Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe

Overview

General Information

Sample name:SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe
Analysis ID:1428463
MD5:873d3f98aa31a6d5802e2033bbfa8ce3
SHA1:1692b76af4b21f6c5e6fba7c54baf7fdc4e5d1f9
SHA256:d9a6afcf1f17010c8432b8725d77eececa4d8fdfbebf3eeaf8d1d2d31f9bd9e9
Tags:exe
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains long sleeps (>= 3 min)
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
May sleep (evasive loops) to hinder dynamic analysis
Potential key logger detected (key state polling based)
Program does not show much activity (idle)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeReversingLabs: Detection: 18%
Source: SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: C:\OneDrive\OneDrive - Haley Consulting, LLC\Projects\Client\TCC\FPDesktop\obj\Debug\FPDesktop.pdb source: SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeCode function: 4x nop then jmp 06A06013h0_2_06A05DA8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeCode function: 4x nop then jmp 06A06013h0_2_06A05D99
Source: SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe, 00000000.00000002.3329137545.0000000002501000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeString found in binary or memory: http://www.xguardian.net/xguardian/aws_ec2_pool_vm.cfm?Domain=theconcretecompany.com&Pool=2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeCode function: 0_2_06D4A5F8 GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,0_2_06D4A5F8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeCode function: 0_2_00B4C1B80_2_00B4C1B8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeCode function: 0_2_00B4DBD00_2_00B4DBD0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeCode function: 0_2_06A05C140_2_06A05C14
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeCode function: 0_2_06A05BD40_2_06A05BD4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeCode function: 0_2_06A0F9E00_2_06A0F9E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeCode function: 0_2_06A064380_2_06A06438
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeCode function: 0_2_06A06D910_2_06A06D91
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeCode function: 0_2_06A01B040_2_06A01B04
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeCode function: 0_2_06D47E580_2_06D47E58
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeCode function: 0_2_06D44DF00_2_06D44DF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeCode function: 0_2_06D41E600_2_06D41E60
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeCode function: 0_2_06D47E580_2_06D47E58
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeCode function: 0_2_06D45CB00_2_06D45CB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeCode function: 0_2_06D45BE40_2_06D45BE4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeCode function: 0_2_06D44DF00_2_06D44DF0
Source: SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe, 00000000.00000000.2082136568.00000000001A2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameFPDesktop.exe4 vs SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe
Source: SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe, 00000000.00000002.3328353865.000000000090E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe
Source: SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeBinary or memory string: OriginalFilenameFPDesktop.exe4 vs SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe
Source: classification engineClassification label: mal48.winEXE@1/0@0/0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeMutant created: NULL
Source: SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeReversingLabs: Detection: 18%
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeSection loaded: wintypes.dllJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
Source: SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\OneDrive\OneDrive - Haley Consulting, LLC\Projects\Client\TCC\FPDesktop\obj\Debug\FPDesktop.pdb source: SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe
Source: SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeStatic PE information: 0xA3490A5B [Sun Oct 22 20:43:07 2056 UTC]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeMemory allocated: B40000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeMemory allocated: 2500000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeMemory allocated: 4500000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe TID: 2852Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe, 00000000.00000002.3328353865.0000000000942000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllR
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
DLL Side-Loading		1
Disable or Modify Tools		1
Input Capture		1
Security Software Discovery		Remote Services1
Input Capture		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts31
Virtualization/Sandbox Evasion		LSASS Memory31
Virtualization/Sandbox Evasion		Remote Desktop Protocol1
Archive Collected Data		Junk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Timestomp		Security Account Manager12
System Information Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Obfuscated Files or Information		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe18%ReversingLabsWin32.PUA.Generic

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameSecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe, 00000000.00000002.3329137545.0000000002501000.00000004.00000800.00020000.00000000.sdmpfalse
    		high
    http://www.xguardian.net/xguardian/aws_ec2_pool_vm.cfm?Domain=theconcretecompany.com&Pool=2SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exefalse
      		unknown

      World Map of Contacted IPs

      No contacted IP infos

      General Information

      Joe Sandbox version:40.0.0 Tourmaline
      Analysis ID:1428463
      Start date and time:2024-04-19 00:39:09 +02:00
      Joe Sandbox product:CloudBasic
      Overall analysis duration:0h 4m 15s
      Hypervisor based Inspection enabled:false
      Report type:full
      Cookbook file name:default.jbs
      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
      Number of analysed new started processes analysed:7
      Number of new started drivers analysed:0
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:0
      Technologies:
      • HCA enabled
      • EGA enabled
      • AMSI enabled
      Analysis Mode:default
      Analysis stop reason:Timeout
      Sample name:SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe
      Detection:MAL
      Classification:mal48.winEXE@1/0@0/0
      EGA Information:
      • Successful, ratio: 100%
      HCA Information:
      • Successful, ratio: 99%
      • Number of executed functions: 41
      • Number of non-executed functions: 7
      Cookbook Comments:
      • Found application associated with file extension: .exe

      Warnings

      • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
      • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
      • Report size getting too big, too many NtQueryValueKey calls found.
      • VT rate limit hit for: SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe

      Simulations

      Behavior and APIs

      No simulations

      Joe Sandbox View / Context

      IPs

      No context

      Domains

      No context

      ASNs

      No context

      JA3 Fingerprints

      No context

      Dropped Files

      No context

      Created / dropped Files

      No created / dropped files found

      Static File Info

      General

      File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
      Entropy (8bit):5.667633961353233
      TrID:
      • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
      • Win32 Executable (generic) a (10002005/4) 49.78%
      • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
      • Generic Win/DOS Executable (2004/3) 0.01%
      • DOS Executable Generic (2002/1) 0.01%
      File name:SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe
      File size:548'352 bytes
      MD5:873d3f98aa31a6d5802e2033bbfa8ce3
      SHA1:1692b76af4b21f6c5e6fba7c54baf7fdc4e5d1f9
      SHA256:d9a6afcf1f17010c8432b8725d77eececa4d8fdfbebf3eeaf8d1d2d31f9bd9e9
      SHA512:05f0955e79f226707269689232f938b2af5d509918ce34d6d6b3c36ee63490551d443918f456705dbe15be5c9dbb87bc7e9e4b1ea663741ae660153c2cad8022
      SSDEEP:12288:VvDZzYGzVAGLfOa9QpJIGzVAGLfO2GoVAGLrS:kGpAGLffQpJIGpAGLfnGKAGLr
      TLSH:25C4D562E541995BE43B3238011247392222AF547427D8AD29BB3D6B3D76E4F0D1F2FB
      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...[.I..........."...P.................. ........@.. ....................................`................................

      File Icon

      Icon Hash:a2a8f0b0b0b2aefc

      Static PE Info

      General

      Entrypoint:0x46d5ea
      Entrypoint Section:.text
      Digitally signed:false
      Imagebase:0x400000
      Subsystem:windows gui
      Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
      DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Time Stamp:0xA3490A5B [Sun Oct 22 20:43:07 2056 UTC]
      TLS Callbacks:
      CLR (.Net) Version:
      OS Version Major:4
      OS Version Minor:0
      File Version Major:4
      File Version Minor:0
      Subsystem Version Major:4
      Subsystem Version Minor:0
      Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

      Entrypoint Preview

      Instruction
      jmp dword ptr [00402000h]
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al

      Data Directories

      NameVirtual AddressVirtual Size Is in Section
      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
      IMAGE_DIRECTORY_ENTRY_IMPORT0x6d5970x4f.text
      IMAGE_DIRECTORY_ENTRY_RESOURCE0x6e0000x1a3b8.rsrc
      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
      IMAGE_DIRECTORY_ENTRY_BASERELOC0x8a0000xc.reloc
      IMAGE_DIRECTORY_ENTRY_DEBUG0x6d4e40x38.text
      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
      IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

      Sections

      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
      .text0x20000x6b5f00x6b60073c16cb2a8d183bbfa70f96800370825False0.2921865905122235data5.623865846070342IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      .rsrc0x6e0000x1a3b80x1a4008e1d9f74546b87c3f0f9918212a28ac0False0.40172061011904764data5.644736606822636IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
      .reloc0x8a0000xc0x200b5200ded72c14f5cbca73eddeda559c4False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

      Resources

      NameRVASizeTypeLanguageCountryZLIB Complexity
      RT_ICON0x6e1a00x4f4dPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9971429978818778
      RT_ICON0x731000x10828Device independent bitmap graphic, 128 x 256 x 32, image size 675840.21356323198864308
      RT_ICON0x839380x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 96000.3852697095435685
      RT_ICON0x85ef00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 42240.4280018761726079
      RT_ICON0x86fa80x988Device independent bitmap graphic, 24 x 48 x 32, image size 24000.5053278688524591
      RT_ICON0x879400x468Device independent bitmap graphic, 16 x 32 x 32, image size 10880.5824468085106383
      RT_GROUP_ICON0x87db80x5adata0.7777777777777778
      RT_VERSION0x87e240x394OpenPGP Secret Key0.4344978165938865
      RT_MANIFEST0x881c80x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

      Imports

      DLLImport
      mscoree.dll_CorExeMain

      Network Behavior

      No network behavior found

      Statistics

      CPU Usage

      Click to jump to process

      Memory Usage

      Click to jump to process

      High Level Behavior Distribution

      Click to dive into process behavior distribution

      System Behavior

      General

      Target ID:0
      Start time:00:39:58
      Start date:19/04/2024
      Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe
      Wow64 process (32bit):true
      Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe"
      Imagebase:0x160000
      File size:548'352 bytes
      MD5 hash:873D3F98AA31A6D5802E2033BBFA8CE3
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:low
      Has exited:false

