Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
NUtec_FS01_2024-04-19_07_41_35.191.zip

Overview

General Information

Sample name:NUtec_FS01_2024-04-19_07_41_35.191.zip
Analysis ID:1428600
MD5:096a94e8624bd59442405da29b2d0147
SHA1:cbe3554a694025f725032b7736c5049794d3fb59
SHA256:85c489dc78c95b2f19a534ab593412a9f5f0a5fa22e207f33db7d047d7049779
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

Allocates memory with a write watch (potentially for evading sandboxes)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
May sleep (evasive loops) to hinder dynamic analysis

Classification

Analysis Advice

Sample monitors window changes (e.g. starting applications), analyze the sample with the 'Simulates keyboard and window changes' cookbook
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior

Process Tree

  • System is w10x64
  • unarchiver.exe (PID: 3724 cmdline: "C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Desktop\NUtec_FS01_2024-04-19_07_41_35.191.zip" MD5: 16FF3CC6CC330A08EED70CBC1D35F5D2)
    • 7za.exe (PID: 6500 cmdline: "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\ysvq5c1x.zkp" "C:\Users\user\Desktop\NUtec_FS01_2024-04-19_07_41_35.191.zip" MD5: 77E556CDFDC5C592F5C46DB4127C6F4C)
      • conhost.exe (PID: 5264 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Windows\SysWOW64\unarchiver.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeCode function: 0_2_00C8247C0_2_00C8247C
Source: C:\Windows\SysWOW64\unarchiver.exeCode function: 0_2_00C8253D0_2_00C8253D
Source: classification engineClassification label: clean2.winZIP@4/1@0/0
Source: C:\Windows\SysWOW64\unarchiver.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5264:120:WilError_03
Source: C:\Windows\SysWOW64\unarchiver.exeFile created: C:\Users\user\AppData\Local\Temp\unarchiver.logJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Windows\SysWOW64\unarchiver.exe "C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Desktop\NUtec_FS01_2024-04-19_07_41_35.191.zip"
Source: C:\Windows\SysWOW64\unarchiver.exeProcess created: C:\Windows\SysWOW64\7za.exe "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\ysvq5c1x.zkp" "C:\Users\user\Desktop\NUtec_FS01_2024-04-19_07_41_35.191.zip"
Source: C:\Windows\SysWOW64\7za.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\unarchiver.exeProcess created: C:\Windows\SysWOW64\7za.exe "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\ysvq5c1x.zkp" "C:\Users\user\Desktop\NUtec_FS01_2024-04-19_07_41_35.191.zip"Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\SysWOW64\7za.exeSection loaded: 7z.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeFile opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dllJump to behavior
Source: NUtec_FS01_2024-04-19_07_41_35.191.zipStatic file information: File size 3515136 > 1048576
Source: C:\Windows\SysWOW64\unarchiver.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeMemory allocated: D40000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeMemory allocated: 2DD0000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeMemory allocated: 1160000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeWindow / User API: threadDelayed 495Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeWindow / User API: threadDelayed 9476Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe TID: 3436Thread sleep count: 495 > 30Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe TID: 3436Thread sleep time: -247500s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe TID: 3436Thread sleep count: 9476 > 30Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe TID: 3436Thread sleep time: -4738000s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeCode function: 0_2_00C8B1D6 GetSystemInfo,0_2_00C8B1D6
Source: C:\Windows\SysWOW64\unarchiver.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess created: C:\Windows\SysWOW64\7za.exe "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\ysvq5c1x.zkp" "C:\Users\user\Desktop\NUtec_FS01_2024-04-19_07_41_35.191.zip"Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		11
Process Injection		2
Virtualization/Sandbox Evasion		OS Credential Dumping2
Virtualization/Sandbox Evasion		Remote Services1
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Disable or Modify Tools		LSASS Memory1
Application Window Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
Process Injection		Security Account Manager3
System Information Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1428600 Sample: NUtec_FS01_2024-04-19_07_41... Startdate: 19/04/2024 Architecture: WINDOWS Score: 2 6 unarchiver.exe 4 2->6         started        process3 8 7za.exe 13 6->8         started        process4 10 conhost.exe 8->10         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1428600
Start date and time:2024-04-19 09:50:14 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 6m 10s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:6
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:NUtec_FS01_2024-04-19_07_41_35.191.zip
Detection:CLEAN
Classification:clean2.winZIP@4/1@0/0
EGA Information:
  • Successful, ratio: 100%
HCA Information:
  • Successful, ratio: 100%
  • Number of executed functions: 48
  • Number of non-executed functions: 2
Cookbook Comments:
  • Found application associated with file extension: .zip
  • Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

  • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
  • Not all processes where analyzed, report is missing behavior information
  • Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

TimeTypeDescription
09:51:42API Interceptor4393015x Sleep call for process: unarchiver.exe modified

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Temp\unarchiver.log

Download File
Process:C:\Windows\SysWOW64\unarchiver.exe
File Type:ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):3786
Entropy (8bit):5.057120142080029
Encrypted:false
SSDEEP:48:5lflTy1VGMVGbMVGMVGpaVGjmVBVGMVGp3flTVGMVGBBVGqVGMVGbOVGCflTVG05:XtbmVGtzAt287kPvMHkhe
MD5:5C59D5154111AA38BEC07AC84D3D7234
SHA1:E2BBD5BA1FEBEBE9A50D50E1E6BF417CA631E543
SHA-256:D9AED32E9FA5577A8960FC37D59B665EE6CDA5BA7736C5CF1B69E6403D2AAB17
SHA-512:57A3C73B89B5B392B93838F14036776563347E779CC560196084EE36E3DCA85E58FDBA34FAE65DAFB11E1FA71B95547632C24417166A7D9A8A98AA242817D0F3
Malicious:false
Reputation:low
Preview:04/19/2024 9:51 AM: Unpack: C:\Users\user\Desktop\NUtec_FS01_2024-04-19_07_41_35.191.zip..04/19/2024 9:51 AM: Tmp dir: C:\Users\user\AppData\Local\Temp\ysvq5c1x.zkp..04/19/2024 9:51 AM: Received from standard out: ..04/19/2024 9:51 AM: Received from standard out: 7-Zip 18.05 (x86) : Copyright (c) 1999-2018 Igor Pavlov : 2018-04-30..04/19/2024 9:51 AM: Received from standard out: ..04/19/2024 9:51 AM: Received from standard out: Scanning the drive for archives:..04/19/2024 9:51 AM: Received from standard out: 1 file, 3515136 bytes (3433 KiB)..04/19/2024 9:51 AM: Received from standard out: ..04/19/2024 9:51 AM: Received from standard out: Extracting archive: C:\Users\user\Desktop\NUtec_FS01_2024-04-19_07_41_35.191.zip..04/19/2024 9:51 AM: Received from standard out: ..04/19/2024 9:51 AM: Received from standard out: WARNINGS:..04/19/2024 9:51 AM: Received from standard out: Headers Error..04/19/2024 9:51 AM: Received from standard out: ..04/19/2024 9:51 AM: Received from standard o

Static File Info

General

File type:Zip archive data, at least v4.5 to extract, compression method=deflate
Entropy (8bit):7.999952871892463
TrID:
  • ZIP compressed archive (8000/1) 100.00%
File name:NUtec_FS01_2024-04-19_07_41_35.191.zip
File size:3'515'136 bytes
MD5:096a94e8624bd59442405da29b2d0147
SHA1:cbe3554a694025f725032b7736c5049794d3fb59
SHA256:85c489dc78c95b2f19a534ab593412a9f5f0a5fa22e207f33db7d047d7049779
SHA512:790b239da1f40a4791e37c5d3cee63653b7b257d89dccf27a5481f206abc3d83ed7c1c1b2bd38eb99bbeef96a98e29b77dd0e138de353568124036605b7aa4f4
SSDEEP:98304:etbZ9byyWEhl+fkgzMhY1Au975hCpMX2lziSjJ+wrUXpmWkEr:eBWM0f90cAu9NMqX27+woXRr
TLSH:E0F5339DE5246E1DDED3BD3A00B686ED464830F4142CAFE540B87383CDEA26BBD8D654
File Content Preview:PK..-............J..5...8.}...Device/HarddiskVolume4/NUtec/R&D/Library/Manuals/iTech Axxis/Axxis iTech DVD/techsupport/DirectCut/SetupCutterDriver2.06e.exe......................]...(,..~.....-.{...rnj....:.!.......w..M......f.r./,.B...u2......,.x.......IN

