE7BB9FF04314F154528F802E7291DB749A418B52

Uniqueness

Uniqueness Score: -1.00%

Function 008461D5 Relevance: 7.6, APIs: 5, Instructions: 61COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00846221
VerSetConditionMask.KERNEL32(00000000,00000000,00000002,00000003,00000001,00000003,?,00000000,00B3D508), ref: 00846238
VerSetConditionMask.KERNEL32(00000000,?,?,00000000,00B3D508), ref: 0084623C
VerifyVersionInfoA.KERNEL32(0000009C,00000003,00000000), ref: 00846249
GetSystemMetrics.USER32(00001000), ref: 0084625A

Part of subcall function 008469A7: __EH_prolog3.LIBCMT ref: 008469AE
Part of subcall function 008469A7: GetSysColor.USER32(00000016), ref: 008469C0
Part of subcall function 008469A7: GetSysColor.USER32(0000000F), ref: 008469CD
Part of subcall function 008469A7: GetSysColor.USER32(00000015), ref: 008469E0
Part of subcall function 008469A7: GetSysColor.USER32(0000000F), ref: 008469E8
Part of subcall function 008469A7: GetDeviceCaps.GDI32(00831CA7,0000000C), ref: 00846A0E
Part of subcall function 008469A7: GetSysColor.USER32(0000000F), ref: 00846A1C
Part of subcall function 008469A7: GetSysColor.USER32(00000010), ref: 00846A26
Part of subcall function 008469A7: GetSysColor.USER32(00000015), ref: 00846A30
Part of subcall function 008469A7: GetSysColor.USER32(00000016), ref: 00846A3A
Part of subcall function 008469A7: GetSysColor.USER32(00000014), ref: 00846A44
Part of subcall function 008469A7: GetSysColor.USER32(00000012), ref: 00846A4E
Part of subcall function 008469A7: GetSysColor.USER32(00000011), ref: 00846A58
Part of subcall function 008469A7: GetSysColor.USER32(00000006), ref: 00846A5F
Part of subcall function 008469A7: GetSysColor.USER32(0000000D), ref: 00846A66
Part of subcall function 008469A7: GetSysColor.USER32(0000000E), ref: 00846A6D
Part of subcall function 008469A7: GetSysColor.USER32(00000005), ref: 00846A74
Part of subcall function 008469A7: GetSysColor.USER32(00000008), ref: 00846A7E
Part of subcall function 008469A7: GetSysColor.USER32(00000009), ref: 00846A85
Part of subcall function 008469A7: GetSysColor.USER32(00000007), ref: 00846A8C
Part of subcall function 008469A7: GetSysColor.USER32(00000002), ref: 00846A93
Part of subcall function 008469A7: GetSysColor.USER32(00000003), ref: 00846A9A
Part of subcall function 008469A7: GetSysColor.USER32(0000001B), ref: 00846AA4
Part of subcall function 008469A7: GetSysColor.USER32(0000001C), ref: 00846AAE

Part of subcall function 00846494: __EH_prolog3_GS.LIBCMT ref: 0084649E
Part of subcall function 00846494: GetDeviceCaps.GDI32(?,00000058), ref: 008464BE
Part of subcall function 00846494: DeleteObject.GDI32(00000000), ref: 0084652E
Part of subcall function 00846494: DeleteObject.GDI32(00000000), ref: 00846548
Part of subcall function 00846494: DeleteObject.GDI32(00000000), ref: 00846562
Part of subcall function 00846494: DeleteObject.GDI32(00000000), ref: 0084657C
Part of subcall function 00846494: DeleteObject.GDI32(00000000), ref: 00846596
Part of subcall function 00846494: DeleteObject.GDI32(00000000), ref: 008465B0
Part of subcall function 00846494: DeleteObject.GDI32(00000000), ref: 008465CA

Part of subcall function 008462BA: GetSystemMetrics.USER32(00000031), ref: 008462CE
Part of subcall function 008462BA: GetSystemMetrics.USER32(00000032), ref: 008462D8
Part of subcall function 008462BA: SetRectEmpty.USER32(00B3D674), ref: 008462E7
Part of subcall function 008462BA: EnumDisplayMonitors.USER32(00000000,00000000,00846150,00B3D674,?,?,?,00000000,00B3D508), ref: 008462F7
Part of subcall function 008462BA: SystemParametersInfoA.USER32(00000030,00000000,00B3D674,00000000), ref: 0084630E
Part of subcall function 008462BA: SystemParametersInfoA.USER32(00001002,00000000,00B3D698,00000000), ref: 00846336
Part of subcall function 008462BA: SystemParametersInfoA.USER32(00001012,00000000,00B3D69C,00000000), ref: 0084634C
Part of subcall function 008462BA: SystemParametersInfoA.USER32(0000100A,00000000,00B3D6AC,00000000), ref: 0084636E

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: Color$DeleteObjectSystem$Info$Parameters$Metrics$CapsConditionDeviceMask$DisplayEmptyEnumH_prolog3H_prolog3_MonitorsRectVerifyVersion_memset
String ID:
API String ID: 2760246569-0
Opcode ID: 5d6a92e04ed5e4a706cf843f63cc99d149520d83b5c00514a7c959fc86c3ca64
Instruction ID: f526a1ccb39eec7cd94861751da66ad0b3ecca5dd3488aaa9e460739abe790d2
Opcode Fuzzy Hash: 5d6a92e04ed5e4a706cf843f63cc99d149520d83b5c00514a7c959fc86c3ca64
Instruction Fuzzy Hash: 2F11A770A0031CBFEB109F75AC56FAEBBACFB45714F404159B50997281DB741E148BD1

Uniqueness

Uniqueness Score: -1.00%

Function 00828C03 Relevance: 7.6, APIs: 5, Instructions: 58COMMON

Download Yara Rule

APIs

PathFindFileNameA.SHLWAPI(00000000,?,00828D25,?,?,00000104), ref: 00828C0F
_strlen.LIBCMT ref: 00828C1C
__cftof.LIBCMT ref: 00828C2E
SetErrorMode.KERNELBASE(00000000,00000000,?,00953EF9,?,?,?,?,?,?,00000000,?,0092C44E,00400000,00000000,00000000), ref: 00828C54
SetErrorMode.KERNELBASE(00000000,?,00953EF9,?,?,?,?,?,?,00000000,?,0092C44E,00400000,00000000,00000000), ref: 00828C5C

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: ErrorMode$FileFindNamePath__cftof_strlen
String ID:
API String ID: 4036641936-0
Opcode ID: 89556a27e8b43e3b57b479ddc09f846e97d44c5f3a7ffdf9de5f5f10f77f54fa
Instruction ID: bcb9306561ba99d7b63ebc8ea86865d8c48cba866c95ae59f6e28fb38af6f834
Opcode Fuzzy Hash: 89556a27e8b43e3b57b479ddc09f846e97d44c5f3a7ffdf9de5f5f10f77f54fa
Instruction Fuzzy Hash: 56119471816218DFCF50BF64E809B5A7B98FF00320F148469F518D7292DB75D9918BA2

Uniqueness

Uniqueness Score: -1.00%

Function 00810770 Relevance: 6.1, APIs: 4, Instructions: 89networkCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0081077A

Part of subcall function 00818CA5: __EH_prolog3_catch.LIBCMT ref: 00818CAC

WSAStartup.WS2_32(00000101,?), ref: 008107BA

Part of subcall function 0081092F: __CxxThrowException@8.LIBCMT ref: 00810943

WSACleanup.WS2_32 ref: 00810809
WSASetLastError.WS2_32(0000276C,?,?,0095A74B,000000FF), ref: 00810814

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: CleanupErrorException@8H_prolog3_H_prolog3_catchLastStartupThrow
String ID:
API String ID: 3542062730-0
Opcode ID: 5906fa61086c2f2ef530e232d2457f9895792bfba9bfe0ca65b0fc8375ca9a9d
Instruction ID: 392ce7fe22735ad75bef204c84b452fd533f45a8b1950d1ec58d18ec2cc6e3d8
Opcode Fuzzy Hash: 5906fa61086c2f2ef530e232d2457f9895792bfba9bfe0ca65b0fc8375ca9a9d
Instruction Fuzzy Hash: 1231CD30A4A31AEBEB24AFB84D197D876A9FF44710F104039F546DA6C1DBF088C08F92

Uniqueness

Uniqueness Score: -1.00%

Function 008039F3 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 240COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00803A20

Strings

AfxFrameOrView120s, xrefs: 00803AE9
AfxMDIFrame120s, xrefs: 00803AC6

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memset
String ID: AfxFrameOrView120s$AfxMDIFrame120s
API String ID: 2102423945-1192132332
Opcode ID: cdbaa7502b3b6e1496e3dc100f306df1ee81e353ac14d236013ceb6ad0fa543a
Instruction ID: 9d1f80be3a7252b14be12ac2e8ebb3f8ea066ffcdf2dddd2e3d48d7bcf15138e
Opcode Fuzzy Hash: cdbaa7502b3b6e1496e3dc100f306df1ee81e353ac14d236013ceb6ad0fa543a
Instruction Fuzzy Hash: 51813572E40319AAEB91DBE8CD49BDEBAFCFF04354F054125A984F31C1EB749B488690

Uniqueness

Uniqueness Score: -1.00%

Function 007C7500 Relevance: 4.6, APIs: 3, Instructions: 84COMMON

Download Yara Rule

APIs

FindResourceW.KERNELBASE(?,?,00000006,?,?,00000000,?,007C531C,00000000,?,?,?,?,?,00000000,0095A788), ref: 007C751B

Part of subcall function 007CBE30: LoadResource.KERNEL32(?,?,?,007C7531,?,00000000,?,?,?,00000000,?,007C531C,00000000), ref: 007CBE39

WideCharToMultiByte.KERNEL32(00000003,00000000,00000002,?,00000000,00000000,00000000,00000000), ref: 007C754E
WideCharToMultiByte.KERNEL32(00000003,00000000,00000002,?,?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 007C7588

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: ByteCharMultiResourceWide$FindLoad
String ID:
API String ID: 861045882-0
Opcode ID: 4798fa5cdffe2f0a6356bec1023d13c6bafe9837df65d8b314e61b2b1dd9fc54
Instruction ID: 6b7788a88953b43b54b89fdde8fd89f8a4b320df4a2e33c68e72391c89a4df39
Opcode Fuzzy Hash: 4798fa5cdffe2f0a6356bec1023d13c6bafe9837df65d8b314e61b2b1dd9fc54
Instruction Fuzzy Hash: 2121C371255214AFE7249A649C89F76B79CEB04720F10001EFA05DF2C0DAA5A811CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 0080BAEF Relevance: 4.5, APIs: 3, Instructions: 36windowCOMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(00000030,00000000,00000000,00000000), ref: 0080BA64
TranslateMessage.USER32(00000030), ref: 0080BA83
DispatchMessageA.USER32(00000030), ref: 0080BA8A

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: Message$CallbackDispatchDispatcherTranslateUser
String ID:
API String ID: 2960505505-0
Opcode ID: 2e3f8f1cbd8e4581f26279944e3f18cdeae210f942ccd472da27264b027b0401
Instruction ID: 67a301eb48d3b9a01a96a61471b6232e59cf12c48e38f9f507ad4de0fd47b33c
Opcode Fuzzy Hash: 2e3f8f1cbd8e4581f26279944e3f18cdeae210f942ccd472da27264b027b0401
Instruction Fuzzy Hash: 3BF08231317526ABD755AB34AC48EBB33ACFF413253054028F402C6590EB24DD42DBA6

Uniqueness

Uniqueness Score: -1.00%

Function 008284DB Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34COMMON

Download Yara Rule

APIs

GetClassInfoA.USER32(?,?,00000000), ref: 00828501

Strings

Button, xrefs: 008284E8

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: ClassInfo
String ID: Button
API String ID: 3534257612-1034594571
Opcode ID: 61b79b5a47fd0fbf206d48f4949af19ddaf4b167371f533d4362dc5f342aee0a
Instruction ID: dd58285fb09c1b54e7c7b98ca9a1d65ad82f48f4ba10a259f8c8cddab1ccd6f3
Opcode Fuzzy Hash: 61b79b5a47fd0fbf206d48f4949af19ddaf4b167371f533d4362dc5f342aee0a
Instruction Fuzzy Hash: 27F01D72A1520CAFDF10DF99D945ADEBBFCEB08324F104056E904F7250E7719A848BA1

Uniqueness

Uniqueness Score: -1.00%

Function 008086BB Relevance: 3.1, APIs: 2, Instructions: 58COMMON

Download Yara Rule

APIs

Part of subcall function 0080A305: GetWindowLongA.USER32(?,000000F0), ref: 0080A313

GetWindowRect.USER32(?,?), ref: 008086FC
GetWindow.USER32(?,00000004), ref: 00808719

Part of subcall function 0080A445: IsWindowEnabled.USER32(?), ref: 0080A451

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: Window$EnabledLongRect
String ID:
API String ID: 3170195891-0
Opcode ID: ba852992430f7d8e1e6aef4ffc8a8c65ffce934b3eb76d9e1e4ee7f6d72b7f88
Instruction ID: 6a1b3d51da783da69d47946c2039afdea5d3f0b6624bb568a8f63a4aa1bb6ca3
Opcode Fuzzy Hash: ba852992430f7d8e1e6aef4ffc8a8c65ffce934b3eb76d9e1e4ee7f6d72b7f88
Instruction Fuzzy Hash: C5114675A00219DBCB50EFA98C94AAEF7B9FF64310F604059E842E7294DB70EA418A52

Uniqueness

Uniqueness Score: -1.00%

Function 008040B3 Relevance: 3.1, APIs: 2, Instructions: 57COMMON

Download Yara Rule

APIs

Part of subcall function 00818CF3: __EH_prolog3.LIBCMT ref: 00818CFA

UnhookWindowsHookEx.USER32(?), ref: 008040DD
DefWindowProcA.USER32(00000000,00000360,?,?,00000000,00000000,?,Function_0040502F,00000000,00804FF7,?,6838016B,00000000,?,?,?), ref: 00804140

Part of subcall function 008038ED: __EH_prolog3_catch_GS.LIBCMT ref: 008038F4

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: H_prolog3H_prolog3_catch_HookProcUnhookWindowWindows
String ID:
API String ID: 2533299859-0
Opcode ID: 622805342607e46e54512dfc996e55033acbe557233bddd3d6e8dd813c948c6c
Instruction ID: df47940e3003682c83dc499b0017488bf7b0de942153a3865a79bebe8e948073
Opcode Fuzzy Hash: 622805342607e46e54512dfc996e55033acbe557233bddd3d6e8dd813c948c6c
Instruction Fuzzy Hash: 4911A072445A14ABDBB2AF64AC09BAB3BA8FF05321F044425B746D14E1C774C990DBA2

Uniqueness

Uniqueness Score: -1.00%

Function 00813D2D Relevance: 3.0, APIs: 2, Instructions: 34COMMON

Download Yara Rule

APIs

GetWindowTextLengthA.USER32(00000000), ref: 00813D4E
GetWindowTextA.USER32(00000000,00000000,00000000), ref: 00813D63

Part of subcall function 0080773C: _strnlen.LIBCMT ref: 00807754

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: TextWindow$Length_strnlen
String ID:
API String ID: 1159536582-0
Opcode ID: 6ae17f20e37951169b69e5cad2c96b2b48fb716fd6e98abf6b712f1d55d5bcbd
Instruction ID: f7c82aef210a8002ba3914c8f70be72279f79f24e0771a23a9fa3ad9eba3ccc1
Opcode Fuzzy Hash: 6ae17f20e37951169b69e5cad2c96b2b48fb716fd6e98abf6b712f1d55d5bcbd
Instruction Fuzzy Hash: 76F03072104209BBCB11AF58EC59DBB376DFF85760B04811DF915C72D0DB759850DBA2

Uniqueness

Uniqueness Score: -1.00%

Function 00828C48 Relevance: 3.0, APIs: 2, Instructions: 32COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(00000000,00000000,?,00953EF9,?,?,?,?,?,?,00000000,?,0092C44E,00400000,00000000,00000000), ref: 00828C54
SetErrorMode.KERNELBASE(00000000,?,00953EF9,?,?,?,?,?,?,00000000,?,0092C44E,00400000,00000000,00000000), ref: 00828C5C

Part of subcall function 00828CA4: GetModuleFileNameA.KERNEL32(?,?,00000104,?,?,?), ref: 00828CDF
Part of subcall function 00828CA4: PathFindExtensionA.KERNELBASE(?,?,?,?), ref: 00828CF9

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: ErrorMode$ExtensionFileFindModuleNamePath
String ID:
API String ID: 1764437154-0
Opcode ID: 7f343f9f596e78e8067f4371e7d38a34e0059e36b0d2d0792db4c6e7968a22be
Instruction ID: fe3b19c69fba48c90b557c22016fd7d0c58087ad5b134882580b9da81a358ba9
Opcode Fuzzy Hash: 7f343f9f596e78e8067f4371e7d38a34e0059e36b0d2d0792db4c6e7968a22be
Instruction Fuzzy Hash: EBF0907591A2288FCB90FF68E404B597B98FF04320F05845AF604CB252EB75E8818FE2

Uniqueness

Uniqueness Score: -1.00%

Function 0080505E Relevance: 3.0, APIs: 2, Instructions: 28COMMON

Download Yara Rule

APIs

DefWindowProcA.USER32(?,?,?,?), ref: 00805095
CallWindowProcA.USER32(?,?,?,?,?), ref: 0080509E

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: ProcWindow$Call
String ID:
API String ID: 2316559721-0
Opcode ID: bedbac93c351b297c7983987677b80c5e17e069d6843574d0825f62e3e18cd74
Instruction ID: f31782965d2169c3899ec32799edfc1211552f957357806fb605241ba01ef9b9
Opcode Fuzzy Hash: bedbac93c351b297c7983987677b80c5e17e069d6843574d0825f62e3e18cd74
Instruction Fuzzy Hash: D3F09E36105A09EFDF615FA4DC08E9EBBB5FF08355F048819F94586560D776D820EF90

Uniqueness

Uniqueness Score: -1.00%

Function 0080A7EA Relevance: 3.0, APIs: 2, Instructions: 27COMMON

Download Yara Rule

APIs

IsWindow.USER32(?), ref: 0080A7F7
SetWindowTextA.USER32(?,000003F4), ref: 0080A813

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: Window$Text
String ID:
API String ID: 848690642-0
Opcode ID: d8fea4637104b13693098a2c995308d960b78d292be1deca34fc8a64c8327cb1
Instruction ID: 2ffbea6c55cf8040de3fc19e8e9659a5c33cd80e570bf15a2f9d677fcc7f8d22
Opcode Fuzzy Hash: d8fea4637104b13693098a2c995308d960b78d292be1deca34fc8a64c8327cb1
Instruction Fuzzy Hash: 1CE06D32211714DFCF686B25EC049A6B7A9FF15762B00847AE586C6661EB31A850DB81

Uniqueness

Uniqueness Score: -1.00%

Function 0080B91D Relevance: 3.0, APIs: 2, Instructions: 15threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 0080B930
SetWindowsHookExA.USER32(000000FF,0080BF5A,00000000,00000000), ref: 0080B940

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: CurrentHookThreadWindows
String ID:
API String ID: 1904029216-0
Opcode ID: 4977ee2317d7ae1294ddab4ccbdd8d68c43221d8d383756f8124eae2e73d896c
Instruction ID: 9f78184dd63f3a0dd69a6cbf2ce7bc63698b49100ea1cddf668ee8d9180e04a1
Opcode Fuzzy Hash: 4977ee2317d7ae1294ddab4ccbdd8d68c43221d8d383756f8124eae2e73d896c
Instruction Fuzzy Hash: 16D0A93280E2502EEB603B747C0DF8A3B98FF11331F010345F226D22E1FB2488818B66

Uniqueness

Uniqueness Score: -1.00%

Function 008038ED Relevance: 1.6, APIs: 1, Instructions: 78COMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 008038F4

Part of subcall function 00818CF3: __EH_prolog3.LIBCMT ref: 00818CFA

Part of subcall function 0081092F: __CxxThrowException@8.LIBCMT ref: 00810943

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: Exception@8H_prolog3H_prolog3_catch_Throw
String ID:
API String ID: 2399685165-0
Opcode ID: 6f8e4d3f268c3336cff696dde473f8049bf5a732bd8219e1f26b0c1f399ec38b
Instruction ID: f71562a11cacc2b909524bd05411516ce15de12ef4ff57c8755adcb328c7d4b1
Opcode Fuzzy Hash: 6f8e4d3f268c3336cff696dde473f8049bf5a732bd8219e1f26b0c1f399ec38b
Instruction Fuzzy Hash: 8B31C475D002199BDF05DF98C891ADE7BB9FF49710F14046AF915FB281C7B0AA91CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 007C4EC0 Relevance: 1.6, APIs: 1, Instructions: 59COMMON

Download Yara Rule

APIs

#17.COMCTL32(6838016B,?,?,0095A74B,000000FF), ref: 007C4EF2

Part of subcall function 0080C85A: __EH_prolog3.LIBCMT ref: 0080C861

Part of subcall function 00810770: __EH_prolog3_GS.LIBCMT ref: 0081077A
Part of subcall function 00810770: WSAStartup.WS2_32(00000101,?), ref: 008107BA

Part of subcall function 0080DDC4: __EH_prolog3.LIBCMT ref: 0080DDCB

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: H_prolog3$H_prolog3_Startup
String ID:
API String ID: 1794641787-0
Opcode ID: 709640ee95ec670620f90bd0d33678dab3da59ace8fec6641f854c52fde79ba1
Instruction ID: bc65dafe5a803cb57e016486cbf23449e6c8faad42e71b8005a7edfa3dd020e4
Opcode Fuzzy Hash: 709640ee95ec670620f90bd0d33678dab3da59ace8fec6641f854c52fde79ba1
Instruction Fuzzy Hash: 5911B170944218ABDB14EB68CC12FEEB7B4FB05720F00066DF82A972C1EF35AA408A51

Uniqueness

Uniqueness Score: -1.00%

Function 008113E9 Relevance: 1.5, APIs: 1, Instructions: 44COMMON

Download Yara Rule

APIs

Part of subcall function 007C6080: FindResourceW.KERNELBASE(?,?,00000006,?,0081140D,?,?,00000000,?,?,00828DA5,0000E006,?,00000100,?,?), ref: 007C6093

WideCharToMultiByte.KERNEL32(00000000,00000000,00000002,00000103,?,00000103,00000000,00000000,00000000,00000000,?,?,00828DA5,0000E006,?,00000100), ref: 00811431

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: ByteCharFindMultiResourceWide
String ID:
API String ID: 3726879926-0
Opcode ID: 82f85c27a8593146d292ab6b00b973419a4ca8f95e393f593d6ef59dcde3e2b7
Instruction ID: 9b995860c60a378e7e50863d34efdb1260a60c7537cf486771b73462e123a7ff
Opcode Fuzzy Hash: 82f85c27a8593146d292ab6b00b973419a4ca8f95e393f593d6ef59dcde3e2b7
Instruction Fuzzy Hash: CAF0FC73105215AFCB119FA8AC48DEFB75DFE44724311412EF655C7102D531EC808770

Uniqueness

Uniqueness Score: -1.00%

Function 00818CF3 Relevance: 1.5, APIs: 1, Instructions: 43COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00818CFA

Part of subcall function 0081092F: __CxxThrowException@8.LIBCMT ref: 00810943

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: Exception@8H_prolog3Throw
String ID:
API String ID: 3670251406-0
Opcode ID: 70b7c6d24dc37d156d92302b9738964520dbf06d9070e84c4a300b71e8ec0b2b
Instruction ID: 38f9d6e4962b808e983d9975677c1fbbaf527bdea1126e7e18d72478840c44e9
Opcode Fuzzy Hash: 70b7c6d24dc37d156d92302b9738964520dbf06d9070e84c4a300b71e8ec0b2b
Instruction Fuzzy Hash: EA012C75A00712CBEB25AB74A8126AD77A9FF50360B244135E910DB2A0EF70CDC1DB51

Uniqueness

Uniqueness Score: -1.00%

Function 0080C85A Relevance: 1.5, APIs: 1, Instructions: 42COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 0080C861

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: H_prolog3
String ID:
API String ID: 431132790-0
Opcode ID: 5d5ab850e5f765ed4106d38fef9d0545095910cd666907fff57449a7c33bc2b9
Instruction ID: 4be9605be7e2c18f7828ae002d8b993921d97c92a2cbfbb45bce3b5bf05dfc06
Opcode Fuzzy Hash: 5d5ab850e5f765ed4106d38fef9d0545095910cd666907fff57449a7c33bc2b9
Instruction Fuzzy Hash: E5014835A112128FCB54EB64C468BBEB7F5FF84314F194479E51AEB291DF34A804CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00807E41 Relevance: 1.5, APIs: 1, Instructions: 29COMMON

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 00807E48

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: H_prolog3_catch
String ID:
API String ID: 3886170330-0
Opcode ID: 4500edd831af26ac3ab9578a8708a8ed4e74cd2e420f25abe03dd5b63a4b9313
Instruction ID: bcf3a54f130838dcbdc8c22a367abf4f24cd4dcd06d2a2901935d49bb8c559af
Opcode Fuzzy Hash: 4500edd831af26ac3ab9578a8708a8ed4e74cd2e420f25abe03dd5b63a4b9313
Instruction Fuzzy Hash: 2EF0B2759102098FDB14DFA4D0A5BEEBBF1EF48315F10842AE456AB280DB755944CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 0080B3BF Relevance: 1.5, APIs: 1, Instructions: 26COMMON

Download Yara Rule

APIs

CreateDialogIndirectParamA.USER32(?,?,?,?,?), ref: 0080B3FC

Part of subcall function 0080999F: OutputDebugStringA.KERNEL32(IsolationAware function called after IsolationAwareCleanup,-00000034,?,0081716F,00000000,00AF81D8,00000010,008281AC,?,?,?,00AE688C,?,00000001,0000000C,00828205), ref: 008099B3

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: CreateDebugDialogIndirectOutputParamString
String ID:
API String ID: 3066322445-0
Opcode ID: 9740dcf67d2f9cbbda79abdf109795cebe2d8f59fa1d6f30f6167cb23eddafba
Instruction ID: bb86f99f513e249ba47d0310e057417e6038edd8415a1b6be25a27e058f3c713
Opcode Fuzzy Hash: 9740dcf67d2f9cbbda79abdf109795cebe2d8f59fa1d6f30f6167cb23eddafba
Instruction Fuzzy Hash: 4EF03A7280021DEFDF109FA4DC05BEE7AB0FF18322F104615F910A11D2C7748A14EB51

Uniqueness

Uniqueness Score: -1.00%

Function 00802D2D Relevance: 1.5, APIs: 1, Instructions: 22COMMONLIBRARYCODE

Download Yara Rule

APIs

_malloc.LIBCMT ref: 00802D49

Part of subcall function 0092B455: __FF_MSGBANNER.LIBCMT ref: 0092B46C
Part of subcall function 0092B455: __NMSG_WRITE.LIBCMT ref: 0092B473
Part of subcall function 0092B455: RtlAllocateHeap.NTDLL(?,00000000,00000001,?,?,?,?,00802D4E,00000001,?,?,007748D8,00000B40,00000000), ref: 0092B498

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: AllocateHeap_malloc
String ID:
API String ID: 501242067-0
Opcode ID: 09f2fa54bc76b3d67b0743a0911ebea177d1b6ec7a64cc59e4d817d8fa23692f
Instruction ID: e121dc37dbffaaf81070f624cd7740805750e17aac1e7a946fc52e0efad6e033
Opcode Fuzzy Hash: 09f2fa54bc76b3d67b0743a0911ebea177d1b6ec7a64cc59e4d817d8fa23692f
Instruction Fuzzy Hash: 2ED0173260552E679B926A99EC087A9779CEA02BA13444121AE08DA1A5EA91CD2143D0

Uniqueness

Uniqueness Score: -1.00%

Function 007C6080 Relevance: 1.5, APIs: 1, Instructions: 21COMMON

Download Yara Rule

APIs

FindResourceW.KERNELBASE(?,?,00000006,?,0081140D,?,?,00000000,?,?,00828DA5,0000E006,?,00000100,?,?), ref: 007C6093

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: FindResource
String ID:
API String ID: 1635176832-0
Opcode ID: a97cf308e2a8341437130e46adfe69a6bcd10f5587b081dc91b1da8f22a313ef
Instruction ID: cd259290377ff5d891c71e8756b301f7e59755d6ff71de54f97e38bc017c9c57
Opcode Fuzzy Hash: a97cf308e2a8341437130e46adfe69a6bcd10f5587b081dc91b1da8f22a313ef
Instruction Fuzzy Hash: 70D05E7111420CBBEF001E54FC41EBA3B9EEB80B18F008024FD1CC91A1E332EDA1AB50

Uniqueness

Uniqueness Score: -1.00%

Function 0080BFB6 Relevance: 1.5, APIs: 1, Instructions: 21COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 0080BFBD

Part of subcall function 0080C38F: MultiByteToWideChar.KERNEL32(00000003,00000000,00000000,000000FF,00000000,00000000,00000000,?,?,?,0080BFF0,?,?,00000000,00000004,Function_0040502F), ref: 0080C3C2

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: ByteCharH_prolog3MultiWide
String ID:
API String ID: 354187267-0
Opcode ID: b7862ec7d1b482703b4fa897afa1711ac4833bcf64a4940522b8737eb3d8d3a0
Instruction ID: 35604ef8f41465b66647b075a368005be8510240fd1a68eb36ad530a34c1715c
Opcode Fuzzy Hash: b7862ec7d1b482703b4fa897afa1711ac4833bcf64a4940522b8737eb3d8d3a0
Instruction Fuzzy Hash: 86E0C2707406299BDF067F249C26BAC2625EF40700F04802CFA00AB386CF7A4F0196DE

Uniqueness

Uniqueness Score: -1.00%

Function 0080A3CC Relevance: 1.5, APIs: 1, Instructions: 19windowCOMMON

Download Yara Rule

APIs

IsDialogMessageA.USER32(?,?,?,?,008072C5,?,?,0080B3A6,?,?), ref: 0080A3F4

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: DialogMessage
String ID:
API String ID: 547518314-0
Opcode ID: 79f1841fdb7610db474d431788ee911d1dab1c18fb6be770e88cf0871055e375
Instruction ID: 3289e885ec3d0ffd71d7e9caf0b2beb9080f82c2824bb757d71634aa5ea8d324
Opcode Fuzzy Hash: 79f1841fdb7610db474d431788ee911d1dab1c18fb6be770e88cf0871055e375
Instruction Fuzzy Hash: E2E08C32115218EBCB159F59D808CD6BBA8FF09364B120016F90AC6AB1DBB29890EB91

Uniqueness

Uniqueness Score: -1.00%

Function 0084612A Relevance: 1.5, APIs: 1, Instructions: 13COMMON

Download Yara Rule

APIs

SystemParametersInfoA.USER32(00000029,?,?,00000000), ref: 00846146

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: InfoParametersSystem
String ID:
API String ID: 3098949447-0
Opcode ID: 1c84008ee6ae6706a48f2a757a7213782c16bca3a1a0d61972abb7148300abcc
Instruction ID: a6745f1936163994c9b0ccae624cc512fe0511ad74a9658a39b44fb27466a8cc
Opcode Fuzzy Hash: 1c84008ee6ae6706a48f2a757a7213782c16bca3a1a0d61972abb7148300abcc
Instruction Fuzzy Hash: 3FD012B1144708EFF7015F40DC09FA13BA8EB55719F404065F6088E2E1C7B268A1DFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0081270B Relevance: 1.5, APIs: 1, Instructions: 8COMMON

Download Yara Rule

APIs

DeleteObject.GDI32(00000000), ref: 0081271A

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: DeleteObject
String ID:
API String ID: 1531683806-0
Opcode ID: fa9da47eafd2a040c2863aeb57f84694cf5f0f9af8f6cebe8a77ee7f82e5a326
Instruction ID: 7f9e297856332a1cdc75128369e8bc902ee4c2c5c0ac2ff71abbb48fe3994ca4
Opcode Fuzzy Hash: fa9da47eafd2a040c2863aeb57f84694cf5f0f9af8f6cebe8a77ee7f82e5a326
Instruction Fuzzy Hash: A1B09270812100AAEE00A730AA4C7573658FF40316F108C94A010C2081DB39C492D651

Uniqueness

Uniqueness Score: -1.00%

Function 0080C38F Relevance: 1.3, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000003,00000000,00000000,000000FF,00000000,00000000,00000000,?,?,?,0080BFF0,?,?,00000000,00000004,Function_0040502F), ref: 0080C3C2

Part of subcall function 0080C709: MultiByteToWideChar.KERNEL32(00000003,00000000,00000000,000000FF,00000000,00000000,?,0080C3A4,00000000,?,?,?,0080BFF0,?,?,00000000), ref: 0080C718

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: ByteCharMultiWide
String ID:
API String ID: 626452242-0
Opcode ID: c922a7fd82f21ca123314caeb81a4302fff2a015d2f9cfdf48eb3013be509dcd
Instruction ID: 4976baf6f68ce33f2a27de994065dc4fd413c2cb1e547b9d2e2461e9188e1702
Opcode Fuzzy Hash: c922a7fd82f21ca123314caeb81a4302fff2a015d2f9cfdf48eb3013be509dcd
Instruction Fuzzy Hash: 36F05532219128B7D6202B48AC05FAF7A4DEF843A0F21832ABA05E63D0CAA18C1152F5

Uniqueness

Uniqueness Score: -1.00%

Function 0080C709 Relevance: 1.3, APIs: 1, Instructions: 13COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000003,00000000,00000000,000000FF,00000000,00000000,?,0080C3A4,00000000,?,?,?,0080BFF0,?,?,00000000), ref: 0080C718

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: ByteCharMultiWide
String ID:
API String ID: 626452242-0
Opcode ID: 1f0d5490123a210d10b290db80741e45731ba317e14d9d41913e22b6eda35a67
Instruction ID: 023cd9da8a5d79547b7047a442c0f41ac738bd7e4d03106e742023f097b541b4
Opcode Fuzzy Hash: 1f0d5490123a210d10b290db80741e45731ba317e14d9d41913e22b6eda35a67
Instruction Fuzzy Hash: 23C048B125D2097EFA012AA4AC05E763B5CD710620F108214BE28C52E0D961991067A1

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 007F4460 Relevance: 219.1, APIs: 63, Strings: 62, Instructions: 325libraryloaderCOMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(?,?,?,?,007D7317,007CCE62,?,?,007D7487,AADP), ref: 007F446F
LoadLibraryA.KERNEL32(007CCE62,007CCE62,?,?,00000000), ref: 007F4499
GetProcAddress.KERNEL32(?,XInit), ref: 007F44B9
GetProcAddress.KERNEL32(?,XCreate), ref: 007F44C6
GetProcAddress.KERNEL32(?,XSetMediaConfig4), ref: 007F44D3
GetProcAddress.KERNEL32(?,XConnect), ref: 007F44E0
GetProcAddress.KERNEL32(?,XSetVideoConfig), ref: 007F44ED
GetProcAddress.KERNEL32(?,XGetVideoConfig), ref: 007F44FA
GetProcAddress.KERNEL32(?,XGetVideoConfig3), ref: 007F4507
GetProcAddress.KERNEL32(?,XStartStreaming), ref: 007F4514
GetProcAddress.KERNEL32(?,XStopStreaming), ref: 007F4521
GetProcAddress.KERNEL32(?,XStop), ref: 007F452E
GetProcAddress.KERNEL32(?,XGetNextFrame), ref: 007F453B
GetProcAddress.KERNEL32(?,XGetNextFrame2), ref: 007F4548
GetProcAddress.KERNEL32(?,XGetNextIFrame), ref: 007F4555
GetProcAddress.KERNEL32(?,XGetNextIFrame2), ref: 007F4562
GetProcAddress.KERNEL32(?,XGetPrevFrame), ref: 007F456F
GetProcAddress.KERNEL32(?,XGetPrevFrame2), ref: 007F457C
GetProcAddress.KERNEL32(?,XGetPrevIFrame), ref: 007F4589
GetProcAddress.KERNEL32(?,XGetPrevIFrame2), ref: 007F4596
GetProcAddress.KERNEL32(?,XDisconnect), ref: 007F45A3
GetProcAddress.KERNEL32(?,XSendCommand), ref: 007F45B0
GetProcAddress.KERNEL32(?,XExit), ref: 007F45BD
GetProcAddress.KERNEL32(?,XSetControlDataCallBack), ref: 007F45CA
GetProcAddress.KERNEL32(?,XSetMotionInfo), ref: 007F45D7
GetProcAddress.KERNEL32(?,XGetMotionInfo), ref: 007F45E4
GetProcAddress.KERNEL32(?,XGetSupportEvents), ref: 007F45F1
GetProcAddress.KERNEL32(?,XGetBeginTime), ref: 007F45FE
GetProcAddress.KERNEL32(?,XGetEndTime), ref: 007F460B
GetProcAddress.KERNEL32(?,XGetBeginTimeUTC), ref: 007F4618
GetProcAddress.KERNEL32(?,XGetEndTimeUTC), ref: 007F4625
GetProcAddress.KERNEL32(?,XSetCurrentTime), ref: 007F4632
GetProcAddress.KERNEL32(?,XGetCurrentTime), ref: 007F4642
GetProcAddress.KERNEL32(?,XSetCurrentTimeUTC), ref: 007F4652
GetProcAddress.KERNEL32(?,XGetCurrentTimeUTC), ref: 007F4662
GetProcAddress.KERNEL32(?,XGetRawFileInfo2), ref: 007F4672
GetProcAddress.KERNEL32(?,XGetRawFileInfo3), ref: 007F4682
GetProcAddress.KERNEL32(?,XGetCurrentPos), ref: 007F4692
GetProcAddress.KERNEL32(?,XSetDebugMessageLevel), ref: 007F46A2
GetProcAddress.KERNEL32(?,XGetVersion), ref: 007F46B2
GetProcAddress.KERNEL32(?,XGetSessionID), ref: 007F46C2
GetProcAddress.KERNEL32(?,XSetEngineConfig), ref: 007F46D2
GetProcAddress.KERNEL32(?,XSetEngineConfig2), ref: 007F46E2
GetProcAddress.KERNEL32(?,XStartTransferStreamingEngineData), ref: 007F46F2
GetProcAddress.KERNEL32(?,XSetVideoTransformConfig), ref: 007F4702
GetProcAddress.KERNEL32(?,XGetCardCount), ref: 007F4712
GetProcAddress.KERNEL32(?,XGetChannelCount), ref: 007F4722
GetProcAddress.KERNEL32(?,XSearchCapCard), ref: 007F4732
GetProcAddress.KERNEL32(?,XSearchCapChannel), ref: 007F4742
GetProcAddress.KERNEL32(?,XGetChannelHSync), ref: 007F4752
GetProcAddress.KERNEL32(?,XSetMediaConfig), ref: 007F4762
GetProcAddress.KERNEL32(?,XAddNthMedia), ref: 007F4772
GetProcAddress.KERNEL32(?,XRemoveNthMedia), ref: 007F4782
GetProcAddress.KERNEL32(?,XGetNthVideoConfig), ref: 007F4792
GetProcAddress.KERNEL32(?,XRemoveAllMedia), ref: 007F47A2
GetProcAddress.KERNEL32(?,XGetTotalIFrame), ref: 007F47B2
GetProcAddress.KERNEL32(?,XGetNthBeginTime), ref: 007F47C2
GetProcAddress.KERNEL32(?,XGetNthEndTime), ref: 007F47D2
GetProcAddress.KERNEL32(?,XGetCurrentReadingFileNumber), ref: 007F47E2
GetProcAddress.KERNEL32(?,XGetCurrentReadingAbsTime), ref: 007F47F2
GetProcAddress.KERNEL32(?,XSetDownloadProgressCallback), ref: 007F4802
GetProcAddress.KERNEL32(?,XSetDownloadLocalFileName), ref: 007F4812
GetProcAddress.KERNEL32(?,XEnableDeleteFileAfterClose), ref: 007F4822

Strings

XSearchCapChannel, xrefs: 007F4734
XCreate, xrefs: 007F44BB
XSetMediaConfig, xrefs: 007F4754
XGetRawFileInfo2, xrefs: 007F4664
XRemoveNthMedia, xrefs: 007F4774
XRemoveAllMedia, xrefs: 007F4794
XStopStreaming, xrefs: 007F4516
XStartTransferStreamingEngineData, xrefs: 007F46E4
XGetBeginTimeUTC, xrefs: 007F460D
XSetControlDataCallBack, xrefs: 007F45BF
XGetNthVideoConfig, xrefs: 007F4784
XGetCurrentTime, xrefs: 007F4634
XGetNthBeginTime, xrefs: 007F47B4
XGetSessionID, xrefs: 007F46B4
XGetSupportEvents, xrefs: 007F45E6
XSetEngineConfig, xrefs: 007F46C4
XStop, xrefs: 007F4523
XGetNextFrame, xrefs: 007F4530
XGetNthEndTime, xrefs: 007F47C4
XGetCardCount, xrefs: 007F4704
XGetEndTime, xrefs: 007F4600
XSetDebugMessageLevel, xrefs: 007F4694
XGetPrevIFrame, xrefs: 007F457E
XGetVideoConfig, xrefs: 007F44EF
XInit, xrefs: 007F44B3
XGetChannelHSync, xrefs: 007F4744
XSetMediaConfig4, xrefs: 007F44C8
XGetCurrentReadingAbsTime, xrefs: 007F47E4
XSetVideoConfig, xrefs: 007F44E2
XGetEndTimeUTC, xrefs: 007F461A
XGetChannelCount, xrefs: 007F4714
XStartStreaming, xrefs: 007F4509
XSetVideoTransformConfig, xrefs: 007F46F4
XGetVersion, xrefs: 007F46A4
XSetCurrentTimeUTC, xrefs: 007F4644
XGetBeginTime, xrefs: 007F45F3
XGetMotionInfo, xrefs: 007F45D9
XAddNthMedia, xrefs: 007F4764
XSetDownloadLocalFileName, xrefs: 007F4804
XGetTotalIFrame, xrefs: 007F47A4
XGetNextIFrame2, xrefs: 007F4557
XSetCurrentTime, xrefs: 007F4627
XGetPrevFrame2, xrefs: 007F4571
XGetPrevIFrame2, xrefs: 007F458B
XGetVideoConfig3, xrefs: 007F44FC
XGetNextFrame2, xrefs: 007F453D
XSetEngineConfig2, xrefs: 007F46DA
XGetPrevFrame, xrefs: 007F4564
XSetMotionInfo, xrefs: 007F45CC
XGetCurrentTimeUTC, xrefs: 007F4654
XGetCurrentReadingFileNumber, xrefs: 007F47D4
XEnableDeleteFileAfterClose, xrefs: 007F4814
XGetCurrentPos, xrefs: 007F4684
A4100, xrefs: 007F4486
XGetNextIFrame, xrefs: 007F454A
XSendCommand, xrefs: 007F45A5
XSetDownloadProgressCallback, xrefs: 007F47F4
XSearchCapCard, xrefs: 007F4724
XConnect, xrefs: 007F44D5
XGetRawFileInfo3, xrefs: 007F4674
XDisconnect, xrefs: 007F4598
XExit, xrefs: 007F45B5

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: AddressProc$Library$FreeLoad
String ID: A4100$XAddNthMedia$XConnect$XCreate$XDisconnect$XEnableDeleteFileAfterClose$XExit$XGetBeginTime$XGetBeginTimeUTC$XGetCardCount$XGetChannelCount$XGetChannelHSync$XGetCurrentPos$XGetCurrentReadingAbsTime$XGetCurrentReadingFileNumber$XGetCurrentTime$XGetCurrentTimeUTC$XGetEndTime$XGetEndTimeUTC$XGetMotionInfo$XGetNextFrame$XGetNextFrame2$XGetNextIFrame$XGetNextIFrame2$XGetNthBeginTime$XGetNthEndTime$XGetNthVideoConfig$XGetPrevFrame$XGetPrevFrame2$XGetPrevIFrame$XGetPrevIFrame2$XGetRawFileInfo2$XGetRawFileInfo3$XGetSessionID$XGetSupportEvents$XGetTotalIFrame$XGetVersion$XGetVideoConfig$XGetVideoConfig3$XInit$XRemoveAllMedia$XRemoveNthMedia$XSearchCapCard$XSearchCapChannel$XSendCommand$XSetControlDataCallBack$XSetCurrentTime$XSetCurrentTimeUTC$XSetDebugMessageLevel$XSetDownloadLocalFileName$XSetDownloadProgressCallback$XSetEngineConfig$XSetEngineConfig2$XSetMediaConfig$XSetMediaConfig4$XSetMotionInfo$XSetVideoConfig$XSetVideoTransformConfig$XStartStreaming$XStartTransferStreamingEngineData$XStop$XStopStreaming
API String ID: 2449869053-1343573623
Opcode ID: eb8e4c91e286014d497f30805df08584c27c0c331b43aa051175743f02c4f03e
Instruction ID: 48cc29ac1a717358ce6dc22ee16b4ae3a608311ec3244f58253e6996389e6542
Opcode Fuzzy Hash: eb8e4c91e286014d497f30805df08584c27c0c331b43aa051175743f02c4f03e
Instruction Fuzzy Hash: AAE105B4A40B16FBCF259F768D09A46FFA1FF44798B008626E52C52A50D7B9A434DFC0

Uniqueness

Uniqueness Score: -1.00%

Function 007CA6F0 Relevance: 116.5, APIs: 59, Strings: 7, Instructions: 998windowfileCOMMON

Download Yara Rule

APIs

Part of subcall function 007C7200: InitializeCriticalSectionEx.KERNEL32(00B3B220,00000000,00000000,007C5BC9,?,?,007C5EAB), ref: 007C7238
Part of subcall function 007C7200: GetLastError.KERNEL32(?,?,007C5EAB), ref: 007C7242

GdipGetImageEncodersSize.GDIPLUS(?,?), ref: 007CA745
_malloc.LIBCMT ref: 007CA78B

Part of subcall function 0092B455: __FF_MSGBANNER.LIBCMT ref: 0092B46C
Part of subcall function 0092B455: __NMSG_WRITE.LIBCMT ref: 0092B473
Part of subcall function 0092B455: RtlAllocateHeap.NTDLL(?,00000000,00000001,?,?,?,?,00802D4E,00000001,?,?,007748D8,00000B40,00000000), ref: 0092B498

GdipGetImageEncoders.GDIPLUS(?,?,00000008), ref: 007CA7B5
PathFindExtensionA.SHLWAPI(?,00000008,?,?,00000008), ref: 007CA7F2
GdipSaveImageToFile.GDIPLUS(?,00000000,?,00000000,00000000,?,?,00000003), ref: 007CA8E8
GdipDisposeImage.GDIPLUS(?,?,00000000,?,00000000,00000000,?,?,00000003), ref: 007CA8F2
GdipCreateBitmapFromHBITMAP.GDIPLUS(?,00000000,?,00000000,?,?,00000003), ref: 007CA90E
GdipSaveImageToFile.GDIPLUS(00000000,00000000,?,00000000,?,00000000,?,00000000,?,?,00000003), ref: 007CA91E
GdipDisposeImage.GDIPLUS(00000000,00000000,00000000,?,00000000,?,00000000,?,00000000,?,?,00000003), ref: 007CA928
GdipDisposeImage.GDIPLUS(00000000,00000000,00000000,?,00000000,?,00000000,?,00000000,?,?,00000003), ref: 007CA934
_free.LIBCMT ref: 007CA949
_memmove.LIBCMT ref: 007CA9BD
_memset.LIBCMT ref: 007CA9F5
_memset.LIBCMT ref: 007CAAF0
_memset.LIBCMT ref: 007CAB07
_strtok.LIBCMT ref: 007CAB39
_strtok.LIBCMT ref: 007CAB74
__snprintf.LIBCMT ref: 007CABB3
GetDC.USER32(00000000), ref: 007CABE5
CreateDIBitmap.GDI32(00000000,?,00000004,?,?,00000000), ref: 007CAC12
ReleaseDC.USER32(00000000,00000000), ref: 007CAC21
CreateCompatibleDC.GDI32(00000000), ref: 007CAC57
GetClientRect.USER32(?,?), ref: 007CAC86
CreateCompatibleBitmap.GDI32(?,?,?), ref: 007CACB8
SelectObject.GDI32(?,00000000), ref: 007CACCB