      Disassembly

      Reset < >

        Execution Graph

        Execution Coverage:9.2%
        Dynamic/Decrypted Code Coverage:96.2%
        Signature Coverage:10.2%
        Total number of Nodes:264
        Total number of Limit Nodes:24
        execution_graph 32425 6a01420 32427 6a01421 32425->32427 32426 6a01591 32427->32426 32430 6a006c0 SendMessageW 32427->32430 32432 6a006c8 SendMessageW 32427->32432 32431 6a00734 32430->32431 32431->32426 32433 6a00734 32432->32433 32433->32426 32434 6a045a0 32435 6a045c0 32434->32435 32436 6a045f2 32435->32436 32439 6a00680 32435->32439 32444 6a00690 32435->32444 32440 6a006a0 32439->32440 32442 6a006c0 SendMessageW 32440->32442 32443 6a006c8 SendMessageW 32440->32443 32441 6a006b1 32441->32436 32442->32441 32443->32441 32445 6a006a0 32444->32445 32447 6a006c0 SendMessageW 32445->32447 32448 6a006c8 SendMessageW 32445->32448 32446 6a006b1 32446->32436 32447->32446 32448->32446 32449 6a0f9e0 32451 6a0fa45 32449->32451 32450 6a0fea8 WaitMessage 32450->32451 32451->32450 32452 6a0fa92 32451->32452 32455 6d40006 32451->32455 32459 6d40040 32451->32459 32456 6d40021 32455->32456 32457 6d400a6 GetActiveWindow 32456->32457 32458 6d4008d 32456->32458 32457->32458 32458->32451 32460 6d40084 32459->32460 32461 6d400a6 GetActiveWindow 32460->32461 32462 6d4008d 32460->32462 32461->32462 32462->32451 32533 b4fad0 32534 b4fb38 CreateWindowExW 32533->32534 32536 b4fbf4 32534->32536 32537 6d44df0 32538 6d44e26 32537->32538 32539 6d44f72 32538->32539 32542 6d47e58 32538->32542 32546 6d47e48 32538->32546 32543 6d47ed6 32542->32543 32544 6d482bc GetSysColorBrush 32543->32544 32545 6d48279 32543->32545 32544->32545 32545->32539 32547 6d47ed6 32546->32547 32548 6d482bc GetSysColorBrush 32547->32548 32549 6d48279 32547->32549 32548->32549 32549->32539 32550 6a077c6 32553 6a05cf0 32550->32553 32554 6a05cfb 32553->32554 32558 6a083f0 32554->32558 32564 6a083e2 32554->32564 32555 6a077d3 32559 6a0843f GetCurrentThreadId 32558->32559 32561 6a08485 32559->32561 32570 6a07bfc 32561->32570 32565 6a0843f GetCurrentThreadId 32564->32565 32567 6a08485 32565->32567 32568 6a07bfc EnumThreadWindows 32567->32568 32569 6a084c0 32568->32569 32569->32555 32571 6a084e0 EnumThreadWindows 32570->32571 32573 6a084c0 32571->32573 32573->32555 32574 6d49a78 DispatchMessageA 32575 6d49ae4 32574->32575 32576 b4fd18 SetWindowLongW 32577 b4fd84 32576->32577 32578 b46d58 32579 b46d68 32578->32579 32580 b46d79 32579->32580 32583 b46e7f 32579->32583 32588 b46db8 32579->32588 32584 b46e84 32583->32584 32585 b46ee9 32584->32585 32593 b47020 32584->32593 32597 b4701b 32584->32597 32585->32580 32589 b46df2 32588->32589 32590 b46ee9 32589->32590 32591 b47020 8 API calls 32589->32591 32592 b4701b 8 API calls 32589->32592 32590->32580 32591->32590 32592->32590 32594 b4702d 32593->32594 32595 b47067 32594->32595 32601 b46aa0 32594->32601 32595->32585 32598 b47020 32597->32598 32599 b47067 32598->32599 32600 b46aa0 8 API calls 32598->32600 32599->32585 32600->32599 32602 b46aa5 32601->32602 32604 b47d80 32602->32604 32605 b4720c 32602->32605 32604->32604 32606 b47217 32605->32606 32614 b47dfe 32606->32614 32617 b4b330 32606->32617 32623 b4b340 32606->32623 32608 b47e18 32634 b4724c 32608->32634 32610 b47e1f 32638 b4d108 32610->32638 32644 b4d120 32610->32644 32611 b47e29 32611->32604 32629 b4723c 32614->32629 32618 b4b36e 32617->32618 32620 b4b397 32618->32620 32650 b4a0a4 GetFocus 32618->32650 32621 b4b43a KiUserCallbackDispatcher 32620->32621 32622 b4b566 32620->32622 32621->32622 32624 b4b36e 32623->32624 32626 b4b397 32624->32626 32651 b4a0a4 GetFocus 32624->32651 32627 b4b43a KiUserCallbackDispatcher 32626->32627 32628 b4b566 32626->32628 32627->32628 32628->32628 32630 b47247 32629->32630 32633 b4c891 32630->32633 32652 b4c198 32630->32652 32632 b4c88c 32632->32608 32633->32608 32635 b47257 32634->32635 32637 b4cf4f 32635->32637 32656 b4c29c 32635->32656 32637->32610 32640 b4d151 32638->32640 32641 b4d19e 32638->32641 32639 b4d15d 32639->32611 32640->32639 32689 b4d488 32640->32689 32692 b4d478 32640->32692 32641->32611 32646 b4d151 32644->32646 32647 b4d19e 32644->32647 32645 b4d15d 32645->32611 32646->32645 32648 b4d488 2 API calls 32646->32648 32649 b4d478 2 API calls 32646->32649 32647->32611 32648->32647 32649->32647 32650->32620 32651->32626 32653 b4c1a3 32652->32653 32654 b4724c 5 API calls 32653->32654 32655 b4ca75 32653->32655 32654->32655 32655->32632 32658 b4c2a7 32656->32658 32657 b4d0f8 32657->32637 32658->32657 32660 b4d022 32658->32660 32662 b4d120 2 API calls 32658->32662 32667 b4d108 2 API calls 32658->32667 32671 6a00758 32658->32671 32676 6a043a8 32658->32676 32680 6a00768 32658->32680 32685 6a04399 32658->32685 32659 b4d0c1 32668 6a04bb0 3 API calls 32659->32668 32669 6a04bd0 3 API calls 32659->32669 32670 6a04950 3 API calls 32659->32670 32660->32659 32661 b4c29c 5 API calls 32660->32661 32661->32660 32662->32660 32667->32660 32668->32657 32669->32657 32670->32657 32672 6a0078d 32671->32672 32674 b4d120 2 API calls 32672->32674 32675 b4d108 2 API calls 32672->32675 32673 6a00803 32673->32673 32674->32673 32675->32673 32678 b4d120 2 API calls 32676->32678 32679 b4d108 2 API calls 32676->32679 32677 6a043d5 32678->32677 32679->32677 32682 6a0078d 32680->32682 32681 6a00803 32683 b4d120 2 API calls 32682->32683 32684 b4d108 2 API calls 32682->32684 32683->32681 32684->32681 32686 6a043d5 32685->32686 32687 b4d120 2 API calls 32685->32687 32688 b4d108 2 API calls 32685->32688 32687->32686 32688->32686 32696 b4d4c8 32689->32696 32690 b4d492 32690->32641 32693 b4d488 32692->32693 32695 b4d4c8 2 API calls 32693->32695 32694 b4d492 32694->32641 32695->32694 32697 b4d4e9 32696->32697 32698 b4d50c 32696->32698 32697->32698 32704 b4d770 32697->32704 32708 b4d761 32697->32708 32698->32690 32699 b4d504 32699->32698 32700 b4d710 GetModuleHandleW 32699->32700 32701 b4d73d 32700->32701 32701->32690 32705 b4d784 32704->32705 32707 b4d7a9 32705->32707 32712 b4c3c8 32705->32712 32707->32699 32710 b4d770 32708->32710 32709 b4d7a9 32709->32699 32710->32709 32711 b4c3c8 LoadLibraryExW 32710->32711 32711->32709 32713 b4d950 LoadLibraryExW 32712->32713 32715 b4d9c9 32713->32715 32715->32707 32463 6d40800 DispatchMessageW 32464 6d4086c 32463->32464 32716 b47540 32717 b47586 GetCurrentProcess 32716->32717 32719 b475d1 32717->32719 32720 b475d8 GetCurrentThread 32717->32720 32719->32720 32721 b47615 GetCurrentProcess 32720->32721 32722 b4760e 32720->32722 32723 b4764b 32721->32723 32722->32721 32724 b47673 GetCurrentThreadId 32723->32724 32725 b476a4 32724->32725 32726 6a07758 32727 6a07789 32726->32727 32730 6a07813 32726->32730 32735 6a07828 32726->32735 32731 6a07850 32730->32731 32734 6a0787c 32730->32734 32732 6a07859 32731->32732 32740 6a05d6c 32731->32740 32732->32727 32734->32727 32736 6a07850 32735->32736 32739 6a0787c 32735->32739 32737 6a07859 32736->32737 32738 6a05d6c OleInitialize 32736->32738 32737->32727 32738->32739 32739->32727 32742 6a05d77 32740->32742 32741 6a07b73 32741->32734 32742->32741 32744 6a05d88 32742->32744 32745 6a07fb0 OleInitialize 32744->32745 32746 6a08014 32745->32746 32746->32741 32465 b4d0ed 32466 b4d0f8 32465->32466 32470 6a04bb0 32465->32470 32475 6a04950 32465->32475 32480 6a04bd0 32465->32480 32472 6a04bb5 32470->32472 32471 6a04bbe 32471->32466 32472->32471 32485 6a05600 32472->32485 32490 6a05610 32472->32490 32476 6a04971 32475->32476 32477 6a04a5f 32476->32477 32478 6a05600 3 API calls 32476->32478 32479 6a05610 3 API calls 32476->32479 32477->32466 32478->32477 32479->32477 32482 6a04bf2 32480->32482 32481 6a04c2f 32481->32466 32482->32481 32483 6a05600 3 API calls 32482->32483 32484 6a05610 3 API calls 32482->32484 32483->32481 32484->32481 32486 6a05633 32485->32486 32487 6a05768 32486->32487 32495 8ad658 32486->32495 32502 8ad667 32486->32502 32487->32471 32491 6a05633 32490->32491 32492 6a05768 32491->32492 32493 8ad658 3 API calls 32491->32493 32494 8ad667 3 API calls 32491->32494 32492->32471 32493->32492 32494->32492 32496 8ad667 32495->32496 32497 8ad6ae 32496->32497 32509 6a06d70 32496->32509 32513 6a05aec 32496->32513 32517 6a05d99 32496->32517 32521 6a05da8 32496->32521 32497->32487 32503 8ad690 32502->32503 32504 8ad6ae 32503->32504 32505 6a06d70 3 API calls 32503->32505 32506 6a05da8 3 API calls 32503->32506 32507 6a05d99 3 API calls 32503->32507 32508 6a05aec 3 API calls 32503->32508 32504->32487 32505->32503 32506->32503 32507->32503 32508->32503 32510 6a06d80 32509->32510 32525 6a05c14 32510->32525 32512 6a06d87 32512->32496 32514 6a05af7 32513->32514 32515 6a05c14 3 API calls 32514->32515 32516 6a06d87 32515->32516 32516->32496 32518 6a05dd5 32517->32518 32519 6a05aec 3 API calls 32518->32519 32520 6a05e5b 32518->32520 32519->32520 32520->32496 32522 6a05dd5 32521->32522 32523 6a05aec 3 API calls 32522->32523 32524 6a05e5b 32522->32524 32523->32524 32524->32496 32528 6a05c1f 32525->32528 32526 6a06ecb GetCapture 32527 6a06f0d 32526->32527 32529 6a06f4e GetActiveWindow 32527->32529 32528->32526 32531 6a06f85 32528->32531 32529->32531 32530 6a07578 GetProcessWindowStation 32532 6a075a0 32530->32532 32531->32530 32531->32532 32532->32512 32747 b47788 DuplicateHandle 32748 b4781e 32747->32748 32749 6d40328 KiUserCallbackDispatcher 32750 6d4039c 32749->32750