File Icon

Icon Hash:90cececece8e8eb0

Network Behavior

No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

General

Target ID:0
Start time:09:51:08
Start date:19/04/2024
Path:C:\Windows\SysWOW64\unarchiver.exe
Wow64 process (32bit):true
Commandline:"C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Desktop\NUtec_FS01_2024-04-19_07_41_35.191.zip"
Imagebase:0x690000
File size:12'800 bytes
MD5 hash:16FF3CC6CC330A08EED70CBC1D35F5D2
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:false

General

Target ID:1
Start time:09:51:08
Start date:19/04/2024
Path:C:\Windows\SysWOW64\7za.exe
Wow64 process (32bit):true
Commandline:"C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\ysvq5c1x.zkp" "C:\Users\user\Desktop\NUtec_FS01_2024-04-19_07_41_35.191.zip"
Imagebase:0xe90000
File size:289'792 bytes
MD5 hash:77E556CDFDC5C592F5C46DB4127C6F4C
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:true

General

Target ID:2
Start time:09:51:09
Start date:19/04/2024
Path:C:\Windows\System32\conhost.exe
Wow64 process (32bit):false
Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:0x7ff6d64d0000
File size:862'208 bytes
MD5 hash:0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:true

Disassembly

Reset < >

    Execution Graph

    Execution Coverage:19.5%
    Dynamic/Decrypted Code Coverage:100%
    Signature Coverage:5.5%
    Total number of Nodes:73
    Total number of Limit Nodes:4
    execution_graph 1248 c8af8b 1249 c8afb2 FindClose 1248->1249 1251 c8aff3 1249->1251 1252 c8aa0b 1253 c8aa46 CreateDirectoryW 1252->1253 1255 c8aa93 1253->1255 1256 c8a78f 1258 c8a7c2 GetFileType 1256->1258 1259 c8a824 1258->1259 1178 c8a882 1181 c8a8b7 SetFilePointer 1178->1181 1180 c8a8e6 1181->1180 1260 c8ad04 1261 c8ad2a DuplicateHandle 1260->1261 1263 c8adaf 1261->1263 1189 c8aa46 1190 c8aa6c CreateDirectoryW 1189->1190 1192 c8aa93 1190->1192 1193 c8a2da 1194 c8a306 SetErrorMode 1193->1194 1196 c8a32f 1193->1196 1195 c8a31b 1194->1195 1196->1194 1228 c8a5dc 1229 c8a5fe CreateFileW 1228->1229 1231 c8a685 1229->1231 1232 c8a850 1233 c8a882 SetFilePointer 1232->1233 1235 c8a8e6 1233->1235 1236 c8a6d4 1237 c8a716 FindCloseChangeNotification 1236->1237 1239 c8a750 1237->1239 1212 c8b1d6 1213 c8b238 1212->1213 1214 c8b202 GetSystemInfo 1212->1214 1213->1214 1215 c8b210 1214->1215 1220 c8a716 1221 c8a742 FindCloseChangeNotification 1220->1221 1222 c8a781 1220->1222 1223 c8a750 1221->1223 1222->1221 1264 c8a2ae 1267 c8a2b2 SetErrorMode 1264->1267 1266 c8a31b 1267->1266 1268 c8a120 1269 c8a172 FindNextFileW 1268->1269 1271 c8a1ca 1269->1271 1182 c8a962 1185 c8a997 WriteFile 1182->1185 1184 c8a9c9 1185->1184 1186 c8abe6 1187 c8ac36 CreatePipe 1186->1187 1188 c8ac3e 1187->1188 1197 c8a5fe 1198 c8a636 CreateFileW 1197->1198 1200 c8a685 1198->1200 1240 c8a370 1241 c8a392 RegQueryValueExW 1240->1241 1243 c8a41b 1241->1243 1205 c8afb2 1206 c8afde FindClose 1205->1206 1207 c8b010 1205->1207 1208 c8aff3 1206->1208 1207->1206 1209 c8a172 1210 c8a1c2 FindNextFileW 1209->1210 1211 c8a1ca 1210->1211 1272 c8a933 1274 c8a962 WriteFile 1272->1274 1275 c8a9c9 1274->1275 1276 c8b1b4 1277 c8b1d6 GetSystemInfo 1276->1277 1279 c8b210 1277->1279 1244 c8ab76 1245 c8abe6 CreatePipe 1244->1245 1247 c8ac3e 1245->1247

    Callgraph

    • Executed
    • Not Executed
    • Opacity -> Relevance
    • Disassembly available
    callgraph 0 Function_00C8A7C2 1 Function_01150718 2 Function_00C8AADA 3 Function_00C8A2DA 4 Function_01150807 5 Function_01150606 6 Function_00C8A5DC 7 Function_01150000 8 Function_00C820D0 9 Function_0115000C 10 Function_01260C3D 11 Function_00C8A6D4 12 Function_00C8B1D6 13 Function_00C8AAE0 14 Function_00C8ABE6 15 Function_01260E08 16 Function_01260014 17 Function_00C8A5FE 18 Function_01260E10 54 Function_01260BA0 18->54 19 Function_00C821F0 20 Function_0115082E 21 Function_00C8A1F4 22 Function_00C823F4 23 Function_00C826F4 24 Function_01260E18 24->54 25 Function_00C8AF8B 26 Function_00C8AC8E 27 Function_01260C60 28 Function_00C8A78F 29 Function_00C8A882 30 Function_00C8A486 31 Function_01260068 32 Function_00C82098 33 Function_00C8A09A 34 Function_00C8B49E 35 Function_00C8B39E 36 Function_00C8A392 37 Function_00C82194 38 Function_01150648 50 Function_0115066A 38->50 39 Function_01260745 40 Function_00C8A2AE 41 Function_0115067F 42 Function_01260748 43 Function_00C823BC 44 Function_0115026D 45 Function_00C8AFB2 46 Function_00C8AEB2 47 Function_01260C5C 48 Function_00C8B1B4 49 Function_00C822B4 51 Function_012607A4 51->5 51->27 51->47 52 Function_01260CA5 51->52 51->54 58 Function_01260CA8 51->58 83 Function_01260B9D 51->83 110 Function_011505E0 51->110 53 Function_01260DA2 53->54 55 Function_00C82044 56 Function_00C8B246 57 Function_00C8AA46 59 Function_00C82458 60 Function_01150784 61 Function_00C8A45C 62 Function_00C8B15D 63 Function_012602B0 63->5 63->51 63->54 63->83 63->110 64 Function_012605B1 65 Function_01150882 66 Function_00C8A850 67 Function_00C8B351 68 Function_00C8B052 69 Function_011507B6 70 Function_00C8AC6C 71 Function_00C8A962 72 Function_00C8A462 73 Function_00C82264 74 Function_00C82364 75 Function_00C8A566 76 Function_00C8A078 77 Function_00C82B78 78 Function_011507A4 79 Function_00C8247C 80 Function_00C8A370 81 Function_00C8B470 82 Function_00C8A172 84 Function_00C8B276 85 Function_00C8AB76 86 Function_00C8AA0B 87 Function_01260DE0 87->54 88 Function_00C8A50F 89 Function_011505D2 90 Function_00C8AF00 91 Function_00C8AD04 92 Function_00C8A005 93 Function_00C8AE05 94 Function_00C82005 95 Function_00C8AB06 96 Function_00C8B01E 97 Function_011505C2 98 Function_00C82310 99 Function_00C8A716 100 Function_00C8AD2A 101 Function_00C8A02E 102 Function_012602C0 102->5 102->51 102->54 102->83 102->110 103 Function_00C8A120 104 Function_00C8B121 105 Function_00C8AF22 106 Function_00C8A23A 107 Function_00C8213C 108 Function_00C8A33D 109 Function_00C8253D 111 Function_01260DD1 112 Function_00C82430 113 Function_01260DDC 113->54 114 Function_00C8A933