Part of subcall function 007C5FF0: _malloc.LIBCMT ref: 007C6007

BitBlt.GDI32(?,00000000,00000000,?,?,00000000,00000000,00000000,00CC0020), ref: 007CAD08
CreateFontA.GDI32(00000014,00000000,00000000,00000000,00000014,00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,Arial), ref: 007CAD52
SetBkColor.GDI32(?,00000000), ref: 007CAD62
SelectObject.GDI32(?,00000000), ref: 007CAD70
SetTextColor.GDI32(?,00FFFFFF), ref: 007CAD7C
SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 007CAE0B
SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 007CAE65
SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 007CAECA
SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 007CAF15
SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 007CAF28
SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 007CAF3B
TextOutA.GDI32(?,00000005,00000000,?,?), ref: 007CAF66
DeleteObject.GDI32(?), ref: 007CAF94
GetDC.USER32(00000000), ref: 007CB02D
CreateDIBitmap.GDI32(00000000,?,00000004,?,?,00000000), ref: 007CB05A
ReleaseDC.USER32(00000000,00000000), ref: 007CB069
CreateCompatibleDC.GDI32(00000000), ref: 007CB09F
GetClientRect.USER32(?,?), ref: 007CB0CE
CreateCompatibleBitmap.GDI32(?,?,?), ref: 007CB100
SelectObject.GDI32(?,00000000), ref: 007CB113
BitBlt.GDI32(?,00000000,00000000,?,?,00000000,00000000,00000000,00CC0020), ref: 007CB150
CreateFontA.GDI32(00000014,00000000,00000000,00000000,00000014,00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,Arial), ref: 007CB19A
SetBkColor.GDI32(?,00000000), ref: 007CB1AA
SelectObject.GDI32(?,00000000), ref: 007CB1B8
SetTextColor.GDI32(?,00FFFFFF), ref: 007CB1C4
SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 007CB253
SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 007CB2AD
SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 007CB312
SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 007CB361
SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 007CB374
SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 007CB387
GetDC.USER32(?), ref: 007CB390
TextOutA.GDI32(?,00000005,00000000,?,?), ref: 007CB3D0
DeleteObject.GDI32(?), ref: 007CB41E

Strings

jpg, xrefs: 007CAB87
Arial, xrefs: 007CAD33, 007CB17B
_, xrefs: 007CB227
/: , xrefs: 007CAB33, 007CAB6B
%s_%s.%s, xrefs: 007CABA8
bmp, xrefs: 007CAB8C, 007CAB94
CHANNEL, xrefs: 007CAA47

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: MessageSend$Create$Gdip$Image$Object$Bitmap$ColorCompatibleSelectText$Dispose_memset$ClientDeleteEncodersFileFontRectReleaseSave_malloc_strtok$AllocateCriticalErrorExtensionFindFromHeapInitializeLastPathSectionSize__snprintf_free_memmove
String ID: %s_%s.%s$/: $Arial$CHANNEL$_$bmp$jpg
API String ID: 3804205151-906809398
Opcode ID: 496eabc450b246697561221677a5db6d548ebdc2d69d1609c477674ae8c7f7d5
Instruction ID: 1433367d21130fefc1a0c56bd6249100bc71560f32b49d47a41d971cdfb63ba9
Opcode Fuzzy Hash: 496eabc450b246697561221677a5db6d548ebdc2d69d1609c477674ae8c7f7d5
Instruction Fuzzy Hash: 83829271901219ABEF21DB64CC4AFEEB7B8AF44314F0401ACF509AA2D2DB756E85CF51

Uniqueness

Uniqueness Score: -1.00%

Function 007F0290 Relevance: 102.4, APIs: 7, Strings: 51, Instructions: 938COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 007F02D6
_memset.LIBCMT ref: 007F0F03
_memset.LIBCMT ref: 007F0F1D
_memset.LIBCMT ref: 007F0F4F
_sprintf.LIBCMT ref: 007F0F66
_sprintf.LIBCMT ref: 007F0FEB
_sprintf.LIBCMT ref: 007F102E

Strings

N160, xrefs: 007F07D7
4.5M, xrefs: 007F03E3
P176, xrefs: 007F06AB
VIDEO_ENCODER=, xrefs: 007F0DAC
MJPEG, xrefs: 007F0E66
384K, xrefs: 007F04E4
N160, xrefs: 007F097A
N128, xrefs: 007F075A
VIDEO_SATURATION=, xrefs: 007F0C7A
256K, xrefs: 007F04F9
%s&VIDEO_BITRATE&VIDEO_RESOLUTION&VIDEO_FPS_NUM&VIDEO_BRIGHTNESS&VIDEO_CONTRAST&VIDEO_HUE&VIDEO_SATURATION&VIDEO_MJPEG_QUALITY, xrefs: 007F0F60
VIDEO_RESOLUTION=, xrefs: 007F055D
N203, xrefs: 007F08AE
N192, xrefs: 007F0802
1.2M, xrefs: 007F0491
3.5M, xrefs: 007F0415
2.5M, xrefs: 007F0447
VIDEO_BRIGHTNESS=, xrefs: 007F0A92
%s&VIDEO_BITRATE&VIDEO_RESOLUTION&VIDEO_FPS_NUM&VIDEO_BRIGHTNESS&VIDEO_CONTRAST&VIDEO_HUE&VIDEO_SATURATION&VIDEO_MJPEG_QUALITY, xrefs: 007F1028
500K, xrefs: 007F04CF
N720, xrefs: 007F05F7
5.5M, xrefs: 007F03B1
VIDEO_CONTRAST=, xrefs: 007F0B30
1.5M, xrefs: 007F0479
VIDEO_MJPEG_QUALITY=, xrefs: 007F0D1A
N364, xrefs: 007F092F
%s&VIDEO_BITRATE&VIDEO_RESOLUTION&VIDEO_FPS_NUM&VIDEO_BRIGHTNESS&VIDEO_CONTRAST&VIDEO_HUE&VIDEO_SATURATION&VIDEO_MJPEG_QUALITY, xrefs: 007F0FE5
N204, xrefs: 007F0904
N203, xrefs: 007F0883
N259, xrefs: 007F08D9
P720, xrefs: 007F0665
N640, xrefs: 007F0737
750K, xrefs: 007F04B7
P352, xrefs: 007F0688
N160, xrefs: 007F0642
128K, xrefs: 007F050E
N352, xrefs: 007F061F
N192, xrefs: 007F082D
N320, xrefs: 007F095A
N128, xrefs: 007F07AC
VIDEO_BITRATE=, xrefs: 007F0306
x120, xrefs: 007F0982
VIDEO_HUE=, xrefs: 007F0C05
N640, xrefs: 007F06F1
N203, xrefs: 007F0858
MPEG4, xrefs: 007F0E47
P640, xrefs: 007F0714
VIDEO_FPS_NUM=, xrefs: 007F09F1
N176, xrefs: 007F06CE
N128, xrefs: 007F0783
H264, xrefs: 007F0E85

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memset_sprintf$_memmove
String ID: %s&VIDEO_BITRATE&VIDEO_RESOLUTION&VIDEO_FPS_NUM&VIDEO_BRIGHTNESS&VIDEO_CONTRAST&VIDEO_HUE&VIDEO_SATURATION&VIDEO_MJPEG_QUALITY$%s&VIDEO_BITRATE&VIDEO_RESOLUTION&VIDEO_FPS_NUM&VIDEO_BRIGHTNESS&VIDEO_CONTRAST&VIDEO_HUE&VIDEO_SATURATION&VIDEO_MJPEG_QUALITY$%s&VIDEO_BITRATE&VIDEO_RESOLUTION&VIDEO_FPS_NUM&VIDEO_BRIGHTNESS&VIDEO_CONTRAST&VIDEO_HUE&VIDEO_SATURATION&VIDEO_MJPEG_QUALITY$1.2M$1.5M$128K$2.5M$256K$3.5M$384K$4.5M$5.5M$500K$750K$H264$MJPEG$MPEG4$N128$N128$N128$N160$N160$N160$N176$N192$N192$N203$N203$N203$N204$N259$N320$N352$N364$N640$N640$N720$P176$P352$P640$P720$VIDEO_BITRATE=$VIDEO_BRIGHTNESS=$VIDEO_CONTRAST=$VIDEO_ENCODER=$VIDEO_FPS_NUM=$VIDEO_HUE=$VIDEO_MJPEG_QUALITY=$VIDEO_RESOLUTION=$VIDEO_SATURATION=$x120
API String ID: 1395474088-3257838334
Opcode ID: 9555c257677e50863c8fb10cea77ceb398bff764581125248048cc749f409f58
Instruction ID: 6e4bf70fccb29b15580320c90425ee10adeb7c604ca0d4d29b51c42185eb1823
Opcode Fuzzy Hash: 9555c257677e50863c8fb10cea77ceb398bff764581125248048cc749f409f58
Instruction Fuzzy Hash: FE82ACB5904259CEDF21CF14C940BB8B7B1BF51304F4584EAC6499B343EB78AE89CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 0077A9C0 Relevance: 89.9, APIs: 8, Strings: 43, Instructions: 603COMMON

Download Yara Rule

APIs

swprintf.LIBCMT ref: 0077AA43
swprintf.LIBCMT ref: 0077AA77
swprintf.LIBCMT ref: 0077AC2D
swprintf.LIBCMT ref: 0077ADC9
swprintf.LIBCMT ref: 0077AEA7
swprintf.LIBCMT ref: 0077AF4C
swprintf.LIBCMT ref: 0077AF84
swprintf.LIBCMT ref: 0077B11E

Strings

2.5M, xrefs: 0077ABF1
8E2, xrefs: 0077AE7B
%smpeg4?USER=%s&PWD=%s&VIDEO_SATURATION=%d, xrefs: 0077AB10
56K, xrefs: 0077ABAB
7O2, xrefs: 0077AE91
%ssystem?USER=%s&PWD=%s&SAVE_REBOOT, xrefs: 0077ADB8
%smpeg4?USER=%s&PWD=%s&VIDEO_RESOLUTION=%s, xrefs: 0077ACBF
%smpeg4?USER=%s&PWD=%s&CHANNEL=%d&VIDEO_HUE=%d, xrefs: 0077AB85
%smpeg4?USER=%s&PWD=%s&CHANNEL=%d&VIDEO_FPS_NUM=%d, xrefs: 0077AD38
%smpeg4?USER=%s&PWD=%s&CHANNEL=%d&VIDEO_BRIGHTNESS=%d, xrefs: 0077AA66
5.5M, xrefs: 0077AC1B
8N1, xrefs: 0077AE02, 0077AE30
4.5M, xrefs: 0077AC0D
%smpeg4?USER=%s&PWD=%s&CHANNEL=%d&VIDEO_VARIABLE_FPS=%d,%d, xrefs: 0077B10D
1.2M, xrefs: 0077ABDC
8O2, xrefs: 0077AE6C
500K, xrefs: 0077ABC7
%smpeg4?USER=%s&PWD=%s&VIDEO_HUE=%d, xrefs: 0077AB62
256K, xrefs: 0077ABB9
128K, xrefs: 0077ABB2
750K, xrefs: 0077ABCE
8O1, xrefs: 0077AE10, 0077AE3F
%smpeg4?USER=%s&PWD=%s&CHANNEL=%d&SERIAL_SETTING=%s,%d, xrefs: 0077AF73
8E1, xrefs: 0077AE1E, 0077AE4E
%smpeg4?USER=%s&PWD=%s&VIDEO_BRIGHTNESS=%d, xrefs: 0077AA32
%smpeg4?USER=%s&PWD=%s&CHANNEL=%d&VIDEO_BITRATE=%s, xrefs: 0077AC7F
1.5M, xrefs: 0077ABE3
3.5M, xrefs: 0077ABFF
%smpeg4?USER=%s&PWD=%s&VIDEO_CONTRAST=%d, xrefs: 0077AAC1
%smpeg4?USER=%s&PWD=%s&VIDEO_BITRATE=%s, xrefs: 0077AC58
28K, xrefs: 0077ABA4
7E2, xrefs: 0077AE9C
%smpeg4?USER=%s&PWD=%s&VIDEO_VARIABLE_FPS=%d,%d, xrefs: 0077B0EA
7N2, xrefs: 0077AE86
384K, xrefs: 0077ABC0
%smpeg4?USER=%s&PWD=%s&VIDEO_FPS_NUM=%d, xrefs: 0077AD15
%smpeg4?USER=%s&PWD=%s&CHANNEL=%d&VIDEO_SATURATION=%d, xrefs: 0077AB33
%smpeg4?USER=%s&PWD=%s&DIO_OUTPUT=0x%.2x, xrefs: 0077B025
8N2, xrefs: 0077AE5D
%smpeg4?USER=%s&PWD=%s&CHANNEL=%d&VIDEO_RESOLUTION=%s, xrefs: 0077ACE6
%smpeg4?USER=%s&PWD=%s&CHANNEL=%d&VIDEO_CONTRAST=%d, xrefs: 0077AAE4
%smpeg4?USER=%s&PWD=%s&CHANNEL=%d&DIO_OUTPUT=0x%.2x, xrefs: 0077B048
%smpeg4?USER=%s&PWD=%s&SERIAL_SETTING=%s,%d, xrefs: 0077AF3B

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: swprintf
String ID: %smpeg4?USER=%s&PWD=%s&CHANNEL=%d&DIO_OUTPUT=0x%.2x$%smpeg4?USER=%s&PWD=%s&CHANNEL=%d&SERIAL_SETTING=%s,%d$%smpeg4?USER=%s&PWD=%s&CHANNEL=%d&VIDEO_BITRATE=%s$%smpeg4?USER=%s&PWD=%s&CHANNEL=%d&VIDEO_BRIGHTNESS=%d$%smpeg4?USER=%s&PWD=%s&CHANNEL=%d&VIDEO_CONTRAST=%d$%smpeg4?USER=%s&PWD=%s&CHANNEL=%d&VIDEO_FPS_NUM=%d$%smpeg4?USER=%s&PWD=%s&CHANNEL=%d&VIDEO_HUE=%d$%smpeg4?USER=%s&PWD=%s&CHANNEL=%d&VIDEO_RESOLUTION=%s$%smpeg4?USER=%s&PWD=%s&CHANNEL=%d&VIDEO_SATURATION=%d$%smpeg4?USER=%s&PWD=%s&CHANNEL=%d&VIDEO_VARIABLE_FPS=%d,%d$%smpeg4?USER=%s&PWD=%s&DIO_OUTPUT=0x%.2x$%smpeg4?USER=%s&PWD=%s&SERIAL_SETTING=%s,%d$%smpeg4?USER=%s&PWD=%s&VIDEO_BITRATE=%s$%smpeg4?USER=%s&PWD=%s&VIDEO_BRIGHTNESS=%d$%smpeg4?USER=%s&PWD=%s&VIDEO_CONTRAST=%d$%smpeg4?USER=%s&PWD=%s&VIDEO_FPS_NUM=%d$%smpeg4?USER=%s&PWD=%s&VIDEO_HUE=%d$%smpeg4?USER=%s&PWD=%s&VIDEO_RESOLUTION=%s$%smpeg4?USER=%s&PWD=%s&VIDEO_SATURATION=%d$%smpeg4?USER=%s&PWD=%s&VIDEO_VARIABLE_FPS=%d,%d$%ssystem?USER=%s&PWD=%s&SAVE_REBOOT$1.2M$1.5M$128K$2.5M$256K$28K$3.5M$384K$4.5M$5.5M$500K$56K$750K$7E2$7N2$7O2$8E1$8E2$8N1$8N2$8O1$8O2
API String ID: 233258989-116617301
Opcode ID: 3f867a15938620fa1e09fed768e41c8bdcefde8b8f944930b3b5eea3cd86b481
Instruction ID: 771321b99f79f262641ae88e801f558031ba02ef4caa8823290d973b1a3f376a
Opcode Fuzzy Hash: 3f867a15938620fa1e09fed768e41c8bdcefde8b8f944930b3b5eea3cd86b481
Instruction Fuzzy Hash: 2D22D572700609BAEF15CA51CC81FFBB3ACFB49340F108657F65E93081DB69A954DBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0077E2F0 Relevance: 86.3, APIs: 8, Strings: 41, Instructions: 571COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0077E320
swprintf.LIBCMT ref: 0077E3B2
swprintf.LIBCMT ref: 0077E3E6
swprintf.LIBCMT ref: 0077E59C
swprintf.LIBCMT ref: 0077E789
swprintf.LIBCMT ref: 0077E82E
swprintf.LIBCMT ref: 0077E866
swprintf.LIBCMT ref: 0077E992

Strings

2.5M, xrefs: 0077E560
8E2, xrefs: 0077E75D
%smpeg4?USER=%s&PWD=%s&VIDEO_SATURATION=%d, xrefs: 0077E47F
56K, xrefs: 0077E51A
7O2, xrefs: 0077E773
%ssystem?USER=%s&PWD=%s&SAVE_REBOOT, xrefs: 0077E981
%smpeg4?USER=%s&PWD=%s&VIDEO_RESOLUTION=%s, xrefs: 0077E680
%smpeg4?USER=%s&PWD=%s&CHANNEL=%d&VIDEO_HUE=%d, xrefs: 0077E4F4
%smpeg4?USER=%s&PWD=%s&CHANNEL=%d&VIDEO_FPS_NUM=%d, xrefs: 0077E640
%smpeg4?USER=%s&PWD=%s&CHANNEL=%d&VIDEO_BRIGHTNESS=%d, xrefs: 0077E3D5
5.5M, xrefs: 0077E58A
8N1, xrefs: 0077E6E4, 0077E712
4.5M, xrefs: 0077E57C
1.2M, xrefs: 0077E54B
8O2, xrefs: 0077E74E
500K, xrefs: 0077E536
%smpeg4?USER=%s&PWD=%s&VIDEO_HUE=%d, xrefs: 0077E4D1
256K, xrefs: 0077E528
128K, xrefs: 0077E521
750K, xrefs: 0077E53D
8O1, xrefs: 0077E6F2, 0077E721
%smpeg4?USER=%s&PWD=%s&CHANNEL=%d&SERIAL_SETTING=%s,%d, xrefs: 0077E855
8E1, xrefs: 0077E700, 0077E730
%smpeg4?USER=%s&PWD=%s&VIDEO_BRIGHTNESS=%d, xrefs: 0077E3A1
%smpeg4?USER=%s&PWD=%s&CHANNEL=%d&VIDEO_BITRATE=%s, xrefs: 0077E5EE
1.5M, xrefs: 0077E552
3.5M, xrefs: 0077E56E
%smpeg4?USER=%s&PWD=%s&VIDEO_CONTRAST=%d, xrefs: 0077E430
%smpeg4?USER=%s&PWD=%s&VIDEO_BITRATE=%s, xrefs: 0077E5C7
28K, xrefs: 0077E513
7E2, xrefs: 0077E77E
7N2, xrefs: 0077E768
384K, xrefs: 0077E52F
%smpeg4?USER=%s&PWD=%s&VIDEO_FPS_NUM=%d, xrefs: 0077E61D
%smpeg4?USER=%s&PWD=%s&CHANNEL=%d&VIDEO_SATURATION=%d, xrefs: 0077E4A2
%smpeg4?USER=%s&PWD=%s&DIO_OUTPUT=0x%.2x, xrefs: 0077E907
8N2, xrefs: 0077E73F
%smpeg4?USER=%s&PWD=%s&CHANNEL=%d&VIDEO_RESOLUTION=%s, xrefs: 0077E6A7
%smpeg4?USER=%s&PWD=%s&CHANNEL=%d&VIDEO_CONTRAST=%d, xrefs: 0077E453
%smpeg4?USER=%s&PWD=%s&CHANNEL=%d&DIO_OUTPUT=0x%.2x, xrefs: 0077E92A
%smpeg4?USER=%s&PWD=%s&SERIAL_SETTING=%s,%d, xrefs: 0077E81D

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: swprintf$_memset
String ID: %smpeg4?USER=%s&PWD=%s&CHANNEL=%d&DIO_OUTPUT=0x%.2x$%smpeg4?USER=%s&PWD=%s&CHANNEL=%d&SERIAL_SETTING=%s,%d$%smpeg4?USER=%s&PWD=%s&CHANNEL=%d&VIDEO_BITRATE=%s$%smpeg4?USER=%s&PWD=%s&CHANNEL=%d&VIDEO_BRIGHTNESS=%d$%smpeg4?USER=%s&PWD=%s&CHANNEL=%d&VIDEO_CONTRAST=%d$%smpeg4?USER=%s&PWD=%s&CHANNEL=%d&VIDEO_FPS_NUM=%d$%smpeg4?USER=%s&PWD=%s&CHANNEL=%d&VIDEO_HUE=%d$%smpeg4?USER=%s&PWD=%s&CHANNEL=%d&VIDEO_RESOLUTION=%s$%smpeg4?USER=%s&PWD=%s&CHANNEL=%d&VIDEO_SATURATION=%d$%smpeg4?USER=%s&PWD=%s&DIO_OUTPUT=0x%.2x$%smpeg4?USER=%s&PWD=%s&SERIAL_SETTING=%s,%d$%smpeg4?USER=%s&PWD=%s&VIDEO_BITRATE=%s$%smpeg4?USER=%s&PWD=%s&VIDEO_BRIGHTNESS=%d$%smpeg4?USER=%s&PWD=%s&VIDEO_CONTRAST=%d$%smpeg4?USER=%s&PWD=%s&VIDEO_FPS_NUM=%d$%smpeg4?USER=%s&PWD=%s&VIDEO_HUE=%d$%smpeg4?USER=%s&PWD=%s&VIDEO_RESOLUTION=%s$%smpeg4?USER=%s&PWD=%s&VIDEO_SATURATION=%d$%ssystem?USER=%s&PWD=%s&SAVE_REBOOT$1.2M$1.5M$128K$2.5M$256K$28K$3.5M$384K$4.5M$5.5M$500K$56K$750K$7E2$7N2$7O2$8E1$8E2$8N1$8N2$8O1$8O2
API String ID: 1292703666-3923266174
Opcode ID: 734abe606f2d05c061f7ba5f41200c2024b0526d8c59d383102c5d6f132cf9fb
Instruction ID: ee90592020a2e61fc36b914dafed2c3d0313b88ee4eb0a00d81a87a7cb6f7e89
Opcode Fuzzy Hash: 734abe606f2d05c061f7ba5f41200c2024b0526d8c59d383102c5d6f132cf9fb
Instruction Fuzzy Hash: EF12D372604749BADF28CA54CC41FF6B3ACBB0D340F10C6A7F65E93180D768BA559BA1

Uniqueness

Uniqueness Score: -1.00%

Function 007FA0B0 Relevance: 53.3, APIs: 6, Strings: 24, Instructions: 809COMMON

Download Yara Rule

APIs

_swscanf.LIBCMT ref: 007FA190

Part of subcall function 0092D9BB: _vscan_fn.LIBCMT ref: 0092D9CF

_swscanf.LIBCMT ref: 007FA268
_swscanf.LIBCMT ref: 007FA2BE
_memmove.LIBCMT ref: 007FA3F7

Strings

T_HI, xrefs: 007FA5F8
CHEK, xrefs: 007FA8E3
0x%X, xrefs: 007FAB16
Z_LO, xrefs: 007FA652
T_L2, xrefs: 007FA85C
P_H2, xrefs: 007FA74E
%X,%X, xrefs: 007FA2B8
SUM, xrefs: 007FA913
Z_HI1, xrefs: 007FA8B6
P_L2, xrefs: 007FA7A8
%X,%X,%X,%X, xrefs: 007FA262
P_HI, xrefs: 007FA456
P_L1, xrefs: 007FA77B
P_H1, xrefs: 007FA706
Z_HI, xrefs: 007FA6AC
ABSZOOM, xrefs: 007FA1EC
PANCOUNTERCLOCK, xrefs: 007FA12E
,, xrefs: 007FA359
P_LO, xrefs: 007FA4FC
T_H2, xrefs: 007FA802
Z_LO1, xrefs: 007FA889
T_L1, xrefs: 007FA82F
T_LO, xrefs: 007FA5A1
T_H1, xrefs: 007FA7D5

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _swscanf$_memmove_vscan_fn
String ID: %X,%X$%X,%X,%X,%X$,$0x%X$ABSZOOM$CHEK$PANCOUNTERCLOCK$P_H1$P_H2$P_HI$P_L1$P_L2$P_LO$SUM$T_H1$T_H2$T_HI$T_L1$T_L2$T_LO$Z_HI$Z_HI1$Z_LO$Z_LO1
API String ID: 205277358-72615087
Opcode ID: 3eeccb987b11e5b2a6826393334f76ff0f33d530c17acdf9723ada77f9300cba
Instruction ID: 49076c047d39fe787fdd1b5afed4b6a614aa41055520ee1705576cb11fc2ef25
Opcode Fuzzy Hash: 3eeccb987b11e5b2a6826393334f76ff0f33d530c17acdf9723ada77f9300cba
Instruction Fuzzy Hash: 6062F5B4A04258EFDF21CF68C890BBD7BB5AF05314F0441D8E689A7382D775AD85CB52

Uniqueness

Uniqueness Score: -1.00%

Function 007A03D0 Relevance: 45.7, APIs: 18, Strings: 8, Instructions: 206networkCOMMON

Download Yara Rule

APIs

swprintf.LIBCMT ref: 007A0430
getaddrinfo.WS2_32(?,00000000,?,00000000), ref: 007A0445
_wprintf.LIBCMT ref: 007A0482
_wprintf.LIBCMT ref: 007A04A0
_wprintf.LIBCMT ref: 007A04BE
_wprintf.LIBCMT ref: 007A04E7
_wprintf.LIBCMT ref: 007A0505
_wprintf.LIBCMT ref: 007A0530
socket.WS2_32(?,?,00000011), ref: 007A0590
freeaddrinfo.WS2_32(00000000,?,00000000,?,00000000), ref: 007A05A0

Strings

A memory allocation failure occurred. , xrefs: 007A049B
A temporary failure in name resolution occurred., xrefs: 007A0549
The ai_family member of the hints parameter is not supported. , xrefs: 007A04E2
The ai_socktype member of the hints parameter is not supported. , xrefs: 007A04B9
A nonrecoverable failure in name resolution occurred. , xrefs: 007A052B
The servname parameter is not supported for the specified ai_socktype member of the hints parameter. , xrefs: 007A0500
The name does not resolve for the supplied parameters or the nodename and servname parameters were not provided. , xrefs: 007A0567
An invalid value was provided for the ai_flags member of the hints parameter., xrefs: 007A047D

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _wprintf$freeaddrinfogetaddrinfosocketswprintf
String ID: A memory allocation failure occurred. $A nonrecoverable failure in name resolution occurred. $A temporary failure in name resolution occurred.$An invalid value was provided for the ai_flags member of the hints parameter.$The ai_family member of the hints parameter is not supported. $The ai_socktype member of the hints parameter is not supported. $The name does not resolve for the supplied parameters or the nodename and servname parameters were not provided. $The servname parameter is not supported for the specified ai_socktype member of the hints parameter.
API String ID: 513888964-48089087
Opcode ID: 461abb4359d21f6fed84c1c41455c4296656558da7e7fdba7f89d2d9abbafc56
Instruction ID: 21e4c1783aeafe0f62784216a7580f73e516a62c17aac9ab22b19205bca2e706
Opcode Fuzzy Hash: 461abb4359d21f6fed84c1c41455c4296656558da7e7fdba7f89d2d9abbafc56
Instruction Fuzzy Hash: 38511831E141189BDF04EBB4AC06BFE77B4FF99310F10066AF80AA2281DE694A50DBD1

Uniqueness

Uniqueness Score: -1.00%

Function 007EA490 Relevance: 33.4, APIs: 11, Strings: 8, Instructions: 173COMMON

Download Yara Rule

APIs

swprintf.LIBCMT ref: 007EA500
getaddrinfo.WS2_32(?,00000000,?,00000000), ref: 007EA515
_wprintf.LIBCMT ref: 007EA552
_wprintf.LIBCMT ref: 007EA573
_wprintf.LIBCMT ref: 007EA594
_wprintf.LIBCMT ref: 007EA5C0
_wprintf.LIBCMT ref: 007EA5E1
_wprintf.LIBCMT ref: 007EA60F
freeaddrinfo.WS2_32(00000000,00000000,?,?,?,?,?,?), ref: 007EA680

Strings

The ai_family member of the hints parameter is not supported. , xrefs: 007EA5BB
The servname parameter is not supported for the specified ai_socktype member of the hints parameter. , xrefs: 007EA5DC
A memory allocation failure occurred. , xrefs: 007EA56E
A temporary failure in name resolution occurred., xrefs: 007EA62B
The name does not resolve for the supplied parameters or the nodename and servname parameters were not provided. , xrefs: 007EA64C
An invalid value was provided for the ai_flags member of the hints parameter., xrefs: 007EA54D
A nonrecoverable failure in name resolution occurred. , xrefs: 007EA60A
The ai_socktype member of the hints parameter is not supported. , xrefs: 007EA58F

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _wprintf$freeaddrinfogetaddrinfoswprintf
String ID: A memory allocation failure occurred. $A nonrecoverable failure in name resolution occurred. $A temporary failure in name resolution occurred.$An invalid value was provided for the ai_flags member of the hints parameter.$The ai_family member of the hints parameter is not supported. $The ai_socktype member of the hints parameter is not supported. $The name does not resolve for the supplied parameters or the nodename and servname parameters were not provided. $The servname parameter is not supported for the specified ai_socktype member of the hints parameter.
API String ID: 2746762060-48089087
Opcode ID: e5785083019620d9ac2fec9e28190a7f5a607603e397b28a6cac3fb3435fc1b1
Instruction ID: f00de7bbaeae2869322b8363bbdebd681821103c38bacbac07986ef84f696ee7
Opcode Fuzzy Hash: e5785083019620d9ac2fec9e28190a7f5a607603e397b28a6cac3fb3435fc1b1
Instruction Fuzzy Hash: 0151FC72E05158ABCF14EB94E806BFF77A4DFEA320F04016FE806A3242DD651964D6D2

Uniqueness

Uniqueness Score: -1.00%

Function 0079E840 Relevance: 30.2, APIs: 6, Strings: 11, Instructions: 417COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0079E8A7
_strstr.LIBCMT ref: 0079E939
_strstr.LIBCMT ref: 0079E951

Strings

Public:, xrefs: 0079E9D1
SET_PARAMETER, xrefs: 0079EBB9
TEARDOWN, xrefs: 0079EC29
SETUP, xrefs: 0079EB81
DESCRIBE, xrefs: 0079EB48
PAUSE, xrefs: 0079ECA1
OPTIONS, xrefs: 0079EB10
CSeq:, xrefs: 0079E933
GET_PARAMETER, xrefs: 0079EBF1
Cseq:, xrefs: 0079E94B
PLAY, xrefs: 0079EC68

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _strstr$_memset
String ID: CSeq:$Cseq:$DESCRIBE$GET_PARAMETER$OPTIONS$PAUSE$PLAY$Public:$SETUP$SET_PARAMETER$TEARDOWN
API String ID: 4073161655-2982102744
Opcode ID: 845160e4527dc4657d20d9ecb01a900261e44244fe7dc7d9d246f6b8e6d48639
Instruction ID: c1502fd58f42371eb5c6c61932a2b855126667840fb79ae96d86bf221fdefa18
Opcode Fuzzy Hash: 845160e4527dc4657d20d9ecb01a900261e44244fe7dc7d9d246f6b8e6d48639
Instruction Fuzzy Hash: C6E13BB1A451885ADF35CB30A861BFABBA5AB73310F1C44E9D8C787242E67E89C4C750

Uniqueness

Uniqueness Score: -1.00%

Function 00796030 Relevance: 28.4, APIs: 6, Strings: 10, Instructions: 388COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0079607E

Part of subcall function 00795F30: _memset.LIBCMT ref: 00795F63
Part of subcall function 00795F30: swprintf.LIBCMT ref: 00796005

Part of subcall function 007B94E0: ___from_strstr_to_strchr.LIBCMT ref: 007B9501
Part of subcall function 007B94E0: ___from_strstr_to_strchr.LIBCMT ref: 007B951F

_strstr.LIBCMT ref: 0079610D
_strstr.LIBCMT ref: 00796125
_strstr.LIBCMT ref: 007961BA
_memset.LIBCMT ref: 0079624F
swprintf.LIBCMT ref: 00796266

Strings

Public:, xrefs: 007961AA
SET_PARAMETER, xrefs: 00796399
TEARDOWN, xrefs: 007963D1
SETUP, xrefs: 00796361
DESCRIBE, xrefs: 00796328
PAUSE, xrefs: 00796444
OPTIONS, xrefs: 007962F0
CSeq:, xrefs: 00796107
Cseq:, xrefs: 0079611F
PLAY, xrefs: 0079640C

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memset_strstr$___from_strstr_to_strchrswprintf
String ID: CSeq:$Cseq:$DESCRIBE$OPTIONS$PAUSE$PLAY$Public:$SETUP$SET_PARAMETER$TEARDOWN
API String ID: 3439391166-4100872077
Opcode ID: 0dd4e0dcf5e12572fc77c7eda5fa68c208129e3996642b85726c1ef6c6d994ba
Instruction ID: ab3f3aad54677fafabc8afcb6cccf9161212cc3ed4e3a6cb0b63c0e96dc5d4b0
Opcode Fuzzy Hash: 0dd4e0dcf5e12572fc77c7eda5fa68c208129e3996642b85726c1ef6c6d994ba
Instruction Fuzzy Hash: CBD16FB1E441995ADF358B30B861BF97B65AF32304F1802E9D9C687242E77E9EC4CB50

Uniqueness

Uniqueness Score: -1.00%

Function 007A88B0 Relevance: 20.2, APIs: 8, Strings: 3, Instructions: 916COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 007A8955

Strings

?, xrefs: 007A9149
?, xrefs: 007A8B62
list<T> too long, xrefs: 007A962A, 007A9634, 007A963E, 007A9648

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memmove
String ID: ?$?$list<T> too long
API String ID: 4104443479-2182746332
Opcode ID: 983aa10fd32f6f437ce15cd8829fe952a31a157b92acbf33cb50f79556e46878
Instruction ID: 0b5df5b22b1cd40c0ce939635016c3d73ba6a41b75117b9fbd9b385ec1730162
Opcode Fuzzy Hash: 983aa10fd32f6f437ce15cd8829fe952a31a157b92acbf33cb50f79556e46878
Instruction Fuzzy Hash: FE927070A002699FDB64CF28C851BA9B7B1FF86304F1482E9E94D9B342E7349E95CF51

Uniqueness

Uniqueness Score: -1.00%

Function 007B4540 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 163networkCOMMON

Download Yara Rule

APIs

socket.WS2_32(00000002,00000002,00000000), ref: 007B4558
setsockopt.WS2_32(00000000,0000FFFF,00000004,00000001,00000004), ref: 007B4575
htons.WS2_32(0077CF32), ref: 007B4585
htonl.WS2_32(00000000), ref: 007B4591
bind.WS2_32(?,?,00000010), ref: 007B45A0
inet_addr.WS2_32(?), ref: 007B45AC
setsockopt.WS2_32 ref: 007B45C5
setsockopt.WS2_32(?,0000FFFF,00001006,00001388,00000004), ref: 007B45E3
recvfrom.WS2_32(?,00000000,0000FFFF,00000000,?,?), ref: 007B4650
_memmove.LIBCMT ref: 007B467D

Strings

#y, xrefs: 007B46A6

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: setsockopt$_memmovebindhtonlhtonsinet_addrrecvfromsocket
String ID: #y
API String ID: 1227263002-377225401
Opcode ID: c853e4a2f8343de933ec1f25e97e48420157e9625a600748b26e796139a016d8
Instruction ID: b0eb256b6c89362b4f08247d84608e688745487200f7bfdddbb5d5ec804bf3d1
Opcode Fuzzy Hash: c853e4a2f8343de933ec1f25e97e48420157e9625a600748b26e796139a016d8
Instruction Fuzzy Hash: F851D472901219ABDB149F58DC46FEA77A4FF48310F048228FE489F382D7B5D955CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 007FAB30 Relevance: 18.0, APIs: 8, Strings: 2, Instructions: 452COMMON

Download Yara Rule

APIs

_swscanf.LIBCMT ref: 007FAC36
_sprintf.LIBCMT ref: 007FACDD
_swscanf.LIBCMT ref: 007FAE4C
_sprintf.LIBCMT ref: 007FAE73

Strings

0x%X, xrefs: 007FAE18, 007FAF70
=, xrefs: 007FAB9A

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _sprintf_swscanf
String ID: 0x%X$=
API String ID: 748089147-551125171
Opcode ID: 7767d2a32b2d187790a7b99bfd51f448d817e9252146748826d34a027c62505d
Instruction ID: 242d95993e2a882e8cc88bfc2f133f6738ac8e70586f233596860135253e3e96
Opcode Fuzzy Hash: 7767d2a32b2d187790a7b99bfd51f448d817e9252146748826d34a027c62505d
Instruction Fuzzy Hash: 2212D2B0E0425CDFDF24CF64C890BEDBBB5BF45304F644199D449AB242E738AA85CB52

Uniqueness

Uniqueness Score: -1.00%

Function 008140DB Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186comCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 008140E5
_memset.LIBCMT ref: 0081414E
GetVersionExA.KERNEL32(00000094,6838016B), ref: 00814167
_malloc.LIBCMT ref: 0081419E
_memset.LIBCMT ref: 008141B7
__cftof.LIBCMT ref: 0081428B
CoInitializeEx.OLE32(00000000,00000002), ref: 008142E5
CoCreateInstance.OLE32(009C23D0,00000000,00000001,009978A0,?), ref: 0081432C

Strings

@, xrefs: 00814245

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memset$CreateH_prolog3_InitializeInstanceVersion__cftof_malloc
String ID: @
API String ID: 173258153-2766056989
Opcode ID: 09795c41a024d154b3c52e609e8ae67e7a8348febe174c364e23bea9c1111172
Instruction ID: 5361f7fee19ef8a60b0e6d669ba2c9e1c992bd5ff681141be51c1d665d3216fc
Opcode Fuzzy Hash: 09795c41a024d154b3c52e609e8ae67e7a8348febe174c364e23bea9c1111172
Instruction Fuzzy Hash: E58105B4A007159FDB60DF38C845B96BBE8FF45314F00856DA5AEDB382DB74A9888B11

Uniqueness

Uniqueness Score: -1.00%

Function 007A28D0 Relevance: 15.6, APIs: 10, Instructions: 644networkCOMMON

Download Yara Rule

APIs

htons.WS2_32(?), ref: 007A2913
_memmove.LIBCMT ref: 007A2B6F
_memmove.LIBCMT ref: 007A2B9A
_memmove.LIBCMT ref: 007A2BED
htons.WS2_32(00008000), ref: 007A2D14

Part of subcall function 007A09A0: _memmove.LIBCMT ref: 007A09FA

Part of subcall function 007B5930: _memset.LIBCMT ref: 007B5961

_memmove.LIBCMT ref: 007A2A71

Part of subcall function 007B6600: _memset.LIBCMT ref: 007B6613

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memmove$_memsethtons
String ID:
API String ID: 4219588475-0
Opcode ID: 92011ff9ce2ffd53dc9f33ee29b3988c3ac94f65b2b9bb84da116bd016e74e6f
Instruction ID: 1b217188cd1b182c122f02856170075f9e0999ced6d0c6785765fe3a8e215eb4
Opcode Fuzzy Hash: 92011ff9ce2ffd53dc9f33ee29b3988c3ac94f65b2b9bb84da116bd016e74e6f
Instruction Fuzzy Hash: BE32D3719002498FCF14DF68C885BEEB7B5EF86314F184269E8499F247D738E946CB60

Uniqueness

Uniqueness Score: -1.00%

Function 007BAA00 Relevance: 15.1, APIs: 10, Instructions: 117networkCOMMON

Download Yara Rule

APIs

socket.WS2_32(00000002,00000002,00000011), ref: 007BAA1E
htonl.WS2_32(00000000), ref: 007BAA54
htons.WS2_32(?), ref: 007BAA60
bind.WS2_32(?,?,00000010), ref: 007BAA73

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: bindhtonlhtonssocket
String ID:
API String ID: 1577352343-0
Opcode ID: 1fe9f24d0f3fcf32a3563d51f6d47f86432bca68bd6790df98e7706a82165b24
Instruction ID: 5488b5326b2b3f45700d009a5eeb5ed5154352f13faa621b96d99165b2318323
Opcode Fuzzy Hash: 1fe9f24d0f3fcf32a3563d51f6d47f86432bca68bd6790df98e7706a82165b24
Instruction Fuzzy Hash: F141F671A10208AADB10EBB0DD46FFEB7B4EF49720F10422AFA11A62D0DB755944DB60

Uniqueness

Uniqueness Score: -1.00%

Function 00780BE0 Relevance: 14.4, APIs: 5, Strings: 3, Instructions: 384COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00780C0C
_memset.LIBCMT ref: 00780C26
_memset.LIBCMT ref: 00780C40
swprintf.LIBCMT ref: 00780D1C
swprintf.LIBCMT ref: 00780D6E

Part of subcall function 0092A617: ___report_securityfailure.LIBCMT ref: 0092A61C

Part of subcall function 007965C0: _strstr.LIBCMT ref: 00796682
Part of subcall function 007965C0: _strstr.LIBCMT ref: 0079669A

Strings

rtsp://%s:%s@%s:%d%s, xrefs: 00780D41
rtsp://%s:%s@%s:%d, xrefs: 00780D0B
rtsp://%s:%s@%s:%d/%s, xrefs: 00780D5D

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memset$_strstrswprintf$___report_securityfailure
String ID: rtsp://%s:%s@%s:%d$rtsp://%s:%s@%s:%d%s$rtsp://%s:%s@%s:%d/%s
API String ID: 3702750530-4100196092
Opcode ID: e4d75bf11d869541b3f66d004ff42bfef4c59c2990c81a185ece7760c5e78dbe
Instruction ID: a8a19cb33e7dbbd4ad220f0c325f781f9e91aa7fec207c86fe788acd1ba734d5
Opcode Fuzzy Hash: e4d75bf11d869541b3f66d004ff42bfef4c59c2990c81a185ece7760c5e78dbe
Instruction Fuzzy Hash: 7CD127715443048FCB24EF29C894BEFB3E9EF85300F4446ADE999AB241D738A949CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 007DA7A0 Relevance: 14.2, APIs: 9, Instructions: 697sleepsynchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 007ED160: timeBeginPeriod.WINMM(00000001), ref: 007ED18F
Part of subcall function 007ED160: CreateWaitableTimerA.KERNEL32(00000000,00000000,00000000), ref: 007ED19B
Part of subcall function 007ED160: SetWaitableTimer.KERNEL32(?,FFFFD8F0,00000000,00000000,00000000,00000000), ref: 007ED1D1
Part of subcall function 007ED160: GetCurrentProcess.KERNEL32 ref: 007ED1DD
Part of subcall function 007ED160: GetPriorityClass.KERNEL32(00000000), ref: 007ED1E4
Part of subcall function 007ED160: GetCurrentThread.KERNEL32 ref: 007ED1ED
Part of subcall function 007ED160: GetThreadPriority.KERNEL32(00000000), ref: 007ED1F4
Part of subcall function 007ED160: GetCurrentProcess.KERNEL32(00000100), ref: 007ED202
Part of subcall function 007ED160: SetPriorityClass.KERNEL32(00000000), ref: 007ED209
Part of subcall function 007ED160: GetCurrentThread.KERNEL32 ref: 007ED211
Part of subcall function 007ED160: SetThreadPriority.KERNEL32(00000000), ref: 007ED218
Part of subcall function 007ED160: QueryPerformanceFrequency.KERNEL32(?), ref: 007ED22E
Part of subcall function 007ED160: QueryPerformanceCounter.KERNEL32(?), ref: 007ED23E
Part of subcall function 007ED160: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 007ED249
Part of subcall function 007ED160: QueryPerformanceCounter.KERNEL32(?,?,?,00000010,00000000), ref: 007ED278

GetTickCount.KERNEL32 ref: 007DA82D
SetEvent.KERNEL32(?), ref: 007DA8DF
Sleep.KERNEL32(00000064), ref: 007DA8FA
ResetEvent.KERNEL32(?), ref: 007DA914
_memmove.LIBCMT ref: 007DAAA7
SetEvent.KERNEL32(?,?,00000000,?,6838016B), ref: 007DAABC
WaitForSingleObject.KERNEL32(?,?,?,?,000003E8,00000000,00000000,?,00000000,?,6838016B), ref: 007DAE54
SetEvent.KERNEL32(?,00000000,?,00000000,6838016B,00000000,00000000), ref: 007DAF9C

Part of subcall function 007D1950: CDECCreate.ARCHIVEPLAYER ref: 007D198F
Part of subcall function 007D1950: CDECSetFormat.ARCHIVEPLAYER(00000000,?), ref: 007D199B
Part of subcall function 007D1950: CDECSetDeblock.ARCHIVEPLAYER(00000000,?,00000000,?), ref: 007D19A6
Part of subcall function 007D1950: CDECSetQuality.ARCHIVEPLAYER(00000000,?,00000000,?,00000000,?), ref: 007D19B1

CDECRelease.ARCHIVEPLAYER(?,?,00000000,00000000,?,00000000,00000000), ref: 007DB127

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: CurrentEventPriorityThread$PerformanceQuery$ClassCounterCreateProcessTimerWaitable$BeginCountDeblockFormatFrequencyObjectPeriodQualityReleaseResetSingleSleepTickUnothrow_t@std@@@Wait__ehfuncinfo$??2@_memmovetime
String ID:
API String ID: 59148844-0
Opcode ID: be2b38da6c5e79805665d49a8a56bbd3bef05576ba113f6b9e1cc957e86bd326
Instruction ID: f14f109c1a8ec3b7b3aa93b7b370249c8fae7e32d88eeaaeea6904127afccb88
Opcode Fuzzy Hash: be2b38da6c5e79805665d49a8a56bbd3bef05576ba113f6b9e1cc957e86bd326
Instruction Fuzzy Hash: F1629F70E00649EBDB19CFB8C854BEDFBB5BF48300F14425AE469A7351DB38A991CB91

Uniqueness

Uniqueness Score: -1.00%

Function 007AA010 Relevance: 13.9, APIs: 9, Instructions: 428networkCOMMON

Download Yara Rule

APIs

htons.WS2_32(?), ref: 007AA051
_memmove.LIBCMT ref: 007AA10A
_memmove.LIBCMT ref: 007AA25A
_memmove.LIBCMT ref: 007AA283
_memmove.LIBCMT ref: 007AA2B1
_memmove.LIBCMT ref: 007AA334
_memmove.LIBCMT ref: 007AA380
_memmove.LIBCMT ref: 007AA4B7

Part of subcall function 00794CA0: _memset.LIBCMT ref: 00794CC9

_memmove.LIBCMT ref: 007AA520

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memmove$_memsethtons
String ID:
API String ID: 4219588475-0
Opcode ID: ed1b999751d095e6e4019106e38955daca7299d6b5719e7403b9a726477be569
Instruction ID: 9a12ce9b525705ef54da58116dfcb5a4ce74c53463de91cd8aed5b2d8a043246
Opcode Fuzzy Hash: ed1b999751d095e6e4019106e38955daca7299d6b5719e7403b9a726477be569
Instruction Fuzzy Hash: 4FF10531E00249AFDF14CFA8C495BEEBBB4EF86314F148299D4189B382D339D956CB91

Uniqueness

Uniqueness Score: -1.00%

Function 00798230 Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 532COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 007982BB

Strings

?, xrefs: 0079854D
list<T> too long, xrefs: 007989C4, 007989CE

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memmove
String ID: ?$list<T> too long
API String ID: 4104443479-2745021669
Opcode ID: 5236fb2ffd75115e61c6cb55d284bae180c047ddcbc9907b56396304b88a003a
Instruction ID: 34a502b584e582475c98c93024ef4867a3f29d4fa5731b5a219b50179eb67a3f
Opcode Fuzzy Hash: 5236fb2ffd75115e61c6cb55d284bae180c047ddcbc9907b56396304b88a003a
Instruction Fuzzy Hash: 2232A071A002298FDB64CF28D890BA9B7B1FF46304F1481E9E94D9B342DB759D85CF91

Uniqueness

Uniqueness Score: -1.00%

Function 008144D5 Relevance: 12.5, APIs: 8, Instructions: 458COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 008144DC
_strlen.LIBCMT ref: 0081459C
_strlen.LIBCMT ref: 008145A5
_strlen.LIBCMT ref: 00814611

Part of subcall function 0080BFB6: __EH_prolog3.LIBCMT ref: 0080BFBD

_memcpy_s.LIBCMT ref: 0081465C
_strlen.LIBCMT ref: 00814674
_memcpy_s.LIBCMT ref: 008146C2

Part of subcall function 0081092F: __CxxThrowException@8.LIBCMT ref: 00810943

PathRemoveFileSpecW.SHLWAPI(?,?,?,00000000), ref: 008147F3

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _strlen$H_prolog3_memcpy_s$Exception@8FilePathRemoveSpecThrow
String ID:
API String ID: 3593942973-0
Opcode ID: 47e028abe5be338454e931b1181d9b74aea94fac656ae7409b597c391d9efb80
Instruction ID: d17b36e57631102482720d306156a7e91bf89c4ca7e7f1df68e34a1cda067413
Opcode Fuzzy Hash: 47e028abe5be338454e931b1181d9b74aea94fac656ae7409b597c391d9efb80
Instruction Fuzzy Hash: B902DF70A0120A9FDB18DF68C851BEEBBB9FF44315F14926DE511EB2A1DB309D41CB90

Uniqueness

Uniqueness Score: -1.00%

Function 007A3060 Relevance: 12.4, APIs: 8, Instructions: 404networkCOMMON

Download Yara Rule

APIs

htons.WS2_32(?), ref: 007A309D
_memmove.LIBCMT ref: 007A323F
_memmove.LIBCMT ref: 007A3268
_memmove.LIBCMT ref: 007A3296
_memmove.LIBCMT ref: 007A331A
_memmove.LIBCMT ref: 007A3366