        Executed Functions

        Function 06A05C14 Relevance: 5.1, APIs: 3, Instructions: 605COMMON
        Download Yara Rule

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 23 6a05c14-6a06e05 26 6a06e0b-6a06e18 23->26 27 6a072ef-6a07359 23->27 30 6a07360-6a073b8 26->30 31 6a06e1e-6a06e28 26->31 27->30 36 6a073bf-6a07417 30->36 35 6a06e2e-6a06e38 31->35 31->36 38 6a0741e-6a07476 35->38 39 6a06e3e-6a06e48 35->39 36->38 41 6a0747d-6a074db 38->41 39->41 42 6a06e4e-6a06e56 39->42 51 6a074e2-6a07572 41->51 42->51 52 6a06e5c-6a06e60 42->52 109 6a07578-6a0759e GetProcessWindowStation 51->109 110 6a0760f 51->110 55 6a06e62-6a06e97 52->55 56 6a06eb7-6a06f0b GetCapture 52->56 55->56 80 6a06e99-6a06ea8 55->80 77 6a06f14-6a06f22 56->77 78 6a06f0d-6a06f13 56->78 83 6a06f24-6a06f49 call 6a05c34 77->83 84 6a06f4e-6a06f83 GetActiveWindow 77->84 78->77 80->56 97 6a06eaa-6a06eb4 call 6a05c24 80->97 83->84 90 6a06f85-6a06f8b 84->90 91 6a06f8c-6a06f9d 84->91 90->91 94 6a06fac 91->94 95 6a06f9f-6a06faa 91->95 100 6a06faf-6a06fe1 94->100 95->100 97->56 119 6a06fe3-6a06fe9 100->119 120 6a06ff6-6a07019 100->120 111 6a075a0-6a075a6 109->111 112 6a075a7-6a075b2 109->112 113 6a07616-6a0762f 110->113 111->112 112->113 115 6a075b4-6a075bb 112->115 115->113 117 6a075bd-6a075f5 call 6a05c8c 115->117 133 6a07607-6a0760d 117->133 134 6a075f7-6a075fe 117->134 119->120 122 6a06feb-6a06ff1 call 6a05c40 119->122 128 6a070e1-6a070eb 120->128 129 6a0701f-6a07029 120->129 122->120 131 6a070f6-6a07119 128->131 132 6a070ed-6a070f0 call 6a076ff 128->132 129->128 138 6a0702f-6a07062 129->138 141 6a07121-6a0712f 131->141 142 6a0711b-6a0711e 131->142 132->131 133->113 134->133 137 6a07600 134->137 137->133 147 6a07234-6a072c4 call 6a05c40 138->147 148 6a07068-6a070d7 138->148 145 6a07131-6a0713f 141->145 146 6a07165-6a07173 141->146 142->141 145->146 153 6a07141-6a07163 call 6a05c50 145->153 154 6a07191-6a071b1 146->154 155 6a07175-6a07183 146->155 147->27 148->128 153->154 168 6a071b3-6a071bd 154->168 169 6a07206-6a07215 154->169 155->154 164 6a07185-6a0718c call 6a05c50 155->164 164->154 173 6a071fb-6a07200 168->173 174 6a071bf-6a071d2 call 6a05c5c 168->174 169->147 173->169 174->173 181 6a071d4-6a071f6 call 6a05c6c 174->181 181->173
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3330689694.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_6a00000_SecuriteInfo.jbxd
        Similarity
        • API ID: Window$ActiveCaptureProcessStation
        • String ID:
        • API String ID: 2779997428-0
        • Opcode ID: fdfa7943cd650ddf1fc2f34ead6d1cc06ceaf78b90d391a465ddf98963e7096a
        • Instruction ID: e64a85531cbb549043192cc3791f49fb90c477deda86743b18f78ae23b47925d
        • Opcode Fuzzy Hash: fdfa7943cd650ddf1fc2f34ead6d1cc06ceaf78b90d391a465ddf98963e7096a
        • Instruction Fuzzy Hash: F7324130A002098FEB55EBB9D554BAEB7F6EF88300F244169E505EB391DF35AD41CB51
        Uniqueness

        Uniqueness Score: -1.00%

        Function 06A06D91 Relevance: 3.3, APIs: 2, Instructions: 320COMMON
        Download Yara Rule

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 211 6a06d91-6a06e05 212 6a06e0b-6a06e18 211->212 213 6a072ef-6a07359 211->213 216 6a07360-6a073b8 212->216 217 6a06e1e-6a06e28 212->217 213->216 222 6a073bf-6a07417 216->222 221 6a06e2e-6a06e38 217->221 217->222 224 6a0741e-6a07476 221->224 225 6a06e3e-6a06e48 221->225 222->224 227 6a0747d-6a074db 224->227 225->227 228 6a06e4e-6a06e56 225->228 237 6a074e2-6a07572 227->237 228->237 238 6a06e5c-6a06e60 228->238 295 6a07578-6a0759e GetProcessWindowStation 237->295 296 6a0760f 237->296 241 6a06e62-6a06e97 238->241 242 6a06eb7-6a06f0b GetCapture 238->242 241->242 266 6a06e99-6a06ea8 241->266 263 6a06f14-6a06f22 242->263 264 6a06f0d-6a06f13 242->264 269 6a06f24-6a06f49 call 6a05c34 263->269 270 6a06f4e-6a06f83 GetActiveWindow 263->270 264->263 266->242 283 6a06eaa-6a06eb4 call 6a05c24 266->283 269->270 276 6a06f85-6a06f8b 270->276 277 6a06f8c-6a06f9d 270->277 276->277 280 6a06fac 277->280 281 6a06f9f-6a06faa 277->281 286 6a06faf-6a06fe1 280->286 281->286 283->242 305 6a06fe3-6a06fe9 286->305 306 6a06ff6-6a07019 286->306 297 6a075a0-6a075a6 295->297 298 6a075a7-6a075b2 295->298 299 6a07616-6a0762f 296->299 297->298 298->299 301 6a075b4-6a075bb 298->301 301->299 303 6a075bd-6a075f5 call 6a05c8c 301->303 319 6a07607-6a0760d 303->319 320 6a075f7-6a075fe 303->320 305->306 308 6a06feb-6a06ff1 call 6a05c40 305->308 314 6a070e1-6a070eb 306->314 315 6a0701f-6a07029 306->315 308->306 317 6a070f6-6a07119 314->317 318 6a070ed-6a070f0 call 6a076ff 314->318 315->314 324 6a0702f-6a07062 315->324 327 6a07121-6a0712f 317->327 328 6a0711b-6a0711e 317->328 318->317 319->299 320->319 323 6a07600 320->323 323->319 333 6a07234-6a072c4 call 6a05c40 324->333 334 6a07068-6a070d7 324->334 331 6a07131-6a0713f 327->331 332 6a07165-6a07173 327->332 328->327 331->332 339 6a07141-6a07163 call 6a05c50 331->339 340 6a07191-6a071b1 332->340 341 6a07175-6a07183 332->341 333->213 334->314 339->340 354 6a071b3-6a071bd 340->354 355 6a07206-6a07215 340->355 341->340 350 6a07185-6a0718c call 6a05c50 341->350 350->340 359 6a071fb-6a07200 354->359 360 6a071bf-6a071d2 call 6a05c5c 354->360 355->333 359->355 360->359 367 6a071d4-6a071f6 call 6a05c6c 360->367 367->359
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3330689694.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_6a00000_SecuriteInfo.jbxd
        Similarity
        • API ID: Window$ActiveCaptureProcessStation
        • String ID:
        • API String ID: 2779997428-0
        • Opcode ID: 78aa3fea9805b1ca5679fd69a4ab57151bb4eb159fcdc986341c676aab8d83d5
        • Instruction ID: f5c1205411c6c03dfeb08e399c3e3c7643bcd604a800e75c824bb21d97dfc62f
        • Opcode Fuzzy Hash: 78aa3fea9805b1ca5679fd69a4ab57151bb4eb159fcdc986341c676aab8d83d5
        • Instruction Fuzzy Hash: A1D13271E00209CFEB64EFB5D954A9DBBF2FF88304F244269E505AB291DB71A981CF10
        Uniqueness

        Uniqueness Score: -1.00%

        Function 06D47E58 Relevance: 2.0, APIs: 1, Instructions: 514COMMON
        Download Yara Rule

