Edit tour

Windows Analysis Report
sc_setup_x64.exe

Overview

General Information

Sample name:	sc_setup_x64.exe
Analysis ID:	1428621
MD5:	615cfd6d3775cb9135777d3a384d384e
SHA1:	52e7041945bdb2fa9a700af968a05a4795aa3605
SHA256:	29553153308344c8f4daae0fc16a06a988ce005ed46dd09aa46921372b3b4ffe
Infos:

Detection

Score:	5
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Signatures

AV process strings found (often used to terminate AV products)

Checks if the current process is being debugged

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to dynamically determine API calls

Detected potential crypto function

Extensive use of GetProcAddress (often used to hide API calls)

Found large amount of non-executed APIs

One or more processes crash

Sample file is different than original file name gathered from version info

Classification

Analysis Advice

Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior

Sample crashes during execution, try analyze it on another analysis machine

Process Tree

System is w10x64

sc_setup_x64.exe (PID: 7048 cmdline: "C:\Users\user\Desktop\sc_setup_x64.exe" MD5: 615CFD6D3775CB9135777D3A384D384E)

WerFault.exe (PID: 2988 cmdline: C:\Windows\system32\WerFault.exe -u -p 7048 -s 464 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: sc_setup_x64.exe

Static PE information: certificate valid

Source: sc_setup_x64.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: sc_setup_x64.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: sc_setup_x64.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: sc_setup_x64.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: sc_setup_x64.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: sc_setup_x64.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: sc_setup_x64.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: sc_setup_x64.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: sc_setup_x64.exe	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: sc_setup_x64.exe	String found in binary or memory: http://ocsp.digicert.com0
Source: sc_setup_x64.exe	String found in binary or memory: http://ocsp.digicert.com0A
Source: sc_setup_x64.exe	String found in binary or memory: http://ocsp.digicert.com0C
Source: sc_setup_x64.exe	String found in binary or memory: http://ocsp.digicert.com0X
Source: Amcache.hve.4.dr	String found in binary or memory: http://upx.sf.net
Source: sc_setup_x64.exe	String found in binary or memory: http://www.digicert.com/CPS0

Source: C:\Users\user\Desktop\sc_setup_x64.exe	Code function: 0_2_000000014001C010	0_2_000000014001C010
Source: C:\Users\user\Desktop\sc_setup_x64.exe	Code function: 0_2_000000014001C226	0_2_000000014001C226
Source: C:\Users\user\Desktop\sc_setup_x64.exe	Code function: 0_2_0000000140010290	0_2_0000000140010290
Source: C:\Users\user\Desktop\sc_setup_x64.exe	Code function: 0_2_00000001400112E0	0_2_00000001400112E0
Source: C:\Users\user\Desktop\sc_setup_x64.exe	Code function: 0_2_000000014001C668	0_2_000000014001C668
Source: C:\Users\user\Desktop\sc_setup_x64.exe	Code function: 0_2_0000000140017880	0_2_0000000140017880
Source: C:\Users\user\Desktop\sc_setup_x64.exe	Code function: 0_2_000000014001C8E8	0_2_000000014001C8E8
Source: C:\Users\user\Desktop\sc_setup_x64.exe	Code function: 0_2_000000014000CC20	0_2_000000014000CC20
Source: C:\Users\user\Desktop\sc_setup_x64.exe	Code function: 0_2_000000014000DDA0	0_2_000000014000DDA0
Source: C:\Users\user\Desktop\sc_setup_x64.exe	Code function: 0_2_0000000140006DEC	0_2_0000000140006DEC
Source: C:\Users\user\Desktop\sc_setup_x64.exe	Code function: 0_2_0000000140019E40	0_2_0000000140019E40
Source: C:\Users\user\Desktop\sc_setup_x64.exe	Code function: 0_2_0000000140007F70	0_2_0000000140007F70

Source: C:\Users\user\Desktop\sc_setup_x64.exe

Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7048 -s 464

Source: sc_setup_x64.exe, 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamesc_setup.EXEJ vs sc_setup_x64.exe
Source: sc_setup_x64.exe	Binary or memory string: OriginalFilenamesc_setup.EXEJ vs sc_setup_x64.exe

Source: classification engine

Classification label: clean5.winEXE@2/5@0/0

Source: C:\Users\user\Desktop\sc_setup_x64.exe

Code function: 0_2_0000000140006230 #1641,CreateFileW,#316,#4656,#1641,MessageBoxW,#1034,_ftime64,_localtime64,#316,#1641,#306,#1641,#306,#4658,#1034,#1034,WriteFile,memset,GetStdHandle,#280,#4947,#1641,CreateProcessW,GetLastError,FormatMessageW,#286,LocalFree,#316,#4656,#1641,MessageBoxW,CloseHandle,#1034,#1034,WaitForSingleObject,GetExitCodeProcess,CloseHandle,CloseHandle,CloseHandle,#1034,#1034,

0_2_0000000140006230

Source: C:\Users\user\Desktop\sc_setup_x64.exe

Code function: 0_2_0000000140006050 CoCreateInstance,

0_2_0000000140006050

Source: C:\Users\user\Desktop\sc_setup_x64.exe

Code function: 0_2_0000000140015BA0 #10163,#2212,FindResourceW,#2212,LoadResource,LockResource,#286,#4656,#1034,#14128,

0_2_0000000140015BA0

Source: C:\Windows\System32\WerFault.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7048

Source: C:\Windows\System32\WerFault.exe

File created: C:\ProgramData\Microsoft\Windows\WER\Temp\3d0d1cc2-52ad-4333-b40e-36035397c7e4

Jump to behavior

Source: sc_setup_x64.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\sc_setup_x64.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\sc_setup_x64.exe "C:\Users\user\Desktop\sc_setup_x64.exe"
Source: C:\Users\user\Desktop\sc_setup_x64.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7048 -s 464

Source: C:\Users\user\Desktop\sc_setup_x64.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\sc_setup_x64.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\sc_setup_x64.exe	Section loaded: mfc140u.dll	Jump to behavior
Source: C:\Users\user\Desktop\sc_setup_x64.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\sc_setup_x64.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\sc_setup_x64.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\sc_setup_x64.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\sc_setup_x64.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\sc_setup_x64.exe	Section loaded: sc_kernel_basic_x64.dll	Jump to behavior

Source: sc_setup_x64.exe

Static PE information: certificate valid

Source: sc_setup_x64.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: sc_setup_x64.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source: C:\Users\user\Desktop\sc_setup_x64.exe

Code function: 0_2_0000000140011E10 #286,#1034,#286,#1034,RegisterWindowMessageW,InitCommonControlsEx,FindWindowW,MessageBoxW,#13199,FindWindowW,#4726,CoInitializeEx,#2270,free,_wcsdup,#2212,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,#13545,#11709,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#290,#1034,#316,#316,#1504,#1504,#1504,#1504,#1504,#1504,#1504,#1504,#1504,#1504,#1504,#1504,#1504,#1504,#1504,#1504,#1504,#1504,#1504,#1504,#1504,#1504,#1504,#1504,#1504,#1504,#1504,#1504,#1504,#1504,#1504,#1504,#1504,#1504,#1504,#1504,#1504,#1504,#1504,#1504,#1504,#1504,#1504,#1504,#1504,#1504,#1504,#1504,#1504,#1504,#1504,#1504,#1504,#1504,#1504,#1504,#1504,#1504,#1504,#1504,#1504,#1504,#1504,#1504,#1504,#1504,#1504,#1504,#1504,#150