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memmove$htons
String ID:
API String ID: 1994645662-0
Opcode ID: 39b892bba6aef1f61b011bcc2f62b0f1711b02213437491e6fa48f9b71bce64c
Instruction ID: 110a2a9fb20b57222edabfd2ea6ea17fc2a075c9ea000a638dcf01efbecf8bb8
Opcode Fuzzy Hash: 39b892bba6aef1f61b011bcc2f62b0f1711b02213437491e6fa48f9b71bce64c
Instruction Fuzzy Hash: 98F11671A0054A9FDF14DFA8C855BEEBBE4EF86314F048299E4199B383C739DA42CB50

Uniqueness

Uniqueness Score: -1.00%

Function 007C87A0 Relevance: 12.2, APIs: 8, Instructions: 214windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 007C87C2
KEnableStretchMode.ARCHIVEPLAYER(?,00000001), ref: 007C87E7
GetClientRect.USER32(?,?), ref: 007C880A
__dtol3.LIBCMT ref: 007C8905
__dtol3.LIBCMT ref: 007C895E
KSetRenderInfo.ARCHIVEPLAYER(?,?), ref: 007C8B14

Part of subcall function 007CB6F0: KGetVideoConfig3.ARCHIVEPLAYER ref: 007CB742
Part of subcall function 007CB6F0: _memset.LIBCMT ref: 007CB76B
Part of subcall function 007CB6F0: _sprintf.LIBCMT ref: 007CB77B
Part of subcall function 007CB6F0: _sprintf.LIBCMT ref: 007CB7A8
Part of subcall function 007CB6F0: GetClientRect.USER32(?,?), ref: 007CB832

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: ClientRect__dtol3_sprintf$Config3EnableInfoMessageModeRenderSendStretchVideo_memset
String ID:
API String ID: 215431663-0
Opcode ID: 4f88c0accaefb2b792c9a418972e3248a9e5b46ee5c6f138c80aeb618da2fdb4
Instruction ID: bb5dacfa357f8ebc87b0eaa9bf338d6df69ac11606ac700b6faea75dd09680c8
Opcode Fuzzy Hash: 4f88c0accaefb2b792c9a418972e3248a9e5b46ee5c6f138c80aeb618da2fdb4
Instruction Fuzzy Hash: 2581E430934B488ED763DB769851B59B3A4EF59380F14872FE40BB6262FB2978D1DB01

Uniqueness

Uniqueness Score: -1.00%

Function 007A42A0 Relevance: 12.1, APIs: 8, Instructions: 144networkCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 007A42D0
recvfrom.WS2_32(000000FF,?,00010000,00000000,?,?), ref: 007A430A
WSAGetLastError.WS2_32 ref: 007A4316
htonl.WS2_32(?), ref: 007A435A
htons.WS2_32(?), ref: 007A43B8
htons.WS2_32(?), ref: 007A43F5
htons.WS2_32(?), ref: 007A440B
htons.WS2_32(?), ref: 007A4413

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: htons$ErrorLast_memsethtonlrecvfrom
String ID:
API String ID: 2258917609-0
Opcode ID: 4fa9e6ac060727816943418644f873fc43f1a924e45cf45d10a924c012f1c2ba
Instruction ID: 34fec0e68258e89363cdac170e35e0f2b8493dfdc312f9de73e6bedd00fd49b2
Opcode Fuzzy Hash: 4fa9e6ac060727816943418644f873fc43f1a924e45cf45d10a924c012f1c2ba
Instruction Fuzzy Hash: 6951D3319012588BCF39DB24D855BFEB3B1EF89314F10069EE48A56681CBF5A984CB45

Uniqueness

Uniqueness Score: -1.00%

Function 007B4860 Relevance: 12.1, APIs: 8, Instructions: 70networkCOMMON

Download Yara Rule

APIs

socket.WS2_32(00000002,00000002,00000000), ref: 007B4876
setsockopt.WS2_32(00000000,0000FFFF,00000004,00000001,00000004), ref: 007B4893
htons.WS2_32(?), ref: 007B48A3
htonl.WS2_32(00000000), ref: 007B48AF
bind.WS2_32(?,?,00000010), ref: 007B48BE
inet_addr.WS2_32(?), ref: 007B48CA
setsockopt.WS2_32 ref: 007B48E3
setsockopt.WS2_32(?,0000FFFF,00001006,?), ref: 007B4918

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: setsockopt$bindhtonlhtonsinet_addrsocket
String ID:
API String ID: 3565660032-0
Opcode ID: a84dd1618f550533a1c289aed613cc26ea756dafe8bd5a8999a74eb53458ad98
Instruction ID: 8ef89ffa320985436fb44f413e60e267b6d05613b2cd4acf0c5948763f38a2a4
Opcode Fuzzy Hash: a84dd1618f550533a1c289aed613cc26ea756dafe8bd5a8999a74eb53458ad98
Instruction Fuzzy Hash: 3721B471255306BBEB109F61DC0AF95BBA4FF08720F108219FA08976D0D7B1A964DB94

Uniqueness

Uniqueness Score: -1.00%

Function 0092CDB1 Relevance: 10.6, APIs: 7, Instructions: 108timeCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32(?,?,00000000,?), ref: 0092CE2D
__aulldiv.LIBCMT ref: 0092CE47
GetTimeZoneInformation.KERNEL32(?,?,?,23C34600,00000000), ref: 0092CE61
__aulldiv.LIBCMT ref: 0092CEB9
__aullrem.LIBCMT ref: 0092CEC7
__aulldiv.LIBCMT ref: 0092CEE5

Part of subcall function 0092F66F: __getptd_noexit.LIBCMT ref: 0092F66F

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: Time__aulldiv$FileInformationSystemZone__aullrem__getptd_noexit
String ID:
API String ID: 767840697-0
Opcode ID: 5b2f00b29573703959cb16870ee4a2519123b201c953c7633a52e949cab0e269
Instruction ID: c3ba58b35910167e0915608db3bcc3eb9e8b4132d6bad2cffb5bb6f286630f3e
Opcode Fuzzy Hash: 5b2f00b29573703959cb16870ee4a2519123b201c953c7633a52e949cab0e269
Instruction Fuzzy Hash: 3C31C2B1A04324ABDB20EB74BC86BAEB3BDEB49300F11455AF105A7295DB309D80CB55

Uniqueness

Uniqueness Score: -1.00%

Function 008163F1 Relevance: 9.1, APIs: 6, Instructions: 134networkfileCOMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 008163F8
_strlen.LIBCMT ref: 00816419
__cftof.LIBCMT ref: 0081644D
FtpFindFirstFileA.WININET(?,?,?,?,?), ref: 0081646B

Part of subcall function 009303A2: __mbspbrk_l.LIBCMT ref: 009303AD

Part of subcall function 008165EE: FtpGetCurrentDirectoryA.WININET(?,00000000,00000000), ref: 0081660E

FtpSetCurrentDirectoryA.WININET(?,?), ref: 008164C2
FtpSetCurrentDirectoryA.WININET(?,?), ref: 008164DB

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: CurrentDirectory$FileFindFirstH_prolog3__cftof__mbspbrk_l_strlen
String ID:
API String ID: 2660972557-0
Opcode ID: 262b7231e8c39c9750d9c08e3e329e80a719c98cf8d2ca9ae1cb80c9fdbd24c3
Instruction ID: 78afe59ac590f9dba1054567a92ffb58de933fe4a89bec6e77a65eb99083fd15
Opcode Fuzzy Hash: 262b7231e8c39c9750d9c08e3e329e80a719c98cf8d2ca9ae1cb80c9fdbd24c3
Instruction Fuzzy Hash: 4441D37160060AABCF14AF68CC96FEA77ADFF40314F048528F955D7282EB34D9A08B50

Uniqueness

Uniqueness Score: -1.00%

Function 007BAB50 Relevance: 9.1, APIs: 6, Instructions: 69networkCOMMON

Download Yara Rule

APIs

Part of subcall function 007A0650: swprintf.LIBCMT ref: 007A06BF
Part of subcall function 007A0650: getaddrinfo.WS2_32(?,?,?,?), ref: 007A06D3
Part of subcall function 007A0650: _wprintf.LIBCMT ref: 007A0749
Part of subcall function 007A0650: freeaddrinfo.WS2_32(?), ref: 007A0753

socket.WS2_32(?,?,00000011), ref: 007BAB82
freeaddrinfo.WS2_32(00000000,?,?,?,007BB28A,?,?,?,007A13EF), ref: 007BAB95
bind.WS2_32(00000000,?,?), ref: 007BABAF
freeaddrinfo.WS2_32(00000000,?,?,?,007BB28A,?,?,?,007A13EF), ref: 007BABBC
freeaddrinfo.WS2_32(00000000,?,?,?,007BB28A,?,?,?,007A13EF), ref: 007BABDA
setsockopt.WS2_32(000000FF,0000FFFF,00000080,?,00000004), ref: 007BAC11

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: freeaddrinfo$_wprintfbindgetaddrinfosetsockoptsocketswprintf
String ID:
API String ID: 1215792191-0
Opcode ID: 2ebf2a542691790100c6300363310f477b2c97ed4b5ba424b45e1acb77f2cbcd
Instruction ID: 8d29d28e04152516ec561bcaa92b1b3bcf64b913b96641041b156f9129bb9f6b
Opcode Fuzzy Hash: 2ebf2a542691790100c6300363310f477b2c97ed4b5ba424b45e1acb77f2cbcd
Instruction Fuzzy Hash: 29219F71524108FFCB14AFA4DD49FED7BA9EF08720F108349F925972E0CB759A10AB51

Uniqueness

Uniqueness Score: -1.00%

Function 00418550 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 236COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 00418561
_strlen.LIBCMT ref: 004185FA
_strlen.LIBCMT ref: 00418696

Strings

none, xrefs: 00418551

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _strlen
String ID: none
API String ID: 4218353326-2140143823
Opcode ID: e86144b83faf2609faa7d8d431108f4df0db19410885fac3b8cd67c8cfb4e814
Instruction ID: 0174e0fa88e114d341cd34f4ccac7937bc92479834673c60682fef90a17ef77a
Opcode Fuzzy Hash: e86144b83faf2609faa7d8d431108f4df0db19410885fac3b8cd67c8cfb4e814
Instruction Fuzzy Hash: E9915C71A083449FD764DF19C48066BBBE2FBC5340F69892EF49987350DB79A8818B86

Uniqueness

Uniqueness Score: -1.00%

Function 0096C314 Relevance: 8.7, APIs: 2, Strings: 2, Instructions: 1663COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 0096C891
_abort.LIBCMT ref: 0096D907

Strings

, xrefs: 0096C569
(, xrefs: 0096DF2F

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: __floor_pentium4_abort
String ID: $(
API String ID: 3575410383-55695022
Opcode ID: a41cd5a54a28224d420d982f555b31aece4e1a459780aebca0e6f35b2f39fce7
Instruction ID: 4481e013c9a2a6e80960657b97cd7b34fda15f139b77b4a784cdbb93e03b69e7
Opcode Fuzzy Hash: a41cd5a54a28224d420d982f555b31aece4e1a459780aebca0e6f35b2f39fce7
Instruction Fuzzy Hash: D30311B5A093818BD374DF19C580BDABBE1FBC8300F51892ED8DD97255EB35A854CB82

Uniqueness

Uniqueness Score: -1.00%

Function 009548E0 Relevance: 7.8, APIs: 3, Strings: 1, Instructions: 790COMMON

Download Yara Rule

Strings

pow, xrefs: 009549E5, 00954A02

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID:
String ID: pow
API String ID: 0-2276729525
Opcode ID: ee005337c5f265bdf4bbbec04b27e32a1bd544e2a0e900eb98afca22d746bfc5
Instruction ID: fa5109d626c35ee204cf83f40eaba4e7ab8c6688f53d617f2c231f95b934109b
Opcode Fuzzy Hash: ee005337c5f265bdf4bbbec04b27e32a1bd544e2a0e900eb98afca22d746bfc5
Instruction Fuzzy Hash: F4524521D29F014DD723D639E832336A38CAFA63D5F15C727EC5AB5AA5EB28C5C74201

Uniqueness

Uniqueness Score: -1.00%

Function 007C84B0 Relevance: 7.6, APIs: 5, Instructions: 145windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 007C84E9
GetSystemMetrics.USER32(00000000), ref: 007C84F9
GetSystemMetrics.USER32(00000001), ref: 007C8500
KEnableStretchMode.ARCHIVEPLAYER(?,00000001), ref: 007C850D
KSetRenderInfo.ARCHIVEPLAYER(?,00000000,00000003,00000001), ref: 007C86CA

Part of subcall function 00802D2D: _malloc.LIBCMT ref: 00802D49

Part of subcall function 007CCB60: CreateSolidBrush.GDI32(00000000), ref: 007CCBD1
Part of subcall function 007CCB60: GetSystemMetrics.USER32(00000000), ref: 007CCBF0
Part of subcall function 007CCB60: GetSystemMetrics.USER32(00000001), ref: 007CCBFB

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: MetricsSystem$BrushCreateEnableInfoMessageModeRenderSendSolidStretch_malloc
String ID:
API String ID: 2271463591-0
Opcode ID: 27527369bba3102dda44b2f1d1dfefb352cd91ceb6d025050abb8f300f5fa56d
Instruction ID: 55f832caa8987524e81fbdcaac0e21aa511bae6b85067a60cd0217b3a69e2b14
Opcode Fuzzy Hash: 27527369bba3102dda44b2f1d1dfefb352cd91ceb6d025050abb8f300f5fa56d
Instruction Fuzzy Hash: FA516E71E14B46AFD799CB78D845BA9F7A4FB04354F00432EE42DA7281EB787861CB81

Uniqueness

Uniqueness Score: -1.00%

Function 007B8F10 Relevance: 3.1, APIs: 2, Instructions: 131COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 007B8FC5
_memmove.LIBCMT ref: 007B9020

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memmove
String ID:
API String ID: 4104443479-0
Opcode ID: 0ee4ef1bf8253ed8ff622a961fcae79c1a372775728276131673e8b533c339a6
Instruction ID: 4b3854556edd47a83d26e42c2e7b2daa4bad8246add16022fa675f70f83c7b49
Opcode Fuzzy Hash: 0ee4ef1bf8253ed8ff622a961fcae79c1a372775728276131673e8b533c339a6
Instruction Fuzzy Hash: 2B41E772B002498FDB14DF689C402EEB7B6EFA5300B54466ED556EB342EA34EA05C791

Uniqueness

Uniqueness Score: -1.00%

Function 00974672 Relevance: 2.3, APIs: 1, Instructions: 796COMMON

Download Yara Rule

APIs

Part of subcall function 0040A690: _malloc.LIBCMT ref: 0040A6C5
Part of subcall function 0040A690: _memset.LIBCMT ref: 0040A6EC

Part of subcall function 0040A630: _malloc.LIBCMT ref: 0040A64D
Part of subcall function 0040A630: _memset.LIBCMT ref: 0040A674

_abort.LIBCMT ref: 009750A1

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _malloc_memset$_abort
String ID:
API String ID: 2765371052-0
Opcode ID: 567b1c0c00f03a4c47214a6d34d2b1d883af376b3e858b01461d5edbe980665c
Instruction ID: 469ccee32417c07819db4528585a986de9042a87ea79aa6fe2390a532e8e1414
Opcode Fuzzy Hash: 567b1c0c00f03a4c47214a6d34d2b1d883af376b3e858b01461d5edbe980665c
Instruction Fuzzy Hash: BA52B4F3F042039BCF167E14C4942D23BE5EB84790F2A8975DC899B29AF7358C158AD6

Uniqueness

Uniqueness Score: -1.00%

Function 0074E750 Relevance: 2.1, APIs: 1, Instructions: 638COMMON

Download Yara Rule

APIs

_localeconv.LIBCMT ref: 0074E757

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _localeconv
String ID:
API String ID: 3179389760-0
Opcode ID: 5017e82a91b427257c1af32d99565d0c36173076b9c88a0b203fd541be23ce36
Instruction ID: aac39f09f26a72940db8fca3329bc3b5e33a387f6e409b88744a4810763bb3b2
Opcode Fuzzy Hash: 5017e82a91b427257c1af32d99565d0c36173076b9c88a0b203fd541be23ce36
Instruction Fuzzy Hash: AC32BF71A083518FD720CF29C48472ABBE1BF85324F19896DE8D58B382D379ED49DB52

Uniqueness

Uniqueness Score: -1.00%

Function 007E4CF0 Relevance: 2.1, APIs: 1, Instructions: 632COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 007E4F36

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memset
String ID:
API String ID: 2102423945-0
Opcode ID: 986a3148ae4de5fe6e8b2af331abf02cddae61f47f23953e5c797085a352ac5f
Instruction ID: 09efc33e26e3e783418edb5691c68d4c452c63a3c3241329b92bdacc31dea654
Opcode Fuzzy Hash: 986a3148ae4de5fe6e8b2af331abf02cddae61f47f23953e5c797085a352ac5f
Instruction Fuzzy Hash: E642CE71E046A9DADB118B39CC41AE9F7B5BF59300F00839AF98DB2251EB746AD4CF50

Uniqueness

Uniqueness Score: -1.00%

Function 007F8080 Relevance: 1.8, APIs: 1, Instructions: 343COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 007F80B3

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memset
String ID:
API String ID: 2102423945-0
Opcode ID: df823aa093730bad781b41164d9df677f51e83000b1e85fcb110658d986b7ab1
Instruction ID: 6266b4a44d3e3d7e2f019eef1e6d5c982e7272eda644f5346f9978534f1e547b
Opcode Fuzzy Hash: df823aa093730bad781b41164d9df677f51e83000b1e85fcb110658d986b7ab1
Instruction Fuzzy Hash: 4CD17F3180025C8FCF65CF18C8957E977B4FF5A304F1444E9CA999B346DA785A8ACFA2

Uniqueness

Uniqueness Score: -1.00%

Function 007B6160 Relevance: 1.8, APIs: 1, Instructions: 334COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 007B6193

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memset
String ID:
API String ID: 2102423945-0
Opcode ID: a9bcaea226ab9ea61bc31ba91d5d4c85bd6a471a636e0ed1e76facb94d9db58d
Instruction ID: 3452ebba9a5c29dfb283fabb34424dececf787520d67aef1aac00edf3768e86d
Opcode Fuzzy Hash: a9bcaea226ab9ea61bc31ba91d5d4c85bd6a471a636e0ed1e76facb94d9db58d
Instruction Fuzzy Hash: AED1AF7584015D8FCF21CF28C8997E977B4EF25304F6440E9D98E9B246DA385B8ACFA1

Uniqueness

Uniqueness Score: -1.00%

Function 007B8680 Relevance: .7, Instructions: 749COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb5a57d6ebcb15df25ee90d298474537237a8622b617871b7c37b9ff0968a0c6
Instruction ID: d6a21b54a3021a03e574159c76b0ee5c61b8a8a2a99ca48a9903fe6e19fc5efb
Opcode Fuzzy Hash: bb5a57d6ebcb15df25ee90d298474537237a8622b617871b7c37b9ff0968a0c6
Instruction Fuzzy Hash: 9A3270B7F516144BDB0CCB5DCCA16ACB3E3AFD821870E813DE84AD7705EA78E8058A44

Uniqueness

Uniqueness Score: -1.00%

Function 0078C690 Relevance: .6, Instructions: 633COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eed3d646ad9b1b85bab7bb8891cc4034c29ec9ebdfb3769b5503cbfe61840675
Instruction ID: c22be8e56d46cc74e1efa527b3b2cfeeeb77deadbfcf4f37aa7d45f674d41575
Opcode Fuzzy Hash: eed3d646ad9b1b85bab7bb8891cc4034c29ec9ebdfb3769b5503cbfe61840675
Instruction Fuzzy Hash: 1E221CB3F211144BCB48CE6DCC927DAB3E3BF9821871E8539A819E7705E639D9158A84

Uniqueness

Uniqueness Score: -1.00%

Function 007EC0F0 Relevance: .4, Instructions: 443COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 235c41d859c4871244f80c50b7dee54b13dd4be5cb530c48ac82d159fa97de91
Instruction ID: 7612082652d25ccd4aafad2000837198ddf6d6053ad2f15e2995b3d00f447c23
Opcode Fuzzy Hash: 235c41d859c4871244f80c50b7dee54b13dd4be5cb530c48ac82d159fa97de91
Instruction Fuzzy Hash: 4FE1A875711B019FE728CE25CC41A66B3D5EF88310B10CA3DE5A6D3B86DB78E942CB90

Uniqueness

Uniqueness Score: -1.00%

Function 007F65A0 Relevance: .3, Instructions: 307COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bbf21d0b3263a2d21515d7f524aa16152b47aaa55b5aa6e57c7e4267668a084d
Instruction ID: afd8576492132893c2abff4c1f47207874036667812e5a79f46ec2a2194a259b
Opcode Fuzzy Hash: bbf21d0b3263a2d21515d7f524aa16152b47aaa55b5aa6e57c7e4267668a084d
Instruction Fuzzy Hash: F2A18C7271492A9BCB08DE38CD95576B6E1BB58315714833EEA16C7B84EB38E851CB80

Uniqueness

Uniqueness Score: -1.00%

Function 007E6CF0 Relevance: .3, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dfb783fd3f79c8a7377f1fb5aa2d7d1a9bfba61698fbbfc5251bf7568590af56
Instruction ID: f2a93161cfccb1af66a360d2e4f8cc25f13f885e3bd36ebdcbd034c5b4dc5678
Opcode Fuzzy Hash: dfb783fd3f79c8a7377f1fb5aa2d7d1a9bfba61698fbbfc5251bf7568590af56
Instruction Fuzzy Hash: B8912D2611ABC06FEF224A3590653E77FE4BF3B354F18A549C4D947643C60A650FEB60

Uniqueness

Uniqueness Score: -1.00%

Function 007DE100 Relevance: .2, Instructions: 234COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd2ea7f0720e5952b0a40817aac4c614d2194e5689529d3bf9b57fab4593847e
Instruction ID: 5d3a4bf19be01605c155fdad115a656fb7828c32575d2d28d37d022e87f51cfb
Opcode Fuzzy Hash: bd2ea7f0720e5952b0a40817aac4c614d2194e5689529d3bf9b57fab4593847e
Instruction Fuzzy Hash: 517180713005159EEB3A6A29C858AFAB7F5FB82301F04852FE8DDCA741C629EC55E730

Uniqueness

Uniqueness Score: -1.00%

Function 00418B70 Relevance: .1, Instructions: 144COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5b846e8f22c508459b4ef9e9f24993d13eae8c6e1824c009fa2576fbf0b0ba0
Instruction ID: ce6ee97722e785de65111533b842350f30907c0d8b9110e8319dad0896938101
Opcode Fuzzy Hash: f5b846e8f22c508459b4ef9e9f24993d13eae8c6e1824c009fa2576fbf0b0ba0
Instruction Fuzzy Hash: 7D41BDB2B097054BD3148E29D89425BB7E3EBD4360F4DC93EE984CB314EA34DC868786

Uniqueness

Uniqueness Score: -1.00%

Function 006CCBD0 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04b3a8893dfd304d1d5201099b405c249770eb0159f9c34d1252f7376968e986
Instruction ID: e2a2ea3de849b1d7a486994bb0745686724237dfa8c3c2ac1abf44818b084255
Opcode Fuzzy Hash: 04b3a8893dfd304d1d5201099b405c249770eb0159f9c34d1252f7376968e986
Instruction Fuzzy Hash: 4B216032B083154BCB189E2D909463EB6D3ABDC764F15967EF84DE3340D9709C5A8B85

Uniqueness

Uniqueness Score: -1.00%

Function 0092A700 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: b29fa7fac4d52030b3c46b204b0f5fda813ad3ad00ea363786d39b5c61e60e3d
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: FD112E77A001B287D605862EF8F46BAE3BDEBC532072D4376D1464B75CD2229945950A

Uniqueness

Uniqueness Score: -1.00%

Function 007F6010 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b779ef2f1cd4e01ab331ae72595d71be2aab2b11cdbee9abd17501f43fb5220
Instruction ID: fa4d3cf89520c4c410d1b26f3cefadb5b72038400326fc67723f07761a40a080
Opcode Fuzzy Hash: 7b779ef2f1cd4e01ab331ae72595d71be2aab2b11cdbee9abd17501f43fb5220
Instruction Fuzzy Hash: 8811A53371192D47F72C8859C861ABDA247DBC1354F2A8339DA078BB95DDBDDC058250

Uniqueness

Uniqueness Score: -1.00%

Function 007FC320 Relevance: 73.7, APIs: 21, Strings: 21, Instructions: 167COMMON

Download Yara Rule

APIs

_sprintf.LIBCMT ref: 007FC363
_sprintf.LIBCMT ref: 007FC379
_sprintf.LIBCMT ref: 007FC38F
_sprintf.LIBCMT ref: 007FC3A5
_sprintf.LIBCMT ref: 007FC3BB
_sprintf.LIBCMT ref: 007FC3D1
_sprintf.LIBCMT ref: 007FC3E7
_sprintf.LIBCMT ref: 007FC3FD
_sprintf.LIBCMT ref: 007FC413
_sprintf.LIBCMT ref: 007FC429
_sprintf.LIBCMT ref: 007FC43F
_sprintf.LIBCMT ref: 007FC455
_sprintf.LIBCMT ref: 007FC46B
_sprintf.LIBCMT ref: 007FC481
_sprintf.LIBCMT ref: 007FC497
_sprintf.LIBCMT ref: 007FC4AD
_sprintf.LIBCMT ref: 007FC4C3
_sprintf.LIBCMT ref: 007FC4D9
_sprintf.LIBCMT ref: 007FC4EF
_sprintf.LIBCMT ref: 007FC505
_sprintf.LIBCMT ref: 007FC51B

Strings

Videotrec, xrefs: 007FC4E7
Pelco-D, xrefs: 007FC35B
SamSung, xrefs: 007FC4A5
Kampro, xrefs: 007FC33C
LiLin, xrefs: 007FC421
TOA, xrefs: 007FC4BB
VISCA, xrefs: 007FC3F5
Kalatel, xrefs: 007FC3DF
EyeView-V2, xrefs: 007FC3B3
Pixim, xrefs: 007FC48F
VCL, xrefs: 007FC387
EyeView-V1, xrefs: 007FC39D
Nicecam, xrefs: 007FC437
Vicon, xrefs: 007FC4D1
Pelco-P, xrefs: 007FC371
Macro, xrefs: 007FC4FD
Pelco-P-V1, xrefs: 007FC463
Panasonic, xrefs: 007FC44D
B02, xrefs: 007FC513
Pelco-P-V2, xrefs: 007FC479
DynaColor, xrefs: 007FC3C9

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _sprintf
String ID: B02$DynaColor$EyeView-V1$EyeView-V2$Kalatel$Kampro$LiLin$Macro$Nicecam$Panasonic$Pelco-D$Pelco-P$Pelco-P-V1$Pelco-P-V2$Pixim$SamSung$TOA$VCL$VISCA$Vicon$Videotrec
API String ID: 1467051239-2056317113
Opcode ID: d85878ed8222c523c67121096addbcf3c9502e77fa3bf6dc6b4db03b662a168b
Instruction ID: 32a2d1d3b21403fc5033d37b9c65b70516f808b37c019d8392ccd2a8fa5cfb70
Opcode Fuzzy Hash: d85878ed8222c523c67121096addbcf3c9502e77fa3bf6dc6b4db03b662a168b
Instruction Fuzzy Hash: 444154774E010877CF226E54BD42DDDBB146BB2726B14C112F86C29221D237A97BBB71

Uniqueness

Uniqueness Score: -1.00%

Function 007F4AE0 Relevance: 68.4, APIs: 20, Strings: 19, Instructions: 127libraryloaderCOMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(?,?,?,?,007DBACC,ADADP), ref: 007F4AEF
LoadLibraryA.KERNEL32(?), ref: 007F4B19
GetProcAddress.KERNEL32(?,DGetVersion), ref: 007F4B39
GetProcAddress.KERNEL32(?,DInit), ref: 007F4B46
GetProcAddress.KERNEL32(?,DCreate), ref: 007F4B53
GetProcAddress.KERNEL32(?,DExit), ref: 007F4B60
GetProcAddress.KERNEL32(?,DEnableFullScreen), ref: 007F4B6D
GetProcAddress.KERNEL32(?,DSetStretchMode), ref: 007F4B7A
GetProcAddress.KERNEL32(?,DNotifyFullScreenWindow), ref: 007F4B87
GetProcAddress.KERNEL32(?,DSetRenderInfo), ref: 007F4B94
GetProcAddress.KERNEL32(?,DRender), ref: 007F4BA1
GetProcAddress.KERNEL32(?,DRender3), ref: 007F4BAE
GetProcAddress.KERNEL32(?,DRender4), ref: 007F4BBB
GetProcAddress.KERNEL32(?,DRender5), ref: 007F4BC8
GetProcAddress.KERNEL32(?,DRenderFillRect), ref: 007F4BD5
GetProcAddress.KERNEL32(?,DEPTZRender), ref: 007F4BE2
GetProcAddress.KERNEL32(?,DEPTZRender3), ref: 007F4BEF
GetProcAddress.KERNEL32(?,DRegisterAfterBitbltCB), ref: 007F4BFC
GetProcAddress.KERNEL32(?,DSetImageLeftToRight), ref: 007F4C09
GetProcAddress.KERNEL32(?,DSetImageUpToDown), ref: 007F4C16

Strings

DSetImageLeftToRight, xrefs: 007F4BFE
DEPTZRender, xrefs: 007F4BD7
DExit, xrefs: 007F4B55
DSetStretchMode, xrefs: 007F4B6F
DRenderFillRect, xrefs: 007F4BCA
DCreate, xrefs: 007F4B48
DNotifyFullScreenWindow, xrefs: 007F4B7C
DRegisterAfterBitbltCB, xrefs: 007F4BF1
DSetImageUpToDown, xrefs: 007F4C0B
DEnableFullScreen, xrefs: 007F4B62
DRender5, xrefs: 007F4BBD
DXDRAW, xrefs: 007F4B06
DRender4, xrefs: 007F4BB0
DEPTZRender3, xrefs: 007F4BE4
DSetRenderInfo, xrefs: 007F4B89
DRender3, xrefs: 007F4BA3
DGetVersion, xrefs: 007F4B33
DInit, xrefs: 007F4B3B
DRender, xrefs: 007F4B96

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: AddressProc$Library$FreeLoad
String ID: DCreate$DEPTZRender$DEPTZRender3$DEnableFullScreen$DExit$DGetVersion$DInit$DNotifyFullScreenWindow$DRegisterAfterBitbltCB$DRender$DRender3$DRender4$DRender5$DRenderFillRect$DSetImageLeftToRight$DSetImageUpToDown$DSetRenderInfo$DSetStretchMode$DXDRAW
API String ID: 2449869053-687869286
Opcode ID: 1d3577c93752c19ade9ad5330efa9c878af436dbfd9ebebbb57245f438ea513d
Instruction ID: 9fe612d40046075af04b0fee1b6e11b170be708352dc4bb36b8ad36242cf6ce5
Opcode Fuzzy Hash: 1d3577c93752c19ade9ad5330efa9c878af436dbfd9ebebbb57245f438ea513d
Instruction Fuzzy Hash: 135118B0A41B1ABBCB119F66C909A46FFA0FF44798300C62AE41897A50D7B9F434DFD1

Uniqueness

Uniqueness Score: -1.00%

Function 00854755 Relevance: 66.7, APIs: 19, Strings: 19, Instructions: 198COMMON

Download Yara Rule

APIs

OpenThemeData.UXTHEME(?,WINDOW,000000FF,?,75FD6BA0,0084D04A,?,0084D064,00000004,00831CF7,00000000,00000004,0084C661), ref: 00854778
OpenThemeData.UXTHEME(?,TOOLBAR,?,75FD6BA0,0084D04A,?,0084D064,00000004,00831CF7,00000000,00000004,0084C661), ref: 00854793
OpenThemeData.UXTHEME(?,BUTTON,?,75FD6BA0,0084D04A,?,0084D064,00000004,00831CF7,00000000,00000004,0084C661), ref: 008547AE
OpenThemeData.UXTHEME(?,STATUS,?,75FD6BA0,0084D04A,?,0084D064,00000004,00831CF7,00000000,00000004,0084C661), ref: 008547C9
OpenThemeData.UXTHEME(?,REBAR,?,75FD6BA0,0084D04A,?,0084D064,00000004,00831CF7,00000000,00000004,0084C661), ref: 008547E4
OpenThemeData.UXTHEME(?,COMBOBOX,?,75FD6BA0,0084D04A,?,0084D064,00000004,00831CF7,00000000,00000004,0084C661), ref: 008547FF
OpenThemeData.UXTHEME(?,PROGRESS,?,75FD6BA0,0084D04A,?,0084D064,00000004,00831CF7,00000000,00000004,0084C661), ref: 0085481A
OpenThemeData.UXTHEME(?,HEADER,?,75FD6BA0,0084D04A,?,0084D064,00000004,00831CF7,00000000,00000004,0084C661), ref: 00854835
OpenThemeData.UXTHEME(?,SCROLLBAR,?,75FD6BA0,0084D04A,?,0084D064,00000004,00831CF7,00000000,00000004,0084C661), ref: 00854850
OpenThemeData.UXTHEME(?,EXPLORERBAR,?,75FD6BA0,0084D04A,?,0084D064,00000004,00831CF7,00000000,00000004,0084C661), ref: 0085486B
OpenThemeData.UXTHEME(?,TREEVIEW,?,75FD6BA0,0084D04A,?,0084D064,00000004,00831CF7,00000000,00000004,0084C661), ref: 00854886
OpenThemeData.UXTHEME(?,STARTPANEL,?,75FD6BA0,0084D04A,?,0084D064,00000004,00831CF7,00000000,00000004,0084C661), ref: 008548A1
OpenThemeData.UXTHEME(?,TASKBAND,?,75FD6BA0,0084D04A,?,0084D064,00000004,00831CF7,00000000,00000004,0084C661), ref: 008548BC
OpenThemeData.UXTHEME(?,TASKBAR,?,75FD6BA0,0084D04A,?,0084D064,00000004,00831CF7,00000000,00000004,0084C661), ref: 008548D7
OpenThemeData.UXTHEME(?,SPIN,?,75FD6BA0,0084D04A,?,0084D064,00000004,00831CF7,00000000,00000004,0084C661), ref: 008548F2
OpenThemeData.UXTHEME(?,TAB,?,75FD6BA0,0084D04A,?,0084D064,00000004,00831CF7,00000000,00000004,0084C661), ref: 0085490D
OpenThemeData.UXTHEME(?,TOOLTIP,?,75FD6BA0,0084D04A,?,0084D064,00000004,00831CF7,00000000,00000004,0084C661), ref: 00854928
OpenThemeData.UXTHEME(?,TRACKBAR,?,75FD6BA0,0084D04A,?,0084D064,00000004,00831CF7,00000000,00000004,0084C661), ref: 00854943
OpenThemeData.UXTHEME(00000000,MENU,?,75FD6BA0,0084D04A,?,0084D064,00000004,00831CF7,00000000,00000004,0084C661), ref: 0085495A

Strings

TOOLBAR, xrefs: 0085478D
TASKBAND, xrefs: 008548B6
TAB, xrefs: 00854907
TREEVIEW, xrefs: 00854880
EXPLORERBAR, xrefs: 00854865
TASKBAR, xrefs: 008548D1
REBAR, xrefs: 008547DE
PROGRESS, xrefs: 00854814
WINDOW, xrefs: 00854772
SCROLLBAR, xrefs: 0085484A
TRACKBAR, xrefs: 0085493D
TOOLTIP, xrefs: 00854922
STARTPANEL, xrefs: 0085489B
STATUS, xrefs: 008547C3
BUTTON, xrefs: 008547A8
SPIN, xrefs: 008548EC
MENU, xrefs: 00854954
COMBOBOX, xrefs: 008547F9
HEADER, xrefs: 0085482F

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: DataOpenTheme
String ID: BUTTON$COMBOBOX$EXPLORERBAR$HEADER$MENU$PROGRESS$REBAR$SCROLLBAR$SPIN$STARTPANEL$STATUS$TAB$TASKBAND$TASKBAR$TOOLBAR$TOOLTIP$TRACKBAR$TREEVIEW$WINDOW
API String ID: 1744092376-1233129369
Opcode ID: 4dda0679dc40af02e05f801fc0153c6cc2eb46b7c558545870ba0df7b29db5c3
Instruction ID: 839a72535099ca61728923035eff89a7a379794d0d1f25d4427e4bbebc92e30e
Opcode Fuzzy Hash: 4dda0679dc40af02e05f801fc0153c6cc2eb46b7c558545870ba0df7b29db5c3
Instruction Fuzzy Hash: 9351B2B4B4431AABCF50EBBE8D45D29BA9CFE5C70D3001964BD45DB641E778D8448784

Uniqueness

Uniqueness Score: -1.00%

Function 007CC230 Relevance: 61.6, APIs: 30, Strings: 5, Instructions: 358timewindowCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 007CC25C
_memset.LIBCMT ref: 007CC276
swprintf.LIBCMT ref: 007CC292
KOpenInterface.ARCHIVEPLAYER(?,?,?,?,?,?,00000000,00000748,00000000), ref: 007CC2D7
KSetSmoothFastPlayback.ARCHIVEPLAYER(00000000,00000001,?,?,?,?,?,?,00000000,00000748,00000000), ref: 007CC2E5
KSetMediaConfig4.ARCHIVEPLAYER(000000FF,?,?,?,?,?,?,?,?,?,00000000,00000748,00000000), ref: 007CC303
KSetTimeCodeCallback.ARCHIVEPLAYER(000000FF,?,007CBB70,?,?,?,?,?,?,?,?,?,?,00000000,00000748,00000000), ref: 007CC31F
KSetTimeCodeCallbackEx.ARCHIVEPLAYER(000000FF,?,007CBB90,000000FF,?,007CBB70), ref: 007CC330
KSetFilePlayCompleteCallback.ARCHIVEPLAYER(000000FF,?,Function_003C6C50,000000FF,?,007CBB90,000000FF,?,007CBB70), ref: 007CC341
KSetImageCallback3.ARCHIVEPLAYER(000000FF,?,Function_003C7300,000000FF,?,Function_003C6C50,000000FF,?,007CBB90,000000FF,?,007CBB70), ref: 007CC352
KSetAfterRenderCallback.ARCHIVEPLAYER(000000FF,?,00776420,000000FF,?,Function_003C7300,000000FF,?,Function_003C6C50,000000FF,?,007CBB90,000000FF,?,007CBB70), ref: 007CC363
KSetRenderInfo.ARCHIVEPLAYER(000000FF,?,000000FF,?,00776420,000000FF,?,Function_003C7300,000000FF,?,Function_003C6C50,000000FF,?,007CBB90,000000FF), ref: 007CC375
KSetResolutionChangeCallback2.ARCHIVEPLAYER(000000FF,?,007CA5F0), ref: 007CC389
KSetRawDataCallback.ARCHIVEPLAYER(000000FF,?,007C9EC0,000000FF,?,007CA5F0), ref: 007CC39A
KSetFirstB2Callback.ARCHIVEPLAYER(000000FF,?,007CC220,000000FF,?,007C9EC0,000000FF,?,007CA5F0), ref: 007CC3AB
KConnect.ARCHIVEPLAYER(000000FF,000000FF,?,007CC220,000000FF,?,007C9EC0,000000FF,?,007CA5F0), ref: 007CC3B6
KStartStreaming.ARCHIVEPLAYER(000000FF), ref: 007CC3CC
_memset.LIBCMT ref: 007CC3EF
_memset.LIBCMT ref: 007CC400
KGetBeginTime.ARCHIVEPLAYER(000000FF,?,?,00000000,0000003F,?,00000000,0000003F), ref: 007CC412

Part of subcall function 00809F35: GetDlgItem.USER32(?,000003F4), ref: 00809F47

Part of subcall function 0080A7EA: IsWindow.USER32(?), ref: 0080A7F7
Part of subcall function 0080A7EA: SetWindowTextA.USER32(?,000003F4), ref: 0080A813

_sprintf.LIBCMT ref: 007CC470
KGetEndTime.ARCHIVEPLAYER(000000FF,?,00000403,?,?,000003F2,00000000), ref: 007CC49F
_sprintf.LIBCMT ref: 007CC4EA

Part of subcall function 0092AF72: __output_l.LIBCMT ref: 0092AFCB

KGetRawFileInfo2.ARCHIVEPLAYER(000000FF,?,00000404,?,?,000003F3,00000000,00000403,?,?,000003F2,00000000), ref: 007CC524
SendMessageA.USER32(?,00000405,00000001,00000000), ref: 007CC5D2
KSetMute.ARCHIVEPLAYER(000000FF,00000000,?,000003F3,00000000,00000403,?,?,000003F2,00000000), ref: 007CC5F6
KPlay.ARCHIVEPLAYER(000000FF,00000001,?,?,?,?,?,000003F3,00000000,00000403,?,?,000003F2,00000000), ref: 007CC60D

Part of subcall function 007CA4D0: KStop.ARCHIVEPLAYER(000000FF,?,007CC6CD,Invalid handle,00000000,00000000,?,?,?,?,?,?,?,?,00000000,00000748), ref: 007CA4DE
Part of subcall function 007CA4D0: KStopStreaming.ARCHIVEPLAYER(000000FF,000000FF,?,007CC6CD,Invalid handle,00000000,00000000,?,?,?,?,?,?,?,?,00000000), ref: 007CA4E9
Part of subcall function 007CA4D0: KDisconnect.ARCHIVEPLAYER(000000FF,000000FF,000000FF,?,007CC6CD,Invalid handle,00000000,00000000), ref: 007CA4F4
Part of subcall function 007CA4D0: KCloseInterface.ARCHIVEPLAYER(000000FF,000000FF,000000FF,000000FF,?,007CC6CD,Invalid handle,00000000,00000000), ref: 007CA4FF
Part of subcall function 007CA4D0: SendMessageA.USER32 ref: 007CA534

Strings

Open file fail, xrefs: 007CC672
Unable to set Media Configuration, xrefs: 007CC697
Invalid handle, xrefs: 007CC6BC
Start stream fail, xrefs: 007CC64D
wwww, xrefs: 007CC537

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: Callback$Time_memset$CodeFileInterfaceMessagePlayRenderSendStopStreamingWindow_sprintf$AfterBeginCallback2Callback3ChangeCloseCompleteConfig4ConnectDataDisconnectFastFirstImageInfoInfo2ItemMediaMuteOpenPlaybackResolutionSmoothStartText__output_lswprintf
String ID: Invalid handle$Open file fail$Start stream fail$Unable to set Media Configuration$wwww
API String ID: 1419686552-2604739742
Opcode ID: 173900218371fa2a8e02259abbbcbd97eac9072e554ebfa528ae43be733ac162
Instruction ID: 96f0e5268edd8822bbe37ee98e6da365ffbd7e3cf6535db41091fa25226eca3b
Opcode Fuzzy Hash: 173900218371fa2a8e02259abbbcbd97eac9072e554ebfa528ae43be733ac162
Instruction Fuzzy Hash: 8AC1D070A00705ABDB25EB74DC16FEAB7A9EF44300F00446DF54EAA2C2DE797A049B95

Uniqueness

Uniqueness Score: -1.00%

Function 007C4A40 Relevance: 56.3, APIs: 31, Strings: 1, Instructions: 259COMMON

Download Yara Rule

APIs

~_Task_impl.LIBCPMT ref: 007C4AC8
~_Task_impl.LIBCPMT ref: 007C4AFD
~_Task_impl.LIBCPMT ref: 007C4B0C
~_Task_impl.LIBCPMT ref: 007C4B1B
~_Task_impl.LIBCPMT ref: 007C4B2A
~_Task_impl.LIBCPMT ref: 007C4B39
~_Task_impl.LIBCPMT ref: 007C4B48
~_Task_impl.LIBCPMT ref: 007C4B57
~_Task_impl.LIBCPMT ref: 007C4B66
~_Task_impl.LIBCPMT ref: 007C4B75
~_Task_impl.LIBCPMT ref: 007C4B84
~_Task_impl.LIBCPMT ref: 007C4B93
~_Task_impl.LIBCPMT ref: 007C4BA2
~_Task_impl.LIBCPMT ref: 007C4BB1
~_Task_impl.LIBCPMT ref: 007C4BC0
~_Task_impl.LIBCPMT ref: 007C4BCF
~_Task_impl.LIBCPMT ref: 007C4BDE
~_Task_impl.LIBCPMT ref: 007C4BED
~_Task_impl.LIBCPMT ref: 007C4BFC
~_Task_impl.LIBCPMT ref: 007C4C0B
~_Task_impl.LIBCPMT ref: 007C4C1A
~_Task_impl.LIBCPMT ref: 007C4C29
~_Task_impl.LIBCPMT ref: 007C4C38
~_Task_impl.LIBCPMT ref: 007C4C6A
~_Task_impl.LIBCPMT ref: 007C4C79
~_Task_impl.LIBCPMT ref: 007C4D7B
~_Task_impl.LIBCPMT ref: 007C4D8A

Part of subcall function 0080B456: __EH_prolog3.LIBCMT ref: 0080B45D

~_Task_impl.LIBCPMT ref: 007C4D99
~_Task_impl.LIBCPMT ref: 007C4DA8
~_Task_impl.LIBCPMT ref: 007C4DB7

Part of subcall function 0080B54B: __EH_prolog3.LIBCMT ref: 0080B552

~_Task_impl.LIBCPMT ref: 007C4DC6

Part of subcall function 0080F12D: __EH_prolog3.LIBCMT ref: 0080F134

Part of subcall function 0080A8E0: __EH_prolog3.LIBCMT ref: 0080A8E7

Strings

, xrefs: 007C4B53

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: Task_impl$H_prolog3
String ID:
API String ID: 1204490572-3916222277
Opcode ID: aeeea370f598f81540b2f301c72ab2c86758bd098b109a67469a013511d573b2
Instruction ID: 30ace3a7916656fe11502ab856c315f5b3c7c6fbab8add47d01ebf2f9819a5b3
Opcode Fuzzy Hash: aeeea370f598f81540b2f301c72ab2c86758bd098b109a67469a013511d573b2
Instruction Fuzzy Hash: BDC19C30501A86CFE754DBA8C558BDEFBE0EF15314F4485ACD45A872C3DB786A08DB62

Uniqueness

Uniqueness Score: -1.00%

Function 007F4DD0 Relevance: 56.1, APIs: 16, Strings: 16, Instructions: 108libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(00000000), ref: 007F4DFF
GetProcAddress.KERNEL32(?,PTZOpenInterface), ref: 007F4E1F
GetProcAddress.KERNEL32(?,PTZCloseInterface), ref: 007F4E2C
GetProcAddress.KERNEL32(?,PTZLoadProtocolFile), ref: 007F4E39
GetProcAddress.KERNEL32(?,PTZLoadProtocolRS), ref: 007F4E46
GetProcAddress.KERNEL32(?,PTZUnloadProtocol), ref: 007F4E53
GetProcAddress.KERNEL32(?,PTZGetCommandExt), ref: 007F4E60
GetProcAddress.KERNEL32(?,PTZEnumerateProtocol), ref: 007F4E6D
GetProcAddress.KERNEL32(?,PTZEnumerateVender), ref: 007F4E7A
GetProcAddress.KERNEL32(?,PTZEnumerateFunction), ref: 007F4E87
GetProcAddress.KERNEL32(?,PTZGetAbsPTZCommand), ref: 007F4E94
GetProcAddress.KERNEL32(?,PTZGetAbsPTZCommandByUnit), ref: 007F4EA1
GetProcAddress.KERNEL32(?,PTZUnitToDegree), ref: 007F4EAE
GetProcAddress.KERNEL32(?,PTZDegreeToUnit), ref: 007F4EBB
GetProcAddress.KERNEL32(?,PTZGetUnitFromBuffer), ref: 007F4EC8
GetProcAddress.KERNEL32(?,PTZGetRequestAbsPTZCommand), ref: 007F4ED5

Strings

PTZGetRequestAbsPTZCommand, xrefs: 007F4ECA
PTZCloseInterface, xrefs: 007F4E21
PTZUnloadProtocol, xrefs: 007F4E48
PTZEnumerateFunction, xrefs: 007F4E7C
PTZEnumerateVender, xrefs: 007F4E6F
PTZDegreeToUnit, xrefs: 007F4EB0
PTZParser, xrefs: 007F4DEC
PTZEnumerateProtocol, xrefs: 007F4E62
PTZGetCommandExt, xrefs: 007F4E55
PTZLoadProtocolFile, xrefs: 007F4E2E
PTZLoadProtocolRS, xrefs: 007F4E3B
PTZUnitToDegree, xrefs: 007F4EA3
PTZGetUnitFromBuffer, xrefs: 007F4EBD
PTZGetAbsPTZCommandByUnit, xrefs: 007F4E96
PTZGetAbsPTZCommand, xrefs: 007F4E89
PTZOpenInterface, xrefs: 007F4E19