    Executed Functions

    Function 00C8B1D6 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
    Download Yara Rule
    APIs
    • GetSystemInfo.KERNELBASE(?), ref: 00C8B208
    Memory Dump Source
    • Source File: 00000000.00000002.4541475768.0000000000C8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C8A000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_c8a000_unarchiver.jbxd
    Similarity
    • API ID: InfoSystem
    • String ID:
    • API String ID: 31276548-0
    • Opcode ID: 1eb738975dfe83d6525c2f7b72f550b9693c60f1b17206abc45a520bd5706cf2
    • Instruction ID: 2eb86dd489e7a5cccf36e59a1bf4c48945d5adcbfb667299fbb3ee1e49c42061
    • Opcode Fuzzy Hash: 1eb738975dfe83d6525c2f7b72f550b9693c60f1b17206abc45a520bd5706cf2
    • Instruction Fuzzy Hash: E801A2715042409FDB10DF15E989769FBE4EF05324F08C4AADD098F756D375E804CBA2
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00C8B246 Relevance: 1.6, APIs: 1, Instructions: 101COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 0 c8b246-c8b2eb 5 c8b2ed-c8b2f5 DuplicateHandle 0->5 6 c8b343-c8b348 0->6 7 c8b2fb-c8b30d 5->7 6->5 9 c8b34a-c8b34f 7->9 10 c8b30f-c8b340 7->10 9->10
    APIs
    • DuplicateHandle.KERNELBASE(?,00000E24), ref: 00C8B2F3
    Memory Dump Source
    • Source File: 00000000.00000002.4541475768.0000000000C8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C8A000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_c8a000_unarchiver.jbxd
    Similarity
    • API ID: DuplicateHandle
    • String ID:
    • API String ID: 3793708945-0
    • Opcode ID: fc4fcfcf230210ab83e67177e02e54adb778b28a57ea7f5a8a755361e8b815e1
    • Instruction ID: 6a0772dd77860ce4ab4558fe06cccc36df83b1dc9ce98b6daab8aafb51bcdce9
    • Opcode Fuzzy Hash: fc4fcfcf230210ab83e67177e02e54adb778b28a57ea7f5a8a755361e8b815e1
    • Instruction Fuzzy Hash: 0831D472504344AFE7228B65DC44FA7BFBCEF05314F0488AAE985CB562D374A919CB71
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00C8AD04 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 14 c8ad04-c8ad9f 19 c8ada1-c8ada9 DuplicateHandle 14->19 20 c8adf7-c8adfc 14->20 21 c8adaf-c8adc1 19->21 20->19 23 c8adfe-c8ae03 21->23 24 c8adc3-c8adf4 21->24 23->24
    APIs
    • DuplicateHandle.KERNELBASE(?,00000E24), ref: 00C8ADA7
    Memory Dump Source
    • Source File: 00000000.00000002.4541475768.0000000000C8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C8A000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_c8a000_unarchiver.jbxd
    Similarity
    • API ID: DuplicateHandle
    • String ID:
    • API String ID: 3793708945-0
    • Opcode ID: 66ef2d0b9b99db88c2582cabe5500ca7d5ae341ac7be579c2b3f1646192092ec
    • Instruction ID: 68d1b5ec7e4837804606c9fbcb7d6336a52da51dc00cd5793138f6a11e9edc97
    • Opcode Fuzzy Hash: 66ef2d0b9b99db88c2582cabe5500ca7d5ae341ac7be579c2b3f1646192092ec
    • Instruction Fuzzy Hash: 1631A172504384AFEB228B65DC44FA7BFACEF05314F0448AAF985CB562D274A919CB71
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00C8AB76 Relevance: 1.6, APIs: 1, Instructions: 91pipeCOMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 28 c8ab76-c8ac67 CreatePipe
    APIs
    • CreatePipe.KERNELBASE(?,00000E24,?,?), ref: 00C8AC36
    Memory Dump Source
    • Source File: 00000000.00000002.4541475768.0000000000C8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C8A000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_c8a000_unarchiver.jbxd
    Similarity
    • API ID: CreatePipe
    • String ID:
    • API String ID: 2719314638-0
    • Opcode ID: bcd57db3d4263b7941fcc63a7b11fc1ffe2c1dced069a0c331be92cda3f0dfd7
    • Instruction ID: 331c31a008121adc6b625342d98113b2bc77282ee470f1f669d08582c2b1c6bd
    • Opcode Fuzzy Hash: bcd57db3d4263b7941fcc63a7b11fc1ffe2c1dced069a0c331be92cda3f0dfd7
    • Instruction Fuzzy Hash: 2931907250E3C06FD3138B318C65A51BFB4AF47210F1A84CBD8C4CF6A3D269A819CB62
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00C8A5DC Relevance: 1.6, APIs: 1, Instructions: 90fileCOMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 33 c8a5dc-c8a656 37 c8a658 33->37 38 c8a65b-c8a667 33->38 37->38 39 c8a669 38->39 40 c8a66c-c8a675 38->40 39->40 41 c8a6c6-c8a6cb 40->41 42 c8a677-c8a69b CreateFileW 40->42 41->42 45 c8a6cd-c8a6d2 42->45 46 c8a69d-c8a6c3 42->46 45->46
    APIs
    • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 00C8A67D
    Memory Dump Source
    • Source File: 00000000.00000002.4541475768.0000000000C8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C8A000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_c8a000_unarchiver.jbxd
    Similarity
    • API ID: CreateFile
    • String ID:
    • API String ID: 823142352-0
    • Opcode ID: d76d4480dfc1c3bbacda76522a408619294f720a0947f7883cdf9e2b4cbf0713
    • Instruction ID: 12ef834a2730d4c24e463e82e6d816fd97c4e396e9b63fa2bffb7f9b7c41cd49
    • Opcode Fuzzy Hash: d76d4480dfc1c3bbacda76522a408619294f720a0947f7883cdf9e2b4cbf0713
    • Instruction Fuzzy Hash: 7931CFB1504340AFE721CF65DD44F62BBE8EF05224F0888AEE9858B662D375E918CB71
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00C8A120 Relevance: 1.6, APIs: 1, Instructions: 82fileCOMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 49 c8a120-c8a1f3 FindNextFileW
    APIs
    • FindNextFileW.KERNELBASE(?,00000E24,?,?), ref: 00C8A1C2
    Memory Dump Source
    • Source File: 00000000.00000002.4541475768.0000000000C8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C8A000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_c8a000_unarchiver.jbxd
    Similarity
    • API ID: FileFindNext
    • String ID:
    • API String ID: 2029273394-0
    • Opcode ID: 8fb680b05fe185de6687708750cae43b1eb79262c7af5c6ea1de61d4c862c3c4
    • Instruction ID: d1181bf924f24e2fcc9e4ff4bac456a41bda4f35cfd105794cfc2f2a3113d362
    • Opcode Fuzzy Hash: 8fb680b05fe185de6687708750cae43b1eb79262c7af5c6ea1de61d4c862c3c4
    • Instruction Fuzzy Hash: 9E21E27150D3C06FD3128B258C51BA6BFB4EF47614F1944CBD884CF6A3D225A91AC7A2
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00C8A370 Relevance: 1.6, APIs: 1, Instructions: 80registryCOMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 54 c8a370-c8a3cf 57 c8a3d1 54->57 58 c8a3d4-c8a3dd 54->58 57->58 59 c8a3df 58->59 60 c8a3e2-c8a3e8 58->60 59->60 61 c8a3ea 60->61 62 c8a3ed-c8a404 60->62 61->62 64 c8a43b-c8a440 62->64 65 c8a406-c8a419 RegQueryValueExW 62->65 64->65 66 c8a41b-c8a438 65->66 67 c8a442-c8a447 65->67 67->66
    APIs
    • RegQueryValueExW.KERNELBASE(?,00000E24,86F9D00D,00000000,00000000,00000000,00000000), ref: 00C8A40C
    Memory Dump Source
    • Source File: 00000000.00000002.4541475768.0000000000C8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C8A000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_c8a000_unarchiver.jbxd
    Similarity
    • API ID: QueryValue
    • String ID:
    • API String ID: 3660427363-0
    • Opcode ID: 33ff2b48b2c0d94df5cc7c64e4a87756bfa17f1a9ea1c384627b2b46eab4042d