0_2_0000000140011E10

Source: C:\Users\user\Desktop\sc_setup_x64.exe

0_2_0000000140011E10

Source: C:\Users\user\Desktop\sc_setup_x64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\sc_setup_x64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\sc_setup_x64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\sc_setup_x64.exe

API coverage: 1.0 %

Source: Amcache.hve.4.dr	Binary or memory string: VMware
Source: Amcache.hve.4.dr	Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.4.dr	Binary or memory string: vmci.syshbin
Source: Amcache.hve.4.dr	Binary or memory string: VMware, Inc.
Source: Amcache.hve.4.dr	Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.4.dr	Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.4.dr	Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.4.dr	Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.4.dr	Binary or memory string: VMware-42 27 80 4d 99 30 0e 9c-c1 9b 2a 23 ea 1f c4 20
Source: Amcache.hve.4.dr	Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.4.dr	Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.4.dr	Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.4.dr	Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.4.dr	Binary or memory string: vmci.sys
Source: Amcache.hve.4.dr	Binary or memory string: vmci.syshbin`
Source: Amcache.hve.4.dr	Binary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.4.dr	Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.4.dr	Binary or memory string: VMware20,1
Source: Amcache.hve.4.dr	Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.4.dr	Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.4.dr	Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.4.dr	Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.4.dr	Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.4.dr	Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.4.dr	Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.4.dr	Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.4.dr	Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.4.dr	Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.4.dr	Binary or memory string: vmci.inf_amd64_68ed49469341f563

Source: C:\Users\user\Desktop\sc_setup_x64.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Users\user\Desktop\sc_setup_x64.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Users\user\Desktop\sc_setup_x64.exe

Code function: 0_2_000000014001F7DC GetLastError,IsDebuggerPresent,OutputDebugStringW,

0_2_000000014001F7DC

Source: C:\Users\user\Desktop\sc_setup_x64.exe

Code function: 0_2_000000014001F7DC GetLastError,IsDebuggerPresent,OutputDebugStringW,

0_2_000000014001F7DC

Source: C:\Users\user\Desktop\sc_setup_x64.exe

0_2_0000000140011E10

Source: C:\Users\user\Desktop\sc_setup_x64.exe	Code function: 0_2_000000014001EA6C IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_000000014001EA6C
Source: C:\Users\user\Desktop\sc_setup_x64.exe	Code function: 0_2_000000014001EC44 SetUnhandledExceptionFilter,	0_2_000000014001EC44
Source: C:\Users\user\Desktop\sc_setup_x64.exe	Code function: 0_2_000000014001DFA0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_000000014001DFA0

Source: C:\Users\user\Desktop\sc_setup_x64.exe

Code function: 0_2_0000000140011130 AllocateAndInitializeSid,GetNamedSecurityInfoW,SetEntriesInAclW,SetNamedSecurityInfoW,LocalFree,LocalFree,FreeSid,

0_2_0000000140011130

Source: C:\Users\user\Desktop\sc_setup_x64.exe

Code function: 0_2_000000014001E974 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_000000014001E974

Source: Amcache.hve.4.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.4.dr	Binary or memory string: msmpeng.exe
Source: Amcache.hve.4.dr	Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.4.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
Source: Amcache.hve.4.dr	Binary or memory string: MsMpEng.exe

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Native API	1 DLL Side-Loading	1 Process Injection	1 Virtualization/Sandbox Evasion	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Process Injection	LSASS Memory	41 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 DLL Side-Loading	Security Account Manager	1 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	2 System Information Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Name	Source	Malicious	Antivirus Detection	Reputation
http://upx.sf.net	Amcache.hve.4.dr	false		high

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1428621
Start date and time:	2024-04-19 10:31:36 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 11s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	sc_setup_x64.exe
Detection:	CLEAN
Classification:	clean5.winEXE@2/5@0/0
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 3 Number of non-executed functions: 145
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 20.189.173.20
Excluded domains from analysis (whitelisted): ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, onedsblobprdwus15.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com

Simulations

Behavior and APIs

Time	Type	Description
10:32:27	API Interceptor	1x Sleep call for process: WerFault.exe modified

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_sc_setup_x64.exe_10f9a047a950d8fb8b3fb7b54dcc2af97e45377f_701d5e3e_a0c07dd9-6508-46a2-847c-554e04d89f5c\Report.wer

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.8489731309055453
Encrypted:	false
SSDEEP:	192:L4D4cl0pVwcn0K7gPryg1VjfZBkzuiFRZ24lO8NjL:Axl6w1K7gPryIjkzuiFRY4lO8V
MD5:	1A02710A0322A2E54AB1DCB8199AA066
SHA1:	930C435F8C112947541C8FD6836C329C8DF697E7
SHA-256:	00571C5FEAE59DA54B035A4C01C970E95D8680661038E57E7CD489566702148F
SHA-512:	0914A1067576BDE2887D7CDC8E338ED14F0E02848FD8AFC8884D5FE2DDF6BCACBEB5498B6C37E66A4E1E42361872AC7EC15D7E0C3AC05BCB886CC8F92454BA66
Malicious:	false
Reputation:	low
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.6.4.....E.v.e.n.t.T.i.m.e.=.1.3.3.5.7.9.8.9.1.4.3.0.0.6.9.8.3.9.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.5.7.9.8.9.1.4.3.3.3.5.1.0.3.8.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.0.c.0.7.d.d.9.-.6.5.0.8.-.4.6.a.2.-.8.4.7.c.-.5.5.4.e.0.4.d.8.9.f.5.c.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.8.4.9.f.b.4.2.-.2.1.e.c.-.4.6.8.b.-.8.1.b.8.-.8.1.6.6.c.b.c.6.d.4.f.c.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.s.c._.s.e.t.u.p._.x.6.4...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.s.c._.s.e.t.u.p...E.X.E.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.b.8.8.-.0.0.0.1.-.0.0.1.5.-.a.3.c.8.-.7.b.1.9.3.4.9.2.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.f.3.a.0.b.c.d.2.5.9.2.c.b.9.8.f.6.4.1.4.9.3.0.e.5.3.b.5.7.d.7.3.0.0.0.0.0.7.0.4.!.0.0.0.0.5.2.e.7.0.4.1.9.4.5.b.d.b.2.f.a.9.a.7.0.0.a.f.9.6.8.a.0.5.a.4.7.9.5.a.a.3.6.0.5.!.s.c._.s.e.t.u.p._.x.6.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERC256.tmp.dmp