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: AddressProc$LibraryLoad
String ID: PTZCloseInterface$PTZDegreeToUnit$PTZEnumerateFunction$PTZEnumerateProtocol$PTZEnumerateVender$PTZGetAbsPTZCommand$PTZGetAbsPTZCommandByUnit$PTZGetCommandExt$PTZGetRequestAbsPTZCommand$PTZGetUnitFromBuffer$PTZLoadProtocolFile$PTZLoadProtocolRS$PTZOpenInterface$PTZParser$PTZUnitToDegree$PTZUnloadProtocol
API String ID: 2238633743-3323939279
Opcode ID: a251729acaa98b7fc0dc45ce407e7d814275ad33d5c6eb309c1bf05f9cfbe7a1
Instruction ID: ff80adb12405893d556454dc38cbed5f4880290bc9d58748796a0d747d938c7c
Opcode Fuzzy Hash: a251729acaa98b7fc0dc45ce407e7d814275ad33d5c6eb309c1bf05f9cfbe7a1
Instruction Fuzzy Hash: 7F4102B4A41B1ABBCB119F66C908A56FFA0FF54758700822AE61887F40D7B9E474CFC4

Uniqueness

Uniqueness Score: -1.00%

Function 007AAFA0 Relevance: 42.5, APIs: 16, Strings: 8, Instructions: 464COMMON

Download Yara Rule

APIs

Part of subcall function 00802D2D: _malloc.LIBCMT ref: 00802D49

swprintf.LIBCMT ref: 007AB0A5
swprintf.LIBCMT ref: 007AB132

Part of subcall function 007B72A0: _memset.LIBCMT ref: 007B72CA
Part of subcall function 007B72A0: _memset.LIBCMT ref: 007B72F6
Part of subcall function 007B72A0: _memset.LIBCMT ref: 007B730F
Part of subcall function 007B72A0: _memset.LIBCMT ref: 007B7328
Part of subcall function 007B72A0: _memset.LIBCMT ref: 007B733B
Part of subcall function 007B72A0: _memset.LIBCMT ref: 007B734E
Part of subcall function 007B72A0: _memset.LIBCMT ref: 007B737F

swprintf.LIBCMT ref: 007AB17D
swprintf.LIBCMT ref: 007AB1CA
_memset.LIBCMT ref: 007AB244
_memset.LIBCMT ref: 007AB2B4
swprintf.LIBCMT ref: 007AB2CB
_memset.LIBCMT ref: 007AB304
_memset.LIBCMT ref: 007AB408
swprintf.LIBCMT ref: 007AB424
_strstr.LIBCMT ref: 007AB437
_strstr.LIBCMT ref: 007AB454
swprintf.LIBCMT ref: 007AB4DA
_memset.LIBCMT ref: 007AB51D
swprintf.LIBCMT ref: 007AB539
swprintf.LIBCMT ref: 007AB60E

Strings

chunked, xrefs: 007AB544
GET, xrefs: 007AB052
, */*, xrefs: 007AB0C4
boundary=, xrefs: 007AB431
gzip, deflate, xrefs: 007AB164
Keep-Alive, xrefs: 007AB1B1
boundary =, xrefs: 007AB44E
multipart/x-mixed-replace, xrefs: 007AB577

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memset$swprintf$_strstr$_malloc
String ID: , */*$GET$Keep-Alive$boundary =$boundary=$chunked$gzip, deflate$multipart/x-mixed-replace
API String ID: 3999926247-1096947886
Opcode ID: 9c308a841d96253f48ebb225bc63a0e0fcec62a6c07de34b18b2bc2489c20c27
Instruction ID: 29a636c292ef321bcefab045c8a8bd9988e8c3c74d2ec435f2b7436ca637857f
Opcode Fuzzy Hash: 9c308a841d96253f48ebb225bc63a0e0fcec62a6c07de34b18b2bc2489c20c27
Instruction Fuzzy Hash: 2C02C671900255ABDF24DF64DC85BDA77A8AF49300F0446A9F849DB283D778EA85CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 007AED40 Relevance: 40.4, APIs: 14, Strings: 9, Instructions: 192COMMON

Download Yara Rule

APIs

AVIFileGetStream.AVIFIL32(?,?,73646976,00000000,00000000), ref: 007AED6F
AVIFileRelease.AVIFIL32(00000000), ref: 007AED8A
AVIFileGetStream.AVIFIL32(?,?,73647561,00000000), ref: 007AEECC
AVIFileRelease.AVIFIL32(00000000), ref: 007AEEE1

Strings

H265, xrefs: 007AEE24
vids, xrefs: 007AEDB3
XVID, xrefs: 007AEDD8
MJPG, xrefs: 007AEDFE
H264, xrefs: 007AEE11
DX50, xrefs: 007AEDEB
auds, xrefs: 007AEF0F
HEVC, xrefs: 007AEE2B
DIVX, xrefs: 007AEDC5

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: File$ReleaseStream
String ID: DIVX$DX50$H264$H265$HEVC$MJPG$XVID$auds$vids
API String ID: 3091376681-773731684
Opcode ID: 9647d5dfd2b27f076f55a3ae1c621e5e13d830dd3c25e4d428d11cbbc642be40
Instruction ID: b5faf9b9eb9bd13479123fb08164d7e1499a7303f3d52ba2db778eed1d6f7bf3
Opcode Fuzzy Hash: 9647d5dfd2b27f076f55a3ae1c621e5e13d830dd3c25e4d428d11cbbc642be40
Instruction Fuzzy Hash: 4E71F631A09215EFEF248F78CC44BA5BBE4FF46304F104366E8589B290DB79A855DF92

Uniqueness

Uniqueness Score: -1.00%

Function 007BA0F0 Relevance: 33.5, APIs: 13, Strings: 6, Instructions: 293COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 007BA15D
_memset.LIBCMT ref: 007BA179
_memset.LIBCMT ref: 007BA195
swprintf.LIBCMT ref: 007BA1AF
swprintf.LIBCMT ref: 007BA211
swprintf.LIBCMT ref: 007BA25E
swprintf.LIBCMT ref: 007BA28F
swprintf.LIBCMT ref: 007BA30D
swprintf.LIBCMT ref: 007BA33E
_memset.LIBCMT ref: 007BA3C5
swprintf.LIBCMT ref: 007BA409

Strings

%08x, xrefs: 007BA1A4
auth-int, xrefs: 007BA2E2
%s:%s:%s, xrefs: 007BA206, 007BA24F, 007BA280, 007BA302, 007BA449, 007BA484
%s:%s, xrefs: 007BA32F
%s:%s:%s:%s:%s:%s, xrefs: 007BA3F7
md5-sess, xrefs: 007BA1E6

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: swprintf$_memset
String ID: %08x$%s:%s$%s:%s:%s$%s:%s:%s:%s:%s:%s$auth-int$md5-sess
API String ID: 1292703666-2328489966
Opcode ID: e6d9b2cddeaab45c64ff83a9d97a3f73b0556b16fd40d1ee6670289cd61046dd
Instruction ID: 10853dad5258b10503556eeee95febb36f2b8ad0c3350458c70e93f87224d4bf
Opcode Fuzzy Hash: e6d9b2cddeaab45c64ff83a9d97a3f73b0556b16fd40d1ee6670289cd61046dd
Instruction Fuzzy Hash: B4B19171108382BBD721DF58CC45FEBB7E8AF94304F444958F98897182EB75EA49CB92

Uniqueness

Uniqueness Score: -1.00%

Function 0079C890 Relevance: 33.5, APIs: 13, Strings: 6, Instructions: 249COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 0079C8AA
_strncmp.LIBCMT ref: 0079C8C4
_strncmp.LIBCMT ref: 0079C8E1
___from_strstr_to_strchr.LIBCMT ref: 0079C919
___from_strstr_to_strchr.LIBCMT ref: 0079C92F
___from_strstr_to_strchr.LIBCMT ref: 0079C9E4
_strncmp.LIBCMT ref: 0079C9FE
_strncmp.LIBCMT ref: 0079CA1B
_strncmp.LIBCMT ref: 0079CA38
___from_strstr_to_strchr.LIBCMT ref: 0079CA53
___from_strstr_to_strchr.LIBCMT ref: 0079CA64
___from_strstr_to_strchr.LIBCMT ref: 0079CA74

Strings

RTP/AVP/TCP, xrefs: 0079C9F8
application, xrefs: 0079C8F8
video, xrefs: 0079C8BE
RTP/AVP, xrefs: 0079CA15
udp, xrefs: 0079CA32
audio, xrefs: 0079C8DB

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: ___from_strstr_to_strchr$_strncmp
String ID: RTP/AVP$RTP/AVP/TCP$application$audio$udp$video
API String ID: 2516952115-289131259
Opcode ID: bf587f595cca463104216a5c8e913490784c32cec0f0e41e220c33ce7b6b62fb
Instruction ID: 64183d5d6c6c142e8d0f52f9c7f916a60105cc6b3f1a05e5e5975a6f500772c3
Opcode Fuzzy Hash: bf587f595cca463104216a5c8e913490784c32cec0f0e41e220c33ce7b6b62fb
Instruction Fuzzy Hash: 0B715D72A0030857DF21EBB5FD86BAF77E8DF94314F140929E809A7243FB79990583A1

Uniqueness

Uniqueness Score: -1.00%

Function 0079AB60 Relevance: 33.5, APIs: 13, Strings: 6, Instructions: 223COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 0079AB7C
_strncmp.LIBCMT ref: 0079AB96
_strncmp.LIBCMT ref: 0079ABB3
___from_strstr_to_strchr.LIBCMT ref: 0079ABEB
___from_strstr_to_strchr.LIBCMT ref: 0079AC01
___from_strstr_to_strchr.LIBCMT ref: 0079ACB6
_strncmp.LIBCMT ref: 0079ACD0
_strncmp.LIBCMT ref: 0079ACED
_strncmp.LIBCMT ref: 0079AD0A
___from_strstr_to_strchr.LIBCMT ref: 0079AD25
___from_strstr_to_strchr.LIBCMT ref: 0079AD36
___from_strstr_to_strchr.LIBCMT ref: 0079AD46

Strings

RTP/AVP/TCP, xrefs: 0079ACCA
application, xrefs: 0079ABCA
video, xrefs: 0079AB90
RTP/AVP, xrefs: 0079ACE7
udp, xrefs: 0079AD04
audio, xrefs: 0079ABAD

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: ___from_strstr_to_strchr$_strncmp
String ID: RTP/AVP$RTP/AVP/TCP$application$audio$udp$video
API String ID: 2516952115-289131259
Opcode ID: 1e418dd8f0388ff825ee3bf2b9e4b7914fb2f82e4addf5ef5027f06b5acc2a16
Instruction ID: 19b96e1097f65ed8eb59c693bb391e397c2486aa43e52b4131afa64502d98a36
Opcode Fuzzy Hash: 1e418dd8f0388ff825ee3bf2b9e4b7914fb2f82e4addf5ef5027f06b5acc2a16
Instruction Fuzzy Hash: 27613976A0130477DF209BA5FD86BAF37E8AB94311F100829E806A7646E679994487E3

Uniqueness

Uniqueness Score: -1.00%

Function 007E44D0 Relevance: 32.0, APIs: 15, Strings: 3, Instructions: 461windowsleepCOMMON

Download Yara Rule

APIs

CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,6838016B), ref: 007E453D
ResetEvent.KERNEL32(00000000), ref: 007E4547

Part of subcall function 007D1CF0: EnterCriticalSection.KERNEL32(-00000008,?,?,007D2069,?,00000000,00000000,?,?,?,?,?,?,?,?,007C78B4), ref: 007D1D12

TranslateMessage.USER32(?), ref: 007E464C
DispatchMessageA.USER32(?), ref: 007E4659
SetEvent.KERNEL32(?,00000000,?,0000002C,00000000,00000000), ref: 007E4801
TranslateMessage.USER32(?), ref: 007E4A46
DispatchMessageA.USER32(?), ref: 007E4A53
PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 007E4A71
TranslateMessage.USER32(?), ref: 007E4A82
DispatchMessageA.USER32(?), ref: 007E4A8F
Sleep.KERNEL32(00000064), ref: 007E4A97

Part of subcall function 007E9300: WaitForSingleObject.KERNEL32(?,00000000), ref: 007E9364
Part of subcall function 007E9300: ResetEvent.KERNEL32(?,?,00000000,00000000), ref: 007E938C

CDECRelease.ARCHIVEPLAYER(?,?,00000000,00000000,?,00000000,00000000), ref: 007E4B08
CloseHandle.KERNEL32(?,?,00000000,00000000,?,00000000,00000000), ref: 007E4B4B

Strings

,, xrefs: 007E4667
d, xrefs: 007E499C
gfff, xrefs: 007E49D1

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: Message$Event$DispatchTranslate$Reset$CloseCreateCriticalEnterHandleObjectPeekReleaseSectionSingleSleepWait
String ID: ,$d$gfff
API String ID: 964170224-720371987
Opcode ID: 1dd858289e6bac070d3f39af6a201af3bffd7677559a0201b4edf103675541f3
Instruction ID: 9d0fd978e39c15060017d1931cbf2a96b2a24100a75fccca2b5522aa616eb57f
Opcode Fuzzy Hash: 1dd858289e6bac070d3f39af6a201af3bffd7677559a0201b4edf103675541f3
Instruction Fuzzy Hash: AF12C271D01788EADF20DFA5CC49BEEB7F9BF49300F10451AE599A7280EB78A945CB50

Uniqueness

Uniqueness Score: -1.00%

Function 0084C43B Relevance: 28.2, APIs: 15, Strings: 1, Instructions: 237windowCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0084C445
CreateCompatibleDC.GDI32(00000000), ref: 0084C4A8
GetObjectA.GDI32(?,00000018,?), ref: 0084C4C6
SelectObject.GDI32(?,?), ref: 0084C4FA
CreateCompatibleDC.GDI32(?), ref: 0084C51A
CreateDIBSection.GDI32(?,00000028,00000000,?,00000000,00000000), ref: 0084C575
SelectObject.GDI32(?,?), ref: 0084C587
SelectObject.GDI32(?,00000000), ref: 0084C58F
SelectObject.GDI32(?,?), ref: 0084C59E
DeleteObject.GDI32(?), ref: 0084C5A2
BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 0084C5DA
GetPixel.GDI32(?,00000000,00000000), ref: 0084C6AF
SetPixel.GDI32(?,00000000,00000000,?), ref: 0084C6C1
SelectObject.GDI32(?,?), ref: 0084C6E4
SelectObject.GDI32(?,?), ref: 0084C6EC

Strings

(, xrefs: 0084C54D

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: Object$Select$Create$CompatiblePixel$DeleteH_prolog3_Section
String ID: (
API String ID: 1942225872-3887548279
Opcode ID: 9d60588c4efaba537a4c7ee1264f01af8c8e25fd44b78d273e4437c0b1f4fa52
Instruction ID: 74c16d47e06755069acac75be50f17cd0a8df88e3c5e08080cd43d35c92fe5b7
Opcode Fuzzy Hash: 9d60588c4efaba537a4c7ee1264f01af8c8e25fd44b78d273e4437c0b1f4fa52
Instruction Fuzzy Hash: 28914331901209DFDF65DFA8CD85AAEBBB9FF08304F208129E416E72A1DB30A945DF51

Uniqueness

Uniqueness Score: -1.00%

Function 0078CF20 Relevance: 28.2, APIs: 15, Strings: 1, Instructions: 197synchronizationnetworkCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0078CF96
ResetEvent.KERNEL32(?), ref: 0078CFB1
_memset.LIBCMT ref: 0078CFE6
send.WS2_32(?,?,0000000C,00000000), ref: 0078D017
WaitForSingleObject.KERNEL32(?,00002710,?,00000000,0000100C), ref: 0078D028
_memset.LIBCMT ref: 0078D067
ResetEvent.KERNEL32(?), ref: 0078D07F
inet_addr.WS2_32(?), ref: 0078D0BD
inet_addr.WS2_32(?), ref: 0078D0CC
_memmove.LIBCMT ref: 0078D148
_memset.LIBCMT ref: 0078D169
_memmove.LIBCMT ref: 0078D17B
send.WS2_32(?,?,00000084,00000000), ref: 0078D19A
WaitForSingleObject.KERNEL32(?,00002710), ref: 0078D1AB
_free.LIBCMT ref: 0078D1EA

Strings

x, xrefs: 0078D158

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memset$EventObjectResetSingleWait_memmoveinet_addrsend$_free
String ID: x
API String ID: 1122757218-2363233923
Opcode ID: d745089a66bcae40b5c977c3a94f185cf1d7535002ffb4f7819e4117c02d5506
Instruction ID: 17f593a026abb83ce12077cb25fc3ff3adf536c6356e5fff7947808f1a074484
Opcode Fuzzy Hash: d745089a66bcae40b5c977c3a94f185cf1d7535002ffb4f7819e4117c02d5506
Instruction Fuzzy Hash: C881B670A44359EFEB20DF64DC49BDAB7A4BF04300F044295E5589B2C6DBB8A998CF91

Uniqueness

Uniqueness Score: -1.00%

Function 007BACB0 Relevance: 27.4, APIs: 18, Instructions: 356COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 007BACE0
___from_strstr_to_strchr.LIBCMT ref: 007BAD25
_memmove.LIBCMT ref: 007BAD48
_memmove.LIBCMT ref: 007BADBE
___from_strstr_to_strchr.LIBCMT ref: 007BADD3
_memmove.LIBCMT ref: 007BADFA
_memmove.LIBCMT ref: 007BAE6F
swprintf.LIBCMT ref: 007BAE93
_memmove.LIBCMT ref: 007BAF03
___from_strstr_to_strchr.LIBCMT ref: 007BAF27
_memmove.LIBCMT ref: 007BAF4A
_memmove.LIBCMT ref: 007BAFBE
swprintf.LIBCMT ref: 007BAFE2
swprintf.LIBCMT ref: 007BB0DA
swprintf.LIBCMT ref: 007BB0ED
swprintf.LIBCMT ref: 007BB10A

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memmove$swprintf$___from_strstr_to_strchr$_memset
String ID:
API String ID: 4254409416-0
Opcode ID: abc956bfd2385c949f18a6d86a1b601bb92575e1ec83b180eebe94b6e237b62f
Instruction ID: a4b3c25958a4a084ceba23f668a04dacc2208399110d4ad8116824e771b41136
Opcode Fuzzy Hash: abc956bfd2385c949f18a6d86a1b601bb92575e1ec83b180eebe94b6e237b62f
Instruction Fuzzy Hash: 67D1D8B1900219AFDB14DF28DC85BDAF7A8FF15304F0042A5E55D97241DBB4AA88CFE1

Uniqueness

Uniqueness Score: -1.00%

Function 007B82B0 Relevance: 26.5, APIs: 7, Strings: 8, Instructions: 230COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 007B82F7

Part of subcall function 007BA0F0: _memset.LIBCMT ref: 007BA15D
Part of subcall function 007BA0F0: _memset.LIBCMT ref: 007BA179
Part of subcall function 007BA0F0: _memset.LIBCMT ref: 007BA195
Part of subcall function 007BA0F0: swprintf.LIBCMT ref: 007BA1AF
Part of subcall function 007BA0F0: swprintf.LIBCMT ref: 007BA211
Part of subcall function 007BA0F0: swprintf.LIBCMT ref: 007BA25E

swprintf.LIBCMT ref: 007B83EB
swprintf.LIBCMT ref: 007B8433
swprintf.LIBCMT ref: 007B84B5
swprintf.LIBCMT ref: 007B851B
swprintf.LIBCMT ref: 007B8572
swprintf.LIBCMT ref: 007B85A2

Strings

Digest username="%s",realm="%s",nonce="%s",uri="%s",response="%s", xrefs: 007B8597
md5, xrefs: 007B8448
Digest username="%s",realm="%s",nonce="%s",algorithm=%s,uri="%s",qop="%s",nc=%08d,cnonce="%s",response="%s", xrefs: 007B8428
Digest username="%s",realm="%s",nonce="%s",algorithm=%s,uri="%s",qop=%s,response="%s",opaque="%s", xrefs: 007B84AA
Digest username="%s",realm="%s",nonce="%s",algorithm=%s,uri="%s",qop="%s",nc=%08d,cnonce="%s",response="%s",opaque="%s", xrefs: 007B83E0
Digest username="%s",realm="%s",nonce="%s",uri="%s",response="%s",cnonce="%s",qop="%s",nc="%08d", xrefs: 007B8567
md5-sess, xrefs: 007B836F
Digest username="%s",realm="%s",nonce="%s",algorithm=%s,uri="%s",response="%s", xrefs: 007B8510

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: swprintf$_memset
String ID: Digest username="%s",realm="%s",nonce="%s",algorithm=%s,uri="%s",qop="%s",nc=%08d,cnonce="%s",response="%s"$Digest username="%s",realm="%s",nonce="%s",algorithm=%s,uri="%s",qop="%s",nc=%08d,cnonce="%s",response="%s",opaque="%s"$Digest username="%s",realm="%s",nonce="%s",algorithm=%s,uri="%s",qop=%s,response="%s",opaque="%s"$Digest username="%s",realm="%s",nonce="%s",algorithm=%s,uri="%s",response="%s"$Digest username="%s",realm="%s",nonce="%s",uri="%s",response="%s"$Digest username="%s",realm="%s",nonce="%s",uri="%s",response="%s",cnonce="%s",qop="%s",nc="%08d"$md5$md5-sess
API String ID: 1292703666-4135896896
Opcode ID: 1a3daef24b10615defec829bf1e164c370af80f7b754cfaf0cf897b57fb3c965
Instruction ID: f43d5dbb5a19119673212b9b3400cce41468d514b362c79d6696c9cc65633558
Opcode Fuzzy Hash: 1a3daef24b10615defec829bf1e164c370af80f7b754cfaf0cf897b57fb3c965
Instruction Fuzzy Hash: F99182F650011ABBCB65CE54CD80FEAB7BCBF44304F0481A5E709A7101EB316A96CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 0079CBE0 Relevance: 26.5, APIs: 13, Strings: 2, Instructions: 201COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 0079CBFA
_strncmp.LIBCMT ref: 0079CC14
___from_strstr_to_strchr.LIBCMT ref: 0079CC2A
_strncmp.LIBCMT ref: 0079CC44
_strncmp.LIBCMT ref: 0079CC61
___from_strstr_to_strchr.LIBCMT ref: 0079CC7E
___from_strstr_to_strchr.LIBCMT ref: 0079CC91
___from_strstr_to_strchr.LIBCMT ref: 0079CCC1
___from_strstr_to_strchr.LIBCMT ref: 0079CD06
___from_strstr_to_strchr.LIBCMT ref: 0079CD19
swprintf.LIBCMT ref: 0079CD4E

Strings

IP6, xrefs: 0079CC5B
IP4, xrefs: 0079CC3E

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: ___from_strstr_to_strchr$_strncmp$swprintf
String ID: IP4$IP6
API String ID: 4050511901-835370894
Opcode ID: 06ab2133cea61bdc03bf75ba635ba1183cbeb8d8910c915c4d808a8a3447ac5e
Instruction ID: 8e9d6c9b424bed7225d908270b9584fa9136b82456f01a9027e43fad591ec86e
Opcode Fuzzy Hash: 06ab2133cea61bdc03bf75ba635ba1183cbeb8d8910c915c4d808a8a3447ac5e
Instruction Fuzzy Hash: EA513B7270030427DF14EAB5BC86BBE77A89FD9314F04057DF905A7247EA65AA0583A1

Uniqueness

Uniqueness Score: -1.00%

Function 0079AE80 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 200COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 0079AE9C
_strncmp.LIBCMT ref: 0079AEB6
___from_strstr_to_strchr.LIBCMT ref: 0079AECC
_strncmp.LIBCMT ref: 0079AEE6
_strncmp.LIBCMT ref: 0079AF03
___from_strstr_to_strchr.LIBCMT ref: 0079AF20
___from_strstr_to_strchr.LIBCMT ref: 0079AF33
___from_strstr_to_strchr.LIBCMT ref: 0079AF63
___from_strstr_to_strchr.LIBCMT ref: 0079AFA8
___from_strstr_to_strchr.LIBCMT ref: 0079AFBB
swprintf.LIBCMT ref: 0079AFEE
swprintf.LIBCMT ref: 0079B03A
swprintf.LIBCMT ref: 0079B06F

Strings

IP6, xrefs: 0079AEFD
IP4, xrefs: 0079AEE0

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: ___from_strstr_to_strchr$_strncmpswprintf
String ID: IP4$IP6
API String ID: 3150634765-835370894
Opcode ID: 31b1fddfadec079dcd0a312371712decf427864a5a574250da9fd560eb3bdb69
Instruction ID: d5cf89330678b0e5aae657e6e72dbc2a750b1c1a104f1387949a6415a8dce362
Opcode Fuzzy Hash: 31b1fddfadec079dcd0a312371712decf427864a5a574250da9fd560eb3bdb69
Instruction Fuzzy Hash: 67512E736003446BDF20EAA5BD86BBF73B8DFD9314F00052DF941A7147EB66AA0583A1

Uniqueness

Uniqueness Score: -1.00%

Function 0077A630 Relevance: 26.4, APIs: 3, Strings: 12, Instructions: 115COMMON

Download Yara Rule

APIs

swprintf.LIBCMT ref: 0077A6D1
swprintf.LIBCMT ref: 0077A720
swprintf.LIBCMT ref: 0077A75C

Strings

2.5M, xrefs: 0077A6B8
1.5M, xrefs: 0077A6C6
384K, xrefs: 0077A68E
56K, xrefs: 0077A679
%smpeg4?USER=%s&PWD=%s&VIDEO_BITRATE=%s&VIDEO_RESOLUTION=%s&VIDEO_FPS_NUM=%d&VIDEO_BRIGHTNESS=%d&VIDEO_CONTRAST=%d&VIDEO_HUE=%d&VIDEO_SATURATION=%d, xrefs: 0077A70F
1.2M, xrefs: 0077A6AA
%smpeg4?USER=%s&PWD=%s&CHANNEL=%d&VIDEO_BITRATE=%s&VIDEO_RESOLUTION=%s&VIDEO_FPS_NUM=%d&VIDEO_BRIGHTNESS=%d&VIDEO_CONTRAST=%d&VIDEO_HUE=%d&VIDEO_SATURATION=%d, xrefs: 0077A74B
500K, xrefs: 0077A695
28K, xrefs: 0077A672
256K, xrefs: 0077A687
128K, xrefs: 0077A680
750K, xrefs: 0077A69C

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: swprintf
String ID: %smpeg4?USER=%s&PWD=%s&CHANNEL=%d&VIDEO_BITRATE=%s&VIDEO_RESOLUTION=%s&VIDEO_FPS_NUM=%d&VIDEO_BRIGHTNESS=%d&VIDEO_CONTRAST=%d&VIDEO_HUE=%d&VIDEO_SATURATION=%d$%smpeg4?USER=%s&PWD=%s&VIDEO_BITRATE=%s&VIDEO_RESOLUTION=%s&VIDEO_FPS_NUM=%d&VIDEO_BRIGHTNESS=%d&VIDEO_CONTRAST=%d&VIDEO_HUE=%d&VIDEO_SATURATION=%d$1.2M$1.5M$128K$2.5M$256K$28K$384K$500K$56K$750K
API String ID: 233258989-1779723003
Opcode ID: b21983d95d981ac878bf38b6952092dd330deb241161a91137e3f43ec5421d6d
Instruction ID: b1a77803e5b95f57a106307de21d6b5f93e2047faa950d624d38c04987926626
Opcode Fuzzy Hash: b21983d95d981ac878bf38b6952092dd330deb241161a91137e3f43ec5421d6d
Instruction Fuzzy Hash: 2241D872A40348F6DB10CA91CF41FEBB3BCFB4C740F148956B609E2091DA75F6549B96

Uniqueness

Uniqueness Score: -1.00%

Function 007927C0 Relevance: 25.8, APIs: 17, Instructions: 335COMMON

Download Yara Rule

APIs

__fseeki64.LIBCMT ref: 007927EC
__fread_nolock.LIBCMT ref: 00792816
_memset.LIBCMT ref: 00792922
__fread_nolock.LIBCMT ref: 00792941
__fseeki64.LIBCMT ref: 007929F0
__fseeki64.LIBCMT ref: 00792A3D
__ftelli64.LIBCMT ref: 00792A50

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: __fseeki64$__fread_nolock$__ftelli64_memset
String ID:
API String ID: 631097316-0
Opcode ID: 96f68c488a3ee7d96a9b6f3a383387eebe9b55b5b1451fb65a1655a8f49c0dc9
Instruction ID: 40e6114d68405b7e0e8d1c9dd984c104b1695f80dcd9f7c0d892260873b151b8
Opcode Fuzzy Hash: 96f68c488a3ee7d96a9b6f3a383387eebe9b55b5b1451fb65a1655a8f49c0dc9
Instruction Fuzzy Hash: 75D1B3B0900714ABDF71EF35DC41BAAB7F8FF44300F0485A9E5D9A2252EB74A9858F91

Uniqueness

Uniqueness Score: -1.00%

Function 00792D00 Relevance: 25.8, APIs: 17, Instructions: 292COMMON

Download Yara Rule

APIs

__fread_nolock.LIBCMT ref: 00792D63
__fseeki64.LIBCMT ref: 00792DD6
__ftelli64.LIBCMT ref: 00792DE9
__fseeki64.LIBCMT ref: 00792E29
__fread_nolock.LIBCMT ref: 00792E47
__fseeki64.LIBCMT ref: 00792EAB

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: __fseeki64$__fread_nolock$__ftelli64
String ID:
API String ID: 4209442585-0
Opcode ID: da7f02965ec7513b7b98a47bab1cfb6b8a7fa5a37511e7c5e9908519703d821c
Instruction ID: 7ca2885800d8b0fe8fc90ba223ec8429aff6f5d13edb32b69685706ce5e881e0
Opcode Fuzzy Hash: da7f02965ec7513b7b98a47bab1cfb6b8a7fa5a37511e7c5e9908519703d821c
Instruction Fuzzy Hash: ABB1B770640B01ABEF35AF35DC05B6BB7E5FF44700F00492DF9A9962A1EB35A945CB41

Uniqueness

Uniqueness Score: -1.00%

Function 007A65E0 Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 330COMMON

Download Yara Rule

APIs

Part of subcall function 007A64E0: _memset.LIBCMT ref: 007A6513
Part of subcall function 007A64E0: swprintf.LIBCMT ref: 007A65B5

Part of subcall function 007B94E0: ___from_strstr_to_strchr.LIBCMT ref: 007B9501
Part of subcall function 007B94E0: ___from_strstr_to_strchr.LIBCMT ref: 007B951F

_strstr.LIBCMT ref: 007A66A9
_strstr.LIBCMT ref: 007A66C1
_memset.LIBCMT ref: 007A670B
swprintf.LIBCMT ref: 007A674B
_strstr.LIBCMT ref: 007A67CA
_strstr.LIBCMT ref: 007A67E5
_strstr.LIBCMT ref: 007A67F9
_memset.LIBCMT ref: 007A6820
_memmove.LIBCMT ref: 007A6833
_strstr.LIBCMT ref: 007A68D5
_memset.LIBCMT ref: 007A68FE
_strstr.LIBCMT ref: 007A690F

Strings

CSeq:, xrefs: 007A66A3
Cseq:, xrefs: 007A66BB

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _strstr$_memset$___from_strstr_to_strchrswprintf$_memmove
String ID: CSeq:$Cseq:
API String ID: 3550871217-1220783797
Opcode ID: 3f7fb9e271ac08a8fba65765857980f07d559727c69bff8cd450aba271d88e3a
Instruction ID: 61395960380f784e3045c2bf957b617525fcc1556742d94bdfb84882664e7010
Opcode Fuzzy Hash: 3f7fb9e271ac08a8fba65765857980f07d559727c69bff8cd450aba271d88e3a
Instruction Fuzzy Hash: 2DB12FB1D0026497DF25DB24DC45FDE73B89B85310F0802A9EA49F7285E778AAC9CF90

Uniqueness

Uniqueness Score: -1.00%

Function 0079EE70 Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 288COMMON

Download Yara Rule

APIs

Part of subcall function 0079ED10: _memset.LIBCMT ref: 0079ED43
Part of subcall function 0079ED10: swprintf.LIBCMT ref: 0079EDE5
Part of subcall function 0079ED10: swprintf.LIBCMT ref: 0079EE3C

Part of subcall function 007B94E0: ___from_strstr_to_strchr.LIBCMT ref: 007B9501
Part of subcall function 007B94E0: ___from_strstr_to_strchr.LIBCMT ref: 007B951F

_strstr.LIBCMT ref: 0079EF3D
_strstr.LIBCMT ref: 0079EF56
_memset.LIBCMT ref: 0079EFA3
swprintf.LIBCMT ref: 0079EFE4
_strstr.LIBCMT ref: 0079F059
_strstr.LIBCMT ref: 0079F074
_strstr.LIBCMT ref: 0079F088
_memset.LIBCMT ref: 0079F0AB
_memmove.LIBCMT ref: 0079F0BC
_strstr.LIBCMT ref: 0079F147
_strstr.LIBCMT ref: 0079F16A
_memset.LIBCMT ref: 0079F1BF

Strings

CSeq:, xrefs: 0079EF37
Cseq:, xrefs: 0079EF50

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _strstr$_memset$swprintf$___from_strstr_to_strchr$_memmove
String ID: CSeq:$Cseq:
API String ID: 1259512227-1220783797
Opcode ID: cb1c853a11e202ee36ab7cb6add42e8d273f6b3fef9c55195f1f4a9756862299
Instruction ID: 60b5f977292fda822c05f3fcc122941ba265413022a7eb28f2160374cb2fbae5
Opcode Fuzzy Hash: cb1c853a11e202ee36ab7cb6add42e8d273f6b3fef9c55195f1f4a9756862299
Instruction Fuzzy Hash: 71A1F4B1A04344ABCB20DB64EC45BAFB3D9ABD4314F14093DF999D7282E778D909C792

Uniqueness

Uniqueness Score: -1.00%

Function 007A6A40 Relevance: 24.7, APIs: 7, Strings: 7, Instructions: 211COMMON

Download Yara Rule

APIs

swprintf.LIBCMT ref: 007A6A9D
swprintf.LIBCMT ref: 007A6AB2
swprintf.LIBCMT ref: 007A6B0C
_memset.LIBCMT ref: 007A6B29
swprintf.LIBCMT ref: 007A6CE5

Part of subcall function 007B9150: swprintf.LIBCMT ref: 007B9189
Part of subcall function 007B9150: swprintf.LIBCMT ref: 007B91AE

_memset.LIBCMT ref: 007A6C09
swprintf.LIBCMT ref: 007A6C99

Strings

SETUP, xrefs: 007A6B66
Session: %s, xrefs: 007A6A92
%s%s, xrefs: 007A6C6C
rtsp://, xrefs: 007A6B9E
%s/%s, xrefs: 007A6C8E
Transport: RTP/AVP/TCP;unicast;interleaved=%d-%d, xrefs: 007A6B01
SETUP %s RTSP/%d.%dCSeq: %d%s%s%sUser-Agent: %s, xrefs: 007A6CDA

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: swprintf$_memset
String ID: %s%s$%s/%s$SETUP$SETUP %s RTSP/%d.%dCSeq: %d%s%s%sUser-Agent: %s$Session: %s$Transport: RTP/AVP/TCP;unicast;interleaved=%d-%d$rtsp://
API String ID: 1292703666-2399744120
Opcode ID: fce68e3c1e603a85b24f32d8d15aef131b7237283fac036ad9035ac9f96f2d74
Instruction ID: 7eb4cc204d2949c910baafb34844eb2133593437bee303a9b66078bf14d041d1
Opcode Fuzzy Hash: fce68e3c1e603a85b24f32d8d15aef131b7237283fac036ad9035ac9f96f2d74
Instruction Fuzzy Hash: 7381B7B2A00519BBCB14CB64CC41FE7B379FB55300F0442AAE659E7141DB76BA69CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 007B02D0 Relevance: 24.7, APIs: 8, Strings: 6, Instructions: 182COMMON

Download Yara Rule

APIs

setsockopt.WS2_32(?,0000FFFF,00001006,?,00000004), ref: 007B0323
swprintf.LIBCMT ref: 007B0376
swprintf.LIBCMT ref: 007B03C3
swprintf.LIBCMT ref: 007B0410
swprintf.LIBCMT ref: 007B045D
swprintf.LIBCMT ref: 007B04AA
swprintf.LIBCMT ref: 007B04F7
_memset.LIBCMT ref: 007B0556

Strings

no-cache, xrefs: 007B0491, 007B04DE
POST, xrefs: 007B0333
multipart/x-mixed-replace; boundary=myboundary, xrefs: 007B03AA
gzip, deflate, xrefs: 007B03F7
Keep-Alive, xrefs: 007B0444
*/*, xrefs: 007B035D

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: swprintf$_memsetsetsockopt
String ID: */*$Keep-Alive$POST$gzip, deflate$multipart/x-mixed-replace; boundary=myboundary$no-cache
API String ID: 287978192-2728928735
Opcode ID: 73eb7a7d8a77f9d8bbbf5b73200ecc523d3e5530cad5c7ab7854040bf92fc794
Instruction ID: 3a9e5b6306e2b8ab0d2ce1a6d3540281bef601e0939d83e3709c42688e35c546
Opcode Fuzzy Hash: 73eb7a7d8a77f9d8bbbf5b73200ecc523d3e5530cad5c7ab7854040bf92fc794
Instruction Fuzzy Hash: 466191B2640701BBD7249B29D946AE7B7D4FF14314B04492DF8ADD3391DBB8B894CB80

Uniqueness

Uniqueness Score: -1.00%

Function 007A6D20 Relevance: 24.5, APIs: 16, Instructions: 489COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 007A6D50
___from_strstr_to_strchr.LIBCMT ref: 007A6DA4
_memmove.LIBCMT ref: 007A6DCD
_memmove.LIBCMT ref: 007A6E70
___from_strstr_to_strchr.LIBCMT ref: 007A6E98
_memmove.LIBCMT ref: 007A6EC7
_memmove.LIBCMT ref: 007A6F67
swprintf.LIBCMT ref: 007A6F98
_memmove.LIBCMT ref: 007A703A
___from_strstr_to_strchr.LIBCMT ref: 007A706B
_memmove.LIBCMT ref: 007A7092
_memmove.LIBCMT ref: 007A7139
swprintf.LIBCMT ref: 007A716A
_memset.LIBCMT ref: 007A72B4

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memmove$___from_strstr_to_strchr$_memsetswprintf
String ID:
API String ID: 2113892423-0
Opcode ID: f791398174e80ea0661323f86acd2f70f6fe384da9d77d5555170d67bd0a1714
Instruction ID: af4eb2c1f5e13cb06f5eb72910b6a87782b63f064a8863eb1463ac9fb2856c4e
Opcode Fuzzy Hash: f791398174e80ea0661323f86acd2f70f6fe384da9d77d5555170d67bd0a1714
Instruction Fuzzy Hash: 12128371E0011D9BDB29CF18CC95BE9B7B5EF85304F0442F5E94997246DBB8AA88CF90

Uniqueness

Uniqueness Score: -1.00%

Function 0084AA99 Relevance: 24.2, APIs: 16, Instructions: 160windowCOMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 0084AAA0
CreateCompatibleDC.GDI32(00000000), ref: 0084AACE
GetObjectA.GDI32(?,00000018,?), ref: 0084AAE7
SelectObject.GDI32(?,?), ref: 0084AB01
CreateCompatibleBitmap.GDI32(?,?,?), ref: 0084AB24
SelectObject.GDI32(?,00000000), ref: 0084AB35
CreateCompatibleDC.GDI32(?), ref: 0084AB5E
SelectObject.GDI32(?,00000024), ref: 0084AB73
SelectObject.GDI32(?,00000000), ref: 0084AB80
DeleteObject.GDI32(00000024), ref: 0084AB85
BitBlt.GDI32(?,00000000,00000000,000000FF,?,?,00000000,00000000,00CC0020), ref: 0084ABA9
GetPixel.GDI32(?,00000000,00000000), ref: 0084ABCB
SetPixel.GDI32(?,00000000,00000000,00000000), ref: 0084AC12
SelectObject.GDI32(?,?), ref: 0084AC37
SelectObject.GDI32(?,00000000), ref: 0084AC3D
DeleteObject.GDI32(?), ref: 0084AC41

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: Object$Select$CompatibleCreate$DeletePixel$BitmapH_prolog3
String ID:
API String ID: 3639146769-0
Opcode ID: ba49408f22b121c195472452abdeb9c76016546259941d121eb2b1850092bfc8
Instruction ID: 5bf5df1aadf764115a108385f26b8f745b24d0ebb5db3c94bbdbdefa9fab3d19
Opcode Fuzzy Hash: ba49408f22b121c195472452abdeb9c76016546259941d121eb2b1850092bfc8
Instruction Fuzzy Hash: 5551373195421EEFDF159FA4CD84AAEBBBAFF04320F100125F511EA2A0DB319D51EB62

Uniqueness

Uniqueness Score: -1.00%

Function 00796BE0 Relevance: 23.2, APIs: 11, Strings: 2, Instructions: 432COMMON

Download Yara Rule

APIs

Part of subcall function 007969C0: swprintf.LIBCMT ref: 00796A1D

_strstr.LIBCMT ref: 00796CAA
_strstr.LIBCMT ref: 00796CC2
swprintf.LIBCMT ref: 00796D8B
_memset.LIBCMT ref: 00796F53
___from_strstr_to_strchr.LIBCMT ref: 00796F6E
_memmove.LIBCMT ref: 00796F97
_memmove.LIBCMT ref: 0079703F
swprintf.LIBCMT ref: 00797073
_memmove.LIBCMT ref: 0079710E
swprintf.LIBCMT ref: 00797156
_memmove.LIBCMT ref: 007971E7

Strings

CSeq:, xrefs: 00796CA4
Cseq:, xrefs: 00796CBC

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memmoveswprintf$_strstr$___from_strstr_to_strchr_memset
String ID: CSeq:$Cseq:
API String ID: 1992464398-1220783797
Opcode ID: d7c01c9cdcc85ab8712df3995e86cb6d01b12aa9c20cd233056bcca156726c8a
Instruction ID: afe04fe083eee8ac3af170130dd79c16617a7e9e08b47572998e079d9cb4f262
Opcode Fuzzy Hash: d7c01c9cdcc85ab8712df3995e86cb6d01b12aa9c20cd233056bcca156726c8a
Instruction Fuzzy Hash: EC02E771A0411C8BDF24CF18DC99FE9B7B5BF45304F0402E9E88997246DB75AA89CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 007EE4F0 Relevance: 23.1, APIs: 10, Strings: 3, Instructions: 387COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 007EE547
_memset.LIBCMT ref: 007EE561
_memset.LIBCMT ref: 007EE57B
_sprintf.LIBCMT ref: 007EE592
__CxxThrowException@8.LIBCMT ref: 007EE5E8

Part of subcall function 009299C3: RaiseException.KERNEL32(?,?,?,00B06F54,0000674C,?,?,?,?,00948D40,?,00B06F54,00781E65,00000001), ref: 00929A18

_memset.LIBCMT ref: 007EE61C
_strtok.LIBCMT ref: 007EE6E6

Strings

MOTION_ENABLED=, xrefs: 007EE62F
MOTION_CONFIG=, xrefs: 007EE693
%s&MOTION_ENABLED&MOTION_CONFIG, xrefs: 007EE58C

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memset$ExceptionException@8RaiseThrow_sprintf_strtok
String ID: %s&MOTION_ENABLED&MOTION_CONFIG$MOTION_CONFIG=$MOTION_ENABLED=
API String ID: 4052914692-2859979939
Opcode ID: 85a8433f737fd0c6af5f9161cbad6645970403fed99ac6892fc56a4806878e9f
Instruction ID: 48fef291b22fc2f292a974129b0b257461f00f4169fa530fec11be9413593404
Opcode Fuzzy Hash: 85a8433f737fd0c6af5f9161cbad6645970403fed99ac6892fc56a4806878e9f
Instruction Fuzzy Hash: 9BF192B1D022599FEB20DF69DC45BDAB7B4BF44304F0048E9E409A7243E775AA84CF91

Uniqueness

Uniqueness Score: -1.00%

Function 007EEB10 Relevance: 23.1, APIs: 10, Strings: 3, Instructions: 362COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 007EEB57
_memset.LIBCMT ref: 007EEB71
_memset.LIBCMT ref: 007EEB8B
_sprintf.LIBCMT ref: 007EEBA2
_memset.LIBCMT ref: 007EEC0E

Part of subcall function 007F18E0: _strstr.LIBCMT ref: 007F18EE

_strtok.LIBCMT ref: 007EECD5
_memmove.LIBCMT ref: 007EEDBC
_memmove.LIBCMT ref: 007EEE3F

Part of subcall function 007EFF90: _memmove.LIBCMT ref: 007EFFC3

_strtok.LIBCMT ref: 007EEEB3
_memset.LIBCMT ref: 007EF063

Strings

MOTION_STATUS=, xrefs: 007EEC83
%s&MOTION_ENABLED&MOTION_STATUS, xrefs: 007EEB9C
MOTION_ENABLED=, xrefs: 007EEC21

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memset$_memmove$_strtok$_sprintf_strstr
String ID: %s&MOTION_ENABLED&MOTION_STATUS$MOTION_ENABLED=$MOTION_STATUS=
API String ID: 2886996804-3163552027
Opcode ID: 4bd890ccb65f3a4810f91c70ead9633b3a9a53120599aea4c3e4f8ebfd5ecbb1
Instruction ID: e86fd2a946b1e7a8e03c512afc49fddd7fbf4a85770a5d6ff03faa0e4586ed0d
Opcode Fuzzy Hash: 4bd890ccb65f3a4810f91c70ead9633b3a9a53120599aea4c3e4f8ebfd5ecbb1
Instruction Fuzzy Hash: B3E1C4B1E022599BEB20CF54DC45BEAB7B4BF48304F1409E9D409A7283E775AB84CF91

Uniqueness

Uniqueness Score: -1.00%

Function 0079C240 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 106COMMON

Download Yara Rule

APIs

swprintf.LIBCMT ref: 0079C2C0
getaddrinfo.WS2_32(?,?,?,?), ref: 0079C2D8
_wprintf.LIBCMT ref: 0079C34E
freeaddrinfo.WS2_32(?), ref: 0079C35A
freeaddrinfo.WS2_32(?), ref: 0079C38D

Strings

A memory allocation failure occurred. , xrefs: 0079C30B
A temporary failure in name resolution occurred., xrefs: 0079C342
The ai_family member of the hints parameter is not supported. , xrefs: 0079C320
The ai_socktype member of the hints parameter is not supported. , xrefs: 0079C312
A nonrecoverable failure in name resolution occurred. , xrefs: 0079C33B
The servname parameter is not supported for the specified ai_socktype member of the hints parameter. , xrefs: 0079C327
The name does not resolve for the supplied parameters or the nodename and servname parameters were not provided. , xrefs: 0079C349
An invalid value was provided for the ai_flags member of the hints parameter., xrefs: 0079C304

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: freeaddrinfo$_wprintfgetaddrinfoswprintf
String ID: A memory allocation failure occurred. $A nonrecoverable failure in name resolution occurred. $A temporary failure in name resolution occurred.$An invalid value was provided for the ai_flags member of the hints parameter.$The ai_family member of the hints parameter is not supported. $The ai_socktype member of the hints parameter is not supported. $The name does not resolve for the supplied parameters or the nodename and servname parameters were not provided. $The servname parameter is not supported for the specified ai_socktype member of the hints parameter.
API String ID: 663564245-48089087
Opcode ID: f7ccdb1cf6026c59bcec1f3545771fc2c0af6a9f5af0e316e9fc194a076e0fd4
Instruction ID: d3f5bf2aac3cde1e1c147637f2be4fca9e4077c607c329f14593c6422ce14eeb
Opcode Fuzzy Hash: f7ccdb1cf6026c59bcec1f3545771fc2c0af6a9f5af0e316e9fc194a076e0fd4
Instruction Fuzzy Hash: 3B31E63160C380AADF21CB18EC05B6BB7E4FB99750F148A1EF49586280D77999449793

Uniqueness

Uniqueness Score: -1.00%

Function 007B2350 Relevance: 22.6, APIs: 15, Instructions: 122windowsynchronizationfileCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(?,00000064), ref: 007B237E
PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 007B239C
TranslateMessage.USER32(?), ref: 007B23A6
DispatchMessageA.USER32(?), ref: 007B23B0
WaitForSingleObject.KERNEL32(?,00000064), ref: 007B23BE
CloseHandle.KERNEL32(?), ref: 007B23D0
DeleteFileA.KERNEL32(?), ref: 007B2441
_memset.LIBCMT ref: 007B2452
_memset.LIBCMT ref: 007B2475
_memset.LIBCMT ref: 007B2485
_memset.LIBCMT ref: 007B2495
_memset.LIBCMT ref: 007B24A5
_memset.LIBCMT ref: 007B24B5
SetEvent.KERNEL32(?), ref: 007B2518
CloseHandle.KERNEL32(?), ref: 007B2524

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memset$Message$CloseHandleObjectSingleWait$DeleteDispatchEventFilePeekTranslate
String ID:
API String ID: 3902834599-0
Opcode ID: 37e43aede52b59d1a8304bf808c3ed2be29c1a9a3fc0ec3a35dfe6e9c490cda6
Instruction ID: 1a7ebb8954aab4abbf2bf18e3947734926e3a15b02ebd6e5d63cfdd28fc26191
Opcode Fuzzy Hash: 37e43aede52b59d1a8304bf808c3ed2be29c1a9a3fc0ec3a35dfe6e9c490cda6
Instruction Fuzzy Hash: C7515BB1601B059BD720EFB8DC89FD6B7ECBB18310F144A18E2AA971D1DBB9B445CB50