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 377 6d47e58-6d47ee2 380 6d47f44-6d47f55 377->380 381 6d47ee4-6d47f38 377->381 385 6d47f57-6d47fc4 380->385 386 6d47fce-6d4801e 380->386 488 6d47f3e call 6d48917 381->488 489 6d47f3e call 6d48928 381->489 490 6d47fc6 call 6d48bd8 385->490 491 6d47fc6 call 6d48be8 385->491 393 6d48026-6d48058 call 6d46bf0 call 6d459a8 386->393 391 6d47fcc 391->393 399 6d484b4-6d484c7 393->399 400 6d4805e-6d48066 393->400 410 6d48642-6d48666 399->410 411 6d484cd-6d484d5 399->411 401 6d4806c-6d48073 400->401 402 6d48129 400->402 403 6d48075-6d4807a 401->403 404 6d4807c-6d48083 401->404 406 6d4812b-6d48135 402->406 407 6d4809b-6d4809d 403->407 408 6d48085-6d48087 404->408 409 6d48089-6d48098 404->409 412 6d48137-6d4814e 406->412 413 6d48150-6d481a4 406->413 414 6d48125 407->414 415 6d480a3-6d480aa 407->415 408->407 409->407 411->410 423 6d484db-6d48636 411->423 417 6d481a5-6d481cb 412->417 413->417 418 6d48127 414->418 427 6d48121 415->427 428 6d480ac-6d480b3 415->428 425 6d48357-6d48359 417->425 426 6d481d1-6d481db 417->426 418->406 423->410 425->399 432 6d4835f-6d48375 425->432 429 6d481dd-6d481e6 426->429 430 6d481e8 426->430 431 6d48123 427->431 437 6d480b5-6d480bf 428->437 438 6d480c1 428->438 435 6d481ea-6d481ec 429->435 430->435 431->418 432->399 442 6d4837b-6d48394 432->442 435->425 439 6d481f2-6d481fa 435->439 441 6d480c3-6d480c5 437->441 438->441 439->425 448 6d48200-6d4822e 439->448 441->427 445 6d480c7-6d480da 441->445 449 6d48396-6d483b6 call 6d459b8 442->449 450 6d483bb-6d484a3 442->450 455 6d480dc-6d480ee 445->455 456 6d4811a-6d4811f 445->456 453 6d48230-6d48239 448->453 454 6d4823b 448->454 449->450 486 6d484a5 450->486 487 6d484b1 450->487 457 6d4823d-6d48277 453->457 454->457 455->456 468 6d480f0-6d48102 455->468 456->431 461 6d48279-6d48299 457->461 462 6d4829b-6d482fd GetSysColorBrush 457->462 470 6d48312-6d48352 call 6d42c94 461->470 471 6d48306-6d48310 462->471 472 6d482ff-6d48305 462->472 477 6d48104-6d48114 468->477 478 6d48116-6d48118 468->478 470->425 471->470 472->471 477->431 478->431 486->487 487->399 488->380 489->380 490->391 491->391
        APIs
        • GetSysColorBrush.USER32(00000000), ref: 06D482E6
        Memory Dump Source
        • Source File: 00000000.00000002.3330851306.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_6d40000_SecuriteInfo.jbxd
        Similarity
        • API ID: BrushColor
        • String ID:
        • API String ID: 464657469-0
        • Opcode ID: 900e137836dc89db3d01c07deb8d2721c37c25bbdd407bb021416484c585fc5b
        • Instruction ID: fac1189c7c5e59b5a8975ff068f8c05aa196b5ad78fc9b36af08a0f0b2a88df4
        • Opcode Fuzzy Hash: 900e137836dc89db3d01c07deb8d2721c37c25bbdd407bb021416484c585fc5b
        • Instruction Fuzzy Hash: 8532253191061ACFDB61EF64C984BD9B7B2BF89300F1185E9E409AB261DB71EE85CF40
        Uniqueness

        Uniqueness Score: -1.00%

        Function 06A0F9E0 Relevance: 1.9, APIs: 1, Instructions: 396COMMON
        Download Yara Rule

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 492 6a0f9e0-6a0fa43 493 6a0fa72-6a0fa90 492->493 494 6a0fa45-6a0fa6f 492->494 499 6a0fa92-6a0fa94 493->499 500 6a0fa99-6a0fad0 493->500 494->493 502 6a0ff52-6a0ff67 499->502 504 6a0ff01 500->504 505 6a0fad6-6a0faea 500->505 508 6a0ff06-6a0ff1c 504->508 506 6a0fb19-6a0fb38 505->506 507 6a0faec-6a0fb16 505->507 514 6a0fb50-6a0fb52 506->514 515 6a0fb3a-6a0fb40 506->515 507->506 508->502 519 6a0fb71-6a0fb7a 514->519 520 6a0fb54-6a0fb6c 514->520 517 6a0fb42 515->517 518 6a0fb44-6a0fb46 515->518 517->514 518->514 521 6a0fb82-6a0fb89 519->521 520->508 522 6a0fb93-6a0fb9a 521->522 523 6a0fb8b-6a0fb91 521->523 525 6a0fba4 522->525 526 6a0fb9c-6a0fba2 522->526 524 6a0fba7-6a0fbc4 call 6a0ce38 523->524 529 6a0fd19-6a0fd1d 524->529 530 6a0fbca-6a0fbd1 524->530 525->524 526->524 532 6a0fd23-6a0fd27 529->532 533 6a0feec-6a0feff 529->533 530->504 531 6a0fbd7-6a0fc06 530->531 604 6a0fc09 call 6d40006 531->604 605 6a0fc09 call 6d40040 531->605 534 6a0fd41-6a0fd4a 532->534 535 6a0fd29-6a0fd3c 532->535 533->508 536 6a0fd79-6a0fd80 534->536 537 6a0fd4c-6a0fd76 534->537 535->508 539 6a0fd86-6a0fd8d 536->539 540 6a0fe1f-6a0fe34 536->540 537->536 538 6a0fc0f-6a0fc14 541 6a0fee2-6a0fee6 538->541 542 6a0fc1a-6a0fc1f 538->542 544 6a0fdbc-6a0fdde 539->544 545 6a0fd8f-6a0fdb9 539->545 540->541 554 6a0fe3a-6a0fe3c 540->554 541->521 541->533 546 6a0fc51-6a0fc66 call 6a0f588 542->546 547 6a0fc21-6a0fc2f call 6a0f570 542->547 544->540 582 6a0fde0-6a0fdea 544->582 545->544 552 6a0fc6b-6a0fc6f 546->552 547->546 557 6a0fc31-6a0fc4a call 6a0f57c 547->557 558 6a0fce0-6a0fced 552->558 559 6a0fc71-6a0fc83 call 6a0f594 552->559 560 6a0fe89-6a0fea6 call 6a0ce38 554->560 561 6a0fe3e-6a0fe77 554->561 567 6a0fc4f 557->567 558->541 574 6a0fcf3-6a0fcfd call 6a0f5a4 558->574 585 6a0fcc3-6a0fcdb 559->585 586 6a0fc85-6a0fcb5 559->586 560->541 573 6a0fea8-6a0fed4 WaitMessage 560->573 577 6a0fe80-6a0fe87 561->577 578 6a0fe79-6a0fe7f 561->578 567->552 579 6a0fed6 573->579 580 6a0fedb 573->580 588 6a0fd0c-6a0fd0f call 6a0f5bc 574->588 589 6a0fcff-6a0fd02 call 6a0f5b0 574->589 577->541 578->577 579->580 580->541 593 6a0fe02-6a0fe1d 582->593 594 6a0fdec-6a0fdf2 582->594 585->508 600 6a0fcb7 586->600 601 6a0fcbc 586->601 597 6a0fd14 588->597 596 6a0fd07 589->596 593->540 593->582 598 6a0fdf4 594->598 599 6a0fdf6-6a0fdf8 594->599 596->541 597->541 598->593 599->593 600->601 601->585 604->538 605->538
        Memory Dump Source
        • Source File: 00000000.00000002.3330689694.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_6a00000_SecuriteInfo.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 511e677789927b9aa689b4489d3a12cd3f0fa998e3404436c3692d10468555e1
        • Instruction ID: 803033d058b0b5cacf7617f92871acf59ea17465b608d6b041aac477be3f511b
        • Opcode Fuzzy Hash: 511e677789927b9aa689b4489d3a12cd3f0fa998e3404436c3692d10468555e1
        • Instruction Fuzzy Hash: CFF15C30E00209CFEB64EFA9D944B9DBBF1BF89314F158159E905AF2A5DB70A945CF80
        Uniqueness

        Uniqueness Score: -1.00%

        Function 06D44DF0 Relevance: .6, Instructions: 635COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.3330851306.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_6d40000_SecuriteInfo.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 476892986b0c5c306595e5640db050757d489faffd3c34055a612ba0103fadbf
        • Instruction ID: 3ece2485dac22aa74cefaa79e3b67b6ed68bc6e2f5f84bd205939e3f361ddcb7
        • Opcode Fuzzy Hash: 476892986b0c5c306595e5640db050757d489faffd3c34055a612ba0103fadbf
        • Instruction Fuzzy Hash: F4525B3590061ACFDB61EF64C844AE9B7B1FF49304F1485D9E549AB261EB71EE81CF80
        Uniqueness

        Uniqueness Score: -1.00%

        Function 06A05BD4 Relevance: .4, Instructions: 434COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.3330689694.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_6a00000_SecuriteInfo.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 6b70771ebe3e8a2b354016f99ba81636572792e897341a2940c08f7d1e0fd3d4
        • Instruction ID: cb95b582f7eeaf0bba9d02c65c6b6782542e646c9dc82aa7a0b97f723d219d4d
        • Opcode Fuzzy Hash: 6b70771ebe3e8a2b354016f99ba81636572792e897341a2940c08f7d1e0fd3d4
        • Instruction Fuzzy Hash: EE12F334A50218CFDB04EFA4C994E9DB7B2FF8A304F1181A9D50AAB365DB30AD85CF00
        Uniqueness

        Uniqueness Score: -1.00%

        Function 06A06438 Relevance: .4, Instructions: 431COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.3330689694.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_6a00000_SecuriteInfo.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 53b4a3aa7830e393649bd4438386abcaf06b38a1e037d1ac3819b8b93b97f7ea
        • Instruction ID: 496b5fcb05a55b4ba61d9f1dad82e1d6df3d5fe1d4c1dfc89180311c51605489
        • Opcode Fuzzy Hash: 53b4a3aa7830e393649bd4438386abcaf06b38a1e037d1ac3819b8b93b97f7ea
        • Instruction Fuzzy Hash: 9312E234A50218CFDB04EFB4C994A9DB7B2FF8A304F1181A9D50AAB365DB71A985CF10
        Uniqueness