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Fri Apr 19 08:32:23 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	66626
Entropy (8bit):	1.5254502303139648
Encrypted:	false
SSDEEP:	192:psoJxVVO88nOj9MlbRqr9HsRxBQT7idTZ1EPFBtEQ1f1fEBR7M:ZxHO8Jj9MBRqBH0xWKtyPbOQ1fpEvA
MD5:	544694CA700B74A8EB3D180FD805CB04
SHA1:	41EE5AADE36DF482F3341D837799F71D34E571C5
SHA-256:	B09E1601DA7E651F12797A141D3CF9A1440823150A8BE6691E0E9206C67FA0F1
SHA-512:	68930A87F71313D83DC67884326EEDB6E3AA902D8BC5F5FE0FA50434BF84930496B8A66E0EE2CE4AEF8BD5CA517983328491C76FC7ED361203CC5F9FDDE9CE71
Malicious:	false
Reputation:	low
Preview:	MDMP..a..... ........,"f....................................$....2..........T.......8...........T...........X...............x...........d...............................................................................eJ..............Lw......................T............,"f.............................0..................W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .S.u.m.m.e.r. .T.i.m.e...........................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WERC2D4.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8652
Entropy (8bit):	3.703290984470926
Encrypted:	false
SSDEEP:	192:R6l7wVeJuovMev6Y2DupPLrOugmfHmV+prOx89bqRZf0MOm:R6lXJPMm6YDpP/OugmfGV6q/f1
MD5:	2B9B0665FEAC1F6041FAB0E5D78E4205
SHA1:	1873D3B7658930DF1E1D94426464F7D87389D4A1
SHA-256:	9741F956479DD08E09C6970996B5169AFC00DDC1CF1B4A5B33302F8BCCCD6337
SHA-512:	88285A3B784A7AB0F7336249EDAD79B3E125935634DE34497D7AF91AF8CB759735967889F0868493BEDCBB5D37676F485A1F573813341773EBEB04399ABB1A5A
Malicious:	false
Reputation:	low
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.0.4.8.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERC304.tmp.xml

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4873
Entropy (8bit):	4.493650003664149
Encrypted:	false
SSDEEP:	48:cvIwWl8zspJg771I9ROWpW8VYlYm8M4JKX+FEmyq8viSAxRNZd:uIjf7I7mv7VJJQmWVuPZd
MD5:	28A2AEF5ADA43C515FE5F7632A77B216
SHA1:	B15CA024984174A40F5A0045CC6779612119BFF3
SHA-256:	DF7AB75F4501F0B9E48DBAF267F5B96104031FFA708600B2724D15E6BB696DEB
SHA-512:	06C3F25114BF6CFCF817CEE445C3093BBEE34F4F226C2F61059CE5498898CDDDF5181B501C091867C57CC02F5811372E5EB78C5270F00AD0581050A646F159B5
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="286535" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\Windows\appcompat\Programs\Amcache.hve

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	1835008
Entropy (8bit):	4.469032374584211
Encrypted:	false
SSDEEP:	6144:9zZfpi6ceLPx9skLmb0fKZWSP3aJG8nAgeiJRMMhA2zX4WABluuNjjDH5SE:VZHtKZWOKnMM6bFpRj4E
MD5:	01F8B94D5E0F740FF5AEAEEFDB644F7C
SHA1:	59B3A5E27D97D5D4F2438D73595A819323C382DD
SHA-256:	745E2A517918E95BBCE8D38E17FD8769ACC6D8EA794950F00523B9D30BA9A950
SHA-512:	B01BE93BCA13A12BF8DECCE9C8B7F939D45957BE9AE3769F60535DB38325C86E184B5C6FF9EBA249F6F626446623983398BD467F6A1230BC02E7CB104F156C7B
Malicious:	false
Reputation:	low
Preview:	regfH...H....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtmn)..4..................................................................................................................................................................................................................................................................................................................................................-........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):	5.713089229559582
TrID:	Win64 Executable GUI (202006/5) 92.65% Win64 Executable (generic) (12005/4) 5.51% Generic Win/DOS Executable (2004/3) 0.92% DOS Executable Generic (2002/1) 0.92% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	sc_setup_x64.exe
File size:	300'608 bytes
MD5:	615cfd6d3775cb9135777d3a384d384e
SHA1:	52e7041945bdb2fa9a700af968a05a4795aa3605
SHA256:	29553153308344c8f4daae0fc16a06a988ce005ed46dd09aa46921372b3b4ffe
SHA512:	570317a4ea43d887b2af1b8ad7069cf8d70a0eecf987167ce3f648c34f4e6863419a6e7249a4f9e6ea416d917619769e9ae22e6e0b6bfca3f3c00d1c3998d3ac
SSDEEP:	6144:DFdg17XpyFWYgeWYg955/155/IN2wl/xUbzBi74vOjkf:bg5yFWYgeWYg955/155/TVLGwf
TLSH:	A954085F266538E5E462E4398AEA8A81D77378725F25CBEB0320471E1E339D0FC71639
File Content Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........5>*.TPy.TPy.TPy.,.y.TPy..Ux.TPy..Qx.TPy..Sx.TPy..Ux.TPy..Tx.TPy?..y.TPyp.Sx.TPy?..y.TPy.TQy`WPyu.Tx.TPyu.Ux.TPyp..y.TPy.T.y.TP

File Icon


Icon Hash:	0c4d56170f176184

Static PE Info

General

Entrypoint:	0x14001db2c
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x140000000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x65D889E5 [Fri Feb 23 12:04:53 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	16db4b4d6510cb5bd77ce5be38a275f3

Authenticode Signature

Signature Valid:	true
Signature Issuer:	CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
Signature Validation Error:	The operation completed successfully
Error Number:	0
Not Before, Not After	10/03/2022 01:00:00 23/04/2025 01:59:59
Subject Chain	CN=SCAPS GmbH Scanner Application Software, O=SCAPS GmbH Scanner Application Software, L=Deisenhofen, S=Bayern, C=DE
Version:	3
Thumbprint MD5:	C3EEE909C4D90CB3A73DA98C9AC0F169
Thumbprint SHA-1:	E302FB3FFDA77E2A6AF6B78EDD41A8BD932FE9A4
Thumbprint SHA-256:	2CD82E48CC2A602D9640BF1B82217BD9F4658D81F6E1A71FB8C1BA62A1F0DF38
Serial:	057921DB1E1DDB91296DDE44EA49B80D

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
call 00007FAFD8D69BC4h
dec eax
add esp, 28h
jmp 00007FAFD8D68C07h
int3
int3
jmp 00007FAFD8D6ABB8h
int3
int3
int3
dec eax
mov eax, esp
dec eax
mov dword ptr [eax+08h], ebx
dec eax
mov dword ptr [eax+10h], ebp
dec eax
mov dword ptr [eax+18h], esi
dec eax
mov dword ptr [eax+20h], edi
inc ecx
push esi
dec eax
sub esp, 20h
dec ecx
mov ebx, dword ptr [ecx+38h]
dec eax
mov esi, edx
dec ebp
mov esi, eax
dec eax
mov ebp, ecx
dec ecx
mov edx, ecx
dec eax
mov ecx, esi
dec ecx
mov edi, ecx
dec esp
lea eax, dword ptr [ebx+04h]
call 00007FAFD8D68E55h
mov eax, dword ptr [ebp+04h]
and al, 66h
neg al
mov eax, 00000001h
inc ebp
sbb eax, eax
inc ecx
neg eax
inc esp
add eax, eax
inc esp
test dword ptr [ebx+04h], eax
je 00007FAFD8D68D93h
dec esp
mov ecx, edi
dec ebp
mov eax, esi
dec eax
mov edx, esi
dec eax
mov ecx, ebp
call 00007FAFD8D6AB1Bh
dec eax
mov ebx, dword ptr [esp+30h]
dec eax
mov ebp, dword ptr [esp+38h]
dec eax
mov esi, dword ptr [esp+40h]
dec eax
mov edi, dword ptr [esp+48h]
dec eax
add esp, 20h
inc ecx
pop esi
ret
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
nop word ptr [eax+eax+00000000h]
dec eax
cmp ecx, dword ptr [000227E9h]
jne 00007FAFD8D68D95h
dec eax
rol ecx, 10h
test cx, FFFFh