Uniqueness

Uniqueness Score: -1.00%

Function 007BC9F0 Relevance: 21.3, APIs: 14, Instructions: 334windowCOMMON

Download Yara Rule

APIs

GetDC.USER32(?), ref: 007BCAD2
SetStretchBltMode.GDI32(00000000,00000003), ref: 007BCAE8
StretchDIBits.GDI32(?,00000000,00000000,?,?,?,?,00000000,?,?,?,00000000,00CC0020), ref: 007BCB48
ReleaseDC.USER32(00000000,00000000), ref: 007BCDBE

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: Stretch$BitsModeRelease
String ID:
API String ID: 3030403192-0
Opcode ID: 71bd87ae5a9a93ab331b2463f97f47531e920b871bb7bc70c5c796ab31f0ffe5
Instruction ID: 3e8d0bb2daaf659b6f85090b621a8d4e156937345b36489b26ef60a3b4522965
Opcode Fuzzy Hash: 71bd87ae5a9a93ab331b2463f97f47531e920b871bb7bc70c5c796ab31f0ffe5
Instruction Fuzzy Hash: E8D15671A00704AFDB26CF69C945BAABBF2BF48700F148A2DE556A66A0D775F840DB10

Uniqueness

Uniqueness Score: -1.00%

Function 007BC5F0 Relevance: 21.3, APIs: 14, Instructions: 333windowCOMMON

Download Yara Rule

APIs

GetDC.USER32(?), ref: 007BC6C4
SetStretchBltMode.GDI32(00000000,00000003), ref: 007BC6FA
StretchDIBits.GDI32(?,00000000,00000000,?,?,?,?,?,?,?,?,00000000,00CC0020), ref: 007BC755
ReleaseDC.USER32(?,?), ref: 007BC9C4

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: Stretch$BitsModeRelease
String ID:
API String ID: 3030403192-0
Opcode ID: f1b5d7b5f8581787a904e2e7da235cc4d422ea13b47ab0ec76e275bc9be25eaf
Instruction ID: 719a1fb0d6d0e3b0781fba691f1c24f01ab09d122aa817bacd3aaa36b2a93757
Opcode Fuzzy Hash: f1b5d7b5f8581787a904e2e7da235cc4d422ea13b47ab0ec76e275bc9be25eaf
Instruction Fuzzy Hash: CCD15871A00704AFDB26CFA5C985BAABBF5BF08304F148A2DF556A2A90D775F850DF10

Uniqueness

Uniqueness Score: -1.00%

Function 007BCDF0 Relevance: 21.3, APIs: 14, Instructions: 325windowCOMMON

Download Yara Rule

APIs

GetDC.USER32(?), ref: 007BCECE
SetStretchBltMode.GDI32(00000000,00000003), ref: 007BCEE4
StretchDIBits.GDI32(?,00000000,00000000,?,?,?,?,?,?,00000000,?,00000000,00CC0020), ref: 007BCF41
ReleaseDC.USER32(?,?), ref: 007BD1B2

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: Stretch$BitsModeRelease
String ID:
API String ID: 3030403192-0
Opcode ID: ed3c797b55d09f5da9a67714399204222a2195e5fcf39f5cf6d23e07b469f8bd
Instruction ID: fd84bbe249d10169f34671ba29b8f8196e02d1fce8aaaca7b0f2ceb81c1255e3
Opcode Fuzzy Hash: ed3c797b55d09f5da9a67714399204222a2195e5fcf39f5cf6d23e07b469f8bd
Instruction Fuzzy Hash: BFD15971A00708EFDB26DF69C844BAABBF5BF48700F148A1DF556A2A90D775F850DB10

Uniqueness

Uniqueness Score: -1.00%

Function 007965C0 Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 306COMMON

Download Yara Rule

APIs

Part of subcall function 007964C0: _memset.LIBCMT ref: 007964F3
Part of subcall function 007964C0: swprintf.LIBCMT ref: 00796595

Part of subcall function 007B94E0: ___from_strstr_to_strchr.LIBCMT ref: 007B9501
Part of subcall function 007B94E0: ___from_strstr_to_strchr.LIBCMT ref: 007B951F

_strstr.LIBCMT ref: 00796682
_strstr.LIBCMT ref: 0079669A
_strstr.LIBCMT ref: 0079674C
_strstr.LIBCMT ref: 00796767
_strstr.LIBCMT ref: 0079677B
_memset.LIBCMT ref: 007967A2
_memmove.LIBCMT ref: 007967B5
_strstr.LIBCMT ref: 00796857
_memset.LIBCMT ref: 0079687E
_strstr.LIBCMT ref: 0079688F

Part of subcall function 0079B870: _strncmp.LIBCMT ref: 0079B8D0

Strings

CSeq:, xrefs: 0079667C
Cseq:, xrefs: 00796694

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _strstr$_memset$___from_strstr_to_strchr$_memmove_strncmpswprintf
String ID: CSeq:$Cseq:
API String ID: 2263177842-1220783797
Opcode ID: 04bdc7ae32917f8de517cace5e6ddae6dabd2f07a40d955888ac9e7c57e44efd
Instruction ID: b38bfd94cea663340d549aed6aec150af5216de10f1bf78fe3289953b5ed5abe
Opcode Fuzzy Hash: 04bdc7ae32917f8de517cace5e6ddae6dabd2f07a40d955888ac9e7c57e44efd
Instruction Fuzzy Hash: 47A10DB1D002289BCF20DB25EC45FDEB7F9AB54350F0406A9E848A7241E7B5AAC58FD0

Uniqueness

Uniqueness Score: -1.00%

Function 0084A798 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 232memoryCOMMON

Download Yara Rule

APIs

GlobalAlloc.KERNEL32(00000002,?,00000000,?,00000000,?,0084A784,?,00000000,?,0099DC30,?,0084B530,?,00000000,?), ref: 0084A7A5
GlobalLock.KERNEL32(00000000,?,0084A784,?,00000000,?,0099DC30,?,0084B530,?,00000000,?), ref: 0084A7BD
_memmove.LIBCMT ref: 0084A7CA
CreateStreamOnHGlobal.OLE32(00000000,00000001,00000000), ref: 0084A7D9
EnterCriticalSection.KERNEL32(00B3D750,00000000), ref: 0084A7F2
LeaveCriticalSection.KERNEL32(00B3D750,00000000), ref: 0084A853

Part of subcall function 0081092F: __CxxThrowException@8.LIBCMT ref: 00810943

__EH_prolog3.LIBCMT ref: 0084A871
GetObjectA.GDI32(00000000,00000018,?), ref: 0084A96C
DeleteObject.GDI32(?), ref: 0084A979

Strings

, xrefs: 0084A984

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: Global$CriticalObjectSection$AllocCreateDeleteEnterException@8H_prolog3LeaveLockStreamThrow_memmove
String ID:
API String ID: 4133277357-3916222277
Opcode ID: 50566097a575cc560fa9d3ebfe5e6b868ebb22476c6e8c7cc201ba601312e045
Instruction ID: 83ab27b18d86972c8da573dfdfc0c325011748e8acca15cbe2cf98cb9bcf786c
Opcode Fuzzy Hash: 50566097a575cc560fa9d3ebfe5e6b868ebb22476c6e8c7cc201ba601312e045
Instruction Fuzzy Hash: F581BF7194021EEBDF18AF64CC85AAEBBB8FF04314F104529F815DB291EB309E51DB92

Uniqueness

Uniqueness Score: -1.00%

Function 00828582 Relevance: 21.2, APIs: 1, Strings: 11, Instructions: 183COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00828589

Part of subcall function 00802D2D: _malloc.LIBCMT ref: 00802D49

Part of subcall function 008315CB: __EH_prolog3.LIBCMT ref: 008315D2

Strings

MFCEditBrowse, xrefs: 00828616
MFCShellList, xrefs: 00828760
MFCFontComboBox, xrefs: 0082864D
MFCMaskedEdit, xrefs: 008286BB
MFCLink, xrefs: 00828684
MFCVSListBox, xrefs: 008287C0
MFCMenuButton, xrefs: 008286F2
MFCButton, xrefs: 008285A8
MFCColorButton, xrefs: 008285DF
MFCShellTree, xrefs: 00828790
MFCPropertyGrid, xrefs: 00828729

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: H_prolog3$_malloc
String ID: MFCButton$MFCColorButton$MFCEditBrowse$MFCFontComboBox$MFCLink$MFCMaskedEdit$MFCMenuButton$MFCPropertyGrid$MFCShellList$MFCShellTree$MFCVSListBox
API String ID: 1683881009-2110171958
Opcode ID: 6363ddbeb9153196cdd836dd2b8176577490895d12fe24ba57dcd59aad368b73
Instruction ID: 4e815185699964c46852cc2d815a6413dd2a81c6cc1e44772a2ba0dee70bc572
Opcode Fuzzy Hash: 6363ddbeb9153196cdd836dd2b8176577490895d12fe24ba57dcd59aad368b73
Instruction Fuzzy Hash: 0351E62060535DEAEF40E77C9D45B6E26D1FF60348F24442CBD05DA1C2EFB4CE848696

Uniqueness

Uniqueness Score: -1.00%

Function 007969C0 Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 160COMMON

Download Yara Rule

APIs

swprintf.LIBCMT ref: 00796A1D
swprintf.LIBCMT ref: 00796A32
swprintf.LIBCMT ref: 00796A8C
_memset.LIBCMT ref: 00796AA9
swprintf.LIBCMT ref: 00796B7B

Part of subcall function 007B9150: swprintf.LIBCMT ref: 007B9189
Part of subcall function 007B9150: swprintf.LIBCMT ref: 007B91AE

swprintf.LIBCMT ref: 00796B9F

Strings

SETUP, xrefs: 00796AE6
Session: %s, xrefs: 00796A12
rtsp://, xrefs: 00796B1E
SETUP %s/%s RTSP/%d.%dCSeq: %d%s%s%sUser-Agent: %s, xrefs: 00796B94
Transport: RTP/AVP/TCP;unicast;interleaved=%d-%d, xrefs: 00796A81
SETUP %s RTSP/%d.%dCSeq: %d%s%s%sUser-Agent: %s, xrefs: 00796B70

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: swprintf$_memset
String ID: SETUP$SETUP %s RTSP/%d.%dCSeq: %d%s%s%sUser-Agent: %s$SETUP %s/%s RTSP/%d.%dCSeq: %d%s%s%sUser-Agent: %s$Session: %s$Transport: RTP/AVP/TCP;unicast;interleaved=%d-%d$rtsp://
API String ID: 1292703666-1707111129
Opcode ID: bd285ac4417f521704e98d18c12331a52441aaccc01bdb4484fec86e6054937e
Instruction ID: a7e3d7cebaa6b302e717db92b2eb09deda51f0b2eacafb726ffbe54429c69572
Opcode Fuzzy Hash: bd285ac4417f521704e98d18c12331a52441aaccc01bdb4484fec86e6054937e
Instruction Fuzzy Hash: E451D6B2A00219BBDB15DB68DC41FE6B37DFF14300F044266F549E7241EA75AA988BE1

Uniqueness

Uniqueness Score: -1.00%

Function 007A0650 Relevance: 21.1, APIs: 4, Strings: 8, Instructions: 94COMMON

Download Yara Rule

APIs

swprintf.LIBCMT ref: 007A06BF
getaddrinfo.WS2_32(?,?,?,?), ref: 007A06D3
_wprintf.LIBCMT ref: 007A0749
freeaddrinfo.WS2_32(?), ref: 007A0753

Strings

A memory allocation failure occurred. , xrefs: 007A0706
A temporary failure in name resolution occurred., xrefs: 007A073D
The ai_family member of the hints parameter is not supported. , xrefs: 007A071B
The ai_socktype member of the hints parameter is not supported. , xrefs: 007A070D
A nonrecoverable failure in name resolution occurred. , xrefs: 007A0736
The servname parameter is not supported for the specified ai_socktype member of the hints parameter. , xrefs: 007A0722
The name does not resolve for the supplied parameters or the nodename and servname parameters were not provided. , xrefs: 007A0744
An invalid value was provided for the ai_flags member of the hints parameter., xrefs: 007A06FF

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _wprintffreeaddrinfogetaddrinfoswprintf
String ID: A memory allocation failure occurred. $A nonrecoverable failure in name resolution occurred. $A temporary failure in name resolution occurred.$An invalid value was provided for the ai_flags member of the hints parameter.$The ai_family member of the hints parameter is not supported. $The ai_socktype member of the hints parameter is not supported. $The name does not resolve for the supplied parameters or the nodename and servname parameters were not provided. $The servname parameter is not supported for the specified ai_socktype member of the hints parameter.
API String ID: 4112073193-48089087
Opcode ID: 73bf332ea374ac72403baf94d93ab64f4c69cb22ce791a52ddad776b72eaf78e
Instruction ID: ee0db01d2cdfcab13356034bbcbf49f9b4613fca85f28e78b6764f4dde11b1d9
Opcode Fuzzy Hash: 73bf332ea374ac72403baf94d93ab64f4c69cb22ce791a52ddad776b72eaf78e
Instruction Fuzzy Hash: BE31B335508384ABDF108B15D84AB6BB7A4FBDA750F144F1EF48581280D7BDA9449BD3

Uniqueness

Uniqueness Score: -1.00%

Function 0079C3B0 Relevance: 19.7, APIs: 13, Instructions: 187networkCOMMON

Download Yara Rule

APIs

socket.WS2_32(?,?,?), ref: 0079C3D3
ioctlsocket.WS2_32(00000000,8004667E,?), ref: 0079C413
shutdown.WS2_32(?,00000002), ref: 0079C42F
closesocket.WS2_32(?), ref: 0079C436

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: closesocketioctlsocketshutdownsocket
String ID:
API String ID: 4217546151-0
Opcode ID: f62c2d021527f69ea6d66c70ea35cc13ab5ffce295f9bd512f1af655de37a000
Instruction ID: 93c7b0fed5c625b8350b4b2db60af38f90a9623eb20e95346005f02fbb14e5ab
Opcode Fuzzy Hash: f62c2d021527f69ea6d66c70ea35cc13ab5ffce295f9bd512f1af655de37a000
Instruction Fuzzy Hash: 986104705006089BDF25DF24DC45BE9B3B8FF18720F104699EA6A932D0DB74AE94CF90

Uniqueness

Uniqueness Score: -1.00%

Function 007BEF60 Relevance: 19.7, APIs: 13, Instructions: 184windowCOMMON

Download Yara Rule

APIs

GetWindowDC.USER32(?,00000003,00000001), ref: 007BF020
SetStretchBltMode.GDI32(00000000,00000003), ref: 007BF033
FillRect.USER32(00000000,?,?), ref: 007BF061
SelectObject.GDI32(?,?), ref: 007BF0BC
DeleteObject.GDI32(00000000), ref: 007BF0C3
DeleteDC.GDI32(?), ref: 007BF0CC
CreateCompatibleDC.GDI32(00000000), ref: 007BF0E8
CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 007BF0F8
SelectObject.GDI32(?,00000000), ref: 007BF105
SetStretchBltMode.GDI32(?,00000003), ref: 007BF113
FillRect.USER32(?,?), ref: 007BF13D
BitBlt.GDI32(00000000,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 007BF17D
ReleaseDC.USER32(?,00000000), ref: 007BF185

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: Object$CompatibleCreateDeleteFillModeRectSelectStretch$BitmapReleaseWindow
String ID:
API String ID: 2592894486-0
Opcode ID: 9f5c85ac55af0fe340444beaab88289609d05974f3f92881e07d80b5a73d2151
Instruction ID: afbcaa21b8e36672110975e3ef72f90d9633a896a43ec22101549bb87ab0ed56
Opcode Fuzzy Hash: 9f5c85ac55af0fe340444beaab88289609d05974f3f92881e07d80b5a73d2151
Instruction Fuzzy Hash: 5A712571605B04AFDB20DF69DD88BAABBF4FF08B04F10492CE59696AA0D775E804DB10

Uniqueness

Uniqueness Score: -1.00%

Function 007B0EC0 Relevance: 19.6, APIs: 13, Instructions: 139windowsynchronizationfileCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(?,00000064), ref: 007B0EE7
PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 007B0F00
TranslateMessage.USER32(?), ref: 007B0F0A
DispatchMessageA.USER32(?), ref: 007B0F14
WaitForSingleObject.KERNEL32(?,00000064), ref: 007B0F22
CloseHandle.KERNEL32(?), ref: 007B0F2F
DeleteFileA.KERNEL32(?), ref: 007B1004
_memset.LIBCMT ref: 007B1015
_memset.LIBCMT ref: 007B1038
_memset.LIBCMT ref: 007B1048
_memset.LIBCMT ref: 007B1058
_memset.LIBCMT ref: 007B1068
_memset.LIBCMT ref: 007B1078

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memset$Message$ObjectSingleWait$CloseDeleteDispatchFileHandlePeekTranslate
String ID:
API String ID: 3164521406-0
Opcode ID: 754e2681dad14d81c85c77efde58c74e5b6f5b078ccc439737a59b9557ee0c3a
Instruction ID: 61e98e0c660771f62fbcea81e37ebfa488f00b17439c62b0b5426cc172c5d9cd
Opcode Fuzzy Hash: 754e2681dad14d81c85c77efde58c74e5b6f5b078ccc439737a59b9557ee0c3a
Instruction Fuzzy Hash: 1C511670641B059BE720AF78C849FA7B7E8BF04710F148A1DA5AA9A2D1DF75B844CB90

Uniqueness

Uniqueness Score: -1.00%

Function 007C8C80 Relevance: 19.6, APIs: 7, Strings: 4, Instructions: 321fileCOMMON

Download Yara Rule

APIs

GetClientRect.USER32(?,?), ref: 007C8D21
GetCursorPos.USER32(00000000), ref: 007C8D2E
PtInRect.USER32(?,00000000,00000000), ref: 007C8D60
DragQueryFileA.SHELL32 ref: 007C8D8D
DragQueryFileA.SHELL32(?,00000000,?,00000104), ref: 007C8DAE

Part of subcall function 00781F60: InitializeCriticalSectionAndSpinCount.KERNEL32(00000001,00000000,00000000,6838016B,0000676C,?,00000000,009593D8,000000FF,?,00000000,?,0078034D,00000000), ref: 00781FC3
Part of subcall function 00781F60: GetLastError.KERNEL32(?,00000000,009593D8,000000FF,?,00000000,?,0078034D,00000000,?,?,00000000), ref: 00781FCD

Strings

%s%s, xrefs: 007C8F57
.raw, xrefs: 007C8F46
Number of Droppped File : 1, xrefs: 007C9080
Number of Dropped File(s) : %d, xrefs: 007C900B

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: DragFileQueryRect$ClientCountCriticalCursorErrorInitializeLastSectionSpin
String ID: %s%s$.raw$Number of Dropped File(s) : %d$Number of Droppped File : 1
API String ID: 991619952-3451760269
Opcode ID: 3069d8fa31c7797eb9bb80e0cd9ad3a6cad6fd23fc9b8b6cac1fa22d9dadcab9
Instruction ID: f60dfe30166e54301618aae3533074d49b2d60335ed76158fecf3cf1eff9212a
Opcode Fuzzy Hash: 3069d8fa31c7797eb9bb80e0cd9ad3a6cad6fd23fc9b8b6cac1fa22d9dadcab9
Instruction Fuzzy Hash: 0ED1BC70A01609DFCB24CB28CC89FD9B7B9BF49324F10429DE51997291DB74AE84CF91

Uniqueness

Uniqueness Score: -1.00%

Function 007904B0 Relevance: 19.5, APIs: 6, Strings: 5, Instructions: 224COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00790572
swprintf.LIBCMT ref: 0079058F
_fprintf.LIBCMT ref: 007905C3

Part of subcall function 0079C6C0: recv.WS2_32(?,00000000,0078A5CC,00000000), ref: 0079C6D7
Part of subcall function 0079C6C0: WSAGetLastError.WS2_32(?,0078A5CC,00000000,0000000D), ref: 0079C6E1
Part of subcall function 0079C6C0: shutdown.WS2_32(?,00000002), ref: 0079C701
Part of subcall function 0079C6C0: closesocket.WS2_32(?), ref: 0079C708

Strings

ATCP20\VideoStreaming_2_0.cpp, xrefs: 007905B3, 0079072F
CVideoStreaming_2_0::GetOneFrame2, xrefs: 007905B8, 00790735
C:\ADKLog\0x%08x_%d.txt, xrefs: 00790584, 00790700
ERR.%s, %s-%d, xrefs: 007905BD
ERR.%s, ret:%d, %s-%d, xrefs: 0079073A

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: ErrorLast_fprintf_memsetclosesocketrecvshutdownswprintf
String ID: ATCP20\VideoStreaming_2_0.cpp$C:\ADKLog\0x%08x_%d.txt$CVideoStreaming_2_0::GetOneFrame2$ERR.%s, %s-%d$ERR.%s, ret:%d, %s-%d
API String ID: 939975575-3614675859
Opcode ID: 23785b1e4439f6aa2c764b2234ee33d26360fee3d5f9ee1cfa7409a0eba61964
Instruction ID: 95e3507239faa1cd548fe62d7d0bc3c1b1aaca86339e711129e0d5b38a7ddd05
Opcode Fuzzy Hash: 23785b1e4439f6aa2c764b2234ee33d26360fee3d5f9ee1cfa7409a0eba61964
Instruction Fuzzy Hash: BB812470A01358AFCF20DBB8DC85BDAB7F5AF59310F0445A9F459A7281DB38AA41CB91

Uniqueness

Uniqueness Score: -1.00%

Function 007E2270 Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 181COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 007E22DC
_memmove.LIBCMT ref: 007E246B

Strings

PANTILTSTOP, xrefs: 007E240B
TILTUP, xrefs: 007E2317
TILTDOWN, xrefs: 007E2337
MOVEDOWNRIGHT, xrefs: 007E23EE
PANLEFT, xrefs: 007E2357
MOVEDOWNLEFT, xrefs: 007E23D1
MOVEUPLEFT, xrefs: 007E2397
PANRIGHT, xrefs: 007E2377
MOVEUPRIGHT, xrefs: 007E23B4

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memmove_memset
String ID: MOVEDOWNLEFT$MOVEDOWNRIGHT$MOVEUPLEFT$MOVEUPRIGHT$PANLEFT$PANRIGHT$PANTILTSTOP$TILTDOWN$TILTUP
API String ID: 3555123492-3566327323
Opcode ID: 945e840d51e591c77be894154acd62a6338ad20eeaf5c4f6458daeef838c0d21
Instruction ID: 180f775cbd0e279c08c64bf82751b3a7fcdfe4d88bf0b89458c99b26ce9b0a81
Opcode Fuzzy Hash: 945e840d51e591c77be894154acd62a6338ad20eeaf5c4f6458daeef838c0d21
Instruction Fuzzy Hash: 49617C7290025CABDF21CE94CC41FEAB77CFB49300F5080A6FA4DD6192DA759E999F50

Uniqueness

Uniqueness Score: -1.00%

Function 007E2850 Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 181COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 007E28BC
_memmove.LIBCMT ref: 007E2A42

Strings

OSDLEAVE, xrefs: 007E29C6
OSDUP, xrefs: 007E2934
OSDDOWN, xrefs: 007E2953
OSDSTOP, xrefs: 007E29E2
OSDRIGHT, xrefs: 007E298E
OSDOFF, xrefs: 007E2915
OSDENTER, xrefs: 007E29AA
OSDON, xrefs: 007E28F6
OSDLEFT, xrefs: 007E2972

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memmove_memset
String ID: OSDDOWN$OSDENTER$OSDLEAVE$OSDLEFT$OSDOFF$OSDON$OSDRIGHT$OSDSTOP$OSDUP
API String ID: 3555123492-871765484
Opcode ID: be50502cd1d9c5c1e554f72eda29fca572df52f4e8f25c8e5aba41dc51262807
Instruction ID: cf99dc01b2718e39b142b352e6c5bbcdd8e86215896c9642c040f1565f55c206
Opcode Fuzzy Hash: be50502cd1d9c5c1e554f72eda29fca572df52f4e8f25c8e5aba41dc51262807
Instruction Fuzzy Hash: C351B67254021CBADF30DA54CC42FEA73BCFF48300F5080A6FA4DE6182DA75AA899F51

Uniqueness

Uniqueness Score: -1.00%

Function 00854B50 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 135COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00854B57
GetObjectA.GDI32(?,00000018,?), ref: 00854B71
_memmove.LIBCMT ref: 00854BCD

Strings

, xrefs: 00854BBA

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: H_prolog3Object_memmove
String ID:
API String ID: 107514201-3916222277
Opcode ID: 27129543ed83dbb4ec5ccf8b2258b87152631e2ca0e326fc5be28d2b67645b7d
Instruction ID: 1c8300890c2885fe7e125cc0c06b123893774d98c248014255dab2f0339ab2af
Opcode Fuzzy Hash: 27129543ed83dbb4ec5ccf8b2258b87152631e2ca0e326fc5be28d2b67645b7d
Instruction Fuzzy Hash: 5741AD71901118ABDF11DFA4CC44BEEBBB9FF84316F148114F911E62A0DB719E89DB90

Uniqueness

Uniqueness Score: -1.00%

Function 0079E620 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 96COMMON

Download Yara Rule

APIs

_strstr.LIBCMT ref: 0079E632
_strstr.LIBCMT ref: 0079E661
_strncmp.LIBCMT ref: 0079E675
_strncmp.LIBCMT ref: 0079E6AA
_strstr.LIBCMT ref: 0079E6BC
_memset.LIBCMT ref: 0079E6F4
swprintf.LIBCMT ref: 0079E70E
swprintf.LIBCMT ref: 0079E72B

Strings

Basic, xrefs: 0079E6A4
Digest, xrefs: 0079E66F
WWW-Authenticate:, xrefs: 0079E62A, 0079E6B6

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _strstr$_strncmpswprintf$_memset
String ID: Basic$Digest$WWW-Authenticate:
API String ID: 100654304-1218964282
Opcode ID: 7137a70cf82be5b7574a3245b1ab5b28ba796cb872b4323a545dd20a7db06589
Instruction ID: 5f7998c4ffa108a329b6bffccae8547c6ec1f6ca83fdad543446ee59506b8032
Opcode Fuzzy Hash: 7137a70cf82be5b7574a3245b1ab5b28ba796cb872b4323a545dd20a7db06589
Instruction Fuzzy Hash: 122136B3A4176037EA20E6217C43FDBB3486B70750F040521FD08A22C3F7A9AA55C6E6

Uniqueness

Uniqueness Score: -1.00%

Function 0040A080 Relevance: 18.4, APIs: 12, Instructions: 398COMMON

Download Yara Rule

APIs

_malloc.LIBCMT ref: 0040A0CB

Part of subcall function 0092FEAF: _malloc.LIBCMT ref: 0092FEBB

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _malloc
String ID:
API String ID: 1579825452-0
Opcode ID: 6a0a78d1259318583f6e162a636e4274a15254ffcb8150f07363ec3420578a21
Instruction ID: 72c4af456ab4c509686c487288c2eac8a918bc3698bbc9d057e70a8c01b9b361
Opcode Fuzzy Hash: 6a0a78d1259318583f6e162a636e4274a15254ffcb8150f07363ec3420578a21
Instruction Fuzzy Hash: F5E19C716087528BD710DF39888432EF7E1AFC8304F48897EE884AB396E779D9558B47

Uniqueness

Uniqueness Score: -1.00%

Function 0084A482 Relevance: 18.2, APIs: 12, Instructions: 196fileCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0084A48C
GetModuleFileNameA.KERNEL32(00000000,?,00000104,009964B8,00000000,00AE68A4,00000000,00996540,00000000,?,?,0000052C,0084B46C,?,00000000,00000038), ref: 0084A52A
__splitpath_s.LIBCMT ref: 0084A55A
__splitpath_s.LIBCMT ref: 0084A57B
__makepath_s.LIBCMT ref: 0084A5AB
CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00996540,00000000,?,?,0000052C,0084B46C,?,00000000,00000038), ref: 0084A5DA
GetFileSize.KERNEL32(00000000,00000000,?,?,00000000,0081A508), ref: 0084A5EE
CloseHandle.KERNEL32(?,?,?,00000000,0081A508), ref: 0084A5FC

Part of subcall function 0081092F: __CxxThrowException@8.LIBCMT ref: 00810943

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: File$__splitpath_s$CloseCreateException@8H_prolog3_HandleModuleNameSizeThrow__makepath_s
String ID:
API String ID: 3103951209-0
Opcode ID: 522eb52521575003361218d7102b698d6e44ca608dc4db60eb36c1cf092241c9
Instruction ID: e73e9dcc0cc0a5b4c82ce5c3d2712283374b6608493d18132449915e7577051a
Opcode Fuzzy Hash: 522eb52521575003361218d7102b698d6e44ca608dc4db60eb36c1cf092241c9
Instruction Fuzzy Hash: 6D619FB1940618ABDB24AB60CC45FEA77BCFF14311F040599B515EA1D1EB70AE818F62

Uniqueness

Uniqueness Score: -1.00%

Function 00782560 Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 326threadCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0078258C
_memset.LIBCMT ref: 007825A6
_memset.LIBCMT ref: 007825C0
swprintf.LIBCMT ref: 0078269C
swprintf.LIBCMT ref: 007826D9

Part of subcall function 0092A617: ___report_securityfailure.LIBCMT ref: 0092A61C

Part of subcall function 00782010: _memset.LIBCMT ref: 00782028

Part of subcall function 0079EE70: _strstr.LIBCMT ref: 0079EF3D
Part of subcall function 0079EE70: _strstr.LIBCMT ref: 0079EF56
Part of subcall function 0079EE70: _memset.LIBCMT ref: 0079EFA3

ResetEvent.KERNEL32(?), ref: 00782920
CreateThread.KERNEL32(00000000,00000000,Function_003821B0,?,00000000,00000000), ref: 0078293E

Strings

rtsp://%s:%s@%s:%d%s, xrefs: 007826C7
rtsp://%s:%s@%s:%d, xrefs: 0078268B
rtsp://%s:%s@%s:%d/%s, xrefs: 007826CE

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memset$_strstrswprintf$CreateEventResetThread___report_securityfailure
String ID: rtsp://%s:%s@%s:%d$rtsp://%s:%s@%s:%d%s$rtsp://%s:%s@%s:%d/%s
API String ID: 11235787-4100196092
Opcode ID: 2c6bef8beb366fe9549eedc2cb87ecf555ea1aee26230fcce4ef91f0f36cfe11
Instruction ID: 14d2d3255ebe36f7da8bd757addc502daea1eab33100cafc19df924d8edb72d7
Opcode Fuzzy Hash: 2c6bef8beb366fe9549eedc2cb87ecf555ea1aee26230fcce4ef91f0f36cfe11
Instruction Fuzzy Hash: 91B15C70B84205ABCF35EA24C844BEEB3A5EF45311F1441AAD549E7282DB39A987CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0079A7F0 Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 253COMMON

Download Yara Rule

APIs

Part of subcall function 0079A5B0: _strstr.LIBCMT ref: 0079A5BD

_strstr.LIBCMT ref: 0079A863
___from_strstr_to_strchr.LIBCMT ref: 0079A883
___from_strstr_to_strchr.LIBCMT ref: 0079A8AF
_memset.LIBCMT ref: 0079A905
___from_strstr_to_strchr.LIBCMT ref: 0079A915
___from_strstr_to_strchr.LIBCMT ref: 0079A92D
_strstr.LIBCMT ref: 0079AB2D

Strings

RTP-Info:, xrefs: 0079A825
seq=, xrefs: 0079A976
url=, xrefs: 0079A855, 0079AB24

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: ___from_strstr_to_strchr$_strstr$_memset
String ID: RTP-Info:$seq=$url=
API String ID: 882429815-3042264529
Opcode ID: 49f4c491f17c887ba62dcb1e8b2f7896d41586839d1539f265625eac588eb360
Instruction ID: 11eb1f2d181976fac6e58620f67726ca341b42199474cef308353b2863872d3d
Opcode Fuzzy Hash: 49f4c491f17c887ba62dcb1e8b2f7896d41586839d1539f265625eac588eb360
Instruction Fuzzy Hash: 75911671E012546FCF21CF24AD50BEABBF5AF55345F0840E9D848AB242EB35AE45CF91

Uniqueness

Uniqueness Score: -1.00%

Function 0077C370 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 242COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0077C3A5
_memset.LIBCMT ref: 0077C3BF
swprintf.LIBCMT ref: 0077C3F7
swprintf.LIBCMT ref: 0077C42B
_memset.LIBCMT ref: 0077C477

Strings

%smpeg4?USER=%s&PWD=%s&CHANNEL=%d&MOTION_ENABLED&MOTION_STATUS, xrefs: 0077C41A
%smpeg4?USER=%s&PWD=%s&MOTION_ENABLED&MOTION_STATUS, xrefs: 0077C3E6
MOTION_ENABLED=, xrefs: 0077C4A2
MOTION_STATUS=, xrefs: 0077C4F7

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memset$swprintf
String ID: %smpeg4?USER=%s&PWD=%s&CHANNEL=%d&MOTION_ENABLED&MOTION_STATUS$%smpeg4?USER=%s&PWD=%s&MOTION_ENABLED&MOTION_STATUS$MOTION_ENABLED=$MOTION_STATUS=
API String ID: 1874130743-877558633
Opcode ID: 26f0317cacd6e3352da22fddae7dfab5373f6c7e8aa98d1e9ecf9b5c981cc3f9
Instruction ID: 78542eb8a7e5ff2b015fc3f84300b4b2d45716f40bb015e9dca4a5c7e04233ea
Opcode Fuzzy Hash: 26f0317cacd6e3352da22fddae7dfab5373f6c7e8aa98d1e9ecf9b5c981cc3f9
Instruction Fuzzy Hash: 14A1C5B1D002589BDB11DF54DC80BEEB7F8BB49304F5481EDD589A7241EB399A85CF81

Uniqueness

Uniqueness Score: -1.00%

Function 004AC6B0 Relevance: 17.6, APIs: 1, Strings: 9, Instructions: 137COMMON

Download Yara Rule

APIs

_swscanf.LIBCMT ref: 004AC77D

Part of subcall function 0092D9BB: _vscan_fn.LIBCMT ref: 0092D9CF

Strings

qpal, xrefs: 004AC6FB
8, xrefs: 004AC797
film, xrefs: 004AC737
pal, xrefs: 004AC6D3
qntsc, xrefs: 004AC6E7
ntsc-film, xrefs: 004AC74B
sntsc, xrefs: 004AC70F
ntsc, xrefs: 004AC6B8
spal, xrefs: 004AC723

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _swscanf_vscan_fn
String ID: 8$film$ntsc$ntsc-film$pal$qntsc$qpal$sntsc$spal
API String ID: 1942008592-4255372462
Opcode ID: 10625f7223a155b091545ef2cd3498bbfeaa018627bf05c12592ef8dd66a63be
Instruction ID: d48a76e6323bd0c94aafc6a93b5fe61b0d6b5a598d4bab0fb1576bbd59e44221
Opcode Fuzzy Hash: 10625f7223a155b091545ef2cd3498bbfeaa018627bf05c12592ef8dd66a63be
Instruction Fuzzy Hash: 1C518A71A083449BE740DF15C58036B7BE1FB91726F19882EF5498B380E73ECD459B8A

Uniqueness

Uniqueness Score: -1.00%

Function 007B07C0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 119COMMON

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(000008F8,00000000), ref: 007B08D3
GetLastError.KERNEL32 ref: 007B08DD
_memset.LIBCMT ref: 007B0954
_memset.LIBCMT ref: 007B0977
_memset.LIBCMT ref: 007B0987
_memset.LIBCMT ref: 007B0997
_memset.LIBCMT ref: 007B09A7
_memset.LIBCMT ref: 007B09B7
swprintf.LIBCMT ref: 007B09D0

Strings

C:\download.raw, xrefs: 007B09C5

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memset$CountCriticalErrorInitializeLastSectionSpinswprintf
String ID: C:\download.raw
API String ID: 3752311886-2121772504
Opcode ID: cde8bb136b8c4de9a48c8629faa5c7cbcea7039a223d21dcf0f0f48234827694
Instruction ID: 7a1e8f1dc9f2c39436cf8acf093192dc01fc2d766d4f50eb8976c1c0306091e3
Opcode Fuzzy Hash: cde8bb136b8c4de9a48c8629faa5c7cbcea7039a223d21dcf0f0f48234827694
Instruction Fuzzy Hash: 32517CB0644B46FAE354EF75C809B96FBE8FB04714F108319E1B89A2C0DBB971588BD1

Uniqueness

Uniqueness Score: -1.00%

Function 007AAA40 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 91networkCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 007AAA65
htons.WS2_32(00000007), ref: 007AAA8F
htons.WS2_32(831675C9), ref: 007AAAC2
htons.WS2_32(FFC88316), ref: 007AAAD3
htons.WS2_32(00000002), ref: 007AAB08
htonl.WS2_32(85FFFFFF), ref: 007AAB17
_memset.LIBCMT ref: 007AAB3B
_memmove.LIBCMT ref: 007AAB6C
send.WS2_32(?,00000024,00000030,00000000), ref: 007AAB89

Strings

$, xrefs: 007AAB5B

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: htons$_memset$_memmovehtonlsend
String ID: $
API String ID: 1448673075-3993045852
Opcode ID: 278a6377f1dce09f35a41b413edb285ed03d10bc1d5eebc94cc00a718b034dff
Instruction ID: e6236e7369583fb6d8ca5d1a049c12dd241ade9078684648e8cde627600ddfba
Opcode Fuzzy Hash: 278a6377f1dce09f35a41b413edb285ed03d10bc1d5eebc94cc00a718b034dff
Instruction Fuzzy Hash: 034150B4E14218AADB24DB64CC45BD9B7B8FF48304F000296E60CE7281D7746A95CF99

Uniqueness

Uniqueness Score: -1.00%

Function 007EA6A0 Relevance: 16.7, APIs: 11, Instructions: 192networkCOMMON

Download Yara Rule

APIs

socket.WS2_32(?,?,?), ref: 007EA6C7
ioctlsocket.WS2_32(00000000,8004667E,?), ref: 007EA6F0
connect.WS2_32(000000FF,?,?), ref: 007EA720
WSAGetLastError.WS2_32 ref: 007EA7A3

Part of subcall function 007EAAC0: setsockopt.WS2_32(000000FF,0000FFFF,00001002,007EA765,00000004), ref: 007EAAE6

Part of subcall function 007EAB30: setsockopt.WS2_32(000000FF,0000FFFF,00001001,?,00000004), ref: 007EAB56

closesocket.WS2_32(000000FF), ref: 007EA927

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: setsockopt$ErrorLastclosesocketconnectioctlsocketsocket
String ID:
API String ID: 1871432493-0
Opcode ID: 03a418917cb084717a5c01a98864f9d7e19baf2ecadd14379699d084357ff9a3
Instruction ID: 523c63e65e8a0045ac5161dba174b637f04312e29edf54cfd4b01d8558ccf599
Opcode Fuzzy Hash: 03a418917cb084717a5c01a98864f9d7e19baf2ecadd14379699d084357ff9a3
Instruction Fuzzy Hash: D761F370A05245BBDB28CB26CC44AE9B3B4BF1D310F114358E9A9936D0E778BE85DF91

Uniqueness

Uniqueness Score: -1.00%

Function 00788080 Relevance: 16.6, APIs: 11, Instructions: 132COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 007880DF
InitializeCriticalSectionAndSpinCount.KERNEL32(00000B3C,00000000), ref: 0078814F
GetLastError.KERNEL32 ref: 00788159
_memset.LIBCMT ref: 0078819B
CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,?,?,00000000,6838016B), ref: 007881B8
ResetEvent.KERNEL32(00000000,?,?,?,00000000,6838016B), ref: 007881C1
CreateEventA.KERNEL32(0000001F,00000001,0000001F,0000001F,?,?,?,00000000,6838016B), ref: 007881D2
ResetEvent.KERNEL32(00000000,?,?,?,00000000,6838016B), ref: 007881E2
_memset.LIBCMT ref: 007881F6
_memset.LIBCMT ref: 00788209
_memset.LIBCMT ref: 0078822C

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memset$Event$CreateReset$CountCriticalErrorInitializeLastSectionSpin
String ID:
API String ID: 3825420614-0
Opcode ID: 666e401901fa6b40d08d0195832c96e15154fe5e74d035f837a881949b4b912e
Instruction ID: 8f74a65129d3fc34677e8ac717d2d6189a67a7efa8d603fb1926b4d2c0c9a771
Opcode Fuzzy Hash: 666e401901fa6b40d08d0195832c96e15154fe5e74d035f837a881949b4b912e
Instruction Fuzzy Hash: F651AFB1B40B46BAE354DF64CC09BCAFBA8BF45708F104308E1689B2C1DBB96164CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 007E8B10 Relevance: 16.1, APIs: 8, Strings: 1, Instructions: 355COMMON

Download Yara Rule

APIs

_strncmp.LIBCMT ref: 007E8B48
___from_strstr_to_strchr.LIBCMT ref: 007E8B5B
___from_strstr_to_strchr.LIBCMT ref: 007E8B70
___from_strstr_to_strchr.LIBCMT ref: 007E8C16
___from_strstr_to_strchr.LIBCMT ref: 007E8C2B

Strings

http://, xrefs: 007E8B42

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: ___from_strstr_to_strchr$_strncmp
String ID: http://
API String ID: 2516952115-1121587658
Opcode ID: eb69fa0bffd30ac08c501756572070e958a3cca669360300f162eed5669ea111
Instruction ID: 212c5f1ca23b1b43eea650edfec421d3f1fa92a1d09d8a6266708ff42ca4a9d8
Opcode Fuzzy Hash: eb69fa0bffd30ac08c501756572070e958a3cca669360300f162eed5669ea111
Instruction Fuzzy Hash: 59B16C72B012546FDB14DE79DD81BEE77A8AF5D310F040169F909E7282DE78A90483E2

Uniqueness

Uniqueness Score: -1.00%

Function 007D8670 Relevance: 16.0, APIs: 1, Strings: 8, Instructions: 227COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 007D86BB

Part of subcall function 007ED540: _sprintf.LIBCMT ref: 007ED586

Part of subcall function 007D95C0: _memmove.LIBCMT ref: 007D95DE
Part of subcall function 007D95C0: _memmove.LIBCMT ref: 007D95FB

Strings

V2_PORT_RTSP=, xrefs: 007D88C5
PORT_REGISTER=, xrefs: 007D87FD
PORT_SEARCH_2=, xrefs: 007D87CB
PORT_SEARCH_1=, xrefs: 007D8799
PORT_CONTROL=, xrefs: 007D882F
PORT_HTTP=, xrefs: 007D876B
PORT_MULTICAST=, xrefs: 007D8893
PORT_VIDEO=, xrefs: 007D8861

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memmove$_memset_sprintf
String ID: PORT_CONTROL=$PORT_HTTP=$PORT_MULTICAST=$PORT_REGISTER=$PORT_SEARCH_1=$PORT_SEARCH_2=$PORT_VIDEO=$V2_PORT_RTSP=
API String ID: 4268269830-4087695887
Opcode ID: 28fd27d49352577e1eb448af7ac0d061db343f7dc8c8cd965c4b62f3d0a0b521
Instruction ID: 7eb835b1169b8be6887931b347b1df2b699aa64694a99431ad793ea14d73420c
Opcode Fuzzy Hash: 28fd27d49352577e1eb448af7ac0d061db343f7dc8c8cd965c4b62f3d0a0b521
Instruction Fuzzy Hash: E871A8B194021DAADF10DFA0DD49FEE77B9AF54304F1001A6E909B7341EB35AB54CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 007E0A20 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 142COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 007E0A57
_memset.LIBCMT ref: 007E0A71
_sprintf.LIBCMT ref: 007E0AB2
_sprintf.LIBCMT ref: 007E0AE4
_memmove.LIBCMT ref: 007E0B4D

Strings

http://%s:%d/cgi-bin/quad?USER=%s&PWD=%s&%s, xrefs: 007E0AAC
http://%s:%d/cgi-bin/quad?USER=%s&PWD=%s&CHANNEL=%d&%s, xrefs: 007E0ADE
Quad, xrefs: 007E0BA5

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memset_sprintf$_memmove
String ID: Quad$http://%s:%d/cgi-bin/quad?USER=%s&PWD=%s&%s$http://%s:%d/cgi-bin/quad?USER=%s&PWD=%s&CHANNEL=%d&%s
API String ID: 1395474088-2745833304
Opcode ID: 7882ae565e317a050afe0d5caadeaf527f6263ba9431b48edb32acdea3951e6b
Instruction ID: 7a8a73f0fec6e3fcc618c0977f680c26c89dc3e342715e2482e7edfa646dea9e
Opcode Fuzzy Hash: 7882ae565e317a050afe0d5caadeaf527f6263ba9431b48edb32acdea3951e6b
Instruction Fuzzy Hash: 4F41B7B290025DABDB20DE64EC49FEFB3FCEB49304F0040DAE949D7241D675AE548BA0

Uniqueness

Uniqueness Score: -1.00%

Function 008049E5 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 78libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,?,00000000), ref: 00804A0B
GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00804A1B
EncodePointer.KERNEL32(00000000), ref: 00804A24
DecodePointer.KERNEL32(00000000,?,00000000), ref: 00804A32
LoadLibraryExW.KERNEL32(00000000,00000000,00000800), ref: 00804A46
GetSystemDirectoryW.KERNEL32(?,00000105), ref: 00804A5B

Strings

SetDefaultDllDirectories, xrefs: 00804A15
\, xrefs: 00804A76
kernel32.dll, xrefs: 00804A06

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: Pointer$AddressDecodeDirectoryEncodeHandleLibraryLoadModuleProcSystem
String ID: SetDefaultDllDirectories$\$kernel32.dll
API String ID: 4227638471-3881611067
Opcode ID: 3702aed92e0ae78bfa5afc8daf6e7e91be134070cbb3978b59d0e6779c24499b
Instruction ID: 8b6f5bdb42b24d4bb39d6b0680477309f8d1c1d52d7bdafd06d34add1c81496c
Opcode Fuzzy Hash: 3702aed92e0ae78bfa5afc8daf6e7e91be134070cbb3978b59d0e6779c24499b
Instruction Fuzzy Hash: DE21B0B1BC1238ABCB60DBA4AC49FAA37BCFB54714F040469F905E3280EB709D448B95

Uniqueness

Uniqueness Score: -1.00%

Function 0084AE94 Relevance: 15.2, APIs: 10, Instructions: 201COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0084AE9E
GetObjectA.GDI32(?,00000018,?), ref: 0084AECA

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: H_prolog3_Object
String ID:
API String ID: 2214263146-0
Opcode ID: 55b71a967dbe10b5c939e4a0f51622c108401ebd9b38206cf902603c58d23942
Instruction ID: c1a011b1526886d0ee1219e70aa440a21baf61d5a1ad38683a358cadef60883c
Opcode Fuzzy Hash: 55b71a967dbe10b5c939e4a0f51622c108401ebd9b38206cf902603c58d23942
Instruction Fuzzy Hash: 69811875E002298BDB24CFA9C884A9DBBB6FF58300F248169E919EB351DB319D85DF50

Uniqueness

Uniqueness Score: -1.00%

Function 00810DC2 Relevance: 15.1, APIs: 10, Instructions: 94windowCOMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00810DC9

Part of subcall function 00802D2D: _malloc.LIBCMT ref: 00802D49

__CxxThrowException@8.LIBCMT ref: 00810E0E
GetMenuItemCount.USER32(6838016B), ref: 00810E1D
GetMenuItemCount.USER32(00000000), ref: 00810E29
GetSubMenu.USER32(00000000,-00000001), ref: 00810E3E
GetMenuItemCount.USER32(00000000), ref: 00810E51
GetSubMenu.USER32(00000000,00000000), ref: 00810E62
RemoveMenu.USER32(00000000,00000000,00000400,?,?,?,?,00000000,00AF7A98,00000004,00781F78,00000000,?,0078034D,00000000), ref: 00810E7C

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: Menu$CountItem$Exception@8H_prolog3RemoveThrow_malloc
String ID:
API String ID: 638606686-0
Opcode ID: 5bc6d9e9eca4274dbcb6a8c00587d495e390b164f1d10dd8ba9e5b442dd6b7f6
Instruction ID: da945ba3ee6d7e3a38cfa9d2b9f00589ad5f7b6a00024bb5c1c9aff36307e21c
Opcode Fuzzy Hash: 5bc6d9e9eca4274dbcb6a8c00587d495e390b164f1d10dd8ba9e5b442dd6b7f6
Instruction Fuzzy Hash: AB31BFB1905319EBDB129F56DC49ADF7BADFF40321F208919F905D6290CBB09AC0AB90

Uniqueness

Uniqueness Score: -1.00%

Function 007924E0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 202COMMON

Download Yara Rule

APIs

__ftelli64.LIBCMT ref: 00792521
_memset.LIBCMT ref: 0079256A
__fread_nolock.LIBCMT ref: 007925A7
__fread_nolock.LIBCMT ref: 0079266A