        Uniqueness Score: -1.00%

        Function 06A05DA8 Relevance: .4, Instructions: 351COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.3330689694.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_6a00000_SecuriteInfo.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 9f8298ae59288544fae6a5375058d3297da2623978e6371aa1658efa5036542a
        • Instruction ID: de11e1851e3e008f88569c15347cfebd03630d3a32732c5ebe6e723c1037e1c1
        • Opcode Fuzzy Hash: 9f8298ae59288544fae6a5375058d3297da2623978e6371aa1658efa5036542a
        • Instruction Fuzzy Hash: 5EF1E474A01218CFDB54EFA4D998B9DBBB1FF4A305F1040A9D40AAB3A5DB31AD85CF10
        Uniqueness

        Uniqueness Score: -1.00%

        Function 06A05D99 Relevance: .3, Instructions: 328COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.3330689694.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_6a00000_SecuriteInfo.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 64ad5b6193759de1eab7329a1a613452de27f39b3c7be8e99fb12e9cd1570b4c
        • Instruction ID: d36b61e3bab19710237d04effc9b5827b58607fe52d47cdb66c309243b4cde42
        • Opcode Fuzzy Hash: 64ad5b6193759de1eab7329a1a613452de27f39b3c7be8e99fb12e9cd1570b4c
        • Instruction Fuzzy Hash: 28F1D674A01218CFDB54EFA4D998B9DBBB1FF4A305F1041A9D409AB3A5DB31AD85CF10
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00B47540 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
        Download Yara Rule

        Control-flow Graph

        APIs
        • GetCurrentProcess.KERNEL32 ref: 00B475BE
        • GetCurrentThread.KERNEL32 ref: 00B475FB
        • GetCurrentProcess.KERNEL32 ref: 00B47638
        • GetCurrentThreadId.KERNEL32 ref: 00B47691
        Memory Dump Source
        • Source File: 00000000.00000002.3328642722.0000000000B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_b40000_SecuriteInfo.jbxd
        Similarity
        • API ID: Current$ProcessThread
        • String ID:
        • API String ID: 2063062207-0
        • Opcode ID: c5d9eadc2fd1dc3913472bdc7fb0eeb2b2c0a2cf9c4e7b2529be282e41d58bfc
        • Instruction ID: 428ade5f828cfda0e388a44256359cfbf864d4e9111f06ad72c2a38c57d6ab5a
        • Opcode Fuzzy Hash: c5d9eadc2fd1dc3913472bdc7fb0eeb2b2c0a2cf9c4e7b2529be282e41d58bfc
        • Instruction Fuzzy Hash: 295144B090074ACFDB14DFA9D548B9EBBF1EF88314F208459E009A7360DB74A944CF65
        Uniqueness

        Uniqueness Score: -1.00%

        Function 06A083E2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 71threadCOMMON
        Download Yara Rule

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 191 6a083e2-6a08483 GetCurrentThreadId 195 6a08485-6a0848b 191->195 196 6a0848c-6a084bb call 6a07bfc 191->196 195->196 200 6a084c0-6a084cd 196->200
        APIs
        • GetCurrentThreadId.KERNEL32 ref: 06A08472
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3330689694.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_6a00000_SecuriteInfo.jbxd
        Similarity
        • API ID: CurrentThread
        • String ID: K
        • API String ID: 2882836952-392817484
        • Opcode ID: 60407e9fa5d906570f65bff58927f2eb8fa305f459fa6cc80fc8b16db6dbf821
        • Instruction ID: 6206702dc60b75b821ddbf40d20ea6a2fd6203ac61ae69153f6329195182873e
        • Opcode Fuzzy Hash: 60407e9fa5d906570f65bff58927f2eb8fa305f459fa6cc80fc8b16db6dbf821
        • Instruction Fuzzy Hash: 3C3147B090024A8FDB40DF99D884ADEFFB0FF49314F14855AE419AB352C375A944CFA1
        Uniqueness

        Uniqueness Score: -1.00%

        Function 06A083F0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63threadCOMMON
        Download Yara Rule

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 201 6a083f0-6a08483 GetCurrentThreadId 205 6a08485-6a0848b 201->205 206 6a0848c-6a084bb call 6a07bfc 201->206 205->206 210 6a084c0-6a084cd 206->210
        APIs
        • GetCurrentThreadId.KERNEL32 ref: 06A08472
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3330689694.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_6a00000_SecuriteInfo.jbxd
        Similarity
        • API ID: CurrentThread
        • String ID: K
        • API String ID: 2882836952-392817484
        • Opcode ID: 1e8bb9418d41629e7d138e53ab25adab31318fdb79133b49ad79e2a81d3f6ecf
        • Instruction ID: 3b222d00e1da26b469410e187e24e738cf79f62a2e628410dd0cc68cb42f8fd6
        • Opcode Fuzzy Hash: 1e8bb9418d41629e7d138e53ab25adab31318fdb79133b49ad79e2a81d3f6ecf
        • Instruction Fuzzy Hash: DA2133B090024ACFDB40EF99E884A9EFFF0FB48314F148519E419AB352C779A944CFA5
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00B4D4C8 Relevance: 1.7, APIs: 1, Instructions: 203COMMON
        Download Yara Rule

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 606 b4d4c8-b4d4e7 607 b4d513-b4d517 606->607 608 b4d4e9-b4d4f6 call b4c374 606->608 610 b4d519-b4d523 607->610 611 b4d52b-b4d56c 607->611 615 b4d50c 608->615 616 b4d4f8 608->616 610->611 617 b4d56e-b4d576 611->617 618 b4d579-b4d587 611->618 615->607 663 b4d4fe call b4d770 616->663 664 b4d4fe call b4d761 616->664 617->618 619 b4d589-b4d58e 618->619 620 b4d5ab-b4d5ad 618->620 622 b4d590-b4d597 call b4c380 619->622 623 b4d599 619->623 625 b4d5b0-b4d5b7 620->625 621 b4d504-b4d506 621->615 624 b4d648-b4d708 621->624 629 b4d59b-b4d5a9 622->629 623->629 656 b4d710-b4d73b GetModuleHandleW 624->656 657 b4d70a-b4d70d 624->657 626 b4d5c4-b4d5cb 625->626 627 b4d5b9-b4d5c1 625->627 630 b4d5cd-b4d5d5 626->630 631 b4d5d8-b4d5e1 call b4c390 626->631 627->626 629->625 630->631 637 b4d5e3-b4d5eb 631->637 638 b4d5ee-b4d5f3 631->638 637->638 639 b4d5f5-b4d5fc 638->639 640 b4d611-b4d615 638->640 639->640 642 b4d5fe-b4d60e call b4c148 call b4c3a0 639->642 661 b4d618 call b4da50 640->661 662 b4d618 call b4da41 640->662 642->640 643 b4d61b-b4d61e 646 b4d620-b4d63e 643->646 647 b4d641-b4d647 643->647 646->647 658 b4d744-b4d758 656->658 659 b4d73d-b4d743 656->659 657->656 659->658 661->643 662->643 663->621 664->621
        APIs
        • GetModuleHandleW.KERNELBASE(00000000), ref: 00B4D72E
        Memory Dump Source
        • Source File: 00000000.00000002.3328642722.0000000000B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_b40000_SecuriteInfo.jbxd
        Similarity
        • API ID: HandleModule
        • String ID:
        • API String ID: 4139908857-0
        • Opcode ID: 3f7d713a5d82977551e858042a1186988383ef8266478581764de6ce71474b7f
        • Instruction ID: dd2d4986f1af7c32e202d542e6750f012a04f62125e5c6cffb7a4e5afd7320ed
        • Opcode Fuzzy Hash: 3f7d713a5d82977551e858042a1186988383ef8266478581764de6ce71474b7f
        • Instruction Fuzzy Hash: A7812370A00B058FD764DF69C44575ABBF1FF88304F00896EE48ADBA50DB75E949CB91
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00B4FAD0 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
        Download Yara Rule

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 665 b4fad0-b4fb36 666 b4fb41-b4fb48 665->666 667 b4fb38-b4fb3e 665->667 668 b4fb53-b4fbf2 CreateWindowExW 666->668 669 b4fb4a-b4fb50 666->669 667->666 671 b4fbf4-b4fbfa 668->671 672 b4fbfb-b4fc33 668->672 669->668 671->672 676 b4fc35-b4fc38 672->676 677 b4fc40 672->677 676->677
        APIs
        • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 00B4FBE2
        Memory Dump Source
        • Source File: 00000000.00000002.3328642722.0000000000B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_b40000_SecuriteInfo.jbxd
        Similarity
        • API ID: CreateWindow
        • String ID:
        • API String ID: 716092398-0
        • Opcode ID: 307f648afbe4a6e28dc36b6a3feede71f154d6addf5683aa92f9005aa073704d
        • Instruction ID: 09ea7f284e01485984bd2ba6e2e3e628da5d461bfc98f2f43602005358a5cfb2
        • Opcode Fuzzy Hash: 307f648afbe4a6e28dc36b6a3feede71f154d6addf5683aa92f9005aa073704d
        • Instruction Fuzzy Hash: 2841ADB1D00349AFDB14CF9AC884ADEBBF5FF48314F24816AE818AB211D775A945CF90
        Uniqueness

        Uniqueness Score: -1.00%

        Function 06D40040 Relevance: 1.6, APIs: 1, Instructions: 95COMMON
        Download Yara Rule

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 678 6d40040-6d40082 679 6d40094-6d40099 678->679 680 6d40084-6d4008b 678->680 682 6d40162-6d40176 679->682 683 6d4009f 679->683 680->679 681 6d4008d-6d4008f 680->681 681->682 683->682 684 6d400a6-6d400cc GetActiveWindow 683->684 685 6d40141-6d4015e 683->685 686 6d40129-6d4012e 683->686 687 6d400d5-6d40111 684->687 688 6d400ce-6d400d4 684->688 685->682 695 6d40160 685->695 689 6d40130-6d40132 686->689 690 6d4013d-6d4013f 686->690 697 6d40113-6d40119 687->697 698 6d4011a-6d40123 687->698 688->687 692 6d40139-6d4013b 689->692 690->682 692->682 692->690 695->682 697->698 698->682 699 6d40125-6d40127 698->699 699->682
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3330851306.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_6d40000_SecuriteInfo.jbxd
        Similarity
        • API ID: ActiveWindow
        • String ID:
        • API String ID: 2558294473-0
        • Opcode ID: bdcea0e54b4b3860a1bc5823801893b591a5b109cd752e821f62dde1825b5301
        • Instruction ID: 10d93a70b3b53a16d75aac0e9ce971898392ddf901a160d1897f9baf2a7ba613
        • Opcode Fuzzy Hash: bdcea0e54b4b3860a1bc5823801893b591a5b109cd752e821f62dde1825b5301
        • Instruction Fuzzy Hash: 8E31A171900745CFEBA0EFAACD457AFBBF5FF84318F148429D655A2241C7789845CB60
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00B47780 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
        Download Yara Rule