Rich Headers

Programming Language:

[IMP] VS2008 SP1 build 30729
[ASM] VS2015 UPD3 build 24213
[ C ] VS2015 UPD3.1 build 24215
[C++] VS2015 UPD3.1 build 24215
[RES] VS2015 UPD3 build 24213
[LNK] VS2015 UPD3.1 build 24215

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x3c828	0x1e0	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x47000	0x5780	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x43000	0x1a4c	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x46e00	0x2840
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x34380	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x34438	0x28	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x343a0	0x94	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x24000	0x13b8	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x2295f	0x22a00	c0e2900ca56255dbee7aa3483c23154d	False	0.4283619133574007	data	6.040833818501895	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x24000	0x1adae	0x1ae00	dc4feca3b34c95d408375eca58bd340b	False	0.31354469476744184	data	4.685357733531385	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x3f000	0x3dd8	0x1a00	4102fe568292bb2da5ced06bbae35ab9	False	0.29281850961538464	data	3.4513686019950813	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0x43000	0x1a4c	0x1c00	c4d158318534af3aae73a5f62bcdc284	False	0.4730747767857143	data	5.09374079357805	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.gfids	0x45000	0x50	0x200	bc0086f0a32d14f25a7cb8696f60a279	False	0.12890625	data	0.5018193022913158	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.tls	0x46000	0x9	0x200	1f354d76203061bfdd5a53dae48d5435	False	0.033203125	data	0.020393135236084953	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x47000	0x5780	0x5800	e44fdf8fb7e2ff2e6e8784016cd2a3cd	False	0.28773082386363635	data	3.8590891214556406	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
AFX_DIALOG_LAYOUT	0x49d80	0x2	data	German	Germany	5.0
AFX_DIALOG_LAYOUT	0x49d98	0x2	data	German	Germany	5.0
AFX_DIALOG_LAYOUT	0x49da0	0x2	data	German	Germany	5.0
AFX_DIALOG_LAYOUT	0x49d68	0x2	data	German	Germany	5.0
AFX_DIALOG_LAYOUT	0x49d88	0x2	data	German	Germany	5.0
AFX_DIALOG_LAYOUT	0x49d70	0x2	data	German	Germany	5.0
AFX_DIALOG_LAYOUT	0x4a0b8	0x2	data	English	United States	5.0
AFX_DIALOG_LAYOUT	0x49d78	0x2	data	German	Germany	5.0
AFX_DIALOG_LAYOUT	0x49d90	0x2	data	German	Germany	5.0
RT_BITMAP	0x48328	0x428	Device independent bitmap graphic, 128 x 15 x 4, image size 960	German	Germany	0.3618421052631579
RT_BITMAP	0x49da8	0x1f8	Device independent bitmap graphic, 74 x 10 x 4, image size 400	English	United States	0.27976190476190477
RT_ICON	0x47bf0	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 640	German	Germany	0.20698924731182797
RT_ICON	0x47ef0	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 640	German	Germany	0.25806451612903225
RT_ICON	0x481d8	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	German	Germany	0.4527027027027027
RT_MENU	0x48770	0x2fa	data	German	Germany	0.463254593175853
RT_DIALOG	0x48ae0	0x164	data	German	Germany	0.6123595505617978
RT_DIALOG	0x499a0	0xc8	data	German	Germany	0.66
RT_DIALOG	0x48c48	0x130	data	German	Germany	0.6381578947368421
RT_DIALOG	0x48d78	0x66	data	German	Germany	0.8333333333333334
RT_DIALOG	0x48de0	0x414	data	German	Germany	0.4482758620689655
RT_DIALOG	0x491f8	0x16c	data	German	Germany	0.5494505494505495
RT_DIALOG	0x49368	0x27c	data	German	Germany	0.5110062893081762
RT_DIALOG	0x49fa0	0x114	data	English	United States	0.5869565217391305
RT_DIALOG	0x495e8	0x2d8	data	German	Germany	0.37637362637362637
RT_DIALOG	0x498c0	0xe0	dBase III DBT, next free block index 4294901761	German	Germany	0.6830357142857143
RT_STRING	0x4a0c0	0x92	data	German	Germany	0.5
RT_STRING	0x4ab88	0x114	data	German	Germany	0.40217391304347827
RT_STRING	0x4a158	0x48	AmigaOS bitmap font "c", 29440 elements, 2nd, 3rd	German	Germany	0.6527777777777778
RT_STRING	0x4a2a0	0x372	data	German	Germany	0.3412698412698413
RT_STRING	0x4a1e0	0xba	data	German	Germany	0.6397849462365591
RT_STRING	0x4a6e0	0x110	data	German	Germany	0.46691176470588236
RT_STRING	0x4a7f0	0x6e	data	German	Germany	0.6181818181818182
RT_STRING	0x4a1a0	0x3a	data	German	Germany	0.7241379310344828
RT_STRING	0x4a618	0xc8	data	German	Germany	0.35
RT_STRING	0x4a860	0x1b2	data	German	Germany	0.391705069124424
RT_STRING	0x4aa18	0xaa	data	German	Germany	0.5647058823529412
RT_STRING	0x4aac8	0xbc	StarOffice Gallery theme p, 1929408256 objects, 1st p	German	Germany	0.6382978723404256
RT_STRING	0x4aca0	0x2a	data	German	Germany	0.5476190476190477
RT_STRING	0x4acd0	0x184	data	German	Germany	0.48711340206185566
RT_STRING	0x4c330	0x124	data	German	Germany	0.4897260273972603
RT_STRING	0x4ba28	0x4a	data	German	Germany	0.7162162162162162
RT_STRING	0x4ae58	0x4e6	data	German	Germany	0.37719298245614036
RT_STRING	0x4b7c0	0x264	data	German	Germany	0.3333333333333333
RT_STRING	0x4b4e0	0x2da	data	German	Germany	0.3698630136986301
RT_STRING	0x4c258	0x8a	data	German	Germany	0.6594202898550725
RT_STRING	0x4b340	0x19a	data	German	Germany	0.44878048780487806
RT_STRING	0x4c148	0xde	data	German	Germany	0.536036036036036
RT_STRING	0x4ba78	0x4a8	data	German	Germany	0.3221476510067114
RT_STRING	0x4bf20	0x228	data	German	Germany	0.4003623188405797
RT_STRING	0x4c228	0x2c	data	German	Germany	0.5227272727272727
RT_STRING	0x4c2e8	0x42	data	German	Germany	0.6060606060606061
RT_ACCELERATOR	0x48a70	0x70	data	German	Germany	0.6785714285714286
RT_GROUP_ICON	0x47ed8	0x14	data	German	Germany	1.2
RT_GROUP_ICON	0x48300	0x22	data	German	Germany	1.0294117647058822
RT_VERSION	0x49a68	0x2fc	data	German	Germany	0.4581151832460733
RT_MANIFEST	0x4c458	0x325	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (745), with CRLF line terminators	English	United States	0.5229813664596273
None	0x48750	0x1c	data	German	Germany	1.25