    • Instruction ID: 7235cf8502b025f25e42f93ad05c57e880fa9c5ef2d2a4d22e869847ccf51fce
    • Opcode Fuzzy Hash: 33ff2b48b2c0d94df5cc7c64e4a87756bfa17f1a9ea1c384627b2b46eab4042d
    • Instruction Fuzzy Hash: 8B217C76504740AFE721CB15DC84FA2BBF8AF45614F08889AE9458B6A2D364E908CB72
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00C8B276 Relevance: 1.6, APIs: 1, Instructions: 80COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 84 c8b276-c8b2eb 88 c8b2ed-c8b2f5 DuplicateHandle 84->88 89 c8b343-c8b348 84->89 90 c8b2fb-c8b30d 88->90 89->88 92 c8b34a-c8b34f 90->92 93 c8b30f-c8b340 90->93 92->93
    APIs
    • DuplicateHandle.KERNELBASE(?,00000E24), ref: 00C8B2F3
    Memory Dump Source
    • Source File: 00000000.00000002.4541475768.0000000000C8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C8A000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_c8a000_unarchiver.jbxd
    Similarity
    • API ID: DuplicateHandle
    • String ID:
    • API String ID: 3793708945-0
    • Opcode ID: 76afcaa1da10426cd21319f2c43353dbec4ffc8bcd3752c0612fdc1e993a1ade
    • Instruction ID: b0505ae76eea29472587f1329c1c0c689239bfe5583b4ac116040ab431ce0b74
    • Opcode Fuzzy Hash: 76afcaa1da10426cd21319f2c43353dbec4ffc8bcd3752c0612fdc1e993a1ade
    • Instruction Fuzzy Hash: 6121B072500204AFEB219F65DD45FABFBECEF04314F04886AE9458B662D770E9188BB5
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00C8AD2A Relevance: 1.6, APIs: 1, Instructions: 80COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 71 c8ad2a-c8ad9f 75 c8ada1-c8ada9 DuplicateHandle 71->75 76 c8adf7-c8adfc 71->76 77 c8adaf-c8adc1 75->77 76->75 79 c8adfe-c8ae03 77->79 80 c8adc3-c8adf4 77->80 79->80
    APIs
    • DuplicateHandle.KERNELBASE(?,00000E24), ref: 00C8ADA7
    Memory Dump Source
    • Source File: 00000000.00000002.4541475768.0000000000C8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C8A000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_c8a000_unarchiver.jbxd
    Similarity
    • API ID: DuplicateHandle
    • String ID:
    • API String ID: 3793708945-0
    • Opcode ID: 793c970d1d6c888135565607de767506daec7e8961674bacfb13cb4966e1bbfc
    • Instruction ID: d24eb71bdd0d16dcd73d8910dde263fbd26064f1878e8798efd2258cceaa909c
    • Opcode Fuzzy Hash: 793c970d1d6c888135565607de767506daec7e8961674bacfb13cb4966e1bbfc
    • Instruction Fuzzy Hash: 5221B272500204AFEB219F65DD45FABBBECEF08314F04886AE945CBA51D770E5588BB2
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00C8A850 Relevance: 1.6, APIs: 1, Instructions: 78COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 97 c8a850-c8a8d6 101 c8a8d8-c8a8f8 SetFilePointer 97->101 102 c8a91a-c8a91f 97->102 105 c8a8fa-c8a917 101->105 106 c8a921-c8a926 101->106 102->101 106->105
    APIs
    • SetFilePointer.KERNELBASE(?,00000E24,86F9D00D,00000000,00000000,00000000,00000000), ref: 00C8A8DE
    Memory Dump Source
    • Source File: 00000000.00000002.4541475768.0000000000C8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C8A000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_c8a000_unarchiver.jbxd
    Similarity
    • API ID: FilePointer
    • String ID:
    • API String ID: 973152223-0
    • Opcode ID: 5d906777ab0598ebac5c202ded7260ec4958326fc8de42e61650c30a0e9f6d1c
    • Instruction ID: 9aaa43493247c155ec288d180c573fe2c40be5f9080b9470196018d7f1d43771
    • Opcode Fuzzy Hash: 5d906777ab0598ebac5c202ded7260ec4958326fc8de42e61650c30a0e9f6d1c
    • Instruction Fuzzy Hash: 2C21D6714083806FE7228B54DC44FA2BFB8EF46724F0888EBE9848F553C274A919C772
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00C8A933 Relevance: 1.6, APIs: 1, Instructions: 77fileCOMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 109 c8a933-c8a9b9 113 c8a9bb-c8a9db WriteFile 109->113 114 c8a9fd-c8aa02 109->114 117 c8a9dd-c8a9fa 113->117 118 c8aa04-c8aa09 113->118 114->113 118->117
    APIs
    • WriteFile.KERNELBASE(?,00000E24,86F9D00D,00000000,00000000,00000000,00000000), ref: 00C8A9C1
    Memory Dump Source
    • Source File: 00000000.00000002.4541475768.0000000000C8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C8A000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_c8a000_unarchiver.jbxd
    Similarity
    • API ID: FileWrite
    • String ID:
    • API String ID: 3934441357-0
    • Opcode ID: 826ac6a52fbebc916706758bf4c784ddad9d79946d5cce301a0e1ef09f6ad8b7
    • Instruction ID: aa2c3a04634bcfea979215f20b20cc9907393dce397e2f37e2b4e3ca34fc12a2
    • Opcode Fuzzy Hash: 826ac6a52fbebc916706758bf4c784ddad9d79946d5cce301a0e1ef09f6ad8b7
    • Instruction Fuzzy Hash: F121A371409380AFDB22CF55DC44F96BFB8EF06314F0888DAE9858B152C375A508CB72
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00C8A5FE Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 121 c8a5fe-c8a656 124 c8a658 121->124 125 c8a65b-c8a667 121->125 124->125 126 c8a669 125->126 127 c8a66c-c8a675 125->127 126->127 128 c8a6c6-c8a6cb 127->128 129 c8a677-c8a67f CreateFileW 127->129 128->129 130 c8a685-c8a69b 129->130 132 c8a6cd-c8a6d2 130->132 133 c8a69d-c8a6c3 130->133 132->133
    APIs
    • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 00C8A67D
    Memory Dump Source
    • Source File: 00000000.00000002.4541475768.0000000000C8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C8A000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_c8a000_unarchiver.jbxd
    Similarity
    • API ID: CreateFile
    • String ID:
    • API String ID: 823142352-0
    • Opcode ID: 7b993727eeccd3e033efb8baac06c13be9a47f0142502bf75b61b8a8e27af8b2
    • Instruction ID: 086440c601bd97e93c3e5062da282499637cbfab9013a6d64346e768f5944cff
    • Opcode Fuzzy Hash: 7b993727eeccd3e033efb8baac06c13be9a47f0142502bf75b61b8a8e27af8b2
    • Instruction Fuzzy Hash: C321E272500200AFE720DF65DD45F66FBE8EF08314F08886AE9458B752E371E908CB76
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00C8A78F Relevance: 1.6, APIs: 1, Instructions: 73COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 136 c8a78f-c8a80d 140 c8a80f-c8a822 GetFileType 136->140 141 c8a842-c8a847 136->141 142 c8a849-c8a84e 140->142 143 c8a824-c8a841 140->143 141->140 142->143
    APIs
    • GetFileType.KERNELBASE(?,00000E24,86F9D00D,00000000,00000000,00000000,00000000), ref: 00C8A815
    Memory Dump Source
    • Source File: 00000000.00000002.4541475768.0000000000C8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C8A000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_c8a000_unarchiver.jbxd
    Similarity
    • API ID: FileType
    • String ID:
    • API String ID: 3081899298-0
    • Opcode ID: 133ef8f8fea502644481d4b82422d46c464055a9fe2ddd3240710fd509045080
    • Instruction ID: 20c456b5767dffc2770f7e952d9927cdb0acfbc47e3f5bd59e91be40073e56c4
    • Opcode Fuzzy Hash: 133ef8f8fea502644481d4b82422d46c464055a9fe2ddd3240710fd509045080
    • Instruction Fuzzy Hash: 6821D5B54097806FE7228B55DC44BA2BFB8DF46314F0884DBE9848B293D264A909C776