Strings

g;y, xrefs: 00792541, 00792709, 00792717

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: __fread_nolock$__ftelli64_memset
String ID: g;y
API String ID: 2955018052-2813469207
Opcode ID: a23c3464d7c00ca3ac4992253cdf28e7a0becba025d533c079e27fe902c0bd77
Instruction ID: 8b8a1afbaf8f5e51269fb3b8c04f0cd2da0ffb84ef8a4cf140e48f5c6d87e649
Opcode Fuzzy Hash: a23c3464d7c00ca3ac4992253cdf28e7a0becba025d533c079e27fe902c0bd77
Instruction Fuzzy Hash: DA615D70A0011ABADF38FB68ECD17E8B764FB10300F0441A9D754B2153EA785DDB8B94

Uniqueness

Uniqueness Score: -1.00%

Function 007B0590 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 133networkCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 007B05C8
shutdown.WS2_32(?,00000002), ref: 007B0637
closesocket.WS2_32(?), ref: 007B063E
swprintf.LIBCMT ref: 007B066C
send.WS2_32(?,00000000,00000001,00000000), ref: 007B06A5
send.WS2_32(?,?,?,00000000), ref: 007B06C3
send.WS2_32(?,00AE6888,00000002,00000000), ref: 007B06DE

Strings

--%sContent-Type: %sContent-Length: %d, xrefs: 007B065B

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: send$_memsetclosesocketshutdownswprintf
String ID: --%sContent-Type: %sContent-Length: %d
API String ID: 735003360-387703119
Opcode ID: 41c8610decc42bcf10dad361bb5670626eb281590866ef302598b50f10458889
Instruction ID: b7afcacdbbdb31dc0d8a311b8b1ad496d2384fccc0152bed3caf69a94c4aa1c6
Opcode Fuzzy Hash: 41c8610decc42bcf10dad361bb5670626eb281590866ef302598b50f10458889
Instruction Fuzzy Hash: 2641E671600215ABCB24DF68CC99FEEB764EF45324F104289E92AD72C2CB34AD65C790

Uniqueness

Uniqueness Score: -1.00%

Function 0081A9C5 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 66COMMON

Download Yara Rule

APIs

GetStockObject.GDI32(00000011), ref: 0081A9EB
GetStockObject.GDI32(0000000D), ref: 0081A9F3
GetObjectA.GDI32(00000000,0000003C,?), ref: 0081AA00
GetDC.USER32(00000000), ref: 0081AA0F
GetDeviceCaps.GDI32(00000000,0000005A), ref: 0081AA26
MulDiv.KERNEL32(?,00000048,00000000), ref: 0081AA32
ReleaseDC.USER32(00000000,00000000), ref: 0081AA3E

Strings

System, xrefs: 0081A9DD, 0081AA53

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: Object$Stock$CapsDeviceRelease
String ID: System
API String ID: 46613423-3470857405
Opcode ID: 1cc633f5de185172e1fac5294f6d4412fe18bda2706cb1d4b585fdb0bdd0c076
Instruction ID: d1929bc0fa0ad1baa39aa781f874009303780ceb7ef9184aa2f746b9e157d289
Opcode Fuzzy Hash: 1cc633f5de185172e1fac5294f6d4412fe18bda2706cb1d4b585fdb0bdd0c076
Instruction Fuzzy Hash: F7118E71A12328ABEB18EBA4DD49FAE7B68FF05741F000019FA05E62C0DA309D41D761

Uniqueness

Uniqueness Score: -1.00%

Function 007C4250 Relevance: 13.8, APIs: 9, Instructions: 323COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 007C42F4
_malloc.LIBCMT ref: 007C4310
_free.LIBCMT ref: 007C436A
_malloc.LIBCMT ref: 007C438C
EnterCriticalSection.KERNEL32(00C098A0), ref: 007C4473
LeaveCriticalSection.KERNEL32(00C098A0), ref: 007C4487
EnterCriticalSection.KERNEL32 ref: 007C45E8
LeaveCriticalSection.KERNEL32(00C098A0), ref: 007C4605
LeaveCriticalSection.KERNEL32(00C098A0), ref: 007C461D

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: CriticalSection$Leave$Enter_free_malloc
String ID:
API String ID: 1917710520-0
Opcode ID: ec984e7dd16d32010300e76bbeb5bed5035c08cb221c2887aa1cc63e6a55b948
Instruction ID: 3756cca22ac651e4336311f9ab8e1839da8b5df0a39b52b3ca080d662e0ea663
Opcode Fuzzy Hash: ec984e7dd16d32010300e76bbeb5bed5035c08cb221c2887aa1cc63e6a55b948
Instruction Fuzzy Hash: E0D149B0A00A05AFDB20CF65C994F6AB7F4FF48314F10862DE9199B681E735F990CB90

Uniqueness

Uniqueness Score: -1.00%

Function 007C0EA0 Relevance: 13.6, APIs: 9, Instructions: 138COMMON

Download Yara Rule

APIs

AVIStreamLength.AVIFIL32(?), ref: 007C0FB4
AVIStreamEndStreaming.AVIFIL32(?), ref: 007C0FB9
AVIFileRelease.AVIFIL32(?), ref: 007C0FBE
AVIStreamLength.AVIFIL32(?), ref: 007C0FD3
AVIStreamEndStreaming.AVIFIL32(?), ref: 007C0FD8
AVIFileRelease.AVIFIL32(?), ref: 007C0FDD
AVIFileRelease.AVIFIL32(?), ref: 007C0FF4
AVIFileExit.AVIFIL32 ref: 007C1001
CoUninitialize.OLE32 ref: 007C1007

Part of subcall function 007C1440: AVIStreamLength.AVIFIL32(?,?,007C0EC1), ref: 007C144B
Part of subcall function 007C1440: AVIStreamWrite.AVIFIL32(?,00000000,00000001,?,?,00000010,00000000,00000000), ref: 007C1469
Part of subcall function 007C1440: _memset.LIBCMT ref: 007C149A

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: Stream$File$LengthRelease$Streaming$ExitUninitializeWrite_memset
String ID:
API String ID: 378301645-0
Opcode ID: 926ddb105ee2b7ab5ac6f38f7008413f86e8a271ed60bd1d42ed5b966625a7de
Instruction ID: 9de3e9d9078bce9a2a3a86041f96e707063a15c2908f0851d9f14222ea21f1fb
Opcode Fuzzy Hash: 926ddb105ee2b7ab5ac6f38f7008413f86e8a271ed60bd1d42ed5b966625a7de
Instruction Fuzzy Hash: 99518E71910744CBD731AF36C845F9BB7F8AF49344F044B1DE89AA7291DB79A885CB80

Uniqueness

Uniqueness Score: -1.00%

Function 0080C18A Relevance: 13.6, APIs: 9, Instructions: 102COMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 0080C194
CoUninitialize.OLE32(00000214,007C4E0B), ref: 0080C1BF
GlobalDeleteAtom.KERNEL32(?), ref: 0080C25E
GlobalDeleteAtom.KERNEL32(?), ref: 0080C26D
_free.LIBCMT ref: 0080C29B
_free.LIBCMT ref: 0080C2A3
_free.LIBCMT ref: 0080C2AB
_free.LIBCMT ref: 0080C2B3
_free.LIBCMT ref: 0080C2BB

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _free$AtomDeleteGlobal$H_prolog3_catch_Uninitialize
String ID:
API String ID: 4252385502-0
Opcode ID: 75cc78514ded60435b7150c60d7ec6ca14b96d7fde7e6622fedeedebe3137809
Instruction ID: f8dc3881c66dc23c65ada50bcff94161b2a0615d7517016e3dcc44e08a4626d9
Opcode Fuzzy Hash: 75cc78514ded60435b7150c60d7ec6ca14b96d7fde7e6622fedeedebe3137809
Instruction Fuzzy Hash: 29416570605700CFDB64AFB5DC99A2ABBE5FF40700F1489ADA456D76B2CB30E840CB10

Uniqueness

Uniqueness Score: -1.00%

Function 00818E64 Relevance: 13.6, APIs: 9, Instructions: 101memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 00818E6B
EnterCriticalSection.KERNEL32(?,00000010,00818D70,?,00000000,?,00000004,00811B76,0080502F,00807E61,00000024,007C6B2B,00000001,00000000,?,80070057), ref: 00818E7C
TlsGetValue.KERNEL32(?,?,00000000,?,00000004,00811B76,0080502F,00807E61,00000024,007C6B2B,00000001,00000000,?,80070057,00000000,000081E4), ref: 00818E98
LocalAlloc.KERNEL32(00000000,00000000,00000000,00000010,?,?,00000000,?,00000004,00811B76,0080502F,00807E61,00000024,007C6B2B,00000001,00000000), ref: 00818F08
LocalReAlloc.KERNEL32(?,00000000,00000002,00000000,00000010,?,?,00000000,?,00000004,00811B76,0080502F,00807E61,00000024,007C6B2B,00000001), ref: 00818F22
LeaveCriticalSection.KERNEL32(6838016B,?,?,00000000,?,00000004,00811B76,0080502F,00807E61,00000024,007C6B2B,00000001,00000000,?,80070057,00000000), ref: 00818F31
_memset.LIBCMT ref: 00818F50
TlsSetValue.KERNEL32(?,00000000), ref: 00818F61
LeaveCriticalSection.KERNEL32(?,?,00000000,?,00000004,00811B76,0080502F,00807E61,00000024,007C6B2B,00000001,00000000,?,80070057,00000000,000081E4), ref: 00818F98

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: CriticalSection$AllocLeaveLocalValue$EnterH_prolog3_catch_memset
String ID:
API String ID: 4057217241-0
Opcode ID: c4bbbbc956b7702d63f6cf1779ceef8667cbc755b5f9ea16ea8625684a1cb1d8
Instruction ID: 41ca8631b9806bcbbc315ba0b7a5581ce9b09ffa99cd327c214c36f07cc92880
Opcode Fuzzy Hash: c4bbbbc956b7702d63f6cf1779ceef8667cbc755b5f9ea16ea8625684a1cb1d8
Instruction Fuzzy Hash: B531DD70400706EFDB209F19D886EAAFBBAFF80320B20852AE555C7290CF30A881CF51

Uniqueness

Uniqueness Score: -1.00%

Function 007CA390 Relevance: 13.6, APIs: 9, Instructions: 68COMMON

Download Yara Rule

APIs

GetClientRect.USER32(?,?), ref: 007CA3B2
GetDC.USER32(?), ref: 007CA3BE
SelectObject.GDI32(?,?), ref: 007CA3DF
FillRect.USER32(?,?,?), ref: 007CA3F1
SelectObject.GDI32(?,?), ref: 007CA405
Rectangle.GDI32(?,?,?,?,?), ref: 007CA41C
SelectObject.GDI32(?,00000000), ref: 007CA42A
SelectObject.GDI32(?,?), ref: 007CA432
ReleaseDC.USER32(?,?), ref: 007CA440

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: ObjectSelect$Rect$ClientFillRectangleRelease
String ID:
API String ID: 1805211394-0
Opcode ID: 161b6f7569a70e3cd54a0c7cc601af948391ef9281cc7058e5de8ed2981431e1
Instruction ID: 3fba9418189869b3ee337024ff31d77f7e3bb5e0033ca5f89a3d25b8e0d8fb26
Opcode Fuzzy Hash: 161b6f7569a70e3cd54a0c7cc601af948391ef9281cc7058e5de8ed2981431e1
Instruction Fuzzy Hash: 0821E836901609AFCF159FA5DD49DAFFBBAFF48311B004129E519A2260CB31A961EF90

Uniqueness

Uniqueness Score: -1.00%

Function 007FE5C0 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 204COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 007FE65F
_strncmp.LIBCMT ref: 007FE6C3
_sprintf.LIBCMT ref: 007FE75A

Strings

ACM-8211, xrefs: 007FE68F, 007FE6C2, 007FE709, 007FE70A
%d,, xrefs: 007FE74F

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memset_sprintf_strncmp
String ID: %d,$ACM-8211
API String ID: 1569155853-243664484
Opcode ID: d99915160c095df99f90bf3b82a10c87d2b189a07817654200d48ab6812b57ab
Instruction ID: 2beffa6ca4e56dbeb79471155bfa7bda4e36698f3cf6f3a5419dd4b2dcb68b64
Opcode Fuzzy Hash: d99915160c095df99f90bf3b82a10c87d2b189a07817654200d48ab6812b57ab
Instruction Fuzzy Hash: 4A81AA71A0026CDEEF25DF28CC40BFAB7B5AB52304F0441E9D9496B252D77A1A89CB61

Uniqueness

Uniqueness Score: -1.00%

Function 007922A0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 180COMMON

Download Yara Rule

APIs

__ftelli64.LIBCMT ref: 007922D6
_memset.LIBCMT ref: 0079231F
__fread_nolock.LIBCMT ref: 0079236F
__fseeki64.LIBCMT ref: 00792456

Strings

97y, xrefs: 007922F6, 00792443, 00792414, 00792451

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: __fread_nolock__fseeki64__ftelli64_memset
String ID: 97y
API String ID: 3853309350-1831169697
Opcode ID: d9db015e2d661f8430e46ef0c267ec263dcec7eea0d961e24f2459128ee90ce6
Instruction ID: ba7b896708dc6bdd88f7f46754c9ddd5568d218b1965366d2e29749b243f90b9
Opcode Fuzzy Hash: d9db015e2d661f8430e46ef0c267ec263dcec7eea0d961e24f2459128ee90ce6
Instruction Fuzzy Hash: 73513571A00098B6DF74FA68BC417ED73A1EB90310F4841B6DA58BB177D63C9D838B95

Uniqueness

Uniqueness Score: -1.00%

Function 00948EB0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 112COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 009490C3
_memset.LIBCMT ref: 009490D6
_memset.LIBCMT ref: 009490E9
_memset.LIBCMT ref: 009490FC
_memset.LIBCMT ref: 0094910F
_memset.LIBCMT ref: 00949122

Strings

@, xrefs: 00948EC3

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memset
String ID: @
API String ID: 2102423945-2766056989
Opcode ID: 3038fed797323d9ceba8c07b4a2aef93ef44767872fdf5cf71b1b187af89a3d3
Instruction ID: 0e7cacf89a9f8b9bfe74a043ad4d64418be3844440e02a30cc0c49848279136e
Opcode Fuzzy Hash: 3038fed797323d9ceba8c07b4a2aef93ef44767872fdf5cf71b1b187af89a3d3
Instruction Fuzzy Hash: 6D515CB0410B45DAE310CF24C85CBE7FBE8BF45308F1446ADE5695F282DBBA6188CB95

Uniqueness

Uniqueness Score: -1.00%

Function 0079E2D0 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 86COMMON

Download Yara Rule

APIs

swprintf.LIBCMT ref: 0079E3B6

Strings

rtsp://%s:%ld%s, xrefs: 0079E37D
rtsp://%s, xrefs: 0079E34C
rtsp://%s%s, xrefs: 0079E3A5
rtsp://%s:%ld, xrefs: 0079E33E

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: swprintf
String ID: rtsp://%s$rtsp://%s%s$rtsp://%s:%ld$rtsp://%s:%ld%s
API String ID: 233258989-161322902
Opcode ID: 609a224a5263308a9cc3b949b2f9836ee359185292c6d52c685a2255666790fa
Instruction ID: 0f62a1516c758248354437c5d66129b98913e84797475e784bfa65dc59a99f6c
Opcode Fuzzy Hash: 609a224a5263308a9cc3b949b2f9836ee359185292c6d52c685a2255666790fa
Instruction Fuzzy Hash: 9B212BB36043447ADB60DA64FC85FFB739EDBA0310F440C36E65DC7141E626B4498761

Uniqueness

Uniqueness Score: -1.00%

Function 007D8C00 Relevance: 12.3, APIs: 8, Instructions: 291COMMON

Download Yara Rule

APIs

ResetEvent.KERNEL32(?), ref: 007D8C4F

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: EventReset
String ID:
API String ID: 2632953641-0
Opcode ID: 4ea337236f88d35c39452209453860bbffae661bf4ff60954174839b568e0b9f
Instruction ID: aa487b17f08c8c56bcd8dfef2e4fdd2cbad83d9126a44fe2c40835518e23ea84
Opcode Fuzzy Hash: 4ea337236f88d35c39452209453860bbffae661bf4ff60954174839b568e0b9f
Instruction Fuzzy Hash: 71C1EEB4501B84DADB30DF24CC4DB9AB7F4AB44314F14495EE8AA963C0DBBDA944CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0078AC00 Relevance: 12.1, APIs: 8, Instructions: 109windowsynchronizationCOMMON

Download Yara Rule

APIs

ResetEvent.KERNEL32(?), ref: 0078ACCF
__time64.LIBCMT ref: 0078ACD7
__time64.LIBCMT ref: 0078ACE4
WaitForSingleObject.KERNEL32(?,00000064), ref: 0078ACF9
PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 0078AD0F
TranslateMessage.USER32(?), ref: 0078AD1D
DispatchMessageA.USER32(?), ref: 0078AD27
__time64.LIBCMT ref: 0078AD2F

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: Message__time64$DispatchEventObjectPeekResetSingleTranslateWait
String ID:
API String ID: 3185327525-0
Opcode ID: e81bffb18982e655b049be56c4e94e6ab9581c1d5f747d218666bc1d80db8f94
Instruction ID: ef1257a54b9e6346b7829d3f3df8f1cbd4066556ae3c9fffd5651ca0df1a938e
Opcode Fuzzy Hash: e81bffb18982e655b049be56c4e94e6ab9581c1d5f747d218666bc1d80db8f94
Instruction Fuzzy Hash: 7A410472E44745EBEB10EF64CC05B99B7B4FF84711F10862BED95A7280EB789A40C791

Uniqueness

Uniqueness Score: -1.00%

Function 00814A5E Relevance: 12.1, APIs: 8, Instructions: 104windowCOMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 00814A71
_memset.LIBCMT ref: 00814A8B
GetFocus.USER32 ref: 00814A93

Part of subcall function 008040B3: UnhookWindowsHookEx.USER32(?), ref: 008040DD

IsWindowEnabled.USER32(00000000), ref: 00814AC7
EnableWindow.USER32(00000000,00000000), ref: 00814ADF
EnableWindow.USER32(00000000,00000001), ref: 00814B6E
IsWindow.USER32(?), ref: 00814B78
SetFocus.USER32(?), ref: 00814B83

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: Window$EnableFocus$EnabledHookUnhookWindows_memset_strlen
String ID:
API String ID: 1437217444-0
Opcode ID: bba3130bcd9784a45d1e99cdec1dd50bdbc677d8c3250492a1c6dda450fb595f
Instruction ID: 26b3b67d491b040327f453c909abf49f85e8dceb35963a6b16184d559754e629
Opcode Fuzzy Hash: bba3130bcd9784a45d1e99cdec1dd50bdbc677d8c3250492a1c6dda450fb595f
Instruction Fuzzy Hash: DB31B170314601EFDB14AFB4D889FA9F7A8FF05324F048268E419D7292DB30E894DB81

Uniqueness

Uniqueness Score: -1.00%

Function 00784880 Relevance: 12.1, APIs: 8, Instructions: 94windowsynchronizationCOMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 007848D4
SetEvent.KERNEL32(?,?,?,?,?,?,00783BDF,6838016B), ref: 007848F7
WaitForSingleObject.KERNEL32(?,00000064), ref: 0078491A
PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00784932
TranslateMessage.USER32(?), ref: 0078493C
DispatchMessageA.USER32(?), ref: 00784946
WaitForSingleObject.KERNEL32(?,00000064), ref: 00784954
CloseHandle.KERNEL32(?), ref: 00784960

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: Message$ObjectSingleWait$CloseDispatchEventHandlePeekTranslate_memmove
String ID:
API String ID: 3496235885-0
Opcode ID: e309e39c4dd2a0bc2c813d7c0f88af4e28c69762538b6527db89f78a30af395c
Instruction ID: f05b085e5eef611fd6b49df9aee3b296708f54f8526e0b83822b0a103ea3e7fa
Opcode Fuzzy Hash: e309e39c4dd2a0bc2c813d7c0f88af4e28c69762538b6527db89f78a30af395c
Instruction Fuzzy Hash: 19310D31740B06AFEB28EB65DC99FABB764BF04311F440214E5299B290DFA4BC15CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 0078E580 Relevance: 12.1, APIs: 8, Instructions: 76networkCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0078E5B8
ResetEvent.KERNEL32(?), ref: 0078E5C6
_memset.LIBCMT ref: 0078E5EA
ResetEvent.KERNEL32(?), ref: 0078E5F8
_memset.LIBCMT ref: 0078E627
send.WS2_32(?,?,0000000C,00000000), ref: 0078E658
__time64.LIBCMT ref: 0078E675
__time64.LIBCMT ref: 0078E681

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memset$EventReset__time64$send
String ID:
API String ID: 2820246906-0
Opcode ID: 76acf40f357e80a461e5ef14c507df513da1c4cb786cc087ce025875ab1b1626
Instruction ID: cba7103f68e05de54006b97df4cb27535344610ecd1091ed07b29b39f21d8102
Opcode Fuzzy Hash: 76acf40f357e80a461e5ef14c507df513da1c4cb786cc087ce025875ab1b1626
Instruction Fuzzy Hash: 1B21FC70501254AFE720EB68DC0ABDDB3B4EF44701F000158F969972D1DBB46954DB92

Uniqueness

Uniqueness Score: -1.00%

Function 008462BA Relevance: 12.1, APIs: 8, Instructions: 65COMMON

Download Yara Rule

APIs

GetSystemMetrics.USER32(00000031), ref: 008462CE
GetSystemMetrics.USER32(00000032), ref: 008462D8
SetRectEmpty.USER32(00B3D674), ref: 008462E7
EnumDisplayMonitors.USER32(00000000,00000000,00846150,00B3D674,?,?,?,00000000,00B3D508), ref: 008462F7
SystemParametersInfoA.USER32(00000030,00000000,00B3D674,00000000), ref: 0084630E
SystemParametersInfoA.USER32(00001002,00000000,00B3D698,00000000), ref: 00846336
SystemParametersInfoA.USER32(00001012,00000000,00B3D69C,00000000), ref: 0084634C
SystemParametersInfoA.USER32(0000100A,00000000,00B3D6AC,00000000), ref: 0084636E

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: System$InfoParameters$Metrics$DisplayEmptyEnumMonitorsRect
String ID:
API String ID: 2614369430-0
Opcode ID: 7923fa95ace019383893548069a2f5253629fbcd9e8e9b846acce4f5fc0af28f
Instruction ID: f69a1ac0d0263738f4d78fe274fb18bb8b0155b31cb6258147254b0851abb450
Opcode Fuzzy Hash: 7923fa95ace019383893548069a2f5253629fbcd9e8e9b846acce4f5fc0af28f
Instruction Fuzzy Hash: F91159B2712611BFE7198F609C4AFE6FB68FB05711F00022EE66897280D7B079508BA5

Uniqueness

Uniqueness Score: -1.00%

Function 0094CD10 Relevance: 11.0, APIs: 7, Instructions: 450COMMON

Download Yara Rule

APIs

__libm_sse2_sin_precise.LIBCMT ref: 0094CFF7
__libm_sse2_cos_precise.LIBCMT ref: 0094D00B
__libm_sse2_sin_precise.LIBCMT ref: 0094D01F
__libm_sse2_cos_precise.LIBCMT ref: 0094D033
__libm_sse2_sin_precise.LIBCMT ref: 0094D047
__libm_sse2_sin_precise.LIBCMT ref: 0094D067
__libm_sse2_cos_precise.LIBCMT ref: 0094D078

Part of subcall function 0094B420: __libm_sse2_atan_precise.LIBCMT ref: 0094B44D

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: __libm_sse2_sin_precise$__libm_sse2_cos_precise$__libm_sse2_atan_precise
String ID:
API String ID: 1098618227-0
Opcode ID: fd0d9a54fd5b3644c96a6ed4cc23a7c5d6191428b2436c5089f2f78c95a1d8db
Instruction ID: d9d5fce22c2ca1715700d6551cfbbf18fec5eaa522c12f0693da685b7c2f3934
Opcode Fuzzy Hash: fd0d9a54fd5b3644c96a6ed4cc23a7c5d6191428b2436c5089f2f78c95a1d8db
Instruction Fuzzy Hash: A3128371929B408FC327DE38C45165AF7E9BFDA380F018B2BF859A7651E7709842CB41

Uniqueness

Uniqueness Score: -1.00%

Function 007C2610 Relevance: 10.9, APIs: 7, Instructions: 425COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 007C26EC
_malloc.LIBCMT ref: 007C2709
_free.LIBCMT ref: 007C292C
_malloc.LIBCMT ref: 007C2945
_memmove.LIBCMT ref: 007C2AA9
_memmove.LIBCMT ref: 007C2ABC
_memmove.LIBCMT ref: 007C2ACD

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memmove$_free_malloc
String ID:
API String ID: 2856543016-0
Opcode ID: 1ed4d2bcd2a961f14afcd9a80426c018cbb8e581d5f3cd92006eecce87fd05b6
Instruction ID: 795a107c67a3d09ca222e3b0e4f68cca8b6e8138d2c4d3e8ee6638f7cab28ebc
Opcode Fuzzy Hash: 1ed4d2bcd2a961f14afcd9a80426c018cbb8e581d5f3cd92006eecce87fd05b6
Instruction Fuzzy Hash: A4020375604701DFCB24CF29C981B1ABBE1BF88304F14496DE8999B766D734E852CF92

Uniqueness

Uniqueness Score: -1.00%

Function 0094E490 Relevance: 10.8, APIs: 7, Instructions: 327COMMON

Download Yara Rule

APIs

__libm_sse2_sin_precise.LIBCMT ref: 0094E671
__libm_sse2_cos_precise.LIBCMT ref: 0094E682
__libm_sse2_sin_precise.LIBCMT ref: 0094E696
__libm_sse2_cos_precise.LIBCMT ref: 0094E6A7
__libm_sse2_sin_precise.LIBCMT ref: 0094E6BB
__libm_sse2_sin_precise.LIBCMT ref: 0094E6D8
__libm_sse2_cos_precise.LIBCMT ref: 0094E6E9

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: __libm_sse2_sin_precise$__libm_sse2_cos_precise
String ID:
API String ID: 840099537-0
Opcode ID: ee84320d98b0e46b7d2cde8065681f14ade4284d25f9997d1e25682c618e7c5e
Instruction ID: 75ea8681870356fe7ec1ea984cd37e332565a2f1d5d20e008b98ec2f23d229a1
Opcode Fuzzy Hash: ee84320d98b0e46b7d2cde8065681f14ade4284d25f9997d1e25682c618e7c5e
Instruction Fuzzy Hash: 3AD1B631939F848EC313DE39C46155AF7E9AFEB2D4F00D71BF85AB6562EB2094838601

Uniqueness

Uniqueness Score: -1.00%

Function 007A8510 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 309COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 007A855D
_memset.LIBCMT ref: 007A8590
_memmove.LIBCMT ref: 007A85C8

Part of subcall function 00802D2D: _malloc.LIBCMT ref: 00802D49

_memmove.LIBCMT ref: 007A86DD
_memmove.LIBCMT ref: 007A872F

Strings

list<T> too long, xrefs: 007A889A

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memmove$_memset$_malloc
String ID: list<T> too long
API String ID: 1916901494-4027344264
Opcode ID: 8fbf2f7869e2fc49064892f7dd3b6d58f39147b4f6b5215d350f6f4a25d2d3eb
Instruction ID: aba31402cf15b42f9afb45509787c4912375a4256fbc02a8c7d9f7e4dc9977e9
Opcode Fuzzy Hash: 8fbf2f7869e2fc49064892f7dd3b6d58f39147b4f6b5215d350f6f4a25d2d3eb
Instruction Fuzzy Hash: 01B1E5B1D006059FDB10DF28C840AAAB7E1FF89314F148369EC589B352EB79ED55CB91

Uniqueness

Uniqueness Score: -1.00%

Function 007C80A0 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 242COMMON

Download Yara Rule

APIs

Part of subcall function 008140DB: __EH_prolog3_GS.LIBCMT ref: 008140E5
Part of subcall function 008140DB: _memset.LIBCMT ref: 0081414E
Part of subcall function 008140DB: GetVersionExA.KERNEL32(00000094,6838016B), ref: 00814167
Part of subcall function 008140DB: _malloc.LIBCMT ref: 0081419E
Part of subcall function 008140DB: _memset.LIBCMT ref: 008141B7

Part of subcall function 00814A5E: _strlen.LIBCMT ref: 00814A71
Part of subcall function 00814A5E: _memset.LIBCMT ref: 00814A8B
Part of subcall function 00814A5E: GetFocus.USER32 ref: 00814A93
Part of subcall function 00814A5E: IsWindowEnabled.USER32(00000000), ref: 00814AC7
Part of subcall function 00814A5E: EnableWindow.USER32(00000000,00000000), ref: 00814ADF
Part of subcall function 00814A5E: EnableWindow.USER32(00000000,00000001), ref: 00814B6E
Part of subcall function 00814A5E: IsWindow.USER32(?), ref: 00814B78
Part of subcall function 00814A5E: SetFocus.USER32(?), ref: 00814B83

Part of subcall function 00814BA0: __EH_prolog3.LIBCMT ref: 00814BA7
Part of subcall function 00814BA0: CoTaskMemFree.OLE32(?,?), ref: 00814BEE

GetFileAttributesExA.KERNEL32(?,00000000,?,00000000,?,00000000,?,00000001,00000000,00000000,00080000,Raw Date Files (*.raw)|*.raw|,00000000,00000000,00000001,6838016B), ref: 007C81CA
_memset.LIBCMT ref: 007C81EE
_sprintf.LIBCMT ref: 007C8205

Part of subcall function 0092B93E: __mbsrchr_l.LIBCMT ref: 0092B949

Strings

Failed to open %s , xrefs: 007C81FF
Failed to open file, xrefs: 007C8217
Raw Date Files (*.raw)|*.raw|, xrefs: 007C80D5

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: Window_memset$EnableFocus$AttributesEnabledFileFreeH_prolog3H_prolog3_TaskVersion__mbsrchr_l_malloc_sprintf_strlen
String ID: Failed to open %s $Failed to open file$Raw Date Files (*.raw)|*.raw|
API String ID: 3170006331-915368369
Opcode ID: 15d2ca1201d2c2c05ecb032c8136c921165c9c6a912eb3f1e3ecec1fe5b1a092
Instruction ID: bbd318e7578705d2a9489ffeff66fc8b98786818cf60cf0ef6fba914d20e29c2
Opcode Fuzzy Hash: 15d2ca1201d2c2c05ecb032c8136c921165c9c6a912eb3f1e3ecec1fe5b1a092
Instruction Fuzzy Hash: B4A1DD30A00A499BDB65DB28CC55FEDF7B8FF40314F10828CE459AB2D1DB786A84CB91

Uniqueness

Uniqueness Score: -1.00%

Function 004AC8D0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 238COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 004AC961
_strtoul.LIBCMT ref: 004ACA27

Strings

@, xrefs: 004AC956

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: ___from_strstr_to_strchr_strtoul
String ID: @
API String ID: 657614464-2766056989
Opcode ID: 8ef88a21dd27abdaa8041790c9f678a8723379f2acb3f52f567faf40fc16019d
Instruction ID: 39a84b6440e06eb67ecef190d98ff233cd8d1be25f71fe82703caeb2f36e0bbe
Opcode Fuzzy Hash: 8ef88a21dd27abdaa8041790c9f678a8723379f2acb3f52f567faf40fc16019d
Instruction Fuzzy Hash: B591CDB0508341DBC3609F25D4C17ABBBE1EFE1310F14C96EE8C88B391E37988859B5A

Uniqueness

Uniqueness Score: -1.00%

Function 00848A65 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 225windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00849E7E: GdipGetImagePixelFormat.GDIPLUS(?,00B3D750,00000000,00000000,?,00848A93,00000000,00000000,00B3D750), ref: 00849E8C

GdipBitmapLockBits.GDIPLUS(00000005,?,00000001,?,?,00000000,00000000,?,00000000,00000000,?,00000000,00000000,00B3D750), ref: 00848C79

Part of subcall function 00849E58: GdipGetImagePaletteSize.GDIPLUS(00000005,00000000,00000000,?,?,00848B59,00000000,00000000,?,00000000,00000000,?,00000000,00000000), ref: 00849E6A

GdipBitmapUnlockBits.GDIPLUS(00000005,?,00000005,?,00000001,?,?,00000000,00000000,?,00000000,00000000,?,00000000,00000000,00B3D750), ref: 00848D36

Part of subcall function 007C5500: GdipCreateBitmapFromScan0.GDIPLUS(?,?,?,?,?,?), ref: 007C5527

Part of subcall function 008472F4: GdipGetImageGraphicsContext.GDIPLUS(?,00B3D750,00000000,?,?,00848D6E,?,00000000,00000000,?,00000000,00000000,?,00000000,00000000,00B3D750), ref: 0084730E

Part of subcall function 00849B76: GdipDrawImageI.GDIPLUS(?,00000000,00000000,?,00000000,?,00848D81,?,00000000,00000000,?,00000000,00000000,?,00000000,00000000), ref: 00849B93

GdipDeleteGraphics.GDIPLUS(?,?,00000000,00000000,?,00000000,00000000,?,00000000,00000000,?,00000000,00000000,00B3D750), ref: 00848D87
GdipDisposeImage.GDIPLUS(?,?,?,00000000,00000000,?,00000000,00000000,?,00000000,00000000,?,00000000,00000000,00B3D750), ref: 00848D92

Strings

&, xrefs: 00848ADA

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: Gdip$Image$Bitmap$BitsGraphics$ContextCreateDeleteDisposeDrawFormatFromLockPalettePixelScan0SizeUnlock
String ID: &
API String ID: 1598553542-3042966939
Opcode ID: 4aa70df8a0f06441e05376c4198efb1e75cd3d4c88d4db945adcd706f9cf04f8
Instruction ID: d721c1b29a63ced7453e7da8ea47488ddea80a63eab3f728769aca2c7743863d
Opcode Fuzzy Hash: 4aa70df8a0f06441e05376c4198efb1e75cd3d4c88d4db945adcd706f9cf04f8
Instruction Fuzzy Hash: 44910AF1A0122DDBCB649F15CD80BADB7B5FB48314F4441E9AA09A7241DB30AEC5CF99

Uniqueness

Uniqueness Score: -1.00%

Function 007AA780 Relevance: 10.7, APIs: 7, Instructions: 188networkCOMMON

Download Yara Rule

APIs

htonl.WS2_32(?), ref: 007AA78F
htons.WS2_32(?), ref: 007AA7DA
htons.WS2_32(?), ref: 007AA7E9
htons.WS2_32(?), ref: 007AA7F0
_memmove.LIBCMT ref: 007AA900
htons.WS2_32(?), ref: 007AA97C
_memmove.LIBCMT ref: 007AA99A

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: htons$_memmove$htonl
String ID:
API String ID: 3516799724-0
Opcode ID: 29b68f4607eb36b4e9ec505090877fbca7d4e1cb168bdf8d0795041f932945b5
Instruction ID: 1c6892a17a89dc6195beccc191b932c0b5c195a68245119c4ee054dee8cc4507
Opcode Fuzzy Hash: 29b68f4607eb36b4e9ec505090877fbca7d4e1cb168bdf8d0795041f932945b5
Instruction Fuzzy Hash: F3716F76D0464A9FCB10CF68C884AAAF7F4FF89310F15865AEC599B341D738E951CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 0078A180 Relevance: 10.6, APIs: 7, Instructions: 148COMMON

Download Yara Rule

APIs

SetEvent.KERNEL32(?,00000000), ref: 0078A1FE
_memset.LIBCMT ref: 0078A219
SetEvent.KERNEL32(?,00000000,?,?), ref: 0078A256

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: Event$_memset
String ID:
API String ID: 3124960789-0
Opcode ID: a908d78b029d3b9b2159a895bb3b6be733e46decfd117656af5c77577b5bd5b0
Instruction ID: 187fae868b57cbaab45fcd6bcc5e27d3174c2c7c5a69c755e220dc4152bf8c06
Opcode Fuzzy Hash: a908d78b029d3b9b2159a895bb3b6be733e46decfd117656af5c77577b5bd5b0
Instruction Fuzzy Hash: AA618871E11B46ABE705CF2DD841AE4F760FFEA310F109346EDA856312E73565A1DB80

Uniqueness

Uniqueness Score: -1.00%

Function 007E2C70 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 136COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 007E2CDC
_memmove.LIBCMT ref: 007E2DCA

Strings

DAYNIGHTAUTO, xrefs: 007E2D6A
DAYNIGHT, xrefs: 007E2D32
DAYNIGHTAUTO, xrefs: 007E2D4E
DAYNIGHT, xrefs: 007E2D16

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memmove_memset
String ID: DAYNIGHT$DAYNIGHT$DAYNIGHTAUTO$DAYNIGHTAUTO
API String ID: 3555123492-2626325013
Opcode ID: e0a716e81790eadefd4d5941a3975c4217c1deb7536d481d73bcc62e7fb804c3
Instruction ID: 18eec588780a3ef73b920f76cc3df66fa503e71b34fcb0451714f106abd35260
Opcode Fuzzy Hash: e0a716e81790eadefd4d5941a3975c4217c1deb7536d481d73bcc62e7fb804c3
Instruction Fuzzy Hash: D041A232A01268AADF20DF64CC45FEAB3B8FB49300F50809AF549E6242DE755E999B50

Uniqueness

Uniqueness Score: -1.00%

Function 00838E1F Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 119COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00838E26

Part of subcall function 0080FBD2: __EH_prolog3.LIBCMT ref: 0080FBD9

Part of subcall function 00870DE8: SetRectEmpty.USER32(?), ref: 00870E16

SetRectEmpty.USER32(?), ref: 00838F6A
SetRectEmpty.USER32(?), ref: 00838F77
SetRectEmpty.USER32 ref: 00838F7A

Strings

True, xrefs: 00838F81
False, xrefs: 00838FD7

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: EmptyRect$H_prolog3
String ID: False$True
API String ID: 3752103406-1895882422
Opcode ID: 94a6ee396cc52c68742491247cb9dbabb2da4071eb6ddb665a18d2d0166e1496
Instruction ID: 20aed3cbaf63d46b7e3409a271649ac4a5c56b85a50b62d6d232aa06c18a6c46
Opcode Fuzzy Hash: 94a6ee396cc52c68742491247cb9dbabb2da4071eb6ddb665a18d2d0166e1496
Instruction Fuzzy Hash: 495102B0915345DFCB46DF68C588799BBE8BF08700F1881BEE85C9F296DBB41604CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0092CF04 Relevance: 10.6, APIs: 7, Instructions: 117timeCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32(?,?,?,00000000), ref: 0092CF7B
__aulldiv.LIBCMT ref: 0092CF95
__aulldiv.LIBCMT ref: 0092D026
__aullrem.LIBCMT ref: 0092D034
__aulldiv.LIBCMT ref: 0092D052

Part of subcall function 0092F66F: __getptd_noexit.LIBCMT ref: 0092F66F

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: __aulldiv$Time$FileSystem__aullrem__getptd_noexit
String ID:
API String ID: 2101487081-0
Opcode ID: 0efe14cce885909655315c00616bccb1fd74ff8dc8d4ea022eea7a66248e9240
Instruction ID: 10e569fe48cd66614bb61cebd8e5f6c6c62c2c410437cfa8cf96d0d936ed1857
Opcode Fuzzy Hash: 0efe14cce885909655315c00616bccb1fd74ff8dc8d4ea022eea7a66248e9240
Instruction Fuzzy Hash: 4841C4B5A113249BDB20EF64FD85FAE73B9FF88310F10449AE609D7295DB309A80CB55

Uniqueness

Uniqueness Score: -1.00%

Function 0079ED10 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 116COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0079ED43
swprintf.LIBCMT ref: 0079EDE5
swprintf.LIBCMT ref: 0079EE3C

Part of subcall function 007B9150: swprintf.LIBCMT ref: 007B9189
Part of subcall function 007B9150: swprintf.LIBCMT ref: 007B91AE

Strings

Require: www.onvif.org/ver20/backchannel, xrefs: 0079EE0D
DESCRIBE, xrefs: 0079ED86
DESCRIBE %s RTSP/%d.%dCSeq: %dAccept: application/sdp%sUser-Agent: %s, xrefs: 0079EDDA

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: swprintf$_memset
String ID: DESCRIBE$DESCRIBE %s RTSP/%d.%dCSeq: %dAccept: application/sdp%sUser-Agent: %s$Require: www.onvif.org/ver20/backchannel
API String ID: 1292703666-1788268500
Opcode ID: e5b5c47e555193162fbf19b3ef9c4dd35dd185cef068dcae3370a979c3172996
Instruction ID: d01d891270e5b5fe974f9858bbbeabb55606861f7422dc3d2facaa8238df56bc
Opcode Fuzzy Hash: e5b5c47e555193162fbf19b3ef9c4dd35dd185cef068dcae3370a979c3172996
Instruction Fuzzy Hash: 514128B6600616BBCB15CE24E844BEAF7ACFF46300F004396E899D7246DB756A49C7E0

Uniqueness

Uniqueness Score: -1.00%

Function 007A0D90 Relevance: 10.6, APIs: 7, Instructions: 97COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 007A0E0D
_memset.LIBCMT ref: 007A0E34

Part of subcall function 007B5520: _memset.LIBCMT ref: 007B55C4
Part of subcall function 007B5520: _memset.LIBCMT ref: 007B55D7
Part of subcall function 007B5520: _memset.LIBCMT ref: 007B55F5
Part of subcall function 007B5520: _memset.LIBCMT ref: 007B5613

_memset.LIBCMT ref: 007A0ECC
__time64.LIBCMT ref: 007A0ED5

Part of subcall function 00953F46: GetSystemTimeAsFileTime.KERNEL32(0078ACDC,?,?,?,0078ACDC,00000000), ref: 00953F4F
Part of subcall function 00953F46: __aulldiv.LIBCMT ref: 00953F6F

_rand.LIBCMT ref: 007A0EE5
htonl.WS2_32(00000000), ref: 007A0EEB
_memset.LIBCMT ref: 007A0F25

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memset$Time$FileSystem__aulldiv__time64_randhtonl
String ID:
API String ID: 1794877277-0
Opcode ID: f55f793b596b37e02191487c3324a7ab3519b6fd041aa943e5402add73ddc37d
Instruction ID: 9e2f392669542774a93a87e6b3319fb9260f87db4ad7cf10b7dfcd1d14b81286
Opcode Fuzzy Hash: f55f793b596b37e02191487c3324a7ab3519b6fd041aa943e5402add73ddc37d
Instruction Fuzzy Hash: B841ABB1604B46FBE304DF65C809B8AFBB4BF44314F104309E528AB6C1D7F661688BD1

Uniqueness

Uniqueness Score: -1.00%

Function 0077A4F0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 92COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0077A51F
_memset.LIBCMT ref: 0077A532
swprintf.LIBCMT ref: 0077A56A
swprintf.LIBCMT ref: 0077A59E

Strings

%smpeg4?USER=%s&PWD=%s&VIDEO_BITRATE&VIDEO_RESOLUTION&VIDEO_FPS_NUM&VIDEO_BRIGHTNESS&VIDEO_CONTRAST&VIDEO_HUE&VIDEO_SATURATION, xrefs: 0077A559
%smpeg4?USER=%s&PWD=%s&CHANNEL=%d&VIDEO_BITRATE&VIDEO_RESOLUTION&VIDEO_FPS_NUM&VIDEO_BRIGHTNESS&VIDEO_CONTRAST&VIDEO_HUE&VIDEO_SATURATION, xrefs: 0077A58D

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memsetswprintf
String ID: %smpeg4?USER=%s&PWD=%s&CHANNEL=%d&VIDEO_BITRATE&VIDEO_RESOLUTION&VIDEO_FPS_NUM&VIDEO_BRIGHTNESS&VIDEO_CONTRAST&VIDEO_HUE&VIDEO_SATURATION$%smpeg4?USER=%s&PWD=%s&VIDEO_BITRATE&VIDEO_RESOLUTION&VIDEO_FPS_NUM&VIDEO_BRIGHTNESS&VIDEO_CONTRAST&VIDEO_HUE&VIDEO_SATURATION
API String ID: 104879626-2982240094
Opcode ID: e69004553b8f2f9f1742e29bc081cd4c676201593a39e6ce79422c93d371f3d0
Instruction ID: 083fca7842f9886889b1d9fbaaf9a621df7e0f10335c3b3fcd82a8369849bbd2
Opcode Fuzzy Hash: e69004553b8f2f9f1742e29bc081cd4c676201593a39e6ce79422c93d371f3d0
Instruction Fuzzy Hash: B031BCB2D00318A7D760DB54DC01FEBB3ACAF85304F404596AB89A7141EF346788C7D5

Uniqueness

Uniqueness Score: -1.00%

Function 007C2140 Relevance: 10.6, APIs: 7, Instructions: 58COMMON

Download Yara Rule

APIs

Part of subcall function 007C1B50: EnterCriticalSection.KERNEL32(00C098A0,00000000,007C1DF2), ref: 007C1B8F
Part of subcall function 007C1B50: LeaveCriticalSection.KERNEL32(00C098A0), ref: 007C1BA3

Part of subcall function 007C1C70: EnterCriticalSection.KERNEL32(00C098A0,?), ref: 007C1CAF
Part of subcall function 007C1C70: LeaveCriticalSection.KERNEL32(00C098A0), ref: 007C1CC3

_free.LIBCMT ref: 007C2165

Part of subcall function 0092B41D: HeapFree.KERNEL32(00000000,00000000,?,00933DBC,00000000,0092F674,0092B4DC,?,?,00802D4E,00000001,?,?,007748D8,00000B40,00000000), ref: 0092B431
Part of subcall function 0092B41D: GetLastError.KERNEL32(00000000,?,00933DBC,00000000,0092F674,0092B4DC,?,?,00802D4E,00000001,?,?,007748D8,00000B40,00000000), ref: 0092B443

_free.LIBCMT ref: 007C217C
_free.LIBCMT ref: 007C2193
_free.LIBCMT ref: 007C21AD
_free.LIBCMT ref: 007C21CA
_free.LIBCMT ref: 007C21E4
_free.LIBCMT ref: 007C21F4

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _free$CriticalSection$EnterLeave$ErrorFreeHeapLast
String ID:
API String ID: 3435269767-0
Opcode ID: 2d64c3d462b5572c6d05e6627c233a33bfb96802b583f6a6613f53d747ac0df6
Instruction ID: e3a33487d603419d7cad6afe6640e6fbba3adfaefa4da94251d37f98e43e75cf
Opcode Fuzzy Hash: 2d64c3d462b5572c6d05e6627c233a33bfb96802b583f6a6613f53d747ac0df6
Instruction Fuzzy Hash: 741133F1E00B1457EA20BB36E855B5777D86F40740F08083CE94A87252EB39F9058B92

Uniqueness

Uniqueness Score: -1.00%

Function 0084A722 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMON

Download Yara Rule

APIs

FindResourceA.KERNEL32(?,?,PNG), ref: 0084A743
LoadResource.KERNEL32(?,00000000,?,?,0099DC30,?,0084B530,?,00000000,?), ref: 0084A752
LockResource.KERNEL32(00000000,?,0099DC30,?,0084B530,?,00000000,?), ref: 0084A75F
SizeofResource.KERNEL32(?,00000000,?,0099DC30,?,0084B530,?,00000000,?), ref: 0084A772

Part of subcall function 0084A798: GlobalAlloc.KERNEL32(00000002,?,00000000,?,00000000,?,0084A784,?,00000000,?,0099DC30,?,0084B530,?,00000000,?), ref: 0084A7A5

FreeResource.KERNEL32(00000000,?,00000000,?,0099DC30,?,0084B530,?,00000000,?), ref: 0084A787

Strings

PNG, xrefs: 0084A73A

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: Resource$AllocFindFreeGlobalLoadLockSizeof
String ID: PNG
API String ID: 169377235-364855578
Opcode ID: 578f9755debc76e3c8da39b1e2ff08b38cea7226e64d0781fef3091681fe7ff6
Instruction ID: e3aa5a2fab8aeb44b0035316f733fba8ea649541f8284c0e1086cf6e707b834f
Opcode Fuzzy Hash: 578f9755debc76e3c8da39b1e2ff08b38cea7226e64d0781fef3091681fe7ff6
Instruction Fuzzy Hash: 0B018F3A55A219BB9B265B94AC84C6EB77CFF45364301812AFD50E7310DB709D01ABA2

Uniqueness

Uniqueness Score: -1.00%

Function 00784080 Relevance: 9.2, APIs: 6, Instructions: 161COMMON

Download Yara Rule

APIs

__time64.LIBCMT ref: 00784091

Part of subcall function 00953F46: GetSystemTimeAsFileTime.KERNEL32(0078ACDC,?,?,?,0078ACDC,00000000), ref: 00953F4F
Part of subcall function 00953F46: __aulldiv.LIBCMT ref: 00953F6F

Part of subcall function 00780520: WaitForSingleObject.KERNEL32(?,?,6838016B), ref: 00780555

_memmove.LIBCMT ref: 00784105
_memmove.LIBCMT ref: 00784123
__time64.LIBCMT ref: 007841A4
_memmove.LIBCMT ref: 00784200
_memmove.LIBCMT ref: 0078421C