Imports

DLL	Import
VERSION.dll	GetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
mfc140u.dll
KERNEL32.dll	EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionEx, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, SetEvent, ResetEvent, ReleaseMutex, CreateMutexW, OpenMutexW, OpenEventW, OpenFileMappingW, MapViewOfFile, UnmapViewOfFile, lstrlenW, QueryPerformanceCounter, QueryPerformanceFrequency, GetCurrentProcess, GetCurrentThread, GetCurrentThreadId, SetThreadPriority, GetExitCodeThread, ResumeThread, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, WaitForSingleObjectEx, CreateEventW, GetModuleHandleW, InitializeSListHead, GetCurrentProcessId, GetSystemTimeAsFileTime, IsDebuggerPresent, GetStartupInfoW, LocalAlloc, RaiseException, FindResourceW, LockResource, OutputDebugStringW, LoadResource, GetFileAttributesW, LoadLibraryExW, GetModuleFileNameW, FreeLibrary, WideCharToMultiByte, MultiByteToWideChar, CopyFileW, WriteProfileStringW, LoadLibraryW, lstrcatW, lstrcpyW, FormatMessageW, LocalFree, GetProcAddress, GetWindowsDirectoryW, CreateProcessW, GetExitCodeProcess, Sleep, WaitForSingleObject, GetLastError, CloseHandle, WriteFile, CreateFileW, GetStdHandle, GetThreadPriority, SleepEx
USER32.dll	DeleteMenu, MessageBoxW, RegisterWindowMessageW, PeekMessageW, PostQuitMessage, FindWindowW, UpdateWindow, ShowWindow, GetWindowRect, DrawMenuBar, GetSysColor, CopyRect, AttachThreadInput, BringWindowToTop, SetTimer, KillTimer, GetForegroundWindow, EnumThreadWindows, GetWindowThreadProcessId, PostMessageW, BroadcastSystemMessageW, RedrawWindow, ReleaseDC, GetDC, GetTabbedTextExtentW, SendMessageW, EnableWindow
GDI32.dll	GetTextExtentPoint32W, GetStockObject, GetObjectW, GetTextMetricsW, CreateFontIndirectW, AddFontResourceW, SelectObject
ADVAPI32.dll	RegDeleteKeyW, RegDeleteValueW, RegEnumKeyExW, SetEntriesInAclW, GetNamedSecurityInfoW, SetNamedSecurityInfoW, RegCloseKey, FreeSid, RegOpenKeyExW, AllocateAndInitializeSid, RegEnumValueW
SHELL32.dll	SHGetSpecialFolderPathW
COMCTL32.dll	InitCommonControlsEx
ole32.dll	CoFreeLibrary, CoLoadLibrary, CLSIDFromProgID, ProgIDFromCLSID, CoInitializeEx, CLSIDFromString, CoCreateInstance
OLEAUT32.dll	SysAllocString, SysFreeString, SysStringLen, SystemTimeToVariantTime, VariantTimeToSystemTime, VariantClear
MSVCP140.dll	?_Xbad_alloc@std@@YAXXZ, ?_Xlength_error@std@@YAXPEBD@Z, ?_Xout_of_range@std@@YAXPEBD@Z
VCRUNTIME140.dll	memmove, memcpy, memset, _CxxThrowException, __std_exception_copy, __std_exception_destroy, __C_specific_handler, __vcrt_InitializeCriticalSectionEx, __std_terminate, __CxxFrameHandler3
api-ms-win-crt-environment-l1-1-0.dll	_wgetenv, _wputenv
api-ms-win-crt-stdio-l1-1-0.dll	_write, _close, _set_fmode, _lseek, _tell, __p__commode, _sopen_dispatch, _wfopen, fclose, __stdio_common_vswprintf, fwrite, _read, _wsopen_dispatch
api-ms-win-crt-heap-l1-1-0.dll	_callnewh, _set_new_mode, free, malloc
api-ms-win-crt-runtime-l1-1-0.dll	terminate, _crt_atexit, _register_onexit_function, _initialize_onexit_table, _register_thread_local_exe_atexit_callback, _c_exit, _cexit, _errno, _exit, exit, _initterm_e, _initterm, _get_wide_winmain_command_line, _initialize_wide_environment, _configure_wide_argv, _set_app_type, _seh_filter_exe, _invalid_parameter_noinfo_noreturn, _invalid_parameter_noinfo
api-ms-win-crt-filesystem-l1-1-0.dll	_wunlink, _wfindnext64i32, _findclose, _wfindfirst64i32, _wsplitpath, _wmakepath
api-ms-win-crt-utility-l1-1-0.dll	ldiv, qsort
api-ms-win-crt-time-l1-1-0.dll	_localtime64, _localtime64_s, wcsftime, _ftime64
api-ms-win-crt-string-l1-1-0.dll	_wcsicmp, _wcsdup
api-ms-win-crt-process-l1-1-0.dll	_wspawnlp
api-ms-win-crt-math-l1-1-0.dll	__setusermatherr
api-ms-win-crt-locale-l1-1-0.dll	_configthreadlocale

Possible Origin

Language of compilation system	Country where language is spoken	Map
German	Germany
English	United States

Target ID:	0
Start time:	10:32:22
Start date:	19/04/2024
Path:	C:\Users\user\Desktop\sc_setup_x64.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\sc_setup_x64.exe"
Imagebase:	0x140000000
File size:	300'608 bytes
MD5 hash:	615CFD6D3775CB9135777D3A384D384E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	10:32:22
Start date:	19/04/2024
Path:	C:\Windows\System32\WerFault.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\WerFault.exe -u -p 7048 -s 464
Imagebase:	0x7ff700c30000
File size:	570'736 bytes
MD5 hash:	FD27D9F6D02763BDE32511B5DF7FF7A0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	1.2%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	23.2%
Total number of Nodes:	95
Total number of Limit Nodes:	5

Executed Functions

Function 0000000140011E10 Relevance: 1446.7, APIs: 523, Strings: 302, Instructions: 2920
libraryloaderwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

#286.MFC140U ref: 0000000140011E58

Part of subcall function 00000001400174B0: RegOpenKeyExW.KERNELBASE(?,?,?,?,?,0000000140011E6C), ref: 00000001400174E6
Part of subcall function 00000001400174B0: RegOpenKeyExW.ADVAPI32(?,?,?,?,?,0000000140011E6C), ref: 000000014001750F
Part of subcall function 00000001400174B0: #1641.MFC140U(?,?,?,?,?,0000000140011E6C), ref: 000000014001751C
Part of subcall function 00000001400174B0: RegDeleteValueW.ADVAPI32(?,?,?,?,?,0000000140011E6C), ref: 000000014001752A
Part of subcall function 00000001400174B0: RegCloseKey.ADVAPI32(?,?,?,?,?,0000000140011E6C), ref: 0000000140017539
Part of subcall function 00000001400174B0: RegCloseKey.ADVAPI32(?,?,?,?,?,0000000140011E6C), ref: 0000000140017544

#1034.MFC140U ref: 0000000140011E72
#286.MFC140U ref: 0000000140011E84

Part of subcall function 00000001400174B0: RegCloseKey.ADVAPI32(?,?,?,?,?,0000000140011E6C), ref: 0000000140017555
Part of subcall function 00000001400174B0: RegCloseKey.ADVAPI32(?,?,?,?,?,0000000140011E6C), ref: 0000000140017560