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 701 b47780-b47786 702 b47788-b4781c DuplicateHandle 701->702 703 b47825-b47842 702->703 704 b4781e-b47824 702->704 704->703
        APIs
        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00B4780F
        Memory Dump Source
        • Source File: 00000000.00000002.3328642722.0000000000B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_b40000_SecuriteInfo.jbxd
        Similarity
        • API ID: DuplicateHandle
        • String ID:
        • API String ID: 3793708945-0
        • Opcode ID: 83ef6bfb2e2149b8f7daa8556706d06e7d96be208de44e630efe4a6cb51e176d
        • Instruction ID: 106aae157485bc933700ac167c54b0ebd5fd5a08308dded4569feaec1fe2dbef
        • Opcode Fuzzy Hash: 83ef6bfb2e2149b8f7daa8556706d06e7d96be208de44e630efe4a6cb51e176d
        • Instruction Fuzzy Hash: D921D2B5900249EFDB10CFAAD984ADEFBF4FB48320F14845AE918A7310D774A950CFA5
        Uniqueness

        Uniqueness Score: -1.00%

        Function 06A07BFC Relevance: 1.6, APIs: 1, Instructions: 62threadCOMMON
        Download Yara Rule

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 712 6a07bfc-6a08522 714 6a08524-6a0852c 712->714 715 6a0852e-6a0855e EnumThreadWindows 712->715 714->715 716 6a08560-6a08566 715->716 717 6a08567-6a08594 715->717 716->717
        APIs
        • EnumThreadWindows.USER32(?,00000000,053ED49E,?,?,?,00000E20,?,?,06A084C0,035042D8,0254C094), ref: 06A08551
        Memory Dump Source
        • Source File: 00000000.00000002.3330689694.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_6a00000_SecuriteInfo.jbxd
        Similarity
        • API ID: EnumThreadWindows
        • String ID:
        • API String ID: 2941952884-0
        • Opcode ID: bc3cd2636024ddf8e52fdd8069f1245a4ccacb09b58c633511138eaf1f972726
        • Instruction ID: b753ab4038b2b68c8f8ac3b5d27ad22c3c857b0b9253f68288d4933c379f93d9
        • Opcode Fuzzy Hash: bc3cd2636024ddf8e52fdd8069f1245a4ccacb09b58c633511138eaf1f972726
        • Instruction Fuzzy Hash: 74213875D0024A9FEB50DF9AD844BEEFBF4FB88320F108429D419A7280D778A940CFA5
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00B47788 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
        Download Yara Rule

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 707 b47788-b4781c DuplicateHandle 708 b47825-b47842 707->708 709 b4781e-b47824 707->709 709->708
        APIs
        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00B4780F
        Memory Dump Source
        • Source File: 00000000.00000002.3328642722.0000000000B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_b40000_SecuriteInfo.jbxd
        Similarity
        • API ID: DuplicateHandle
        • String ID:
        • API String ID: 3793708945-0
        • Opcode ID: 80388ba5c8dbe1ef250029bf594e367cd906aaa178213939749e2828299967d8
        • Instruction ID: 0dc69f1d7eb937207474f523c63b7e50c5c5289d091838bdd67cf06e52929e0b
        • Opcode Fuzzy Hash: 80388ba5c8dbe1ef250029bf594e367cd906aaa178213939749e2828299967d8
        • Instruction Fuzzy Hash: 3A21B3B59002499FDB10CFAAD984ADEFBF4FB48320F14845AE918A3350D774A954CFA5
        Uniqueness

        Uniqueness Score: -1.00%

        Function 06A084D8 Relevance: 1.6, APIs: 1, Instructions: 61threadCOMMON
        Download Yara Rule

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 721 6a084d8-6a08522 722 6a08524-6a0852c 721->722 723 6a0852e-6a0855e EnumThreadWindows 721->723 722->723 724 6a08560-6a08566 723->724 725 6a08567-6a08594 723->725 724->725
        APIs
        • EnumThreadWindows.USER32(?,00000000,053ED49E,?,?,?,00000E20,?,?,06A084C0,035042D8,0254C094), ref: 06A08551
        Memory Dump Source
        • Source File: 00000000.00000002.3330689694.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_6a00000_SecuriteInfo.jbxd
        Similarity
        • API ID: EnumThreadWindows
        • String ID:
        • API String ID: 2941952884-0
        • Opcode ID: a4d7b372d00a0da9dc684ceb252a84a59161c190c8a0179c49e252c7acb05850
        • Instruction ID: 66d269afe85d7fca8ac6ca3bdf1e46d91e60ac4ba764716dafdd5f24602adaa6
        • Opcode Fuzzy Hash: a4d7b372d00a0da9dc684ceb252a84a59161c190c8a0179c49e252c7acb05850
        • Instruction Fuzzy Hash: AB2138B5D0020A8FEB10CFA9D845BEEFBF4FB48310F10842AD419A3250D778A940CF65
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00B4C3C8 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
        Download Yara Rule

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 729 b4c3c8-b4d990 731 b4d992-b4d995 729->731 732 b4d998-b4d9c7 LoadLibraryExW 729->732 731->732 733 b4d9d0-b4d9ed 732->733 734 b4d9c9-b4d9cf 732->734 734->733
        APIs
        • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00B4D7A9,00000800,00000000,00000000), ref: 00B4D9BA
        Memory Dump Source
        • Source File: 00000000.00000002.3328642722.0000000000B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_b40000_SecuriteInfo.jbxd
        Similarity
        • API ID: LibraryLoad
        • String ID:
        • API String ID: 1029625771-0
        • Opcode ID: 0b6f93f3beb4e8edac3d18f53f6f7c85f55c8de7406a8bda8d1df856d725ec83
        • Instruction ID: 09e2e457a83a266d559f5872793c4b44bb88a9a398efb1168d6c6ef8e79015fc
        • Opcode Fuzzy Hash: 0b6f93f3beb4e8edac3d18f53f6f7c85f55c8de7406a8bda8d1df856d725ec83
        • Instruction Fuzzy Hash: 1111D3B69003499FDB10DF9AD444B9EFBF4EB88310F10846AE519A7300C3B5A945CFA5
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00B4D948 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
        Download Yara Rule
        APIs
        • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00B4D7A9,00000800,00000000,00000000), ref: 00B4D9BA
        Memory Dump Source
        • Source File: 00000000.00000002.3328642722.0000000000B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_b40000_SecuriteInfo.jbxd
        Similarity
        • API ID: LibraryLoad
        • String ID:
        • API String ID: 1029625771-0
        • Opcode ID: d14dafb0fd2110453e06fd1cc9f98154fef909b0f2a0cda82d897016edcd5d4a
        • Instruction ID: 3491e3bd018189e582fbbccf538e23ef0f77a8321fc64bff1be5355162bddf71
        • Opcode Fuzzy Hash: d14dafb0fd2110453e06fd1cc9f98154fef909b0f2a0cda82d897016edcd5d4a
        • Instruction Fuzzy Hash: D12103B69002499FDB10CFAAD444ADEFBF4EF88310F10855ED559A7200C7B9A545CFA5
        Uniqueness

        Uniqueness Score: -1.00%

        Function 06D40320 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
        Download Yara Rule
        APIs
        • KiUserCallbackDispatcher.NTDLL(?,?,?,?), ref: 06D4038D
        Memory Dump Source
        • Source File: 00000000.00000002.3330851306.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_6d40000_SecuriteInfo.jbxd
        Similarity
        • API ID: CallbackDispatcherUser
        • String ID:
        • API String ID: 2492992576-0
        • Opcode ID: 468088024c2ce15a8114d67f9936d7d51ead535a1c9dd9838bc04ccab29b7203
        • Instruction ID: 31970b11c516cbfe32af63120881dd0f8259cfed91d747dc3f5dce5b333b16c6
        • Opcode Fuzzy Hash: 468088024c2ce15a8114d67f9936d7d51ead535a1c9dd9838bc04ccab29b7203
        • Instruction Fuzzy Hash: 1511D3B58002499FDB10DF9AD945BEEBBF4EB08310F10842AE958A3240D378A545CFA5
        Uniqueness

        Uniqueness Score: -1.00%

        Function 06D40328 Relevance: 1.6, APIs: 1, Instructions: 51COMMON
        Download Yara Rule
        APIs
        • KiUserCallbackDispatcher.NTDLL(?,?,?,?), ref: 06D4038D
        Memory Dump Source
        • Source File: 00000000.00000002.3330851306.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_6d40000_SecuriteInfo.jbxd
        Similarity
        • API ID: CallbackDispatcherUser
        • String ID:
        • API String ID: 2492992576-0
        • Opcode ID: 89d0f9aca1b93e44f388a13c145fc958580b292a84556aad24f2d5f8f853509f
        • Instruction ID: a7a83cbd70a2ec9b6fe926e7c5db56cbab7334481fe35f6d4f6f869374e0d6fc
        • Opcode Fuzzy Hash: 89d0f9aca1b93e44f388a13c145fc958580b292a84556aad24f2d5f8f853509f
        • Instruction Fuzzy Hash: 9F11C3B58003499FDB10DF9AD944BDEFBF8EB48324F10842AE958A3241D378A944CFA5
        Uniqueness