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00C8AA0B Relevance: 1.6, APIs: 1, Instructions: 70COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 147 c8aa0b-c8aa6a 149 c8aa6c 147->149 150 c8aa6f-c8aa75 147->150 149->150 151 c8aa7a-c8aa83 150->151 152 c8aa77 150->152 153 c8aac4-c8aac9 151->153 154 c8aa85-c8aaa5 CreateDirectoryW 151->154 152->151 153->154 157 c8aacb-c8aad0 154->157 158 c8aaa7-c8aac3 154->158 157->158
    APIs
    • CreateDirectoryW.KERNELBASE(?,?), ref: 00C8AA8B
    Memory Dump Source
    • Source File: 00000000.00000002.4541475768.0000000000C8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C8A000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_c8a000_unarchiver.jbxd
    Similarity
    • API ID: CreateDirectory
    • String ID:
    • API String ID: 4241100979-0
    • Opcode ID: c976fd7f288bc14cf0004e46ede1be5b91b15a9f45acf2dc2c521aef59a84a8f
    • Instruction ID: 5a05144ab0f76d9c02de5520f721c1f98250483e76bf523bf3b8f6eb6762b921
    • Opcode Fuzzy Hash: c976fd7f288bc14cf0004e46ede1be5b91b15a9f45acf2dc2c521aef59a84a8f
    • Instruction Fuzzy Hash: 512180715083C06FEB12CB29DC55B92BFE8AF06314F0D84EAE985CB563D225D909CB62
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00C8A392 Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 160 c8a392-c8a3cf 162 c8a3d1 160->162 163 c8a3d4-c8a3dd 160->163 162->163 164 c8a3df 163->164 165 c8a3e2-c8a3e8 163->165 164->165 166 c8a3ea 165->166 167 c8a3ed-c8a404 165->167 166->167 169 c8a43b-c8a440 167->169 170 c8a406-c8a419 RegQueryValueExW 167->170 169->170 171 c8a41b-c8a438 170->171 172 c8a442-c8a447 170->172 172->171
    APIs
    • RegQueryValueExW.KERNELBASE(?,00000E24,86F9D00D,00000000,00000000,00000000,00000000), ref: 00C8A40C
    Memory Dump Source
    • Source File: 00000000.00000002.4541475768.0000000000C8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C8A000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_c8a000_unarchiver.jbxd
    Similarity
    • API ID: QueryValue
    • String ID:
    • API String ID: 3660427363-0
    • Opcode ID: 534443a6739f2e72ca2d5c808c6933d8b20fcfed7c3992054b73be31039c5275
    • Instruction ID: 064aae3e2cf86d3ec9c11231e51dae57c62202f189cac5a59764a07a55c1cb47
    • Opcode Fuzzy Hash: 534443a6739f2e72ca2d5c808c6933d8b20fcfed7c3992054b73be31039c5275
    • Instruction Fuzzy Hash: E421AE76200200AFEB20DF15CC88FA6B7ECEF04714F04846AE9458B691D3B0E909CBB6
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00C8A6D4 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 176 c8a6d4-c8a740 178 c8a781-c8a786 176->178 179 c8a742-c8a74a FindCloseChangeNotification 176->179 178->179 181 c8a750-c8a762 179->181 182 c8a788-c8a78d 181->182 183 c8a764-c8a780 181->183 182->183
    APIs
    • FindCloseChangeNotification.KERNELBASE(?), ref: 00C8A748
    Memory Dump Source
    • Source File: 00000000.00000002.4541475768.0000000000C8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C8A000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_c8a000_unarchiver.jbxd
    Similarity
    • API ID: ChangeCloseFindNotification
    • String ID:
    • API String ID: 2591292051-0
    • Opcode ID: a53e83a7b663d6430ab137ddca625dd559356970bf9d1305723dbc35a68376f7
    • Instruction ID: 13e25c455e29690b2be3d2ccefe072c84e1a08553214f5890fbd0ea8d43059bf
    • Opcode Fuzzy Hash: a53e83a7b663d6430ab137ddca625dd559356970bf9d1305723dbc35a68376f7
    • Instruction Fuzzy Hash: 1F21A1B55097C0AFE7128B25DC94752BFB8EF07324F0984DBDC858B5A3D224A908C772
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00C8A962 Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
    Download Yara Rule
    APIs
    • WriteFile.KERNELBASE(?,00000E24,86F9D00D,00000000,00000000,00000000,00000000), ref: 00C8A9C1
    Memory Dump Source
    • Source File: 00000000.00000002.4541475768.0000000000C8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C8A000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_c8a000_unarchiver.jbxd
    Similarity
    • API ID: FileWrite
    • String ID:
    • API String ID: 3934441357-0
    • Opcode ID: c656f1a5a1cebd54f3500aa6f5d3597e54dd27f5fda29fc2c73aa15fae4ef364
    • Instruction ID: 8cbd3da9bb567d4a91bd905d93c3ae90685973374e3e4b9af228e115014177c3
    • Opcode Fuzzy Hash: c656f1a5a1cebd54f3500aa6f5d3597e54dd27f5fda29fc2c73aa15fae4ef364
    • Instruction Fuzzy Hash: 2A110172500300AFEB21DF55DD44FAAFBE8EF08328F04886AE9458B651C374E508CBB6
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00C8A882 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
    Download Yara Rule
    APIs
    • SetFilePointer.KERNELBASE(?,00000E24,86F9D00D,00000000,00000000,00000000,00000000), ref: 00C8A8DE
    Memory Dump Source
    • Source File: 00000000.00000002.4541475768.0000000000C8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C8A000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_c8a000_unarchiver.jbxd
    Similarity
    • API ID: FilePointer
    • String ID:
    • API String ID: 973152223-0
    • Opcode ID: 9589a8769fd86163c7d6deb6afaf7f3123e4f8ef7a4ae5976d0510114cf06fd2
    • Instruction ID: d4256766de48727438b5328f72c89f2877907add293248d5ad77c6ebbf5a0ae9
    • Opcode Fuzzy Hash: 9589a8769fd86163c7d6deb6afaf7f3123e4f8ef7a4ae5976d0510114cf06fd2
    • Instruction Fuzzy Hash: 15110472500300AFEB20DF55DD44BA6FBE8EF04324F14886AE9458B641C374A508CBB6
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00C8A2AE Relevance: 1.6, APIs: 1, Instructions: 53COMMON
    Download Yara Rule
    APIs
    • SetErrorMode.KERNELBASE(?), ref: 00C8A30C
    Memory Dump Source
    • Source File: 00000000.00000002.4541475768.0000000000C8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C8A000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_c8a000_unarchiver.jbxd
    Similarity
    • API ID: ErrorMode
    • String ID:
    • API String ID: 2340568224-0
    • Opcode ID: 4ce8769417d2dde40570679cf1705c2e854f3bab0684210867d1971b48b70470
    • Instruction ID: 0453ca5576e65c192ba1908309e290e576e62c09ab872c7193bb9775ea39a882
    • Opcode Fuzzy Hash: 4ce8769417d2dde40570679cf1705c2e854f3bab0684210867d1971b48b70470
    • Instruction Fuzzy Hash: 4F11A0754093C0AFEB228B25DC54A52BFB4DF07224F0980DBDD858F263D275A909CB72
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00C8A7C2 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
    Download Yara Rule
    APIs
    • GetFileType.KERNELBASE(?,00000E24,86F9D00D,00000000,00000000,00000000,00000000), ref: 00C8A815
    Memory Dump Source
    • Source File: 00000000.00000002.4541475768.0000000000C8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C8A000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_c8a000_unarchiver.jbxd
    Similarity
    • API ID: FileType
    • String ID:
    • API String ID: 3081899298-0
    • Opcode ID: 434ed1797d2c4909612f4a5236fbbc29c1f036aa9502493719d8ca407ddd3d1d
    • Instruction ID: c61e4996575eebc31b72a3e05c83f19781ae85686dd3dbfc0914ebf8a02cb334
    • Opcode Fuzzy Hash: 434ed1797d2c4909612f4a5236fbbc29c1f036aa9502493719d8ca407ddd3d1d