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memmove$Time__time64$FileObjectSingleSystemWait__aulldiv
String ID:
API String ID: 2602992768-0
Opcode ID: 5338f377d5d234f79894110678bc7b60ab706a8cf48ec334c2548eab590e8ee9
Instruction ID: 531a3c5bda08e5ed000f7551a0a7f2022dda85f06437be92da3453cda5d8eac7
Opcode Fuzzy Hash: 5338f377d5d234f79894110678bc7b60ab706a8cf48ec334c2548eab590e8ee9
Instruction Fuzzy Hash: F9515D719443065ED730EF38DC45B27B7A4AFA1710F08865DF46987282E7B5EC85C792

Uniqueness

Uniqueness Score: -1.00%

Function 00782960 Relevance: 9.2, APIs: 6, Instructions: 161COMMON

Download Yara Rule

APIs

__time64.LIBCMT ref: 00782971

Part of subcall function 00953F46: GetSystemTimeAsFileTime.KERNEL32(0078ACDC,?,?,?,0078ACDC,00000000), ref: 00953F4F
Part of subcall function 00953F46: __aulldiv.LIBCMT ref: 00953F6F

Part of subcall function 00780520: WaitForSingleObject.KERNEL32(?,?,6838016B), ref: 00780555

_memmove.LIBCMT ref: 007829E5
_memmove.LIBCMT ref: 00782A03
__time64.LIBCMT ref: 00782A84
_memmove.LIBCMT ref: 00782AE0
_memmove.LIBCMT ref: 00782AFC

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memmove$Time__time64$FileObjectSingleSystemWait__aulldiv
String ID:
API String ID: 2602992768-0
Opcode ID: e67f5951ad535993ebc0e8df40f4d97fad64b4020a89994b7c566254d7e3d3a4
Instruction ID: 0e4e3d54046bd7ad7d50a9ed9d52cfca6870dac75654fab9cfc7fa38c6a165c6
Opcode Fuzzy Hash: e67f5951ad535993ebc0e8df40f4d97fad64b4020a89994b7c566254d7e3d3a4
Instruction Fuzzy Hash: 555127715443005ED735EF38CC81B26B7E5AF55311F08C65EECAA8A293D735E84A8793

Uniqueness

Uniqueness Score: -1.00%

Function 00814D07 Relevance: 9.1, APIs: 6, Instructions: 144windowCOMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00814D0E
CoTaskMemFree.OLE32(?,000000FF,?), ref: 00814DB4
GetParent.USER32(?), ref: 00814E2B
SendMessageA.USER32(?,00000464,00000104,00000000), ref: 00814E42
GetParent.USER32(?), ref: 00814E74
SendMessageA.USER32(?,00000465,00000104,00000000), ref: 00814E8A

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: MessageParentSend$FreeH_prolog3Task
String ID:
API String ID: 526180827-0
Opcode ID: 23c3d09bfdfa773d814bd9158cc09e4320f1d56683800d63ef9886248ef5b5f5
Instruction ID: 698e27816e6a3ec31ed039b1ef3ed52d8cf0c48cf723188bf0b604e9740bae36
Opcode Fuzzy Hash: 23c3d09bfdfa773d814bd9158cc09e4320f1d56683800d63ef9886248ef5b5f5
Instruction Fuzzy Hash: 73512B71A0021AAFCB04EFA4CC85EAEB7B9FF44314B104618F515E72E1DB70A985CB91

Uniqueness

Uniqueness Score: -1.00%

Function 005E4B30 Relevance: 9.1, APIs: 6, Instructions: 126COMMON

Download Yara Rule

APIs

_wcrtomb.LIBCMT ref: 005E4BB6
_fputc.LIBCMT ref: 005E4C0C
_fputc.LIBCMT ref: 005E4C38
_localeconv.LIBCMT ref: 005E4C49
_mbrtowc.LIBCMT ref: 005E4C69
_fputc.LIBCMT ref: 005E4CB7

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _fputc$_localeconv_mbrtowc_wcrtomb
String ID:
API String ID: 1718412160-0
Opcode ID: b60c00b35f63edd407ed56825602ecfbf87f82de7784667ff72807f386b571a4
Instruction ID: e5f5825ec02dde43b4a1812fe0daa9bf0b04a83b9066f8e0695f174d335080e7
Opcode Fuzzy Hash: b60c00b35f63edd407ed56825602ecfbf87f82de7784667ff72807f386b571a4
Instruction Fuzzy Hash: 91517971905284CFCF18DF1AC0853AABBE4BF95311F204989D9889B28AD374ED54CFA2

Uniqueness

Uniqueness Score: -1.00%

Function 007A1070 Relevance: 9.1, APIs: 6, Instructions: 118networksleepCOMMON

Download Yara Rule

APIs

Part of subcall function 007A03D0: swprintf.LIBCMT ref: 007A0430
Part of subcall function 007A03D0: getaddrinfo.WS2_32(?,00000000,?,00000000), ref: 007A0445
Part of subcall function 007A03D0: _wprintf.LIBCMT ref: 007A0482

getsockname.WS2_32(00000000,?,?), ref: 007A10B4
htons.WS2_32(?), ref: 007A10C1

Part of subcall function 007A03D0: _wprintf.LIBCMT ref: 007A04A0

getsockname.WS2_32(00000000,?,?), ref: 007A10DC
htons.WS2_32(?), ref: 007A10E9
closesocket.WS2_32(00000000), ref: 007A1157
Sleep.KERNEL32(0000000A), ref: 007A115F

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _wprintfgetsocknamehtons$Sleepclosesocketgetaddrinfoswprintf
String ID:
API String ID: 3562786552-0
Opcode ID: 6c938368eb52a412415f512b459289643959798458a1915fe3d2e8f8e673bdf6
Instruction ID: 095cd4b5b08144df498a135a11590b44f2420ba2f7f3854021ce69356c907b7f
Opcode Fuzzy Hash: 6c938368eb52a412415f512b459289643959798458a1915fe3d2e8f8e673bdf6
Instruction Fuzzy Hash: C341F631A01508ABCB04EFB5E9445AEF7F5EF9A320F60472AF426D7390DB385941DB90

Uniqueness

Uniqueness Score: -1.00%

Function 007821D0 Relevance: 9.1, APIs: 6, Instructions: 97COMMON

Download Yara Rule

APIs

Part of subcall function 00799A70: swprintf.LIBCMT ref: 00799AA8
Part of subcall function 00799A70: _memset.LIBCMT ref: 00799AB8
Part of subcall function 00799A70: _memset.LIBCMT ref: 00799ACB

Part of subcall function 00780290: InitializeCriticalSectionAndSpinCount.KERNEL32(00006774,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00780327
Part of subcall function 00780290: GetLastError.KERNEL32(?,?,00000000), ref: 00780331
Part of subcall function 00780290: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 0078038A
Part of subcall function 00780290: ResetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00780394

_memset.LIBCMT ref: 007822D8
_rand.LIBCMT ref: 007822FF
_memset.LIBCMT ref: 00782322
_memset.LIBCMT ref: 00782334
CreateEventA.KERNEL32(00000009,00000001,00000009,00000009,?,?,?,?,?,?), ref: 00782347
ResetEvent.KERNEL32(00000000,?,?,?,?,?,?), ref: 00782354

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memset$Event$CreateReset$CountCriticalErrorInitializeLastSectionSpin_randswprintf
String ID:
API String ID: 3381198503-0
Opcode ID: 3b79452379e2e978ff8506daf651cd482409daad2a25a6fa1012653864b86272
Instruction ID: 84587a0a5f13183316a689408fa7df0b3e08f5c7fcc19abe8008117c971ba4ba
Opcode Fuzzy Hash: 3b79452379e2e978ff8506daf651cd482409daad2a25a6fa1012653864b86272
Instruction Fuzzy Hash: 1D415FB1608B05FFE704DF64C85979AFBE9FB44308F004219E42C97281DBBA6528CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 00790940 Relevance: 9.1, APIs: 6, Instructions: 52COMMON

Download Yara Rule

APIs

shutdown.WS2_32(?,00000002), ref: 00790969
closesocket.WS2_32(?), ref: 00790970
DeleteCriticalSection.KERNEL32(?,?,?,?,0077CA94), ref: 007909A7
shutdown.WS2_32(?,00000002), ref: 007909CF
closesocket.WS2_32(?), ref: 007909D6
closesocket.WS2_32(?), ref: 007909E4

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: closesocket$shutdown$CriticalDeleteSection
String ID:
API String ID: 1529986119-0
Opcode ID: 46ea01dc8ab5798d6fab3470e4b7840193c2ae72ad2173ac20518c7dde54b740
Instruction ID: 7636a783edb06accaf0948fd35dda9b618bb93285011b70a9f30e37f8652f559
Opcode Fuzzy Hash: 46ea01dc8ab5798d6fab3470e4b7840193c2ae72ad2173ac20518c7dde54b740
Instruction Fuzzy Hash: FA113DB15157005BE6209B799C49B57B3E9BB51330F140B09E4BDC22E1D778B8068B91

Uniqueness

Uniqueness Score: -1.00%

Function 007AAD50 Relevance: 9.0, APIs: 6, Instructions: 50COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 007AADBB
_memset.LIBCMT ref: 007AADCB
_memset.LIBCMT ref: 007AADE8
_memset.LIBCMT ref: 007AAE10
_memset.LIBCMT ref: 007AAE23
_memset.LIBCMT ref: 007AAE33

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memset
String ID:
API String ID: 2102423945-0
Opcode ID: adbd4fa1b594ad9587f93d94a392c138bde91c5381459046fb2e56ee438ecc05
Instruction ID: 0412c077d7ba91ed0d812127a913576fe7f67de8fc9feff2a3e1f2469c351dfe
Opcode Fuzzy Hash: adbd4fa1b594ad9587f93d94a392c138bde91c5381459046fb2e56ee438ecc05
Instruction Fuzzy Hash: 3A110DB0541B04ABE371DB75D866BC7B6DCAF18704F10091DF2A99A1C5D7F4B2888BD4

Uniqueness

Uniqueness Score: -1.00%

Function 00780840 Relevance: 9.0, APIs: 6, Instructions: 47windowsynchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(?,00000064), ref: 00780867
PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00780880
TranslateMessage.USER32(?), ref: 0078088A
DispatchMessageA.USER32(?), ref: 00780894
WaitForSingleObject.KERNEL32(?,00000064), ref: 007808A2
CloseHandle.KERNEL32(?), ref: 007808AF

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: Message$ObjectSingleWait$CloseDispatchHandlePeekTranslate
String ID:
API String ID: 629631254-0
Opcode ID: 8614b9a24146fedd9362b8beaf364257987688e2dd455843a41f6e266e7b1188
Instruction ID: 53ea8ede04ebf30ac4f6d8ddcd7f4999368f0a3d1ca094b75a35ff5b20e2825d
Opcode Fuzzy Hash: 8614b9a24146fedd9362b8beaf364257987688e2dd455843a41f6e266e7b1188
Instruction Fuzzy Hash: CC018F72A8530D6BEB20ABA9DC49F9BB3FDAB08710F000025E614D22D0D7B5E8058BE0

Uniqueness

Uniqueness Score: -1.00%

Function 007B0B90 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 226threadCOMMON

Download Yara Rule

APIs

Part of subcall function 00802D2D: _malloc.LIBCMT ref: 00802D49

~_Task_impl.LIBCPMT ref: 007B0D38
CreateThread.KERNEL32 ref: 007B0D8E

Part of subcall function 00815DA5: InternetOpenA.WININET(00000000,00000001,00000001,?,007F1C62), ref: 00815DDB

Strings

/mnt/hd/Data/, xrefs: 007B0CC3
/Data/, xrefs: 007B0CD7
client, xrefs: 007B0C21

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: CreateInternetOpenTask_implThread_malloc
String ID: /Data/$/mnt/hd/Data/$client
API String ID: 1876871433-3358146206
Opcode ID: f0019fb3d5315a5c9d806ffd7585d247ce4e4c674aff858d97aeb66778eab218
Instruction ID: 2ea203189347ef8eeb25efe319afbf7dc67fb9788b3c2dd9976c1f8a58acbeaa
Opcode Fuzzy Hash: f0019fb3d5315a5c9d806ffd7585d247ce4e4c674aff858d97aeb66778eab218
Instruction Fuzzy Hash: 18917B707007059FEB24DFA8C945BEBBBE4FF45700F14846EE59A9B680DBB5A840CB91

Uniqueness

Uniqueness Score: -1.00%

Function 007FE890 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 146COMMON

Download Yara Rule

APIs

_sprintf.LIBCMT ref: 007FE94A
_strncpy.LIBCMT ref: 007FE9BF

Strings

%d,, xrefs: 007FE93F
ACM-8211, xrefs: 007FE901, 007FE919, 007FE91A

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _sprintf_strncpy
String ID: %d,$ACM-8211
API String ID: 1069910716-243664484
Opcode ID: 84fa59ff1650b53813987f3baae64941395d5743389c1178a098dd2cddac9e9b
Instruction ID: 778b3732bcaaf856d12d1d82a8461e3b10a8aac8e755f21b396aae74d5ad09d9
Opcode Fuzzy Hash: 84fa59ff1650b53813987f3baae64941395d5743389c1178a098dd2cddac9e9b
Instruction Fuzzy Hash: 8C51DA71D00258EFDF25DFA8C844BEEBBB4FF06304F004269E4026B296D7BA2945CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0081A851 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 142COMMON

Download Yara Rule

APIs

GlobalLock.KERNEL32(?,75FD5E50,System,0000000A), ref: 0081A87B
_strlen.LIBCMT ref: 0081A8C3
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000020), ref: 0081A8DF

Strings

System, xrefs: 0081A877

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: ByteCharGlobalLockMultiWide_strlen
String ID: System
API String ID: 3265272279-3470857405
Opcode ID: 4dfa595118ec5ef762ae6798f6abae487990de25a85874938069070c46e7498d
Instruction ID: 102f6930b509344a7a47d35fdee8c19ebfbfea72510e238ad2b7535f5f0543c8
Opcode Fuzzy Hash: 4dfa595118ec5ef762ae6798f6abae487990de25a85874938069070c46e7498d
Instruction Fuzzy Hash: 3941C4719012099FDB18DFA8D884AFEBBF8FF44314F158529E426DB290E73099C6CB51

Uniqueness

Uniqueness Score: -1.00%

Function 007E2510 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 135COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 007E2589
_memmove.LIBCMT ref: 007E2663

Strings

ZOOMSTOP, xrefs: 007E25BB
ZOOMIN, xrefs: 007E25ED
ZOOMOUT, xrefs: 007E25D4

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memmove_memset
String ID: ZOOMIN$ZOOMOUT$ZOOMSTOP
API String ID: 3555123492-911756540
Opcode ID: db3e15bf2d8f20597f72bb3ed28f3080594003e8c85283062c9b9ad31f5bb996
Instruction ID: df082e87c507f8547e5fee005f7a78196cec7a2c2ce23678e6a38bd2cd28d7c0
Opcode Fuzzy Hash: db3e15bf2d8f20597f72bb3ed28f3080594003e8c85283062c9b9ad31f5bb996
Instruction Fuzzy Hash: F341A271901258AADF30DA69CC45FEAB3BCFB49300F1041DAF849D3242DA746E99CB61

Uniqueness

Uniqueness Score: -1.00%

Function 007E2E60 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 130COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 007E2ECC
_memmove.LIBCMT ref: 007E2FAA

Strings

FOCUSOUT, xrefs: 007E2F1D
FOCUSIN, xrefs: 007E2F39
FOCUSSTOP, xrefs: 007E2F01

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memmove_memset
String ID: FOCUSIN$FOCUSOUT$FOCUSSTOP
API String ID: 3555123492-3230474604
Opcode ID: c8028dc4645a6f2b84d75b397042048c1aa74f965231193a9253befa52dcb99c
Instruction ID: 9e75b2a5226a57e35dd259aac0f627d11abbaa5801fa1f9d91ffdddbaa990ed8
Opcode Fuzzy Hash: c8028dc4645a6f2b84d75b397042048c1aa74f965231193a9253befa52dcb99c
Instruction Fuzzy Hash: F541B132901218AAEF20DF65CC41FEAB3B8FF49300F40809AF54DE6242DE755E99DB90

Uniqueness

Uniqueness Score: -1.00%

Function 007F0190 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 86COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 007F01D2
_sprintf.LIBCMT ref: 007F01EF
_sprintf.LIBCMT ref: 007F0245

Strings

%s&%s, xrefs: 007F023F
%s&%s, xrefs: 007F01E9

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _sprintf$_memset
String ID: %s&%s$%s&%s
API String ID: 2003622500-3982938970
Opcode ID: dc3b311849e5c28cd70c3754e7fbcc9c53a36f544a913578f840eb8c3c532ab4
Instruction ID: 169b85aa46b19ef50fe4d96b674cdf140e62899c88e6981e89d8ca44a1eb7c5d
Opcode Fuzzy Hash: dc3b311849e5c28cd70c3754e7fbcc9c53a36f544a913578f840eb8c3c532ab4
Instruction Fuzzy Hash: CD31B9B564021CABDB20CF58CD85FAAB3B8BF44704F104099B709B7342DA75AD458B64

Uniqueness

Uniqueness Score: -1.00%

Function 007B81E0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 70COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 007B821A
swprintf.LIBCMT ref: 007B823C
swprintf.LIBCMT ref: 007B8261

Strings

%s:%s, xrefs: 007B822B
Basic %s, xrefs: 007B8256

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: swprintf$_memset
String ID: %s:%s$Basic %s
API String ID: 1292703666-993552642
Opcode ID: ade44ca23121a4b7e4cb3b977f42f9ee465fe29e29c415b999d8a8a6430e163d
Instruction ID: 79677e84c8a940bd90d9181b6799b2121df69f5643537ca072e7d39b8c37f266
Opcode Fuzzy Hash: ade44ca23121a4b7e4cb3b977f42f9ee465fe29e29c415b999d8a8a6430e163d
Instruction Fuzzy Hash: 18115B71B0021C67DB20EA699C42BFFB3ACEF95700F1000B9FD49D3241DEB49D448291

Uniqueness

Uniqueness Score: -1.00%

Function 007CA0C0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 59timeCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 007CA0E8
KGetCurrentTime.ARCHIVEPLAYER(?,?,00000000,0000007F), ref: 007CA0F3
__localtime64.LIBCMT ref: 007CA115
_sprintf.LIBCMT ref: 007CA13F

Strings

%04d/%02d/%02d %02d:%02d:%02d, xrefs: 007CA139

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: CurrentTime__localtime64_memset_sprintf
String ID: %04d/%02d/%02d %02d:%02d:%02d
API String ID: 425097752-2911751566
Opcode ID: a0dcd63b40c182b4081b9039e77b68a2404fad260fcd5cf4b3936343c7c9d96a
Instruction ID: af53625aad1089a5056c4576da48c573d069aba0e80d41b3487eaee064ffb008
Opcode Fuzzy Hash: a0dcd63b40c182b4081b9039e77b68a2404fad260fcd5cf4b3936343c7c9d96a
Instruction Fuzzy Hash: 2211B171900219EFCB21DB64DD05FAAB7B8FB44300F0480DCA589A7252EE39EA489B91

Uniqueness

Uniqueness Score: -1.00%

Function 007789F0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 53COMMON

Download Yara Rule

APIs

swprintf.LIBCMT ref: 00778A1D
swprintf.LIBCMT ref: 00778A37
swprintf.LIBCMT ref: 00778A51
swprintf.LIBCMT ref: 00778AB0

Strings

http://%s:%d/cgi-bin/, xrefs: 00778A8E

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: swprintf
String ID: http://%s:%d/cgi-bin/
API String ID: 233258989-3528032135
Opcode ID: d58eb1f8f268216ef84ede86db4b7a045534afd7df6ef14152f7d7bb9f5fe530
Instruction ID: e813439ecc25912901c815c9279c5e4535d9584844d147818f25c7cbc10e4c7e
Opcode Fuzzy Hash: d58eb1f8f268216ef84ede86db4b7a045534afd7df6ef14152f7d7bb9f5fe530
Instruction Fuzzy Hash: 4D111CB6541294AADB00DF91D9C1BE233ACAF4D710F0840B2FE489F18BE778A544C775

Uniqueness

Uniqueness Score: -1.00%

Function 007A81B0 Relevance: 7.8, APIs: 5, Instructions: 260networkCOMMON

Download Yara Rule

APIs

htonl.WS2_32(?), ref: 007A81D4
htons.WS2_32(?), ref: 007A823B
htons.WS2_32(?), ref: 007A826E
htons.WS2_32(?), ref: 007A8287
htons.WS2_32(?), ref: 007A8292

Part of subcall function 007A8510: _memset.LIBCMT ref: 007A855D
Part of subcall function 007A8510: _memmove.LIBCMT ref: 007A85C8

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: htons$_memmove_memsethtonl
String ID:
API String ID: 3132012031-0
Opcode ID: ba9e602bcee60c997314b7bc09e7e0943041f41c930c847fc45e2b54ef387b6d
Instruction ID: e5d9637ce023ec6fe1eb07496afbcb9796d74246203552e753fe051d36667ccd
Opcode Fuzzy Hash: ba9e602bcee60c997314b7bc09e7e0943041f41c930c847fc45e2b54ef387b6d
Instruction Fuzzy Hash: 9C91C331204605AFDB54DF64D844BFAF3A8FB8A315F04461AE95DCB291DB38A851CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0079CE00 Relevance: 7.7, APIs: 5, Instructions: 173COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 0079CE1A
___from_strstr_to_strchr.LIBCMT ref: 0079CE79
___from_strstr_to_strchr.LIBCMT ref: 0079CEB1
swprintf.LIBCMT ref: 0079CF1B

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: ___from_strstr_to_strchr$swprintf
String ID:
API String ID: 2916680332-0
Opcode ID: 21b21ae2aa6be5ba14bde9f7ca0de64503b831c7ea8f431d538f0e30308c2240
Instruction ID: 441e2b01a0ded080b47a448182cba1aba4444e495df875132eadf8144c60cf38
Opcode Fuzzy Hash: 21b21ae2aa6be5ba14bde9f7ca0de64503b831c7ea8f431d538f0e30308c2240
Instruction Fuzzy Hash: CF417F73A002185BDF25EA78BC45BFE77AADF89310F0401A9EC09AB247E9259D0187E1

Uniqueness

Uniqueness Score: -1.00%

Function 00788F90 Relevance: 7.6, APIs: 5, Instructions: 122COMMON

Download Yara Rule

APIs

SetEvent.KERNEL32(?,?,00000000,000000FF,?,?,00788F5D,?,00000000), ref: 00788FFB

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: Event
String ID:
API String ID: 4201588131-0
Opcode ID: 06ca633c7ce6c499b3fbe7f60800d88cbb417c05def37a621f5423003ab8d514
Instruction ID: a1ed2e22d0253750741b7c15fd23d5d618b6cfbaa85c2239d7066f527fdef593
Opcode Fuzzy Hash: 06ca633c7ce6c499b3fbe7f60800d88cbb417c05def37a621f5423003ab8d514
Instruction Fuzzy Hash: D641AF32B407469BD718DF28D880EB6F364FF85311F14436AEE989A241EB39E964C7D1

Uniqueness

Uniqueness Score: -1.00%

Function 0078A510 Relevance: 7.6, APIs: 5, Instructions: 117networkCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0078A55B
send.WS2_32(?,?,?,00000000), ref: 0078A57F
__time64.LIBCMT ref: 0078A58C

Part of subcall function 00953F46: GetSystemTimeAsFileTime.KERNEL32(0078ACDC,?,?,?,0078ACDC,00000000), ref: 00953F4F
Part of subcall function 00953F46: __aulldiv.LIBCMT ref: 00953F6F

__time64.LIBCMT ref: 0078A5D7
WSAGetLastError.WS2_32(00000000,0000000D,00000000,0000000D), ref: 0078A5E9

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: Time__time64$ErrorFileLastSystem__aulldiv_memsetsend
String ID:
API String ID: 1122307660-0
Opcode ID: 479b33b9efb30b57f547eb459ba74d0e264cd82cf146f6baeba2fc9bd12ed475
Instruction ID: 983c76203f5b406fabfda0451b2f0ab2886025850d5b554648260e2d48f06c9d
Opcode Fuzzy Hash: 479b33b9efb30b57f547eb459ba74d0e264cd82cf146f6baeba2fc9bd12ed475
Instruction Fuzzy Hash: 07412C71E40114ABEB34DF28CC45BD9B7A4EB44730F184666E81997380E7389D85CB92

Uniqueness

Uniqueness Score: -1.00%

Function 00788CC0 Relevance: 7.6, APIs: 5, Instructions: 117networkCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00788D0B
send.WS2_32(?,?,?,00000000), ref: 00788D2C
__time64.LIBCMT ref: 00788D39

Part of subcall function 00953F46: GetSystemTimeAsFileTime.KERNEL32(0078ACDC,?,?,?,0078ACDC,00000000), ref: 00953F4F
Part of subcall function 00953F46: __aulldiv.LIBCMT ref: 00953F6F

__time64.LIBCMT ref: 00788D84
WSAGetLastError.WS2_32(00000000,0000000D,00000000,0000000D), ref: 00788D96

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: Time__time64$ErrorFileLastSystem__aulldiv_memsetsend
String ID:
API String ID: 1122307660-0
Opcode ID: 54b619cd39507bf1a65870ae6ffe63214ae12807ed5a543122037192346a40c3
Instruction ID: cb68073fc9246b63b25611a951d8073357a1e43ef68175556cd34432eb7ad099
Opcode Fuzzy Hash: 54b619cd39507bf1a65870ae6ffe63214ae12807ed5a543122037192346a40c3
Instruction Fuzzy Hash: BC415771B401188BCB64EF24CC45B9AB7B0EB58730F644265E8299B3C0DB389D41CBE2

Uniqueness

Uniqueness Score: -1.00%

Function 00788E20 Relevance: 7.6, APIs: 5, Instructions: 114networkCOMMON

Download Yara Rule

APIs

__time64.LIBCMT ref: 00788E49

Part of subcall function 00953F46: GetSystemTimeAsFileTime.KERNEL32(0078ACDC,?,?,?,0078ACDC,00000000), ref: 00953F4F
Part of subcall function 00953F46: __aulldiv.LIBCMT ref: 00953F6F

WSAGetLastError.WS2_32(?,?), ref: 00788E89
__time64.LIBCMT ref: 00788EC9
__time64.LIBCMT ref: 00788F25
_memset.LIBCMT ref: 00788F6A

Part of subcall function 0079C6C0: recv.WS2_32(?,00000000,0078A5CC,00000000), ref: 0079C6D7
Part of subcall function 0079C6C0: WSAGetLastError.WS2_32(?,0078A5CC,00000000,0000000D), ref: 0079C6E1
Part of subcall function 0079C6C0: shutdown.WS2_32(?,00000002), ref: 0079C701
Part of subcall function 0079C6C0: closesocket.WS2_32(?), ref: 0079C708

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: __time64$ErrorLastTime$FileSystem__aulldiv_memsetclosesocketrecvshutdown
String ID:
API String ID: 2463973982-0
Opcode ID: c45eaa51680ae1d88cab5b6612d888dec04d1a8cb0421b58fe87c9478b5d0774
Instruction ID: bec57a1ed69f840fb408840d6ec3f891bcdc4a2445d51daa8f8a9cbdc34df2cc
Opcode Fuzzy Hash: c45eaa51680ae1d88cab5b6612d888dec04d1a8cb0421b58fe87c9478b5d0774
Instruction Fuzzy Hash: 1A413872B446016BD764FA39CC49B99F791AF40324F884715E93DC22C1DB78A96487D3

Uniqueness

Uniqueness Score: -1.00%

Function 007B2040 Relevance: 7.6, APIs: 5, Instructions: 112COMMON

Download Yara Rule

APIs

Part of subcall function 007B2350: WaitForSingleObject.KERNEL32(?,00000064), ref: 007B237E
Part of subcall function 007B2350: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 007B239C
Part of subcall function 007B2350: TranslateMessage.USER32(?), ref: 007B23A6
Part of subcall function 007B2350: DispatchMessageA.USER32(?), ref: 007B23B0
Part of subcall function 007B2350: WaitForSingleObject.KERNEL32(?,00000064), ref: 007B23BE
Part of subcall function 007B2350: CloseHandle.KERNEL32(?), ref: 007B23D0
Part of subcall function 007B2350: DeleteFileA.KERNEL32(?), ref: 007B2441
Part of subcall function 007B2350: _memset.LIBCMT ref: 007B2452
Part of subcall function 007B2350: _memset.LIBCMT ref: 007B2475
Part of subcall function 007B2350: _memset.LIBCMT ref: 007B2485
Part of subcall function 007B2350: _memset.LIBCMT ref: 007B2495
Part of subcall function 007B2350: _memset.LIBCMT ref: 007B24A5
Part of subcall function 007B2350: _memset.LIBCMT ref: 007B24B5

Part of subcall function 007D1CF0: EnterCriticalSection.KERNEL32(-00000008,?,?,007D2069,?,00000000,00000000,?,?,?,?,?,?,?,?,007C78B4), ref: 007D1D12

CloseHandle.KERNEL32(?,?,00000000,00000000,6838016B), ref: 007B20AD
DeleteCriticalSection.KERNEL32(?,?,00000000,00000000,6838016B), ref: 007B20D3
CloseHandle.KERNEL32(?,?,00000000,00000000), ref: 007B210F
DeleteCriticalSection.KERNEL32(?,?,00000000,00000000), ref: 007B2135
DeleteCriticalSection.KERNEL32(?), ref: 007B2157

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memset$CriticalDeleteSection$CloseHandleMessage$ObjectSingleWait$DispatchEnterFilePeekTranslate
String ID:
API String ID: 1833447330-0
Opcode ID: 668e717bbf0ceae840fd4920e42971642cbeb4f409cdbf1587e8845ba1c87617
Instruction ID: fd765888839c1efb8cb67821d03c84430d17caaaa632cedc8e1d6ce2234114d6
Opcode Fuzzy Hash: 668e717bbf0ceae840fd4920e42971642cbeb4f409cdbf1587e8845ba1c87617
Instruction Fuzzy Hash: 6A415CB1905745EBCB10EF65C859B8EFBF8FF18710F500A19E869A3381E774AA04CB91

Uniqueness

Uniqueness Score: -1.00%

Function 007DC7B0 Relevance: 7.6, APIs: 5, Instructions: 105windowsleepsynchronizationCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(0000000A), ref: 007DC7FF
WaitForSingleObject.KERNEL32(?,00000064), ref: 007DC89C
PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 007DC8B1
TranslateMessage.USER32(?), ref: 007DC8BB
DispatchMessageA.USER32(?), ref: 007DC8C5

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: Message$DispatchObjectPeekSingleSleepTranslateWait
String ID:
API String ID: 191415731-0
Opcode ID: fe306714ef6b28353a4fce1c94a01250836b219c239b2425a93fa1c0730de85e
Instruction ID: 502f0ff89547cb83d823d43bd3406e92c92b1ef4f9d21dc5b0813f7f72ad001d
Opcode Fuzzy Hash: fe306714ef6b28353a4fce1c94a01250836b219c239b2425a93fa1c0730de85e
Instruction Fuzzy Hash: A231C371A0020BABDB15CBA8CC49FADF7B8BF15310F140127E524E6391DB78A891DB91

Uniqueness

Uniqueness Score: -1.00%

Function 007AA620 Relevance: 7.6, APIs: 5, Instructions: 104networkCOMMON

Download Yara Rule

APIs

htonl.WS2_32(?), ref: 007AA63B
htons.WS2_32(?), ref: 007AA6A2
htons.WS2_32(?), ref: 007AA6D5
htons.WS2_32(?), ref: 007AA6EE
htons.WS2_32(?), ref: 007AA6F9

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: htons$htonl
String ID:
API String ID: 3369762329-0
Opcode ID: ea9e58208fcf107d63b450e3e62090619fe47e5c1961e22bd3252c8bee3790c1
Instruction ID: 9ee0e0057a4124d94adb0e590fd5a0f8da18c06490fd740389e16260dbd66510
Opcode Fuzzy Hash: ea9e58208fcf107d63b450e3e62090619fe47e5c1961e22bd3252c8bee3790c1
Instruction Fuzzy Hash: 9431AF35909708AFDB248F68D4447BAB3A4FF5A311F10462AEC5DCB290D738A850DBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0077A070 Relevance: 7.6, APIs: 5, Instructions: 101synchronizationnetworkCOMMON

Download Yara Rule

APIs

ResetEvent.KERNEL32(?,6838016B,?,?,?,?,00959B0B,000000FF), ref: 0078E817
_memset.LIBCMT ref: 0078E855
_memset.LIBCMT ref: 0078E894
send.WS2_32(?,?,0000000C,00000000), ref: 0078E8C5
WaitForSingleObject.KERNEL32(?,00000BB8), ref: 0078E8D6

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memset$EventObjectResetSingleWaitsend
String ID:
API String ID: 1000429611-0
Opcode ID: 37927da25a5ea78ceb587bc8aaca77a3277f4dd3e1ea178354b7078decf45d88
Instruction ID: eb12f63c731e69f52d1463219a2834607873bd9137bc6805fbe818339c37088a
Opcode Fuzzy Hash: 37927da25a5ea78ceb587bc8aaca77a3277f4dd3e1ea178354b7078decf45d88
Instruction Fuzzy Hash: 4341D671D00B94DBE720DF58CC49BEAB7B4FB84710F104759E999AA2C1EBB859C4CB50

Uniqueness

Uniqueness Score: -1.00%

Function 007B0A20 Relevance: 7.6, APIs: 5, Instructions: 101COMMON

Download Yara Rule

APIs

Part of subcall function 007B0EC0: WaitForSingleObject.KERNEL32(?,00000064), ref: 007B0EE7
Part of subcall function 007B0EC0: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 007B0F00
Part of subcall function 007B0EC0: TranslateMessage.USER32(?), ref: 007B0F0A
Part of subcall function 007B0EC0: DispatchMessageA.USER32(?), ref: 007B0F14
Part of subcall function 007B0EC0: WaitForSingleObject.KERNEL32(?,00000064), ref: 007B0F22
Part of subcall function 007B0EC0: CloseHandle.KERNEL32(?), ref: 007B0F2F
Part of subcall function 007B0EC0: DeleteFileA.KERNEL32(?), ref: 007B1004
Part of subcall function 007B0EC0: _memset.LIBCMT ref: 007B1015

Part of subcall function 007D1CF0: EnterCriticalSection.KERNEL32(-00000008,?,?,007D2069,?,00000000,00000000,?,?,?,?,?,?,?,?,007C78B4), ref: 007D1D12

CloseHandle.KERNEL32(?,?,00000000,00000000,6838016B), ref: 007B0A94
DeleteCriticalSection.KERNEL32(?,?,00000000,00000000,6838016B), ref: 007B0AB6
CloseHandle.KERNEL32(?,?,00000000,00000000), ref: 007B0AF2
DeleteCriticalSection.KERNEL32(?,?,00000000,00000000), ref: 007B0B1A
DeleteCriticalSection.KERNEL32(?), ref: 007B0B38

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: CriticalDeleteSection$CloseHandleMessage$ObjectSingleWait$DispatchEnterFilePeekTranslate_memset
String ID:
API String ID: 879072588-0
Opcode ID: 6b64ee670b5fcc5bc29761f8eb04be3a38aee6b261837a87ee206ae8d24cbdd8
Instruction ID: 486f27a02fea68b330eac82f54591329516f20b6b1481a49c4fbca579781278f
Opcode Fuzzy Hash: 6b64ee670b5fcc5bc29761f8eb04be3a38aee6b261837a87ee206ae8d24cbdd8
Instruction Fuzzy Hash: 73414D71904745EBC710DFA9C845B9EFBF8FF04724F504619E469A3381EB74AA04CB91

Uniqueness

Uniqueness Score: -1.00%

Function 00848985 Relevance: 7.6, APIs: 5, Instructions: 92COMMON

Download Yara Rule

APIs

Part of subcall function 007C5FF0: _malloc.LIBCMT ref: 007C6007

_memset.LIBCMT ref: 008489B0
_memset.LIBCMT ref: 008489EA
_memcpy_s.LIBCMT ref: 00848A04
CreateDIBSection.GDI32(00000000,00000000,00000000,00000008,00000000,00000000), ref: 00848A1D
_free.LIBCMT ref: 00848A50

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memset$CreateSection_free_malloc_memcpy_s
String ID:
API String ID: 3499028860-0
Opcode ID: 99fce8aee95ec146f7d34ada12637cd3de7d049a61146db2196bd731ab2d03f5
Instruction ID: 6c53aef5761ab84f730ca0a5f2d52b6217a685d7b5411ffc0e88291821dc793f
Opcode Fuzzy Hash: 99fce8aee95ec146f7d34ada12637cd3de7d049a61146db2196bd731ab2d03f5
Instruction Fuzzy Hash: 1A21F2B1900218EBDB20DF69D842F6BB7ACFF04714F04852EF915E3241EAB4ED448BA1

Uniqueness

Uniqueness Score: -1.00%

Function 007AAC10 Relevance: 7.6, APIs: 5, Instructions: 85COMMON

Download Yara Rule

APIs

_strstr.LIBCMT ref: 007AAC1D
_strstr.LIBCMT ref: 007AAC4E
_strstr.LIBCMT ref: 007AAC62
_memmove.LIBCMT ref: 007AAC81
_memmove.LIBCMT ref: 007AACA8

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _strstr$_memmove
String ID:
API String ID: 894065678-0
Opcode ID: c5a14e69c78d133d80d75ff0809d91250cf426b36be2efbf27b9883b928a2ac8
Instruction ID: 420570e5b36004c51a76555fd8422c4d79d51c175b55f278c696f41e07aeaeee
Opcode Fuzzy Hash: c5a14e69c78d133d80d75ff0809d91250cf426b36be2efbf27b9883b928a2ac8
Instruction Fuzzy Hash: 8A1127775082613BEB260924BC05BA6BB4ADAD2374B08066DE88843206E65A5906C3F1

Uniqueness

Uniqueness Score: -1.00%

Function 0077A050 Relevance: 7.6, APIs: 5, Instructions: 71networkCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0078E98D
_memmove.LIBCMT ref: 0078E9A6
_memset.LIBCMT ref: 0078E9C7
_memmove.LIBCMT ref: 0078E9D6
send.WS2_32(000000FF,?,00000050,00000000), ref: 0078E9F2

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memmove_memset$send
String ID:
API String ID: 699141727-0
Opcode ID: f65bec9ec393103fca5023a2feb515723f65be879b0ebac9a82ae63ffa4fecd0
Instruction ID: b5b54581a597ef7b1031233b3f15ce455717dc040d1b9c5e15a16ba088089adc
Opcode Fuzzy Hash: f65bec9ec393103fca5023a2feb515723f65be879b0ebac9a82ae63ffa4fecd0
Instruction Fuzzy Hash: 6C2108B1540618BBE720EB68DC06FEA739CAB04721F000155F6589B1D1DBF4A984C7A6

Uniqueness

Uniqueness Score: -1.00%

Function 007CA4D0 Relevance: 7.6, APIs: 5, Instructions: 55windowCOMMON

Download Yara Rule

APIs

KStop.ARCHIVEPLAYER(000000FF,?,007CC6CD,Invalid handle,00000000,00000000,?,?,?,?,?,?,?,?,00000000,00000748), ref: 007CA4DE
KStopStreaming.ARCHIVEPLAYER(000000FF,000000FF,?,007CC6CD,Invalid handle,00000000,00000000,?,?,?,?,?,?,?,?,00000000), ref: 007CA4E9
KDisconnect.ARCHIVEPLAYER(000000FF,000000FF,000000FF,?,007CC6CD,Invalid handle,00000000,00000000), ref: 007CA4F4
KCloseInterface.ARCHIVEPLAYER(000000FF,000000FF,000000FF,000000FF,?,007CC6CD,Invalid handle,00000000,00000000), ref: 007CA4FF
SendMessageA.USER32 ref: 007CA534

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: Stop$CloseDisconnectInterfaceMessageSendStreaming
String ID:
API String ID: 162833227-0
Opcode ID: b19f983eef6c3c809aa2187dcaed8426b3239c02038aca21018f2cae8305e0c4
Instruction ID: 33529827352bd42a071a07640fccb7be632cd6626644c96756d865c764b756ce
Opcode Fuzzy Hash: b19f983eef6c3c809aa2187dcaed8426b3239c02038aca21018f2cae8305e0c4
Instruction Fuzzy Hash: 79216070654B41D6E7716B38881ABAB7AE1AB45704F00882CF1EE5A2C3CBB924049B96

Uniqueness

Uniqueness Score: -1.00%

Function 007A07C0 Relevance: 7.6, APIs: 5, Instructions: 55networkCOMMON

Download Yara Rule

APIs

getsockname.WS2_32(?,?,?), ref: 007A07E5
htons.WS2_32(?), ref: 007A07F2
GetLastError.KERNEL32 ref: 007A080A
getsockname.WS2_32(?,?,?), ref: 007A0822
htons.WS2_32(?), ref: 007A082F

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: getsocknamehtons$ErrorLast
String ID:
API String ID: 2660464709-0
Opcode ID: 278b668a31bfebbdcb39e186ee4414064fa61772f4c65c197d48d8be3e012e56
Instruction ID: 231694595c9ac4717ac17fb1b153043139ac417ec35d9607984242c6c2527965
Opcode Fuzzy Hash: 278b668a31bfebbdcb39e186ee4414064fa61772f4c65c197d48d8be3e012e56
Instruction Fuzzy Hash: F9117031A1501CABCB10EFA5ED45AFEB7F8EF49311F50016AFC4AA3290DB355914EB80

Uniqueness

Uniqueness Score: -1.00%

Function 00788C40 Relevance: 7.5, APIs: 5, Instructions: 42windowsynchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(00000000,00000064), ref: 00788C68
PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00788C7A
TranslateMessage.USER32(?), ref: 00788C84
DispatchMessageA.USER32(?), ref: 00788C8E
CloseHandle.KERNEL32(00000000), ref: 00788CA5

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: Message$CloseDispatchHandleObjectPeekSingleTranslateWait
String ID:
API String ID: 4180978587-0
Opcode ID: f667af0f9270335d647e2858b5a51c4d7bdcd9f04d9377382683fb31f2aaee88
Instruction ID: fda6792050f685027fb600bbd92275dd3bb9d077f0c484b7eada8f307a4238ba
Opcode Fuzzy Hash: f667af0f9270335d647e2858b5a51c4d7bdcd9f04d9377382683fb31f2aaee88
Instruction Fuzzy Hash: 5D01AF31951309ABDB60ABA8DC88F9BB3FCAB04714F400069E655E22D0DFB8AC45CB70

Uniqueness

Uniqueness Score: -1.00%

Function 0078ECA0 Relevance: 7.5, APIs: 5, Instructions: 39COMMON

Download Yara Rule

APIs

shutdown.WS2_32(000000FF,00000002), ref: 0078ECCB
closesocket.WS2_32(000000FF), ref: 0078ECD2
DeleteCriticalSection.KERNEL32(?,?,?,00778E1A), ref: 0078ECFD
shutdown.WS2_32(000000FF,00000002), ref: 0078ED25
closesocket.WS2_32(000000FF), ref: 0078ED2C

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: closesocketshutdown$CriticalDeleteSection
String ID:
API String ID: 2179659606-0
Opcode ID: a48197ce1c3dd5dcf2cb1e2d07a674620d225964edbbc533b2291c4295671800
Instruction ID: 0f91b77e7e2338b8b382be69b8080049e0db57c7d7c059b923567a9bc32984dd
Opcode Fuzzy Hash: a48197ce1c3dd5dcf2cb1e2d07a674620d225964edbbc533b2291c4295671800
Instruction Fuzzy Hash: AA014C719197408BD3205F69980DB56B7B8FB55330F144B1DE4BA922E0D7786845DF60

Uniqueness

Uniqueness Score: -1.00%

Function 007A08B0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON

Download Yara Rule

APIs

shutdown.WS2_32(?,00000002), ref: 007A08C4
closesocket.WS2_32(?), ref: 007A08CD
_memset.LIBCMT ref: 007A08E5
shutdown.WS2_32(?,00000002), ref: 007A08FE
closesocket.WS2_32(?), ref: 007A0907

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: closesocketshutdown$_memset
String ID:
API String ID: 1004331854-0
Opcode ID: cd0d9290dd27fff8a1783545bcf0fbdeaf64acb249095052c91cffbd005dcf36
Instruction ID: cef44ab2c3c0b173e4f1775bbc5b365bf0c8f316cc778f01d9494f2830296200
Opcode Fuzzy Hash: cd0d9290dd27fff8a1783545bcf0fbdeaf64acb249095052c91cffbd005dcf36
Instruction Fuzzy Hash: 8BF03A70109B01DBD7345FA8ED4AA0677A4AF05730B208B18F5BA96AE1C774A8459B94

Uniqueness

Uniqueness Score: -1.00%

Function 007A0C30 Relevance: 7.5, APIs: 5, Instructions: 30COMMON

Download Yara Rule

APIs

shutdown.WS2_32(?,00000002), ref: 007A0C44
closesocket.WS2_32(?), ref: 007A0C4D
_memset.LIBCMT ref: 007A0C65
shutdown.WS2_32(?,00000002), ref: 007A0C7E
closesocket.WS2_32(?), ref: 007A0C87

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: closesocketshutdown$_memset
String ID:
API String ID: 1004331854-0
Opcode ID: 34f1a74138473a0e35b440bccf17aca14ca223177cb52368456fed66cc3d0ce7
Instruction ID: f92e57041f01630dbc63c4d47a2ce54a2c91399bbccba6c18e8af028cf57b504
Opcode Fuzzy Hash: 34f1a74138473a0e35b440bccf17aca14ca223177cb52368456fed66cc3d0ce7
Instruction Fuzzy Hash: E6F03A70009B01DBC7345FA8ED4AF4A77B4AF05B30F208B08F5BA97AE0D774A8459B50

Uniqueness

Uniqueness Score: -1.00%

Function 007FE400 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON

Download Yara Rule

APIs

_sprintf.LIBCMT ref: 007FE4CE
_strncpy.LIBCMT ref: 007FE540

Strings

%d,, xrefs: 007FE4C3

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _sprintf_strncpy
String ID: %d,
API String ID: 1069910716-4069433177
Opcode ID: baa9681cbca6a6183a9fa3e2da780de893684e2b510644f6c164dc0462405667
Instruction ID: 6abb8cc637606d2bed120c236f8def5483b1842673168231cfc6d7aadf275480
Opcode Fuzzy Hash: baa9681cbca6a6183a9fa3e2da780de893684e2b510644f6c164dc0462405667
Instruction Fuzzy Hash: 97519970900258AFDF14CFA4C884BFEBBB5EB49314F14416DE8026B296E7796945CB61

Uniqueness

Uniqueness Score: -1.00%

Function 007A0120 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 121COMMON

Download Yara Rule

APIs

_strstr.LIBCMT ref: 007A01F3
_strstr.LIBCMT ref: 007A020B

Strings

CSeq:, xrefs: 007A01ED
Cseq:, xrefs: 007A0205

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _strstr
String ID: CSeq:$Cseq:
API String ID: 2882301372-1220783797
Opcode ID: 84a02978bdfb3f96663560bd2b150d2abbb78a0361c65d0ca5f26855c5d45ab2
Instruction ID: a71b0ec3dd68865f9d292c5eb4a2a30aa72a1d9abe61523240523b5541a0747e
Opcode Fuzzy Hash: 84a02978bdfb3f96663560bd2b150d2abbb78a0361c65d0ca5f26855c5d45ab2
Instruction Fuzzy Hash: 9441967190021C9BCF21DB54DC49FEDB368BB9A315F0006E9E59D93181DA749AC5CF90

Uniqueness

Uniqueness Score: -1.00%

Function 007E26C0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 119COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 007E2728
_memmove.LIBCMT ref: 007E27E9

Strings

PRESETSET, xrefs: 007E2778
PRESETGOTO, xrefs: 007E275B

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memmove_memset
String ID: PRESETGOTO$PRESETSET
API String ID: 3555123492-3341356999
Opcode ID: 67beca134e9e8cfbbdcd3b892844552d981f31a0392f8822aa9d23b71c092066
Instruction ID: e24129bb797100a29c6450eddb9403e431a9fb115b2fb6fd035a718ced31cc53
Opcode Fuzzy Hash: 67beca134e9e8cfbbdcd3b892844552d981f31a0392f8822aa9d23b71c092066
Instruction Fuzzy Hash: 6A41C071901218AADF20DF69DC41FEEB3B8FB59310F40819AE94DD7242DE359E89DB90

Uniqueness

Uniqueness Score: -1.00%

Function 007E2AE0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 119COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 007E2B48
_memmove.LIBCMT ref: 007E2C07

Strings

BLC, xrefs: 007E2B7A
BLC, xrefs: 007E2B96

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memmove_memset
String ID: BLC$BLC
API String ID: 3555123492-3328582212
Opcode ID: 51454702493f6c1a4db0855ee8298ecff249a980ec4397c8a1caa7a0224166dc
Instruction ID: c250a489c260a4adf7f2fb3835caeb08aa637f357700bc9834e0e30f61b60314
Opcode Fuzzy Hash: 51454702493f6c1a4db0855ee8298ecff249a980ec4397c8a1caa7a0224166dc
Instruction Fuzzy Hash: 1041E4719012189ADF20DF69DC41BEEB3B8FB59300F50819AE44DE7252DE759EC9CB50