        Uniqueness Score: -1.00%

        Function 06A006C0 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
        Download Yara Rule
        APIs
        • SendMessageW.USER32(?,?,?,?), ref: 06A00725
        Memory Dump Source
        • Source File: 00000000.00000002.3330689694.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_6a00000_SecuriteInfo.jbxd
        Similarity
        • API ID: MessageSend
        • String ID:
        • API String ID: 3850602802-0
        • Opcode ID: c97a33ce72bfb7399d19fc2f6472f4e899440314d86e44f658235b9412ba911e
        • Instruction ID: b5c57f2f2ce6541738f2601ddf4bbe358e2f3ef18565cf9242d024caf8bd9ecd
        • Opcode Fuzzy Hash: c97a33ce72bfb7399d19fc2f6472f4e899440314d86e44f658235b9412ba911e
        • Instruction Fuzzy Hash: 581122BA800749DFDB10CF99D985BDEFBF4EB08324F20844AD518A7600C379A544CFA0
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00B4D6C8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
        Download Yara Rule
        APIs
        • GetModuleHandleW.KERNELBASE(00000000), ref: 00B4D72E
        Memory Dump Source
        • Source File: 00000000.00000002.3328642722.0000000000B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_b40000_SecuriteInfo.jbxd
        Similarity
        • API ID: HandleModule
        • String ID:
        • API String ID: 4139908857-0
        • Opcode ID: 8f9225825bfbb204f13fbbbe79fe534de89e5894929880fda8bd9072a89bb112
        • Instruction ID: 419af29a1ca8859f9695dcb0642317f66e62ea71c95b4be1566bd734fd557974
        • Opcode Fuzzy Hash: 8f9225825bfbb204f13fbbbe79fe534de89e5894929880fda8bd9072a89bb112
        • Instruction Fuzzy Hash: 3411D2B6D007498FDB10CF9AD444B9EFBF5EF88324F10845AD419A7210D3B5A945CFA1
        Uniqueness

        Uniqueness Score: -1.00%

        Function 06A05D88 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
        Download Yara Rule
        APIs
        • OleInitialize.OLE32(00000000), ref: 06A08005
        Memory Dump Source
        • Source File: 00000000.00000002.3330689694.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_6a00000_SecuriteInfo.jbxd
        Similarity
        • API ID: Initialize
        • String ID:
        • API String ID: 2538663250-0
        • Opcode ID: 2e66fe8440cecb90b3a2643d81cf1183ea9da52f28285d8c0427caadff93f4ef
        • Instruction ID: ea5127177464d9407206490b1050d6eba280426af314a0ab65737534e6e49b9a
        • Opcode Fuzzy Hash: 2e66fe8440cecb90b3a2643d81cf1183ea9da52f28285d8c0427caadff93f4ef
        • Instruction Fuzzy Hash: FF1145B1804349CFDB20DF9AD444B9EFBF4EB48324F208459E519A7340D379A940CFA4
        Uniqueness

        Uniqueness Score: -1.00%

        Function 06D407F8 Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3330851306.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_6d40000_SecuriteInfo.jbxd
        Similarity
        • API ID: DispatchMessage
        • String ID:
        • API String ID: 2061451462-0
        • Opcode ID: a7434b9b6923ef35e513122a68002072995ea7769125925b9b706b310f78b4fd
        • Instruction ID: 4b13bca259a09da0d31eb3c323ca9a6ff10cfb201f933c65f809fa15d04664e8
        • Opcode Fuzzy Hash: a7434b9b6923ef35e513122a68002072995ea7769125925b9b706b310f78b4fd
        • Instruction Fuzzy Hash: EC11FEB5C00649CFDB10EFAAD944BDEFBF4EB48324F10842AD529A3211D378A544CFA5
        Uniqueness

        Uniqueness Score: -1.00%

        Function 06D49A71 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3330851306.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_6d40000_SecuriteInfo.jbxd
        Similarity
        • API ID: DispatchMessage
        • String ID:
        • API String ID: 2061451462-0
        • Opcode ID: 4f79e9d7d520f347f9e9acb03b761a4b077e0280960cf4b1cc7efeab83ba7061
        • Instruction ID: 30d95cfe3db951e7c3d2767fc44614f3cfa1065dc2d26670bba09d9da6875e79
        • Opcode Fuzzy Hash: 4f79e9d7d520f347f9e9acb03b761a4b077e0280960cf4b1cc7efeab83ba7061
        • Instruction Fuzzy Hash: 1411EDB5C006498FDB14DF9AD545BDEFBF4EB48324F10842AD428A7210D378A545CFA5
        Uniqueness

        Uniqueness Score: -1.00%

        Function 06A006C8 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
        Download Yara Rule
        APIs
        • SendMessageW.USER32(?,?,?,?), ref: 06A00725
        Memory Dump Source
        • Source File: 00000000.00000002.3330689694.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_6a00000_SecuriteInfo.jbxd
        Similarity
        • API ID: MessageSend
        • String ID:
        • API String ID: 3850602802-0
        • Opcode ID: 31ac7723642167cbd4e5726859cb4f1efd9af037f8953ccde851134f1e7ddcbb
        • Instruction ID: a07cb4bfd07a40d48470e244b23b35d0f2024efe65deb349f5a9711f4c90dba1
        • Opcode Fuzzy Hash: 31ac7723642167cbd4e5726859cb4f1efd9af037f8953ccde851134f1e7ddcbb
        • Instruction Fuzzy Hash: 0E1103B5800349DFDB10DF9AD984BDEFBF8EB48324F108419E518A7240C379A544CFA1
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00B4FD18 Relevance: 1.5, APIs: 1, Instructions: 44COMMON
        Download Yara Rule
        APIs
        • SetWindowLongW.USER32(?,?,?), ref: 00B4FD75
        Memory Dump Source
        • Source File: 00000000.00000002.3328642722.0000000000B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_b40000_SecuriteInfo.jbxd
        Similarity
        • API ID: LongWindow
        • String ID:
        • API String ID: 1378638983-0
        • Opcode ID: 2932175394f5af2099cf1e9e860b2d994d4511f336ae2869e199c742267030e1
        • Instruction ID: a17f54aa9d7385fb194e366c604c73dcc36deaa127990f8f93cb3f945d951995
        • Opcode Fuzzy Hash: 2932175394f5af2099cf1e9e860b2d994d4511f336ae2869e199c742267030e1
        • Instruction Fuzzy Hash: 0211D3B58003499FDB10DF9AD585BDEFBF8EB48324F20845AD958A7340C3B5A944CFA5
        Uniqueness

        Uniqueness Score: -1.00%

        Function 06D49A78 Relevance: 1.5, APIs: 1, Instructions: 43windowCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3330851306.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_6d40000_SecuriteInfo.jbxd
        Similarity
        • API ID: DispatchMessage
        • String ID:
        • API String ID: 2061451462-0
        • Opcode ID: 071b4446098fab89c977c2fdcdad02a118775b812a09a61d5bfbce707eca2d34
        • Instruction ID: 01cd61d75272c27e6a453238d4f7c1181e3a27d6e60be8b77a98ff9fb4cdc3a1
        • Opcode Fuzzy Hash: 071b4446098fab89c977c2fdcdad02a118775b812a09a61d5bfbce707eca2d34
        • Instruction Fuzzy Hash: 6A11CEB5C046498FDB10DF9AD544B9EFBF4EF48324F10851AD518A7210D378A544CFA5
        Uniqueness

        Uniqueness Score: -1.00%

        Function 06D40800 Relevance: 1.5, APIs: 1, Instructions: 43windowCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.3330851306.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_6d40000_SecuriteInfo.jbxd
        Similarity
        • API ID: DispatchMessage
        • String ID:
        • API String ID: 2061451462-0
        • Opcode ID: 4f54e8c80455f6e5f3fa85a772438d881f8f42f99b9fec432602f940ac8b228a
        • Instruction ID: 76c866b5ec20d36addc0c4d7f829fdb5f8a385daf4a897f62575a3c608648ae1
        • Opcode Fuzzy Hash: 4f54e8c80455f6e5f3fa85a772438d881f8f42f99b9fec432602f940ac8b228a
        • Instruction Fuzzy Hash: 6A11CEB5C046498FDB10DF9AD944B9EFBF4EB48324F10842AD528A3211D378A544CFA5
        Uniqueness

        Uniqueness Score: -1.00%

        Function 06A07FA9 Relevance: 1.5, APIs: 1, Instructions: 42comCOMMON
        Download Yara Rule
        APIs
        • OleInitialize.OLE32(00000000), ref: 06A08005
        Memory Dump Source
        • Source File: 00000000.00000002.3330689694.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_6a00000_SecuriteInfo.jbxd
        Similarity
        • API ID: Initialize
        • String ID:
        • API String ID: 2538663250-0
        • Opcode ID: f78f40ad490d8a3983bb9fb5ff830f6a654253f94189c99b79a0097ee952052a
        • Instruction ID: 1cb4553c675016733c837ae8dde61d1c49ee04ba07b903e120077b446236d915
        • Opcode Fuzzy Hash: f78f40ad490d8a3983bb9fb5ff830f6a654253f94189c99b79a0097ee952052a
        • Instruction Fuzzy Hash: C2111EB5800349CFDB20DF9AD588B8EFBF4EB48324F24845AE519A7350D379A544CFA5
        Uniqueness

        Uniqueness Score: -1.00%

        Function 008AD3EC Relevance: .1, Instructions: 75COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.3328029926.00000000008AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 008AD000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_8ad000_SecuriteInfo.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: c33196b2526231eae174aa92f1bc32f4a3bd45c9262fd2cdd222c3157edc2dab
        • Instruction ID: 29537ecafc8e4792560b57604ccc87ad46c3a6d30dcbeef17422d0a2cbe5c548
        • Opcode Fuzzy Hash: c33196b2526231eae174aa92f1bc32f4a3bd45c9262fd2cdd222c3157edc2dab
        • Instruction Fuzzy Hash: 7A212B76505304DFEB04DF14D5C0B26BF65FB98314F20C569D90ACBA56C336E856CBA1
        Uniqueness

        Uniqueness Score: -1.00%

        Function 008BD01C Relevance: .1, Instructions: 72COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.3328111609.00000000008BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 008BD000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_8bd000_SecuriteInfo.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 9daba7b547bed763118fef302b76cb936e08da03eef11ef40cc5456bb57c7584
        • Instruction ID: 99dccf988bbc6aad3e4fe5ed0ad3908d07b7d535857b44e943f5d7df06eb41a8
        • Opcode Fuzzy Hash: 9daba7b547bed763118fef302b76cb936e08da03eef11ef40cc5456bb57c7584
        • Instruction Fuzzy Hash: C0212275604B04EFCB14EF14D9C0B66BB61FB88318F20C56DD90A8B392D37AD807CA61
        Uniqueness