#1034.MFC140U ref: 0000000140011E9E
RegisterWindowMessageW.USER32 ref: 0000000140011EAB
InitCommonControlsEx.COMCTL32 ref: 0000000140011ED2
FindWindowW.USER32 ref: 0000000140011EE1
MessageBoxW.USER32 ref: 0000000140011F0D
#13199.MFC140U ref: 0000000140011F16
FindWindowW.USER32 ref: 0000000140011F29
#4726.MFC140U ref: 0000000140011F32
CoInitializeEx.OLE32 ref: 0000000140011F4F
#2270.MFC140U ref: 0000000140011F65
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 0000000140011F7A
_wcsdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 0000000140011F87
#2212.MFC140U ref: 0000000140011F94
LoadLibraryW.KERNELBASE ref: 0000000140012002
GetProcAddress.KERNEL32 ref: 0000000140012022
GetProcAddress.KERNEL32 ref: 000000014001203D
GetProcAddress.KERNEL32 ref: 0000000140012058
GetProcAddress.KERNEL32 ref: 0000000140012073
GetProcAddress.KERNEL32 ref: 000000014001208E
GetProcAddress.KERNEL32 ref: 00000001400120A9
GetProcAddress.KERNEL32 ref: 00000001400120C4
GetProcAddress.KERNEL32 ref: 00000001400120DF
GetProcAddress.KERNEL32 ref: 00000001400120FA
GetProcAddress.KERNEL32 ref: 0000000140012115
GetProcAddress.KERNEL32 ref: 0000000140012130
GetProcAddress.KERNEL32 ref: 000000014001214B
#13545.MFC140U ref: 000000014001216D
#11709.MFC140U ref: 000000014001217C
#290.MFC140U ref: 000000014001218D
#1034.MFC140U ref: 00000001400121B2
#290.MFC140U ref: 00000001400121C4
#1034.MFC140U ref: 00000001400121E9
#290.MFC140U ref: 00000001400121FB