    • Instruction Fuzzy Hash: 4B01C472500240AFE7209B05DD49BA6BBD8DF04724F1484A6ED059B782D3B4E909CBB6
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00C8AA46 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
    Download Yara Rule
    APIs
    • CreateDirectoryW.KERNELBASE(?,?), ref: 00C8AA8B
    Memory Dump Source
    • Source File: 00000000.00000002.4541475768.0000000000C8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C8A000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_c8a000_unarchiver.jbxd
    Similarity
    • API ID: CreateDirectory
    • String ID:
    • API String ID: 4241100979-0
    • Opcode ID: 1d6eb00db7993274908491c888ddcf5c44d34c327ac33068e5f9478526f3cb9c
    • Instruction ID: 0012d56eed6307aafb06c1cf23e8a01e5c40161b528f81e3042dfbee7dae07b7
    • Opcode Fuzzy Hash: 1d6eb00db7993274908491c888ddcf5c44d34c327ac33068e5f9478526f3cb9c
    • Instruction Fuzzy Hash: 9611A5716002409FEB14DF15D9857A6FBD8EF04714F08C4AADD05CB652D375E904DF62
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00C8AF8B Relevance: 1.6, APIs: 1, Instructions: 52COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.4541475768.0000000000C8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C8A000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_c8a000_unarchiver.jbxd
    Similarity
    • API ID: CloseFind
    • String ID:
    • API String ID: 1863332320-0
    • Opcode ID: bd36c6f5bef237ef6195c2e63643b1259ef6170f58901c1b7f0bfd8ed464aef9
    • Instruction ID: e742ba35d4841697d1882304acc666a5a179b7ac5a7acc49704d954989517913
    • Opcode Fuzzy Hash: bd36c6f5bef237ef6195c2e63643b1259ef6170f58901c1b7f0bfd8ed464aef9
    • Instruction Fuzzy Hash: E711A0715093C0AFD7128B25DC45B52BFF4EF06220F0984DBED858B263D375A908DB61
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00C8B1B4 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
    Download Yara Rule
    APIs
    • GetSystemInfo.KERNELBASE(?), ref: 00C8B208
    Memory Dump Source
    • Source File: 00000000.00000002.4541475768.0000000000C8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C8A000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_c8a000_unarchiver.jbxd
    Similarity
    • API ID: InfoSystem
    • String ID:
    • API String ID: 31276548-0
    • Opcode ID: b15d5a52f703781fd7a97fb7b705086e4b7b73e82e013362c624f8914932487a
    • Instruction ID: 32a73596ad01f454d908feb93c00c18279e5c2547a7929b530d8b00a077756aa
    • Opcode Fuzzy Hash: b15d5a52f703781fd7a97fb7b705086e4b7b73e82e013362c624f8914932487a
    • Instruction Fuzzy Hash: 78117071509380AFDB12CF15DC44B56BFB4DF46224F0884DAED858F263D275A908CB62
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00C8ABE6 Relevance: 1.5, APIs: 1, Instructions: 47pipeCOMMON
    Download Yara Rule
    APIs
    • CreatePipe.KERNELBASE(?,00000E24,?,?), ref: 00C8AC36
    Memory Dump Source
    • Source File: 00000000.00000002.4541475768.0000000000C8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C8A000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_c8a000_unarchiver.jbxd
    Similarity
    • API ID: CreatePipe
    • String ID:
    • API String ID: 2719314638-0
    • Opcode ID: d8ded0f760870c2a4dbd9c83dea79840069054bf15b9a802caeca3e7ad6b3e3f
    • Instruction ID: 051844daa0049bb102c64b0a8f4a89c57bb3e1c6df5ed61927bded2b7c89b0a5
    • Opcode Fuzzy Hash: d8ded0f760870c2a4dbd9c83dea79840069054bf15b9a802caeca3e7ad6b3e3f
    • Instruction Fuzzy Hash: 2401B171600200ABD350DF16DD45B66FBE8FB88B20F14852AEC089BB41D771F925CBE1
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00C8A172 Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON
    Download Yara Rule
    APIs
    • FindNextFileW.KERNELBASE(?,00000E24,?,?), ref: 00C8A1C2
    Memory Dump Source
    • Source File: 00000000.00000002.4541475768.0000000000C8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C8A000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_c8a000_unarchiver.jbxd
    Similarity
    • API ID: FileFindNext
    • String ID:
    • API String ID: 2029273394-0
    • Opcode ID: 12301a60cc14f3dbd2c48cfd44de7ff544163d31661cdd4b4d4d6057b36430e8
    • Instruction ID: 52f6cee5fa56f0933f9497ba580efd9afd13270ea2b4c0f63f3120cbb846ad87
    • Opcode Fuzzy Hash: 12301a60cc14f3dbd2c48cfd44de7ff544163d31661cdd4b4d4d6057b36430e8
    • Instruction Fuzzy Hash: 3901B171600200ABD310DF16DD45B66FBE8EB88A20F14856AEC089BB41D771F915CBE1
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00C8A716 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
    Download Yara Rule
    APIs
    • FindCloseChangeNotification.KERNELBASE(?), ref: 00C8A748
    Memory Dump Source
    • Source File: 00000000.00000002.4541475768.0000000000C8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C8A000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_c8a000_unarchiver.jbxd
    Similarity
    • API ID: ChangeCloseFindNotification
    • String ID:
    • API String ID: 2591292051-0
    • Opcode ID: 2a2438a9bfc871edb05333840d2dd07ed2482e9344a37bcf61807a3eb9e06a60
    • Instruction ID: 5f000e39a85bf5e25e4c97e1a65823840fbf8af5c308d6da300c5c7faa93f019
    • Opcode Fuzzy Hash: 2a2438a9bfc871edb05333840d2dd07ed2482e9344a37bcf61807a3eb9e06a60
    • Instruction Fuzzy Hash: 5301DF72A002409FEB10DF15D989766FBE4EF04324F18C4ABDD098B752D375E808DBA2
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00C8AFB2 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.4541475768.0000000000C8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C8A000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_c8a000_unarchiver.jbxd
    Similarity
    • API ID: CloseFind
    • String ID:
    • API String ID: 1863332320-0
    • Opcode ID: 4b64aef5114a140e19d77dd0e9568fe4197e4d9fdb31e9bc0c365b9b8b9685d0
    • Instruction ID: 1812040cc9719566c2ff77e3b7a878b214b686cc60ca36e79816995659b930d8
    • Opcode Fuzzy Hash: 4b64aef5114a140e19d77dd0e9568fe4197e4d9fdb31e9bc0c365b9b8b9685d0
    • Instruction Fuzzy Hash: 8701F9755002409FEB109F15D889766FBD4EF04324F08C09ADD0A4B752D775E848DFA2
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00C8A2DA Relevance: 1.5, APIs: 1, Instructions: 35COMMON
    Download Yara Rule
    APIs
    • SetErrorMode.KERNELBASE(?), ref: 00C8A30C
    Memory Dump Source
    • Source File: 00000000.00000002.4541475768.0000000000C8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C8A000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_c8a000_unarchiver.jbxd
    Similarity
    • API ID: ErrorMode
    • String ID:
    • API String ID: 2340568224-0
    • Opcode ID: 1c5a933cd033f7f745a438669433ef9802e6e2987e15f40ac8134285aacfba15
    • Instruction ID: 4bde7c9d15e10d3843b3780707b7beb55618964583aad7f2f76efd72840e0048
    • Opcode Fuzzy Hash: 1c5a933cd033f7f745a438669433ef9802e6e2987e15f40ac8134285aacfba15
    • Instruction Fuzzy Hash: E7F08C755046409FEB20AF06E989766FBA4EF04724F08C09ADD094B766D3B5E908CBA2
    Uniqueness