        Uniqueness Score: -1.00%

        Function 008BD1D4 Relevance: .1, Instructions: 72COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.3328111609.00000000008BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 008BD000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_8bd000_SecuriteInfo.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 01f3df79a1579c86bea735ab9a1102fc378463cea192adee7652354251bcd6d7
        • Instruction ID: c0df67e47656b209609ed0f718bcf96b8de6f30f104f46ebba06f2368057e1c7
        • Opcode Fuzzy Hash: 01f3df79a1579c86bea735ab9a1102fc378463cea192adee7652354251bcd6d7
        • Instruction Fuzzy Hash: B4212275504384FFDB04DF14D9C0B66BBA1FB84318F20C56DE9098B392D37AE806CA61
        Uniqueness

        Uniqueness Score: -1.00%

        Function 008BD006 Relevance: .1, Instructions: 63COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.3328111609.00000000008BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 008BD000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_8bd000_SecuriteInfo.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 378bd47a42572c8760d6ae940a6d40e8a2ff3fd0d00e729c9dceebe02b7f292e
        • Instruction ID: 3512c07090556b786db9a82f184a68ed50224a0dbcf87bc1e878f220475cc5cf
        • Opcode Fuzzy Hash: 378bd47a42572c8760d6ae940a6d40e8a2ff3fd0d00e729c9dceebe02b7f292e
        • Instruction Fuzzy Hash: 51217F755087809FCB02DF14D994B11BFB1FB46314F28C5EAD8498B2A7D33A981ACB62
        Uniqueness

        Uniqueness Score: -1.00%

        Function 008AD3E7 Relevance: .1, Instructions: 56COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.3328029926.00000000008AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 008AD000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_8ad000_SecuriteInfo.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
        • Instruction ID: 2a8d4e7b1db9aaadec594066fc79454f4bb49ae082f23665f109e20df7dfe080
        • Opcode Fuzzy Hash: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
        • Instruction Fuzzy Hash: C3110376404380CFDB01CF00D5C0B16BF72FB98324F24C5A9D8098BA56C33AE856CBA1
        Uniqueness

        Uniqueness Score: -1.00%

        Function 008BD1CF Relevance: .1, Instructions: 53COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.3328111609.00000000008BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 008BD000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_8bd000_SecuriteInfo.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
        • Instruction ID: 8a25fc423401100abe8f039b8d593927245578f261d7243da257dece92db30fc
        • Opcode Fuzzy Hash: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
        • Instruction Fuzzy Hash: 88118B75504384EFCB15CF10D5C4B55BFA2FB84314F24C6A9D8498B7A6D33AE84ACB61
        Uniqueness

        Uniqueness Score: -1.00%

        Function 008AD667 Relevance: .0, Instructions: 37COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.3328029926.00000000008AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 008AD000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_8ad000_SecuriteInfo.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: b8b2bca898515ccb05ad189a6295f4b865cd6833439c9d03d41ae88270257120
        • Instruction ID: eff0916a1ed8ec6050c9f1f7cdd9a55e6c0dc377a3b054faf2a37b209badd142
        • Opcode Fuzzy Hash: b8b2bca898515ccb05ad189a6295f4b865cd6833439c9d03d41ae88270257120
        • Instruction Fuzzy Hash: 4DF0F976200604AF9720DF0AD984C23FBBDFFD5774715C55AE84A8BB12C671EC42CAA0
        Uniqueness

        Uniqueness Score: -1.00%

        Function 008AD658 Relevance: .0, Instructions: 35COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.3328029926.00000000008AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 008AD000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_8ad000_SecuriteInfo.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 435c631879d1a760962404bc2f06e337ce99e578647ffebcbbe8c0314648639b
        • Instruction ID: d6f5d11606e9c18f37acb45aaf71cc9ef69064e6a7d71439c81f76a0e1b659d8
        • Opcode Fuzzy Hash: 435c631879d1a760962404bc2f06e337ce99e578647ffebcbbe8c0314648639b
        • Instruction Fuzzy Hash: 05F04475104784AFD315CF05C984C23BFB9FF867607198489E88A8B752C671FC42CBA0
        Uniqueness

        Uniqueness Score: -1.00%

        Non-executed Functions

        Function 06D4A5F8 Relevance: 7.6, APIs: 5, Instructions: 119keyboardCOMMON
        Download Yara Rule
        APIs
        • GetKeyState.USER32(00000001), ref: 06D4A655
        • GetKeyState.USER32(00000002), ref: 06D4A69A
        • GetKeyState.USER32(00000004), ref: 06D4A6DF
        • GetKeyState.USER32(00000005), ref: 06D4A724
        • GetKeyState.USER32(00000006), ref: 06D4A769
        Memory Dump Source
        • Source File: 00000000.00000002.3330851306.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_6d40000_SecuriteInfo.jbxd
        Similarity
        • API ID: State
        • String ID:
        • API String ID: 1649606143-0
        • Opcode ID: 15b96d22bc3ee80c007bdfc86f2fb68a2c360574edb433c1da8bc110e509b3e4
        • Instruction ID: 16b4e8fa4d934ec85f4511239cd8536d4da886de4b7479f75724ac103c675131
        • Opcode Fuzzy Hash: 15b96d22bc3ee80c007bdfc86f2fb68a2c360574edb433c1da8bc110e509b3e4
        • Instruction Fuzzy Hash: AC41B471C01786CFEB51DF59C9487AFBFF4AB45308F24804AD458A7254C7B89645CBA2
        Uniqueness

        Uniqueness Score: -1.00%

        Function 06D45CB0 Relevance: 1.9, Strings: 1, Instructions: 693COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3330851306.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_6d40000_SecuriteInfo.jbxd
        Similarity
        • API ID:
        • String ID: fff?
        • API String ID: 0-4136771917
        • Opcode ID: bdd6b867849c25bf21111443b153f9692e68590d23e3f499ce55f8c96c92b1f7
        • Instruction ID: 774bc23aaf8dfb16e93004997c427c219f3ec7652f76fcc78ab8ca998a0b18f9
        • Opcode Fuzzy Hash: bdd6b867849c25bf21111443b153f9692e68590d23e3f499ce55f8c96c92b1f7
        • Instruction Fuzzy Hash: 85626B3280061ADFCF11DF50C984AD9B7B2FF9A300F1586D5E9096B125EB71AAD5CF80
        Uniqueness

        Uniqueness Score: -1.00%

        Function 06D45BE4 Relevance: 1.8, Strings: 1, Instructions: 545COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3330851306.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_6d40000_SecuriteInfo.jbxd
        Similarity
        • API ID:
        • String ID: fff?
        • API String ID: 0-4136771917
        • Opcode ID: d289c6e11858716f643e630e6844faa2a570f9b1206a9dd36c4b171c3353f20d
        • Instruction ID: ad2dc87c30bfeeb5972d514a54ef3e37030927d7369aa952316e91d92788ed5d
        • Opcode Fuzzy Hash: d289c6e11858716f643e630e6844faa2a570f9b1206a9dd36c4b171c3353f20d
        • Instruction Fuzzy Hash: 7F129C36800649DFCF11DF50C984AE9BBB2FF49304F158195E9096F266EB72AE95CF80
        Uniqueness

        Uniqueness Score: -1.00%

        Function 06D41E60 Relevance: 1.5, Strings: 1, Instructions: 263COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.3330851306.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_6d40000_SecuriteInfo.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID: 0-3916222277
        • Opcode ID: 0c30a10e57968ce54a78fa9d14c7450e89fd2c860d4f33082ab9d6197f74f03e
        • Instruction ID: a9bfdd958c167407d75240428f5b72261975488ef732206c3874a3383ddf1bff
        • Opcode Fuzzy Hash: 0c30a10e57968ce54a78fa9d14c7450e89fd2c860d4f33082ab9d6197f74f03e
        • Instruction Fuzzy Hash: C1917D71E002159FEB58EF69D854AAFBAF6FFC8300F108529E805E7250DB359D46CBA1
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00B4DBD0 Relevance: .5, Instructions: 527COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.3328642722.0000000000B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_b40000_SecuriteInfo.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 8c2ad11f2eb119412e18747dace8e0eac02a70d3cf2d00abbe2bd6d444e8f460
        • Instruction ID: 433f374d258e513754f59d38cb9cf67fbe77c4624e00f8c73e354064d93870be
        • Opcode Fuzzy Hash: 8c2ad11f2eb119412e18747dace8e0eac02a70d3cf2d00abbe2bd6d444e8f460
        • Instruction Fuzzy Hash: 335205B0500B468FD724CF28EC88D9A7BB1FB58314F914269D5626B2B1DBB475CACF84
        Uniqueness

        Uniqueness Score: -1.00%

        Function 06A01B04 Relevance: .4, Instructions: 444COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.3330689694.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_6a00000_SecuriteInfo.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 96380b846fc9987fe5c52c0afbaf456f4ac034ff4960486703e3efb851084561
        • Instruction ID: 419d4f9af723f7b6042526442902c934158f772fff17786e7d6da27e3e8f88ac
        • Opcode Fuzzy Hash: 96380b846fc9987fe5c52c0afbaf456f4ac034ff4960486703e3efb851084561
        • Instruction Fuzzy Hash: 32F15F347106118FFB95BB38E998B6E73A6AF85704F154469D8068B3E6DF34ED02C781
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00B4C1B8 Relevance: .3, Instructions: 264COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.3328642722.0000000000B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_b40000_SecuriteInfo.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 47fb2ccb345f4acddcd31871f96f36394ed2e02f69547912b1766c80c03a1a24
        • Instruction ID: b58f5b9d72f95f565a624ba10d6316c9b4e81505b1ceb976a985c17e5f22c840
        • Opcode Fuzzy Hash: 47fb2ccb345f4acddcd31871f96f36394ed2e02f69547912b1766c80c03a1a24
        • Instruction Fuzzy Hash: E0A15E32E012158FCF45DFB5C88499EBBF2FF85700B1581AAE805AB265DB71EA15DB80
        Uniqueness

        Uniqueness Score: -1.00%