Part of subcall function 0000000140007850: #2344.MFC140U ref: 00000001400078A0

#1034.MFC140U ref: 0000000140012220
#290.MFC140U ref: 0000000140012232
#1034.MFC140U ref: 0000000140012257
#290.MFC140U ref: 0000000140012269
#1034.MFC140U ref: 000000014001228E
#290.MFC140U ref: 00000001400122A0
#1034.MFC140U ref: 00000001400122C5
#290.MFC140U ref: 00000001400122D7
#1034.MFC140U ref: 00000001400122FC
#290.MFC140U ref: 000000014001230E
#1034.MFC140U ref: 0000000140012333
#290.MFC140U ref: 0000000140012345
#1034.MFC140U ref: 000000014001236A
#290.MFC140U ref: 000000014001237C
#1034.MFC140U ref: 00000001400123A1
#290.MFC140U ref: 00000001400123B3
#1034.MFC140U ref: 00000001400123D8
#290.MFC140U ref: 00000001400123EA
#1034.MFC140U ref: 000000014001240F
#290.MFC140U ref: 0000000140012421
#1034.MFC140U ref: 0000000140012446
#290.MFC140U ref: 0000000140012458
#1034.MFC140U ref: 000000014001247D
#290.MFC140U ref: 000000014001248F
#1034.MFC140U ref: 00000001400124B4
#290.MFC140U ref: 00000001400124C6
#1034.MFC140U ref: 00000001400124EB
#290.MFC140U ref: 00000001400124FD
#1034.MFC140U ref: 0000000140012522
#290.MFC140U ref: 0000000140012534
#1034.MFC140U ref: 0000000140012559
#290.MFC140U ref: 000000014001256B
#1034.MFC140U ref: 0000000140012590
#290.MFC140U ref: 00000001400125A2
#1034.MFC140U ref: 00000001400125C7
#290.MFC140U ref: 00000001400125D9
#1034.MFC140U ref: 00000001400125FE
#290.MFC140U ref: 0000000140012610
#1034.MFC140U ref: 0000000140012635
#290.MFC140U ref: 0000000140012647
#1034.MFC140U ref: 000000014001266C
#290.MFC140U ref: 000000014001267E
#1034.MFC140U ref: 00000001400126A3
#290.MFC140U ref: 00000001400126B5
#1034.MFC140U ref: 00000001400126DA
#290.MFC140U ref: 00000001400126EC
#1034.MFC140U ref: 0000000140012711
#290.MFC140U ref: 0000000140012723
#1034.MFC140U ref: 0000000140012748
#290.MFC140U ref: 000000014001275A
#1034.MFC140U ref: 000000014001277F
#290.MFC140U ref: 0000000140012791
#1034.MFC140U ref: 00000001400127B6
#290.MFC140U ref: 00000001400127C8
#1034.MFC140U ref: 00000001400127ED
#290.MFC140U ref: 00000001400127FF
#1034.MFC140U ref: 0000000140012824
#290.MFC140U ref: 0000000140012836
#1034.MFC140U ref: 000000014001285B
#290.MFC140U ref: 000000014001286D
#1034.MFC140U ref: 0000000140012892
#290.MFC140U ref: 00000001400128A4
#1034.MFC140U ref: 00000001400128C9
#290.MFC140U ref: 00000001400128DB
#1034.MFC140U ref: 0000000140012900
#290.MFC140U ref: 0000000140012912
#1034.MFC140U ref: 0000000140012937
#290.MFC140U ref: 0000000140012949
#1034.MFC140U ref: 000000014001296E
#290.MFC140U ref: 0000000140012980
#1034.MFC140U ref: 00000001400129A5
#290.MFC140U ref: 00000001400129B7
#1034.MFC140U ref: 00000001400129DC
#290.MFC140U ref: 00000001400129EE
#1034.MFC140U ref: 0000000140012A13
#290.MFC140U ref: 0000000140012A25
#1034.MFC140U ref: 0000000140012A4A
#290.MFC140U ref: 0000000140012A5C
#1034.MFC140U ref: 0000000140012A81
#290.MFC140U ref: 0000000140012A93
#1034.MFC140U ref: 0000000140012AB8
#290.MFC140U ref: 0000000140012ACA
#1034.MFC140U ref: 0000000140012AEF
#290.MFC140U ref: 0000000140012B01
#1034.MFC140U ref: 0000000140012B26
#290.MFC140U ref: 0000000140012B38
#1034.MFC140U ref: 0000000140012B5D
#290.MFC140U ref: 0000000140012B6F
#1034.MFC140U ref: 0000000140012B94
#290.MFC140U ref: 0000000140012BA6
#1034.MFC140U ref: 0000000140012BCB
#290.MFC140U ref: 0000000140012BDD
#1034.MFC140U ref: 0000000140012C02
#290.MFC140U ref: 0000000140012C14
#1034.MFC140U ref: 0000000140012C39
#290.MFC140U ref: 0000000140012C4B
#1034.MFC140U ref: 0000000140012C70
#290.MFC140U ref: 0000000140012C82
#1034.MFC140U ref: 0000000140012CA7
#290.MFC140U ref: 0000000140012CB9
#1034.MFC140U ref: 0000000140012CDE
#290.MFC140U ref: 0000000140012CF0
#1034.MFC140U ref: 0000000140012D15
#290.MFC140U ref: 0000000140012D27
#1034.MFC140U ref: 0000000140012D4C
#290.MFC140U ref: 0000000140012D5E
#1034.MFC140U ref: 0000000140012D83
#290.MFC140U ref: 0000000140012D95
#1034.MFC140U ref: 0000000140012DBA
#290.MFC140U ref: 0000000140012DCC
#1034.MFC140U ref: 0000000140012DF1
#290.MFC140U ref: 0000000140012E03
#1034.MFC140U ref: 0000000140012E28
#290.MFC140U ref: 0000000140012E3A
#1034.MFC140U ref: 0000000140012E5F
#290.MFC140U ref: 0000000140012E71
#1034.MFC140U ref: 0000000140012E96
#290.MFC140U ref: 0000000140012EA8
#1034.MFC140U ref: 0000000140012ECD
#290.MFC140U ref: 0000000140012EDF
#1034.MFC140U ref: 0000000140012F04
#290.MFC140U ref: 0000000140012F16
#1034.MFC140U ref: 0000000140012F3B
#290.MFC140U ref: 0000000140012F4D
#1034.MFC140U ref: 0000000140012F72
#290.MFC140U ref: 0000000140012F84
#1034.MFC140U ref: 0000000140012FA9
#290.MFC140U ref: 0000000140012FBB
#1034.MFC140U ref: 0000000140012FE0
#290.MFC140U ref: 0000000140012FF2
#1034.MFC140U ref: 0000000140013017
#290.MFC140U ref: 0000000140013029
#1034.MFC140U ref: 000000014001304E
#290.MFC140U ref: 0000000140013060
#1034.MFC140U ref: 0000000140013085
#290.MFC140U ref: 0000000140013097
#1034.MFC140U ref: 00000001400130BC
#290.MFC140U ref: 00000001400130CE
#1034.MFC140U ref: 00000001400130F3
#290.MFC140U ref: 0000000140013105
#1034.MFC140U ref: 000000014001312A
#290.MFC140U ref: 000000014001313C
#1034.MFC140U ref: 0000000140013161
#290.MFC140U ref: 0000000140013173
#1034.MFC140U ref: 0000000140013198
#290.MFC140U ref: 00000001400131AA
#1034.MFC140U ref: 00000001400131CF
#290.MFC140U ref: 00000001400131E3
#1034.MFC140U ref: 000000014001320C
#290.MFC140U ref: 000000014001321E
#1034.MFC140U ref: 0000000140013243
#290.MFC140U ref: 0000000140013255
#1034.MFC140U ref: 000000014001327A
#290.MFC140U ref: 000000014001328C
#1034.MFC140U ref: 00000001400132B1
#290.MFC140U ref: 00000001400132C3
#1034.MFC140U ref: 00000001400132E8
#290.MFC140U ref: 00000001400132FA
#1034.MFC140U ref: 000000014001331F
#290.MFC140U ref: 0000000140013330
#1034.MFC140U ref: 0000000140013353
#290.MFC140U ref: 0000000140013364
#1034.MFC140U ref: 0000000140013387
#290.MFC140U ref: 0000000140013398
#1034.MFC140U ref: 00000001400133BB
#290.MFC140U ref: 00000001400133CC
#1034.MFC140U ref: 00000001400133EF
#290.MFC140U ref: 0000000140013400
#1034.MFC140U ref: 0000000140013423
#290.MFC140U ref: 0000000140013434
#1034.MFC140U ref: 0000000140013457
#290.MFC140U ref: 0000000140013468
#1034.MFC140U ref: 000000014001348B
#290.MFC140U ref: 000000014001349C
#1034.MFC140U ref: 00000001400134BF
#290.MFC140U ref: 00000001400134D0
#1034.MFC140U ref: 00000001400134F3
#290.MFC140U ref: 0000000140013504
#1034.MFC140U ref: 0000000140013527
#290.MFC140U ref: 0000000140013538
#1034.MFC140U ref: 000000014001355B
#290.MFC140U ref: 000000014001356C
#1034.MFC140U ref: 000000014001358F
#290.MFC140U ref: 00000001400135A0
#1034.MFC140U ref: 00000001400135C3
#290.MFC140U ref: 00000001400135D4
#1034.MFC140U ref: 00000001400135F7
#290.MFC140U ref: 0000000140013608
#1034.MFC140U ref: 000000014001362B
#290.MFC140U ref: 000000014001363C
#1034.MFC140U ref: 000000014001365F
#290.MFC140U ref: 0000000140013670
#1034.MFC140U ref: 0000000140013693