    Uniqueness Score: -1.00%

    Function 01260CA8 Relevance: 1.3, Strings: 1, Instructions: 82COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.4542022931.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_1260000_unarchiver.jbxd
    Similarity
    • API ID:
    • String ID: [M[
    • API String ID: 0-4074273043
    • Opcode ID: 7ba47f10b2dd8fb06ee3125bf9bfe2babe75ffb38ca21d22308de1d3251cd55a
    • Instruction ID: bab760a7440ae9b1566ac2f6397cf7218590d40b4d8145283c6482a0e5f076e6
    • Opcode Fuzzy Hash: 7ba47f10b2dd8fb06ee3125bf9bfe2babe75ffb38ca21d22308de1d3251cd55a
    • Instruction Fuzzy Hash: 9D2147317006018BCB14EB7984466AFBBD79FC9308B44882CD486DB345DF79ED468796
    Uniqueness

    Uniqueness Score: -1.00%

    Function 01260CA5 Relevance: 1.3, Strings: 1, Instructions: 79COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.4542022931.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_1260000_unarchiver.jbxd
    Similarity
    • API ID:
    • String ID: [M[
    • API String ID: 0-4074273043
    • Opcode ID: 6e21c905b978195cb90b2b235f4683d8b1522b777da25924f211c5431970795e
    • Instruction ID: e7a473ad61dee6f37a539fbe062453e359ae2b781af56ff98dcd58a6a83e6df2
    • Opcode Fuzzy Hash: 6e21c905b978195cb90b2b235f4683d8b1522b777da25924f211c5431970795e
    • Instruction Fuzzy Hash: A8214531B002008BCB14EB7994463AF7BE79FC9308B44842CD486DB389DF79ED469796
    Uniqueness

    Uniqueness Score: -1.00%

    Function 012602C0 Relevance: .3, Instructions: 285COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.4542022931.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_1260000_unarchiver.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 08d1eaef718769e3c211e47da097412f32ba3af88b35a7ca184a013307b46786
    • Instruction ID: 8c096ad05d85bc4bc7186e9a08e99d2dd3e7b12d98305a436c5a7cd9a25cdd75
    • Opcode Fuzzy Hash: 08d1eaef718769e3c211e47da097412f32ba3af88b35a7ca184a013307b46786
    • Instruction Fuzzy Hash: 53B14136712110CFC718EB74F959B6E7BB6FF89344B108428EA06973A8DB349C61DB94
    Uniqueness

    Uniqueness Score: -1.00%

    Function 012607A4 Relevance: .3, Instructions: 280COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.4542022931.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_1260000_unarchiver.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 67787d75a92e50603a1336eaa60ccfca60c0fc48bd81ac0b4686d82cc7df2916
    • Instruction ID: ebb9844ea7e00ecc211dbe36c5315bde1175c4f4699ada42ad9fee2231aec546
    • Opcode Fuzzy Hash: 67787d75a92e50603a1336eaa60ccfca60c0fc48bd81ac0b4686d82cc7df2916
    • Instruction Fuzzy Hash: E4A19032B012018BDB05AB74D86977E77F7ABC8308F148428EA0697398DF789C46DB95
    Uniqueness

    Uniqueness Score: -1.00%

    Function 011507A4 Relevance: .1, Instructions: 86COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.4541936769.0000000001150000.00000040.00000020.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_1150000_unarchiver.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 29e60194c2d9f0520584e6e3c80a4f421ae24a2bc25e0aad173e6154185fe02c
    • Instruction ID: 2bb6ca149cd99c9daa7932102f1361f82d9b4d5214f02efc87248c3996286acc
    • Opcode Fuzzy Hash: 29e60194c2d9f0520584e6e3c80a4f421ae24a2bc25e0aad173e6154185fe02c
    • Instruction Fuzzy Hash: DE21A3B6804604AFD210DB45ED45CA7FBECEF85520F04C56EFC498B601E276A9198BF2
    Uniqueness

    Uniqueness Score: -1.00%

    Function 01150882 Relevance: .1, Instructions: 69COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.4541936769.0000000001150000.00000040.00000020.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_1150000_unarchiver.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: b45eb7fc29e62a1e32a9d4b5a8104678bfb2b78082bb2778661f39003052a9a2
    • Instruction ID: c9a21d1529ac7a4c351008e080f2755b1909f18815dd34b62a739019b95aaa35
    • Opcode Fuzzy Hash: b45eb7fc29e62a1e32a9d4b5a8104678bfb2b78082bb2778661f39003052a9a2
    • Instruction Fuzzy Hash: 64113DB240D3C49FD302D7149C41896BFF8DF83220B09C9AFE8458B653D2596919C7F2
    Uniqueness

    Uniqueness Score: -1.00%

    Function 01260B9D Relevance: .1, Instructions: 61COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.4542022931.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_1260000_unarchiver.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: bc7deb0225a099f45b6a17f4d133a48d1f12c04b14addaad2fde5ccf1ea94dc3
    • Instruction ID: 919c33ee1727f6fc59141bae0f6b4ecc6fa2eff3977aabf6f9fb8e098d5ba7da
    • Opcode Fuzzy Hash: bc7deb0225a099f45b6a17f4d133a48d1f12c04b14addaad2fde5ccf1ea94dc3
    • Instruction Fuzzy Hash: 9311B232A101186FCB049BB4E8559DF7BF6AB88304B248579E105E7364DB35A81A8B80
    Uniqueness

    Uniqueness Score: -1.00%

    Function 01260BA0 Relevance: .1, Instructions: 60COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.4542022931.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_1260000_unarchiver.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: e9947461c4efc9e04163014d9e78998d037ec92125a638ae8eb7252223081f74
    • Instruction ID: 5c4b56c388728d19911f40be0a785db23fca06f25e68c7387a87caaca3df18ce
    • Opcode Fuzzy Hash: e9947461c4efc9e04163014d9e78998d037ec92125a638ae8eb7252223081f74
    • Instruction Fuzzy Hash: BA11C132A10218AFCB04ABB4D84599F77F6FB88314B108439E205E7364EB34A81A87C0
    Uniqueness

    Uniqueness Score: -1.00%

    Function 01150807 Relevance: .0, Instructions: 49COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.4541936769.0000000001150000.00000040.00000020.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_1150000_unarchiver.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 435a5129382eef3ddeae45dc4b295ab48bb7c6785cbecc7016036ef65899463f
    • Instruction ID: b370fceba6ca0bef2f8dbe29337d83bb07eb6394dfd893e0857f1892fc5ade4c
    • Opcode Fuzzy Hash: 435a5129382eef3ddeae45dc4b295ab48bb7c6785cbecc7016036ef65899463f
    • Instruction Fuzzy Hash: 2C01B5B24097846FD301CB15AC41C57BBE8DF86524F09C9ABEC448B642E225A919CBB2
    Uniqueness

    Uniqueness Score: -1.00%

    Function 011505E0 Relevance: .0, Instructions: 44COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.4541936769.0000000001150000.00000040.00000020.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_1150000_unarchiver.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 9f1874b2570eb8a3b575ff2c283f86e9252a95b36f1151667e4e5e3e53bb79c8
    • Instruction ID: 852c29f238b6fa025e0334789490897064cc0e31b039d62d8ca9798404f7c62d
    • Opcode Fuzzy Hash: 9f1874b2570eb8a3b575ff2c283f86e9252a95b36f1151667e4e5e3e53bb79c8
    • Instruction Fuzzy Hash: E3018B7650D7806FD7118F159C44862FFF8EB86520709849FE94987752D225A909CB72
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0115082E Relevance: .0, Instructions: 34COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.4541936769.0000000001150000.00000040.00000020.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_1150000_unarchiver.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 77c2f2b82d8c20434a21e5e00ffbafb39d8bd980657151c0540b86848c685fe8
    • Instruction ID: 04b755d7c31b9510e44b622fe31bb309562d8195c7f01f1156d43dcfc9664ace
    • Opcode Fuzzy Hash: 77c2f2b82d8c20434a21e5e00ffbafb39d8bd980657151c0540b86848c685fe8
    • Instruction Fuzzy Hash: A8F082B2805604AB9200DF09ED45866F7ECDF84521F14C53EEC098B705E276A9198AF2
    Uniqueness