Uniqueness

Uniqueness Score: -1.00%

Function 0077A2C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 94COMMON

Download Yara Rule

APIs

swprintf.LIBCMT ref: 0077A2ED
swprintf.LIBCMT ref: 0077A3E2
swprintf.LIBCMT ref: 0077A4DD

Strings

http://%s:%d/cgi-bin/, xrefs: 0077A4CC

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: swprintf
String ID: http://%s:%d/cgi-bin/
API String ID: 233258989-3528032135
Opcode ID: e9bc186f31c0dae776bf1a8e31d50e8afbf1555527d4262eb3d396236c909401
Instruction ID: d5ab4d1bfe3e9980c4ca471fe750e0a97608995a71f736f47956664c5bba4dd8
Opcode Fuzzy Hash: e9bc186f31c0dae776bf1a8e31d50e8afbf1555527d4262eb3d396236c909401
Instruction Fuzzy Hash: 9A51FC72919BC195EB428F6888C5BF27764BF9A710F0C52B6EDCC5D24BEB684284C371

Uniqueness

Uniqueness Score: -1.00%

Function 007A64E0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 79COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 007A6513
swprintf.LIBCMT ref: 007A65B5

Part of subcall function 007B9150: swprintf.LIBCMT ref: 007B9189
Part of subcall function 007B9150: swprintf.LIBCMT ref: 007B91AE

Strings

DESCRIBE, xrefs: 007A6556
DESCRIBE %s RTSP/%d.%dCSeq: %dAccept: application/sdp%sUser-Agent: %s, xrefs: 007A65AA

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: swprintf$_memset
String ID: DESCRIBE$DESCRIBE %s RTSP/%d.%dCSeq: %dAccept: application/sdp%sUser-Agent: %s
API String ID: 1292703666-645310430
Opcode ID: 6fa5abb425e42168d5e39e8be238f68534fcd9ee3f981d087f6a90003e16a56b
Instruction ID: 39a7584dd0721a3803eaf21d0ace4c8de75211efdc9dd59ea575e14837b1ce80
Opcode Fuzzy Hash: 6fa5abb425e42168d5e39e8be238f68534fcd9ee3f981d087f6a90003e16a56b
Instruction Fuzzy Hash: 7421A0B2900519BBC715DB64DC80FEAF7ACBB55300F000366FA2993145EB316668CBE0

Uniqueness

Uniqueness Score: -1.00%

Function 007964C0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 79COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 007964F3
swprintf.LIBCMT ref: 00796595

Part of subcall function 007B9150: swprintf.LIBCMT ref: 007B9189
Part of subcall function 007B9150: swprintf.LIBCMT ref: 007B91AE

Strings

DESCRIBE, xrefs: 00796536
DESCRIBE %s RTSP/%d.%dCSeq: %dAccept: application/sdp%sUser-Agent: %s, xrefs: 0079658A

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: swprintf$_memset
String ID: DESCRIBE$DESCRIBE %s RTSP/%d.%dCSeq: %dAccept: application/sdp%sUser-Agent: %s
API String ID: 1292703666-645310430
Opcode ID: 9c2fe2c4d0651b432d1814513f675c786e2cc89b8a971d0782c91cd17aeefb6e
Instruction ID: 2ee76f43adb8fb4e8baed431f99d5bfdced3eb9040efaa78fbf9fa8078f915bd
Opcode Fuzzy Hash: 9c2fe2c4d0651b432d1814513f675c786e2cc89b8a971d0782c91cd17aeefb6e
Instruction Fuzzy Hash: 692182B2500119BACB15DB64DC85FE6F7ADBF15300F000266F52997245EB7467588BE1

Uniqueness

Uniqueness Score: -1.00%

Function 0079E740 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 79COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0079E773
swprintf.LIBCMT ref: 0079E815

Part of subcall function 007B9150: swprintf.LIBCMT ref: 007B9189
Part of subcall function 007B9150: swprintf.LIBCMT ref: 007B91AE

Strings

OPTIONS, xrefs: 0079E7B6
OPTIONS %s RTSP/%d.%dCSeq: %d%sUser-Agent: %s, xrefs: 0079E80A

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: swprintf$_memset
String ID: OPTIONS$OPTIONS %s RTSP/%d.%dCSeq: %d%sUser-Agent: %s
API String ID: 1292703666-1189510008
Opcode ID: f732f87933008b4f26fb9af8a32ea741cb43182546bf75997d31b3a784b5e173
Instruction ID: d1f15444c0d55eda562a2c356e458c81da93526fb2d7be39be222b6a5e0f462d
Opcode Fuzzy Hash: f732f87933008b4f26fb9af8a32ea741cb43182546bf75997d31b3a784b5e173
Instruction Fuzzy Hash: 8121A6B2601119BBCB15DB54DC85FEAF3ACBB15310F004266F62DD3141EB74AA548BE1

Uniqueness

Uniqueness Score: -1.00%

Function 007CCB60 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66COMMON

Download Yara Rule

APIs

CreateSolidBrush.GDI32(00000000), ref: 007CCBD1

Part of subcall function 00803E70: __EH_prolog3_catch.LIBCMT ref: 00803E77
Part of subcall function 00803E70: GetClassInfoA.USER32(75C98508,78418B28,00000000), ref: 00803E89

GetSystemMetrics.USER32(00000000), ref: 007CCBF0
GetSystemMetrics.USER32(00000001), ref: 007CCBFB

Strings

CVideoWindow, xrefs: 007CCC19

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: MetricsSystem$BrushClassCreateH_prolog3_catchInfoSolid
String ID: CVideoWindow
API String ID: 4084342392-1478591617
Opcode ID: 835cff7457e4ab90b4adc9d467b6e0647ebdb6ba3b15b0a134af7b9cb5247546
Instruction ID: 26164390c5b3bcea47d3d32b4f866888471dad3522c6b38a34aca91715c1cc4b
Opcode Fuzzy Hash: 835cff7457e4ab90b4adc9d467b6e0647ebdb6ba3b15b0a134af7b9cb5247546
Instruction Fuzzy Hash: 79213CB1E44305ABDB10DFA9DC45B9DBBF8FB48710F20421AF510A63D0EBB4A540CB54

Uniqueness

Uniqueness Score: -1.00%

Function 007C2FA0 Relevance: 6.4, APIs: 4, Instructions: 432COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 007C3130
_malloc.LIBCMT ref: 007C314D
_free.LIBCMT ref: 007C336A
_malloc.LIBCMT ref: 007C3383

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _free_malloc
String ID:
API String ID: 845055658-0
Opcode ID: 31bce6e7a558acba0b4f6518e9b3bb131259e18419f8ea2e9a815d07808ac748
Instruction ID: a3374e237551a74293b140db7b9ea68131450179fc8dcb9e72dfdff492307ef7
Opcode Fuzzy Hash: 31bce6e7a558acba0b4f6518e9b3bb131259e18419f8ea2e9a815d07808ac748
Instruction Fuzzy Hash: E60202B56047419FCB25CF29C581B2BBBE1BF88304F14896EE8999B351D734EA50CF52

Uniqueness

Uniqueness Score: -1.00%

Function 007C2B60 Relevance: 6.4, APIs: 4, Instructions: 360COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 007C2C9E
_malloc.LIBCMT ref: 007C2CBA
_free.LIBCMT ref: 007C2DF3
_malloc.LIBCMT ref: 007C2E0C

Part of subcall function 0040D6B0: VirtualFree.KERNEL32 ref: 0040D81F
Part of subcall function 0040D6B0: VirtualFree.KERNEL32 ref: 0040D844

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: FreeVirtual_free_malloc
String ID:
API String ID: 723007099-0
Opcode ID: bd1f03eff116f69fd67c1875be06cabebf570d28e8825e95d7354b61ce72cc96
Instruction ID: 49afe656c7d45fcd17f145828454e89110bfb35d6578ab002b3ac0c592c734fa
Opcode Fuzzy Hash: bd1f03eff116f69fd67c1875be06cabebf570d28e8825e95d7354b61ce72cc96
Instruction Fuzzy Hash: EFE112B5A00609DFCB24CF58D981BAABBF1FF48300F14456EE819AB356D735E941DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 00794950 Relevance: 6.1, APIs: 4, Instructions: 143COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 007949E0
_memmove.LIBCMT ref: 00794A16
_memmove.LIBCMT ref: 00794AC1
_memmove.LIBCMT ref: 00794B1E

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memmove
String ID:
API String ID: 4104443479-0
Opcode ID: 0a211743bb04db475156d7fa1c9bd4c54fa0f2b494ab29d23c7c860cd1725c70
Instruction ID: 47f59449dc363ee2e4c98dda96b45fa6f0e183dfb67ce3a5b5bb6600f281bc17
Opcode Fuzzy Hash: 0a211743bb04db475156d7fa1c9bd4c54fa0f2b494ab29d23c7c860cd1725c70
Instruction Fuzzy Hash: A951C172904B858AD331CF1CD840796BBE0AF66300F05CA6DE8DA67742E775E689C791

Uniqueness

Uniqueness Score: -1.00%

Function 00932016 Relevance: 6.1, APIs: 4, Instructions: 136COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 009320AC
__flush.LIBCMT ref: 009320CC
__write.LIBCMT ref: 009320FF
__flsbuf.LIBCMT ref: 0093212D

Part of subcall function 0092F66F: __getptd_noexit.LIBCMT ref: 0092F66F

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: __flsbuf__flush__getptd_noexit__write_memmove
String ID:
API String ID: 2782032738-0
Opcode ID: e65442a150b882e73c2a119cfcecbd600c6c15dbcba83df7e500aed34af6d209
Instruction ID: aac0d373f6e1de54917210151f90c0d86ea48b275876981431da02767484ec36
Opcode Fuzzy Hash: e65442a150b882e73c2a119cfcecbd600c6c15dbcba83df7e500aed34af6d209
Instruction Fuzzy Hash: EA41C331B04706AFDB1C8FA9C980AAE7BAAAF853A0F24853DE915C7250DA75DD45CF40

Uniqueness

Uniqueness Score: -1.00%

Function 007A4580 Relevance: 6.1, APIs: 4, Instructions: 124COMMON

Download Yara Rule

APIs

__time64.LIBCMT ref: 007A45DF

Part of subcall function 00953F46: GetSystemTimeAsFileTime.KERNEL32(0078ACDC,?,?,?,0078ACDC,00000000), ref: 00953F4F
Part of subcall function 00953F46: __aulldiv.LIBCMT ref: 00953F6F

select.WS2_32(00000000,?,00000000,00000000,00000003), ref: 007A468F
__WSAFDIsSet.WS2_32(000000FF,00000001), ref: 007A46A2
__WSAFDIsSet.WS2_32(?,00000001), ref: 007A46DA

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: Time$FileSystem__aulldiv__time64select
String ID:
API String ID: 702641846-0
Opcode ID: a6434af232f2987e34b31022d766d11d237d72fb50b890bfcefe91eb73ce701c
Instruction ID: ec231293c0c16b9381b7a6a1569b17a17aed8ca3c851c0342bc7e793035fedad
Opcode Fuzzy Hash: a6434af232f2987e34b31022d766d11d237d72fb50b890bfcefe91eb73ce701c
Instruction Fuzzy Hash: 00418C71608701CBD728DF28D845B6AB3E5BBCB314F100B2DE49AC3691D7BAE905CB56

Uniqueness

Uniqueness Score: -1.00%

Function 0078E3A0 Relevance: 6.1, APIs: 4, Instructions: 103COMMON

Download Yara Rule

APIs

__time64.LIBCMT ref: 0078E3CC

Part of subcall function 00953F46: GetSystemTimeAsFileTime.KERNEL32(0078ACDC,?,?,?,0078ACDC,00000000), ref: 00953F4F
Part of subcall function 00953F46: __aulldiv.LIBCMT ref: 00953F6F

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: Time$FileSystem__aulldiv__time64
String ID:
API String ID: 2893107130-0
Opcode ID: 1f33c36f887e3fa4b47f5528685c082459fdef55540fb19a68fbbcca0c25a730
Instruction ID: 5485e60889e7a25f3fdff3a39a1038c9170d3ad47a134ce4f76a3fa1b5a70946
Opcode Fuzzy Hash: 1f33c36f887e3fa4b47f5528685c082459fdef55540fb19a68fbbcca0c25a730
Instruction Fuzzy Hash: 1B314E71A40168ABCF24EB68EC46BEDB378EF45320F10029AF94D97181DB786E85D7D1

Uniqueness

Uniqueness Score: -1.00%

Function 0078C110 Relevance: 6.1, APIs: 4, Instructions: 102networkCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0078C13B
send.WS2_32(?,?,00000080,00000000), ref: 0078C1CA
_memset.LIBCMT ref: 0078C1EF

Part of subcall function 0079C6C0: recv.WS2_32(?,00000000,0078A5CC,00000000), ref: 0079C6D7
Part of subcall function 0079C6C0: WSAGetLastError.WS2_32(?,0078A5CC,00000000,0000000D), ref: 0079C6E1
Part of subcall function 0079C6C0: shutdown.WS2_32(?,00000002), ref: 0079C701
Part of subcall function 0079C6C0: closesocket.WS2_32(?), ref: 0079C708

WSAGetLastError.WS2_32(?,00000080), ref: 0078C255

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: ErrorLast_memset$closesocketrecvsendshutdown
String ID:
API String ID: 687015408-0
Opcode ID: 38bce758be0d350f4fa6b58a41f0f9da823e5e4384490294a9ded96ba96a7bc7
Instruction ID: 7ab96b501583e2aafe540dcfedcc6cb45887131d2b35d2f04d7a1f7f4abded9b
Opcode Fuzzy Hash: 38bce758be0d350f4fa6b58a41f0f9da823e5e4384490294a9ded96ba96a7bc7
Instruction Fuzzy Hash: 57419B72A0878096D721DB68D846BEBB7A4FFD9310F10472DEDD89A281EF745548C3A2

Uniqueness

Uniqueness Score: -1.00%

Function 00788300 Relevance: 6.1, APIs: 4, Instructions: 101COMMON

Download Yara Rule

APIs

SetEvent.KERNEL32(?), ref: 007883C2
DeleteCriticalSection.KERNEL32(?), ref: 00788439
shutdown.WS2_32(?,00000002), ref: 00788463
closesocket.WS2_32(?), ref: 0078846A

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: CriticalDeleteEventSectionclosesocketshutdown
String ID:
API String ID: 1029466065-0
Opcode ID: 183559593e402e785228538473eb36c60f4c3ce39aab344b4a6953ebb7a961f5
Instruction ID: 3684e98deb1d4737e0e85d70979779ef2447af411433184f43b1eeab49238ef1
Opcode Fuzzy Hash: 183559593e402e785228538473eb36c60f4c3ce39aab344b4a6953ebb7a961f5
Instruction Fuzzy Hash: 9A4183B1701A06ABD714DF64D888B9AF7A8FF04328F144715E829977D0EB78B918CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 0078E6A0 Relevance: 6.1, APIs: 4, Instructions: 91networkCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0078E724
_memset.LIBCMT ref: 0078E751
_memmove.LIBCMT ref: 0078E76B
send.WS2_32(000000FF,?,?,00000000), ref: 0078E786

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memset$_memmovesend
String ID:
API String ID: 3966344026-0
Opcode ID: d105c1f066e1e645e25933f6cad1e53ca14359a629dc9f43751c11b131f0d99f
Instruction ID: c4ed5e211f0b583eca152f811017fd0ae97d32400cc4b2478dc0093120b6e384
Opcode Fuzzy Hash: d105c1f066e1e645e25933f6cad1e53ca14359a629dc9f43751c11b131f0d99f
Instruction Fuzzy Hash: 6C314871D40268ABDB30EB68DC49BDEB7A4EF55310F100195F948A7281D7B99EC4CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 00814BA0 Relevance: 6.1, APIs: 4, Instructions: 91windowCOMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00814BA7
CoTaskMemFree.OLE32(?,?), ref: 00814BEE
GetParent.USER32(?), ref: 00814C4E
SendMessageA.USER32(?,00000464,00000104,00000000), ref: 00814C64

Part of subcall function 00810A9F: __EH_prolog3.LIBCMT ref: 00810AA6

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: H_prolog3$FreeMessageParentSendTask
String ID:
API String ID: 2222212998-0
Opcode ID: 0f0be20dc9750d8a76794698901175cd0000b3ce4b0fdfc59e8a299db235efc9
Instruction ID: 7cf8e7db3490b0d516375d185e95b643ce9cae0e0fd92781694e77ae4eebef8f
Opcode Fuzzy Hash: 0f0be20dc9750d8a76794698901175cd0000b3ce4b0fdfc59e8a299db235efc9
Instruction Fuzzy Hash: 86314D71A0121ADBCF14EFA8CC85EAEB778FF54324B14461CF525A72E2DB34A940CB95

Uniqueness

Uniqueness Score: -1.00%

Function 00780290 Relevance: 6.1, APIs: 4, Instructions: 89COMMON

Download Yara Rule

APIs

Part of subcall function 00781E30: Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception.LIBCPMT ref: 00781E60

InitializeCriticalSectionAndSpinCount.KERNEL32(00006774,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00780327
GetLastError.KERNEL32(?,?,00000000), ref: 00780331
CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 0078038A
ResetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00780394

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: Event$Concurrency::details::_Concurrent_queue_base_v4::_CountCreateCriticalErrorInitializeInternal_throw_exceptionLastResetSectionSpin
String ID:
API String ID: 26333842-0
Opcode ID: 3775e1397dfd97476c06edefdcd5482fc7fa192533e5ac4876cdde8008cfb687
Instruction ID: 69c1ede53b6cb14667fbbe6e29a0c0d1ff7d6b31d11f35c1d20390a903020933
Opcode Fuzzy Hash: 3775e1397dfd97476c06edefdcd5482fc7fa192533e5ac4876cdde8008cfb687
Instruction Fuzzy Hash: 713149B0644B05EBD710EF65C809B5AFBB8FB04714F108219E9199BB80D7B9A9148BD1

Uniqueness

Uniqueness Score: -1.00%

Function 007F6B20 Relevance: 6.1, APIs: 4, Instructions: 76COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 007F6BD0
_memset.LIBCMT ref: 007F6BE3
_memset.LIBCMT ref: 007F6C01
_memset.LIBCMT ref: 007F6C1F

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memset
String ID:
API String ID: 2102423945-0
Opcode ID: 906be4b4a00aa31600f467983d218176ba682c6f0800a5ce3d0736ea8c775305
Instruction ID: 1f234843dbbbdfa62f8f3184e1fd4c0193176e89d16ff17f92497ac21ff24cc0
Opcode Fuzzy Hash: 906be4b4a00aa31600f467983d218176ba682c6f0800a5ce3d0736ea8c775305
Instruction Fuzzy Hash: 45314BB1114200AFDB12DFA4D8C5B9677ECEF08704F4441BAED188F28AEB7566088B65

Uniqueness

Uniqueness Score: -1.00%

Function 007C8BA0 Relevance: 6.1, APIs: 4, Instructions: 62windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00809E07: EnableWindow.USER32(?,007BC6AB), ref: 00809E19

SendMessageA.USER32(?,000000F1,00000000,00000000), ref: 007C8C05
SendMessageA.USER32(?,000000F1,00000000,00000000), ref: 007C8C1A
SendMessageA.USER32(?,000000F1,00000000,00000000), ref: 007C8C2F
SendMessageA.USER32(?,00000405,00000001,00000000), ref: 007C8C48

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: MessageSend$EnableWindow
String ID:
API String ID: 1554173715-0
Opcode ID: 4f1c8c10a4c95eae80b862ea090097e1f3316878b95f1f9a2288fb6d2e2bd574
Instruction ID: bfc84d07ee3829937221f68321617235a9f6476f5814686d63b981b3a2298fe7
Opcode Fuzzy Hash: 4f1c8c10a4c95eae80b862ea090097e1f3316878b95f1f9a2288fb6d2e2bd574
Instruction Fuzzy Hash: C01181751817006AD270A728EC42FF77BA8FB91B00F10056CF2D7A50E29DA23A80DA64

Uniqueness

Uniqueness Score: -1.00%

Function 0078C600 Relevance: 6.1, APIs: 4, Instructions: 56COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0078C62A
_memset.LIBCMT ref: 0078C641
_memset.LIBCMT ref: 0078C653
_memset.LIBCMT ref: 0078C681

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memset
String ID:
API String ID: 2102423945-0
Opcode ID: 74eb64cc1541fbfe0296be2ccfd36843cfbe81e8431e00ad89e5bf7ad14a8c4a
Instruction ID: 784b9d3a833c60fe3155261003ac596077f70cc44c7022e4c90ce2199cfdf7be
Opcode Fuzzy Hash: 74eb64cc1541fbfe0296be2ccfd36843cfbe81e8431e00ad89e5bf7ad14a8c4a
Instruction Fuzzy Hash: 7001CCB1A40701BBD211EB5CEC41F9AB768AFA5700F100225F50496686FB74F599C7F4

Uniqueness

Uniqueness Score: -1.00%

Function 0078EA90 Relevance: 6.1, APIs: 4, Instructions: 55networkCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0078EABF
ResetEvent.KERNEL32(?), ref: 0078EACD
_memset.LIBCMT ref: 0078EAFC
send.WS2_32(?,?,0000000C,00000000), ref: 0078EB2D

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memset$EventResetsend
String ID:
API String ID: 1880740665-0
Opcode ID: 2890da0eed71dc62334518df73d4e2005a3b2dd4efc4bc8134c7869575f56134
Instruction ID: 778f6d5dff75cc1c8e11cd03413feb93d40fa0662649877e47b4ee7aaa1607d9
Opcode Fuzzy Hash: 2890da0eed71dc62334518df73d4e2005a3b2dd4efc4bc8134c7869575f56134
Instruction Fuzzy Hash: 3811CA70501254ABD720EB68DC06BDDB7B4EF44700F004158F6689B2D1DBF5AA95DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 007A0340 Relevance: 6.1, APIs: 4, Instructions: 54networkCOMMON

Download Yara Rule

APIs

getsockname.WS2_32(?,?,?), ref: 007A0363
htons.WS2_32(?), ref: 007A0370
getsockname.WS2_32(?,?,?), ref: 007A0398
htons.WS2_32(?), ref: 007A03A5

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: getsocknamehtons
String ID:
API String ID: 300858678-0
Opcode ID: 79e20558bb582c337009845ae8a171c8071a121efcf9ed87ad97462bade319ba
Instruction ID: d674248c84b6719c9129c9e4010d44e4c0b89d15ac6d528d19d200eb16022e1f
Opcode Fuzzy Hash: 79e20558bb582c337009845ae8a171c8071a121efcf9ed87ad97462bade319ba
Instruction Fuzzy Hash: E101823161501CABCB00EFA5E905AFEB7BCEF5A311F10025AFC06A3290DB345A14AB90

Uniqueness

Uniqueness Score: -1.00%

Function 0078E4C0 Relevance: 6.1, APIs: 4, Instructions: 54networkCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0078E4EF
ResetEvent.KERNEL32(?), ref: 0078E4FD
_memset.LIBCMT ref: 0078E52C
send.WS2_32(?,?,0000000C,00000000), ref: 0078E55D

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memset$EventResetsend
String ID:
API String ID: 1880740665-0
Opcode ID: 72646341ce57f7c6a98f5bafef2162ce9078e86d733c685744394d4f04b2ec58
Instruction ID: 49d04ae3c0563a00f935101c57eafaf9f9a7493abddf1a0d11f618b24781c330
Opcode Fuzzy Hash: 72646341ce57f7c6a98f5bafef2162ce9078e86d733c685744394d4f04b2ec58
Instruction Fuzzy Hash: 6C110A70501214ABD720EB68EC06BDDB774EF44700F000298F6189B2D1DBF5AA949B91

Uniqueness

Uniqueness Score: -1.00%

Function 007BC4F0 Relevance: 6.1, APIs: 4, Instructions: 51COMMON

Download Yara Rule

APIs

SelectObject.GDI32(?,?), ref: 007BC546
DeleteObject.GDI32(00000000), ref: 007BC54D
DeleteDC.GDI32(?), ref: 007BC556
DeleteObject.GDI32(?), ref: 007BC579

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: DeleteObject$Select
String ID:
API String ID: 207189511-0
Opcode ID: e9030c5256e9867309f61431ff88a51fa0c48dde5eb53978e1b9ca06aaa64203
Instruction ID: ac6a483388f7f4c2a6f7034816264f51f72d7000a8949c4ee2e30fae762cf7bf
Opcode Fuzzy Hash: e9030c5256e9867309f61431ff88a51fa0c48dde5eb53978e1b9ca06aaa64203
Instruction Fuzzy Hash: C91106B15147419FDB208F65D948B5BBBE8FF08718F108A5DE462C7B90D7BAE800CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0080A323 Relevance: 6.0, APIs: 4, Instructions: 43COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 0080A32A
GetWindowTextA.USER32(?,00000000,00000000), ref: 0080A341
__cftof.LIBCMT ref: 0080A375
_strlen.LIBCMT ref: 0080A388

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: H_prolog3TextWindow__cftof_strlen
String ID:
API String ID: 721212129-0
Opcode ID: 168a3b11a529152f093fe28567c4745b5bdba6cc33649ca3c4b0dcf3d15b5eea
Instruction ID: c5c5f554891d65d1395ba94b5cc44f0b32f5bf6bccc29d73549352ce87e1a159
Opcode Fuzzy Hash: 168a3b11a529152f093fe28567c4745b5bdba6cc33649ca3c4b0dcf3d15b5eea
Instruction Fuzzy Hash: 2E01D476400119EBCF05EBA4DC15EAE7775FF44720B15822CF515A72E5DB31A910CB91

Uniqueness

Uniqueness Score: -1.00%

Function 007820E0 Relevance: 6.0, APIs: 4, Instructions: 42COMMON

Download Yara Rule

APIs

Part of subcall function 0079E430: shutdown.WS2_32(?,00000002), ref: 0079E44D
Part of subcall function 0079E430: closesocket.WS2_32(?), ref: 0079E454
Part of subcall function 0079E430: swprintf.LIBCMT ref: 0079E46B
Part of subcall function 0079E430: _memset.LIBCMT ref: 0079E4A6

_memset.LIBCMT ref: 00782122
_memset.LIBCMT ref: 00782138
shutdown.WS2_32(?,00000002), ref: 00782158
closesocket.WS2_32(?), ref: 0078215F

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memset$closesocketshutdown$swprintf
String ID:
API String ID: 3870429283-0
Opcode ID: e9de87721f67105eb13fdd45031c2e20fb25d5d34c8e9121e4ef36f2c2f9c524
Instruction ID: 2b6114221a7fb8010fdfff88356b10598509b6719031e162244666abbaafdfe9
Opcode Fuzzy Hash: e9de87721f67105eb13fdd45031c2e20fb25d5d34c8e9121e4ef36f2c2f9c524
Instruction Fuzzy Hash: EE01F971A41304D7D730AB659C4AB9BB3E8EF44B31F340919F365D21D2EBB4E5428750

Uniqueness

Uniqueness Score: -1.00%

Function 0081627F Relevance: 6.0, APIs: 4, Instructions: 41networkCOMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00816286
GetLastError.KERNEL32(00000000,00815C34,?,00000000,?,?,?,?,?,?,00000004,007F1C87,?,?,?,?), ref: 00816292
__CxxThrowException@8.LIBCMT ref: 008162CE
InternetCloseHandle.WININET(00000000), ref: 008162E0

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: CloseErrorException@8H_prolog3HandleInternetLastThrow
String ID:
API String ID: 3257456058-0
Opcode ID: 90cb55bd1c4f49a09510fa1dc781ec15297cbbba55c4c39390d7c5f140e4ed36
Instruction ID: 88413b79d2ec1a06f14b9b17b788ec9a50d64703f843be5b340e247c160ff993
Opcode Fuzzy Hash: 90cb55bd1c4f49a09510fa1dc781ec15297cbbba55c4c39390d7c5f140e4ed36
Instruction Fuzzy Hash: 4C014F76901724ABCB24AF68D8057A937E9FF44720F11C66DF9A9DB280DB759D408B40

Uniqueness

Uniqueness Score: -1.00%

Function 0079E430 Relevance: 6.0, APIs: 4, Instructions: 41COMMON

Download Yara Rule

APIs

shutdown.WS2_32(?,00000002), ref: 0079E44D
closesocket.WS2_32(?), ref: 0079E454
swprintf.LIBCMT ref: 0079E46B
_memset.LIBCMT ref: 0079E4A6

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memsetclosesocketshutdownswprintf
String ID:
API String ID: 2215933679-0
Opcode ID: afdd5e26eec13f277241bb6e04a6177e53e1119ac98f14894442cd044293ab8d
Instruction ID: db510b518a7e6714ebd852540238a5ea705831a83162885a79dbbb658ed0bccb
Opcode Fuzzy Hash: afdd5e26eec13f277241bb6e04a6177e53e1119ac98f14894442cd044293ab8d
Instruction Fuzzy Hash: 3B01F47110178097DB30CBB9ED45BDBB3ECAF41B30F14451AF5BAD22E1E7A8A4858B11

Uniqueness

Uniqueness Score: -1.00%

Function 007B4720 Relevance: 6.0, APIs: 4, Instructions: 40networkCOMMON

Download Yara Rule

APIs

recvfrom.WS2_32(000000FF,?,00040000,00000000,?,?), ref: 007B4744
WSAGetLastError.WS2_32(?,00790B22,?,?), ref: 007B474E
shutdown.WS2_32(000000FF,00000002), ref: 007B476E
closesocket.WS2_32(000000FF), ref: 007B4775

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: ErrorLastclosesocketrecvfromshutdown
String ID:
API String ID: 758111957-0
Opcode ID: dc58d2b974bb7b0207df6e88e59f784baac9098c63a23bd80a311746c50162a7
Instruction ID: 8cef5c91f9ddf763b58cf5d76788094e0e010e606c4e6a6575752602df08df8c
Opcode Fuzzy Hash: dc58d2b974bb7b0207df6e88e59f784baac9098c63a23bd80a311746c50162a7
Instruction Fuzzy Hash: 16F0C232119600A7C2245BBCEC48FE6B7ADAF46730F64471EF27AD25E1DB60A840D790

Uniqueness

Uniqueness Score: -1.00%

Function 007B4930 Relevance: 6.0, APIs: 4, Instructions: 40networkCOMMON

Download Yara Rule

APIs

recvfrom.WS2_32(?,?,00040000,00000000,?,?), ref: 007B4954
WSAGetLastError.WS2_32(?,00790F27,?,?,?,?,?,?), ref: 007B495E
shutdown.WS2_32(?,00000002), ref: 007B497E
closesocket.WS2_32(?), ref: 007B4985

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: ErrorLastclosesocketrecvfromshutdown
String ID:
API String ID: 758111957-0
Opcode ID: f2a7d2890f00f3877c916bd80096811bb9e8ccd94643be0698ec913054168734
Instruction ID: 2e926174ddf0f06f984ddf4490d977273eca5242e209a11f2ed76ffec24d6a00
Opcode Fuzzy Hash: f2a7d2890f00f3877c916bd80096811bb9e8ccd94643be0698ec913054168734
Instruction Fuzzy Hash: 4FF0C272118600A7C2245BBCEC48FE7B7ADAF45770F24471EF27AD29E0C764B8409750

Uniqueness

Uniqueness Score: -1.00%

Function 007AAEF0 Relevance: 6.0, APIs: 4, Instructions: 38COMMON

Download Yara Rule

APIs

shutdown.WS2_32(00000000,00000002), ref: 007AAF0D
closesocket.WS2_32(00000000), ref: 007AAF14
_memset.LIBCMT ref: 007AAF3A
_memset.LIBCMT ref: 007AAF4D

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memset$closesocketshutdown
String ID:
API String ID: 2108469968-0
Opcode ID: 04744a7b67dae4c2eba1449ebe717338f2baf957376950a3a9827675b9a8a830
Instruction ID: 15efc9813371c1e155d8e950cdfee5d23db9eabea63e5d120b44f9a772d7b1c3
Opcode Fuzzy Hash: 04744a7b67dae4c2eba1449ebe717338f2baf957376950a3a9827675b9a8a830
Instruction Fuzzy Hash: F401A471201700AFD3249B69DC49F9A77E8AF46720F14860DF1769B2E1C7B4E484CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0079C6C0 Relevance: 6.0, APIs: 4, Instructions: 36networkCOMMON

Download Yara Rule

APIs

recv.WS2_32(?,00000000,0078A5CC,00000000), ref: 0079C6D7
WSAGetLastError.WS2_32(?,0078A5CC,00000000,0000000D), ref: 0079C6E1
shutdown.WS2_32(?,00000002), ref: 0079C701
closesocket.WS2_32(?), ref: 0079C708

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: ErrorLastclosesocketrecvshutdown
String ID:
API String ID: 1486353823-0
Opcode ID: d6d64e6cb4e8b7203f841573d84098560470db3445a1cf740acc4171485e5a03
Instruction ID: 771264123a97d2477332a0f8b7d24a8d774170d44c8b5d35cc0e2ec3e50bd615
Opcode Fuzzy Hash: d6d64e6cb4e8b7203f841573d84098560470db3445a1cf740acc4171485e5a03
Instruction Fuzzy Hash: DBF0B43211950077DA155BFCAC48A49B72DBF41331B244316F578D26E0C7749C519BA0

Uniqueness

Uniqueness Score: -1.00%

Function 00954C70 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 203COMMON

Download Yara Rule

Strings

,iB, xrefs: 00954CFF
log, xrefs: 00954D42, 00954DAE

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID:
String ID: ,iB$log
API String ID: 0-3348582547
Opcode ID: aa5749a22969d39e7108d1d50b469034c97402e5625fd04af76964ec8ced80e8
Instruction ID: 5bcf287832def6e019418c20d2081eb520ad2e172bc7a1af01703b3646e0086b
Opcode Fuzzy Hash: aa5749a22969d39e7108d1d50b469034c97402e5625fd04af76964ec8ced80e8
Instruction Fuzzy Hash: 2E711320928B404DD762DB39D42137AB3ECBF613C5F11DB2BEC96615A5EB3899C78601

Uniqueness

Uniqueness Score: -1.00%

Function 0079E4C0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 136COMMON

Download Yara Rule

Strings

Content-Length:, xrefs: 0079E588

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID:
String ID: Content-Length:
API String ID: 0-1197855069
Opcode ID: 5a5878e39305fdc04dc11a6f38ac294bcb66a53e93f589c778ab55b436865d28
Instruction ID: abbace7bc376c85148213812399c7dcebe0f0e0b0fda2d01c8566196f3adfe9b
Opcode Fuzzy Hash: 5a5878e39305fdc04dc11a6f38ac294bcb66a53e93f589c778ab55b436865d28
Instruction Fuzzy Hash: EC411572A042559FCF31CE18EC4476677E4EF62328F1501A9F801CB251E779DDA1C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 00794710 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 007947CC
Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception.LIBCPMT ref: 00794806

Strings

vector<T> too long, xrefs: 00794778

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception_memmove
String ID: vector<T> too long
API String ID: 2765667529-3788999226
Opcode ID: b86fe54c0a78172f898cf112bd07717a5e789ab7769348e9615b229cb9a97afd
Instruction ID: 6ca6a68aba7bacf00a1dca9fa65309a59d53a3ad9f1b2e4e1a02bc71e63d4d09
Opcode Fuzzy Hash: b86fe54c0a78172f898cf112bd07717a5e789ab7769348e9615b229cb9a97afd
Instruction Fuzzy Hash: 9B31F572B0062D5BCB00DEBDEC84DAAB799EB85760724863AE918C7244D771E912C7D0

Uniqueness

Uniqueness Score: -1.00%

Function 007FEC00 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 007FEBBF
Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception.LIBCPMT ref: 007FEBF6

Part of subcall function 00948D10: std::exception::exception.LIBCMT ref: 00948D26
Part of subcall function 00948D10: __CxxThrowException@8.LIBCMT ref: 00948D3B

Strings

vector<T> too long, xrefs: 007FEC60

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: Concurrency::details::_Concurrent_queue_base_v4::_Exception@8Internal_throw_exceptionThrow_memmovestd::exception::exception
String ID: vector<T> too long
API String ID: 3224774664-3788999226
Opcode ID: d96ddfadb316fac0916e04c1f325b5fbbe795c9b2ede6fd24615f181265186da
Instruction ID: 48bba37c2467aecbbd3d02637eb539b9ea7cf53b7240a77340a554ad09b75382
Opcode Fuzzy Hash: d96ddfadb316fac0916e04c1f325b5fbbe795c9b2ede6fd24615f181265186da
Instruction Fuzzy Hash: C62107727001285F8711DE6DDC8487A7B9AEAC4760328823AEE19CB359D630EC05C7E1

Uniqueness

Uniqueness Score: -1.00%

Function 007E0320 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 90COMMON

Download Yara Rule

APIs

_sprintf.LIBCMT ref: 007E0361

Strings

ME=, xrefs: 007E0388
TITLE_NAME, xrefs: 007E035B

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _sprintf
String ID: ME=$TITLE_NAME
API String ID: 1467051239-129296734
Opcode ID: 9b697d122eec51e2b9441ad44a4fc45f0932fd8e235a19d477cc261bb81f8236
Instruction ID: ac42c15fc7710598caed2cb8bf0591fa17992726d231c1529b6b53b4541d9d15
Opcode Fuzzy Hash: 9b697d122eec51e2b9441ad44a4fc45f0932fd8e235a19d477cc261bb81f8236
Instruction Fuzzy Hash: 1C310A7190029D9BCF14DFA4DD54AFEB7B8EB8A310F1041AAD949D7341EA34AE48CB91

Uniqueness

Uniqueness Score: -1.00%

Function 007E04B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 77COMMON

Download Yara Rule

APIs

_sprintf.LIBCMT ref: 007E04ED

Strings

BRIGHTNESS, xrefs: 007E04E7
SS=, xrefs: 007E0510

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _sprintf
String ID: BRIGHTNESS$SS=
API String ID: 1467051239-3205083591
Opcode ID: d261d67706758e151eda78b72bb4706338571ac69c5d5ccf1871f81576be8cca
Instruction ID: 6b22de9c276afe4190ef29b45f735014c98853bfa7d362cc39fdcf0d4b438632
Opcode Fuzzy Hash: d261d67706758e151eda78b72bb4706338571ac69c5d5ccf1871f81576be8cca
Instruction Fuzzy Hash: 4D21D8B190015C9BCF14DB69EC55DEDB778DB95310F0041BAD909D7241EB74AE88CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 007E0770 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 77COMMON

Download Yara Rule

APIs

_sprintf.LIBCMT ref: 007E07AD

Strings

ON=, xrefs: 007E07D0
SATURATION, xrefs: 007E07A7

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _sprintf
String ID: ON=$SATURATION
API String ID: 1467051239-4278301861
Opcode ID: 20757390c726bf27b4942edc55686fe8eb33af17fb92abdc18f456f34f479a35
Instruction ID: 983ea32d7806e86ecbeb0c64dcabc113823d3149f72b2806096b914a96ddae1c
Opcode Fuzzy Hash: 20757390c726bf27b4942edc55686fe8eb33af17fb92abdc18f456f34f479a35
Instruction Fuzzy Hash: 9221D6B19006589FCF10DB68DC659EDB778EF85310F0041AAE949D7241EB74AE88CBD4

Uniqueness

Uniqueness Score: -1.00%

Function 007E08D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 75COMMON

Download Yara Rule

APIs

_sprintf.LIBCMT ref: 007E090D

Strings

HUE=, xrefs: 007E0930
HUE, xrefs: 007E0907

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _sprintf
String ID: HUE$HUE=
API String ID: 1467051239-1691531746
Opcode ID: 59d231712c1c2e377cb0e52c1d6ebc5d3332430afbbf4763af96de9c14dc9fab
Instruction ID: 1af5af35bd2dd7bf3a95d80c0bafab43836c0cece648ffaa779c220acb4bd00e
Opcode Fuzzy Hash: 59d231712c1c2e377cb0e52c1d6ebc5d3332430afbbf4763af96de9c14dc9fab
Instruction Fuzzy Hash: CA2195B59011589BDF14DF69EC559EEB3BCEB89310F0041AAE909D7343EB74AE88C790

Uniqueness

Uniqueness Score: -1.00%

Function 00778C60 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67networkCOMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 0078C39C
send.WS2_32(?,69544341,0000000C,00000000), ref: 0078C3C4

Strings

ACTi, xrefs: 0078C36E

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memmovesend
String ID: ACTi
API String ID: 135662524-2592707185
Opcode ID: 617f173fef3316abdc35ff61413555616b54cf686d05d6c6c6e745571947a1a1
Instruction ID: ff113f823dbcd6a96895a9cd666b8b8d6cdf37c898c9d2dc30b80be830fe5bed
Opcode Fuzzy Hash: 617f173fef3316abdc35ff61413555616b54cf686d05d6c6c6e745571947a1a1
Instruction Fuzzy Hash: DA115E7294012897CB11EF55EC41BEEB3A8EF59320F10819AF849E7640CA75AD91DBE1

Uniqueness

Uniqueness Score: -1.00%

Function 004AC5F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMON

Download Yara Rule

Strings

none, xrefs: 004AC5F0

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID:
String ID: none
API String ID: 0-2140143823
Opcode ID: 9ef5a4ddaae57b732fc775a5f9ed24316fe889c012e8a04df1549fde5f0e650a
Instruction ID: a50a3364744651d5c71b892e212d7b096bc48df93cef57d3a1a9686f4115987d
Opcode Fuzzy Hash: 9ef5a4ddaae57b732fc775a5f9ed24316fe889c012e8a04df1549fde5f0e650a
Instruction Fuzzy Hash: D31179B1A083009FD340CF68D5C061BBBE0AFA6300F55992EF8948B360E374DC428B86

Uniqueness

Uniqueness Score: -1.00%

Function 0078C2A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58networkCOMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 0078C2EB
send.WS2_32(000000FF,ACTi,0000000C,00000000), ref: 0078C313

Strings

ACTi, xrefs: 0078C30B, 0078C311

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memmovesend
String ID: ACTi
API String ID: 135662524-2592707185
Opcode ID: afd04afc83978701e9c6de12ce543fe4e07bb1d4419a626445e0986816bff6fc
Instruction ID: 0123a1d1a62047c92cf2ef1eb4dcec489b2425707338b6dd8254b5ffbefe2451
Opcode Fuzzy Hash: afd04afc83978701e9c6de12ce543fe4e07bb1d4419a626445e0986816bff6fc
Instruction Fuzzy Hash: 0011EC72D0012897CB21DF59EC41BDEB3B8FF59720F11819AF85997244D6749E819BE0

Uniqueness

Uniqueness Score: -1.00%

Function 00790130 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57networkCOMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 0079017C
send.WS2_32(?,69544341,0000000C,00000000), ref: 007901A4

Strings

ACTi, xrefs: 0079014E

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memmovesend
String ID: ACTi
API String ID: 135662524-2592707185
Opcode ID: b52fb7008259308ba0181b4ead4de83de72304f52f644a9051544239b3cb0995
Instruction ID: 138c7c01688bd4bf46dba2e77077eac9ea533302b10834fd92565d4f47d81f43
Opcode Fuzzy Hash: b52fb7008259308ba0181b4ead4de83de72304f52f644a9051544239b3cb0995
Instruction Fuzzy Hash: 1011A972E11128ABCF10DF68AC01BEEF3A8EF55720F15419AFD4997244DA749E809BD0

Uniqueness

Uniqueness Score: -1.00%

Function 007A0AB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 007A0B02
_memmove.LIBCMT ref: 007A0B45

Strings

h, xrefs: 007A0AEE

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memmove_memset
String ID: h
API String ID: 3555123492-2439710439
Opcode ID: 6885c2a40d4cd5cb42e40b0334231dde07b21fa7812394733359ce591e762b2d
Instruction ID: 37b435117a1dae31e877509d37706e6a23a5ac9a3bbca5e786308fb93e25e582
Opcode Fuzzy Hash: 6885c2a40d4cd5cb42e40b0334231dde07b21fa7812394733359ce591e762b2d
Instruction Fuzzy Hash: 4011A275A003049FE710EF68D845B8BBBE8BF56318F84459EE4E997242CB35A504CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 00794F60 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00794FA1
_memmove.LIBCMT ref: 00794FE7

Strings

h, xrefs: 00794F8D

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: _memmove_memset
String ID: h
API String ID: 3555123492-2439710439
Opcode ID: 7843620571283efc22b73fff1e4c6c3001dcad990fc48e809533cbefd1e7e435
Instruction ID: 2f1318b2644f059ebc22e79e417657c32397437b2b3460289e15fded97933605
Opcode Fuzzy Hash: 7843620571283efc22b73fff1e4c6c3001dcad990fc48e809533cbefd1e7e435
Instruction Fuzzy Hash: 3111C4B1A00244BBC754CB78D884BCDFBB8AF45318F54819DE6689B381DF346959CBE8

Uniqueness

Uniqueness Score: -1.00%

Function 00816A5E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41networkCOMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00816A65
HttpOpenRequestA.WININET(?,?,?,00000000,?,00000000,00000000,?), ref: 00816A97

Strings

HTTP/1.0, xrefs: 00816A7E, 00816A8D

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: H_prolog3HttpOpenRequest
String ID: HTTP/1.0
API String ID: 3788906437-401229808
Opcode ID: b996ceda6cd2b3eed0790c7ce8fe851375768cb343a27deec99ea9a86303e340
Instruction ID: 0cc3b8de432b841ae95a5b870d932c4dc2b25e0728524a69bfa493926ddf5016
Opcode Fuzzy Hash: b996ceda6cd2b3eed0790c7ce8fe851375768cb343a27deec99ea9a86303e340
Instruction Fuzzy Hash: AE014B76601219ABCF119FA59C01EDE3BAAFF08310F048029F958EB261D732CD609B90

Uniqueness

Uniqueness Score: -1.00%

Function 00818DAD Relevance: 5.0, APIs: 4, Instructions: 34COMMONLIBRARYCODE

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(00B3D160,?,?,?,?,00818D57,?,00000004,00811B76,0080502F,00807E61,00000024,007C6B2B,00000001,00000000), ref: 00818DB9
TlsGetValue.KERNEL32(00B3D144,?,?,?,?,00818D57,?,00000004,00811B76,0080502F,00807E61,00000024,007C6B2B,00000001,00000000), ref: 00818DCD
LeaveCriticalSection.KERNEL32(00B3D160,?,?,?,?,00818D57,?,00000004,00811B76,0080502F,00807E61,00000024,007C6B2B,00000001,00000000), ref: 00818DE3
LeaveCriticalSection.KERNEL32(00B3D160,?,?,?,?,00818D57,?,00000004,00811B76,0080502F,00807E61,00000024,007C6B2B,00000001,00000000), ref: 00818DEE

Memory Dump Source

Source File: 00000000.00000002.3282128499.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3282110156.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.000000000098D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009EE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282454359.00000000009FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282620758.0000000000B0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282637533.0000000000B13000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282651791.0000000000B15000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B3B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000B41000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282675149.0000000000C0D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282749195.0000000000C0E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3282763858.0000000000C0F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_ArchivePlayer.jbxd

Similarity

API ID: CriticalSection$Leave$EnterValue
String ID:
API String ID: 3969253408-0
Opcode ID: 06bb3daa34bd3d56f6ab0661304d0852217f85e5de61991cd2f0620390824528
Instruction ID: eac76a537cd1440aed477a2b68542beeb57d0ef8948f4fcb7a6c5a7c07fe2c89
Opcode Fuzzy Hash: 06bb3daa34bd3d56f6ab0661304d0852217f85e5de61991cd2f0620390824528
Instruction Fuzzy Hash: 16F08932605210DF8B115F5DFC89CAAB7BCFF55B603054056E915EB261CE60FC45EB91

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. Taking a screenshot is also typically possible through native utilities or API calls, such as `CopyFromScreen` , `xwd` , or `screencapture` .
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report ArchivePlayer.exe

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Cryptography

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Imports

Exports

Possible Origin

Network Behavior

Statistics

CPU Usage

Memory Usage

System Behavior

Analysis Process: ArchivePlayer.exePID: 2408, Parent PID: 1028

General

Chronological Activities

Disassembly

Analysis Process: ArchivePlayer.exePID: 2408, Parent PID: 1028COMMON

Windows Analysis Report
ArchivePlayer.exe

Function 0080ADE2 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 132
COMMON

Function 007C99C0 Relevance: 19.6, APIs: 9, Strings: 2, Instructions: 312
windowCOMMON

Function 00846494 Relevance: 72.1, APIs: 36, Strings: 5, Instructions: 382
stringCOMMON

Function 008469A7 Relevance: 64.8, APIs: 43, Instructions: 316
COMMON

Function 00804B8F Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 190
windowCOMMON

Function 007C9460 Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 252
windowCOMMON

Function 00818A31 Relevance: 22.7, APIs: 15, Instructions: 172
memoryCOMMONLIBRARYCODE

Function 0092C347 Relevance: 19.6, APIs: 13, Instructions: 89
COMMON

Function 007C5540 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 288
windowCOMMON

Function 00809AF7 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 119
libraryCOMMON

Function 00803D7C Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 87
libraryloaderthreadCOMMON

Function 0081798A Relevance: 12.0, APIs: 8, Instructions: 38
COMMONLIBRARYCODE

Function 008078CD Relevance: 10.6, APIs: 7, Instructions: 120
windowCOMMON

Function 008173D9 Relevance: 9.1, APIs: 6, Instructions: 61
stringCOMMON