    Uniqueness Score: -1.00%

    Function 01150606 Relevance: .0, Instructions: 27COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.4541936769.0000000001150000.00000040.00000020.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_1150000_unarchiver.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 5c30c0fb377c2e33dfc5f3b07c7b40541ed8680bcc724b0df1c3f6a20cce0372
    • Instruction ID: dd45332dcf5ca10ce2c50b45e2bbc2efbb55a3bd0aa5a6c7c39bdbe6b5a04621
    • Opcode Fuzzy Hash: 5c30c0fb377c2e33dfc5f3b07c7b40541ed8680bcc724b0df1c3f6a20cce0372
    • Instruction Fuzzy Hash: A7E06DB66046009B9650CF0AEC85452F7D8EB84630B18C06BDC0D8BB15D635B509CAA5
    Uniqueness

    Uniqueness Score: -1.00%

    Function 01260C60 Relevance: .0, Instructions: 22COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.4542022931.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_1260000_unarchiver.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 8834f2aa742f3161171383da5f449ddb5089b1c0ea2ba470686cdb7c63d029d2
    • Instruction ID: 0805a7c966d0b080e873c2e991f97c97ee94c9041e091d4dcca80969c2baa81b
    • Opcode Fuzzy Hash: 8834f2aa742f3161171383da5f449ddb5089b1c0ea2ba470686cdb7c63d029d2
    • Instruction Fuzzy Hash: 77D01231F442182B8B48DEF9584159E7AEA9B84194B64447D900DD7340FE3998018791
    Uniqueness

    Uniqueness Score: -1.00%

    Function 01260C5C Relevance: .0, Instructions: 22COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.4542022931.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_1260000_unarchiver.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 42a86254a3bc46a39456c466ab2004edfd6e34fe8460ccea4f960d259d9a6fb2
    • Instruction ID: b3244507090fab0b09bbcafdd8697b2c002c4454f0821307e8ce8df69f583227
    • Opcode Fuzzy Hash: 42a86254a3bc46a39456c466ab2004edfd6e34fe8460ccea4f960d259d9a6fb2
    • Instruction Fuzzy Hash: ADE01231F542642B8B48DEF9545159EBAE69B851A4BA4447D900DD7340FE399D0287C1
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00C823F4 Relevance: .0, Instructions: 15COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.4541458537.0000000000C82000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C82000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_c82000_unarchiver.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 6e892efd9bef3e7a3ae8a86109bcbe66cfb0b7da55542cf00e5361e1c3a64771
    • Instruction ID: fa609ad13a5cbf7f706626e3de90949bec63468f04466e96c205b3f55aaa4ed5
    • Opcode Fuzzy Hash: 6e892efd9bef3e7a3ae8a86109bcbe66cfb0b7da55542cf00e5361e1c3a64771
    • Instruction Fuzzy Hash: 2FD05E792096D14FD326AB1CC6A8B9537D4AB91718F4A44FAA800CBB63C768DA81E610
    Uniqueness

    Uniqueness Score: -1.00%

    Function 01260DDC Relevance: .0, Instructions: 14COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.4542022931.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_1260000_unarchiver.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: d3dab7db969ccde3bdbc694df8e44ccb1c7c02547e4d2dc64feb3114f8b8d911
    • Instruction ID: 76a0f3234baa666b03c1ba4ef2af7cf9071e25e58c34598abb7186c6827ce2eb
    • Opcode Fuzzy Hash: d3dab7db969ccde3bdbc694df8e44ccb1c7c02547e4d2dc64feb3114f8b8d911
    • Instruction Fuzzy Hash: 55D023303401008FC704DB34D855E6D3B525BE0304F14C15CD4098B3E2C778C488D784
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00C823BC Relevance: .0, Instructions: 14COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.4541458537.0000000000C82000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C82000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_c82000_unarchiver.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: f104a32902717ea506537a7d7813fd4177056eb4f4f0cb3ba837fdc4701b3c77
    • Instruction ID: b97865046da12aba7ea17e0d26fcf7052adea4ba3578c52762a6f4a9f1b430d3
    • Opcode Fuzzy Hash: f104a32902717ea506537a7d7813fd4177056eb4f4f0cb3ba837fdc4701b3c77
    • Instruction Fuzzy Hash: 9CD05E382002814BC726EA0CC6E8F5937D8AB40719F0648E9BC208BB72C7A8DAC0DA00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 01260E10 Relevance: .0, Instructions: 13COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.4542022931.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_1260000_unarchiver.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: ff07e840e32a40dee24971035eec5af5335e3c6f8a569b2e71b78cc289cd97f2
    • Instruction ID: 97dc9fe6c8f5eb11eafe08e39d045c96514511a0333971e24782d2f85a5a3f5f
    • Opcode Fuzzy Hash: ff07e840e32a40dee24971035eec5af5335e3c6f8a569b2e71b78cc289cd97f2
    • Instruction Fuzzy Hash: D8D0A7202203408BC704A73494145287B9567D5304F44C054E6441B3A1C674D841D784
    Uniqueness

    Uniqueness Score: -1.00%

    Function 01260DE0 Relevance: .0, Instructions: 12COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.4542022931.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_1260000_unarchiver.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: e24a64477edbb9c35cf79b305200e827e77317388dedd656335f0839c116f54e
    • Instruction ID: 7882adcaa141a7c1024941e471b9b0e535afb67b643094be72f6cd8d2f978bab
    • Opcode Fuzzy Hash: e24a64477edbb9c35cf79b305200e827e77317388dedd656335f0839c116f54e
    • Instruction Fuzzy Hash: B8C012302103048BD704AB78D819E25779A57D0304F45C164A5090B395DA78E894D6C8
    Uniqueness

    Uniqueness Score: -1.00%

    Function 01260E18 Relevance: .0, Instructions: 12COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.4542022931.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_1260000_unarchiver.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 22965f1a4a94d04b1366dc26c6749b37fe539325063c0e5d47c5655322047dcd
    • Instruction ID: 02a4acf0d1351e4ba23fe17df32fe38be7cc0ae20428f7cff04266564bfaf232
    • Opcode Fuzzy Hash: 22965f1a4a94d04b1366dc26c6749b37fe539325063c0e5d47c5655322047dcd
    • Instruction Fuzzy Hash: 61C012312103048BC708A778D919A29779957D4304F84C16465085B395DA78E884D688
    Uniqueness

    Uniqueness Score: -1.00%

    Non-executed Functions

    Function 00C8247C Relevance: .2, Instructions: 232COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.4541458537.0000000000C82000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C82000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_c82000_unarchiver.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: d23dc496512b7a7cc92c8235c56f8bd776b120a2e431a8930d3b76e008f5737e
    • Instruction ID: 6abc8f14d780eaa2762c7c1d2e8201d6793c476627e2c2c627b0625faec6c56a
    • Opcode Fuzzy Hash: d23dc496512b7a7cc92c8235c56f8bd776b120a2e431a8930d3b76e008f5737e
    • Instruction Fuzzy Hash: D9A17B6540E7C55FD7178B3499AA044BFB0AE93224B0E4ACFC8D0CF1A7D3689959C726
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00C8253D Relevance: .2, Instructions: 151COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.4541458537.0000000000C82000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C82000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_c82000_unarchiver.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 80a7c6edbdfefb5fa159bb8f29bd1e250a2005428a1dea066ceed1ee1b62f804
    • Instruction ID: 93110a91723ed9e14ab5152c13d603a2771ee0198889e125765bc1bc5c8dd752
    • Opcode Fuzzy Hash: 80a7c6edbdfefb5fa159bb8f29bd1e250a2005428a1dea066ceed1ee1b62f804
    • Instruction Fuzzy Hash: 9B51476140EBC69FD71B8B3498A6048BF70AD9322471E4ACFC8D0CF1A7D359895DC726
    Uniqueness

    Uniqueness Score: -1.00%