#290.MFC140U ref: 00000001400136A4
#1034.MFC140U ref: 00000001400136C7
#290.MFC140U ref: 00000001400136D8
#1034.MFC140U ref: 00000001400136FB
#290.MFC140U ref: 000000014001370C
#1034.MFC140U ref: 000000014001372F
#290.MFC140U ref: 0000000140013740
#1034.MFC140U ref: 0000000140013763
#290.MFC140U ref: 0000000140013774
#1034.MFC140U ref: 0000000140013797
#290.MFC140U ref: 00000001400137A8
#1034.MFC140U ref: 00000001400137CB
#290.MFC140U ref: 00000001400137DC
#1034.MFC140U ref: 00000001400137FF
#290.MFC140U ref: 0000000140013810
#1034.MFC140U ref: 0000000140013833
#290.MFC140U ref: 0000000140013844
#1034.MFC140U ref: 0000000140013867
#290.MFC140U ref: 0000000140013878
#1034.MFC140U ref: 000000014001389B
#290.MFC140U ref: 00000001400138AC
#1034.MFC140U ref: 00000001400138CF
#290.MFC140U ref: 00000001400138E0
#1034.MFC140U ref: 0000000140013903
#290.MFC140U ref: 0000000140013914
#1034.MFC140U ref: 0000000140013937
#290.MFC140U ref: 0000000140013948
#1034.MFC140U ref: 000000014001396B
#290.MFC140U ref: 000000014001397C
#1034.MFC140U ref: 000000014001399F
#290.MFC140U ref: 00000001400139B3
#1034.MFC140U ref: 00000001400139DC
#290.MFC140U ref: 00000001400139F0
#1034.MFC140U ref: 0000000140013A19
#290.MFC140U ref: 0000000140013A2D
#1034.MFC140U ref: 0000000140013A56
#290.MFC140U ref: 0000000140013A6A
#1034.MFC140U ref: 0000000140013A93
#290.MFC140U ref: 0000000140013AA7
#1034.MFC140U ref: 0000000140013AD0
#290.MFC140U ref: 0000000140013AE4
#1034.MFC140U ref: 0000000140013B0D
#290.MFC140U ref: 0000000140013B21
#1034.MFC140U ref: 0000000140013B4A
#290.MFC140U ref: 0000000140013B5E
#1034.MFC140U ref: 0000000140013B87
#290.MFC140U ref: 0000000140013B9B
#1034.MFC140U ref: 0000000140013BC4
#290.MFC140U ref: 0000000140013BD8
#1034.MFC140U ref: 0000000140013C01
#290.MFC140U ref: 0000000140013C15
#1034.MFC140U ref: 0000000140013C3E
#290.MFC140U ref: 0000000140013C52
#1034.MFC140U ref: 0000000140013C7B
#290.MFC140U ref: 0000000140013C8F
#1034.MFC140U ref: 0000000140013CB8
#290.MFC140U ref: 0000000140013CCC
#1034.MFC140U ref: 0000000140013CF5
#290.MFC140U ref: 0000000140013D09
#1034.MFC140U ref: 0000000140013D32
#290.MFC140U ref: 0000000140013D46
#1034.MFC140U ref: 0000000140013D6F
#290.MFC140U ref: 0000000140013D83
#1034.MFC140U ref: 0000000140013DAC
#290.MFC140U ref: 0000000140013DC0
#1034.MFC140U ref: 0000000140013DE9
#290.MFC140U ref: 0000000140013DFD
#1034.MFC140U ref: 0000000140013E26
#290.MFC140U ref: 0000000140013E3A
#1034.MFC140U ref: 0000000140013E63
#290.MFC140U ref: 0000000140013E77
#1034.MFC140U ref: 0000000140013EA0
#290.MFC140U ref: 0000000140013EB4
#1034.MFC140U ref: 0000000140013EDD
#290.MFC140U ref: 0000000140013EF1
#1034.MFC140U ref: 0000000140013F1A
#290.MFC140U ref: 0000000140013F2E
#1034.MFC140U ref: 0000000140013F57
#290.MFC140U ref: 0000000140013F6B
#1034.MFC140U ref: 0000000140013F94
#290.MFC140U ref: 0000000140013FA8
#1034.MFC140U ref: 0000000140013FD1
#290.MFC140U ref: 0000000140013FE5
#1034.MFC140U ref: 000000014001400E
#290.MFC140U ref: 0000000140014022
#1034.MFC140U ref: 000000014001404B
#290.MFC140U ref: 000000014001405F
#1034.MFC140U ref: 0000000140014088
#290.MFC140U ref: 000000014001409C
#1034.MFC140U ref: 00000001400140C5
#290.MFC140U ref: 00000001400140D9
#1034.MFC140U ref: 0000000140014102
#290.MFC140U ref: 0000000140014116
#1034.MFC140U ref: 000000014001413F
#290.MFC140U ref: 0000000140014153
#1034.MFC140U ref: 000000014001417C
#290.MFC140U ref: 0000000140014190
#1034.MFC140U ref: 00000001400141B9
#290.MFC140U ref: 00000001400141CD
#1034.MFC140U ref: 00000001400141F6
#290.MFC140U ref: 000000014001420A
#1034.MFC140U ref: 0000000140014233
#290.MFC140U ref: 0000000140014247
#1034.MFC140U ref: 0000000140014270
#290.MFC140U ref: 0000000140014284
#1034.MFC140U ref: 00000001400142AD
#290.MFC140U ref: 00000001400142C1
#1034.MFC140U ref: 00000001400142EA
#290.MFC140U ref: 00000001400142FE
#1034.MFC140U ref: 0000000140014327
#290.MFC140U ref: 000000014001433B
#1034.MFC140U ref: 0000000140014364
#290.MFC140U ref: 0000000140014378
#1034.MFC140U ref: 00000001400143A1
#290.MFC140U ref: 00000001400143B5
#1034.MFC140U ref: 00000001400143DE
#290.MFC140U ref: 00000001400143F2
#1034.MFC140U ref: 000000014001441B
#290.MFC140U ref: 000000014001442F
#1034.MFC140U ref: 0000000140014458
#290.MFC140U ref: 000000014001446C
#1034.MFC140U ref: 0000000140014495
#290.MFC140U ref: 00000001400144A9
#1034.MFC140U ref: 00000001400144D2
#290.MFC140U ref: 00000001400144E6
#1034.MFC140U ref: 000000014001450F
#290.MFC140U ref: 0000000140014523
#1034.MFC140U ref: 000000014001454C
#290.MFC140U ref: 0000000140014560
#1034.MFC140U ref: 0000000140014589
#290.MFC140U ref: 000000014001459D
#1034.MFC140U ref: 00000001400145C6
#290.MFC140U ref: 00000001400145DA
#1034.MFC140U ref: 0000000140014603
#290.MFC140U ref: 0000000140014617
#1034.MFC140U ref: 0000000140014640
#290.MFC140U ref: 0000000140014654
#1034.MFC140U ref: 000000014001467D
#290.MFC140U ref: 0000000140014691
#1034.MFC140U ref: 00000001400146BA
#290.MFC140U ref: 00000001400146CE
#1034.MFC140U ref: 00000001400146F7
#290.MFC140U ref: 000000014001470B
#1034.MFC140U ref: 0000000140014734
#290.MFC140U ref: 0000000140014748
#1034.MFC140U ref: 0000000140014771
#290.MFC140U ref: 0000000140014785
#1034.MFC140U ref: 00000001400147AE
#290.MFC140U ref: 00000001400147C2
#1034.MFC140U ref: 00000001400147EB
#290.MFC140U ref: 00000001400147FF
#1034.MFC140U ref: 0000000140014828
#290.MFC140U ref: 000000014001483C
#1034.MFC140U ref: 0000000140014865
#290.MFC140U ref: 0000000140014879
#1034.MFC140U ref: 00000001400148A2
#290.MFC140U ref: 00000001400148B6
#1034.MFC140U ref: 00000001400148DF
#290.MFC140U ref: 00000001400148F3
#1034.MFC140U ref: 000000014001491C
#290.MFC140U ref: 0000000140014930
#1034.MFC140U ref: 0000000140014959
#290.MFC140U ref: 000000014001496D
#1034.MFC140U ref: 0000000140014996
#290.MFC140U ref: 00000001400149AA
#1034.MFC140U ref: 00000001400149D3
#290.MFC140U ref: 00000001400149E7
#1034.MFC140U ref: 0000000140014A10
#290.MFC140U ref: 0000000140014A24
#1034.MFC140U ref: 0000000140014A4D
#290.MFC140U ref: 0000000140014A61
#1034.MFC140U ref: 0000000140014A8A
#290.MFC140U ref: 0000000140014A9E
#1034.MFC140U ref: 0000000140014AC7
#290.MFC140U ref: 0000000140014ADB
#1034.MFC140U ref: 0000000140014B04
#290.MFC140U ref: 0000000140014B18
#1034.MFC140U ref: 0000000140014B41
#290.MFC140U ref: 0000000140014B55
#1034.MFC140U ref: 0000000140014B7E
#290.MFC140U ref: 0000000140014B92
#1034.MFC140U ref: 0000000140014BBB
#290.MFC140U ref: 0000000140014BCF
#1034.MFC140U ref: 0000000140014BF8
#290.MFC140U ref: 0000000140014C0C
#1034.MFC140U ref: 0000000140014C35
#290.MFC140U ref: 0000000140014C49
#1034.MFC140U ref: 0000000140014C72
#290.MFC140U ref: 0000000140014C86
#1034.MFC140U ref: 0000000140014CAF
#290.MFC140U ref: 0000000140014CC3
#1034.MFC140U ref: 0000000140014CEC
#290.MFC140U ref: 0000000140014D00
#1034.MFC140U ref: 0000000140014D29
#290.MFC140U ref: 0000000140014D3D
#1034.MFC140U ref: 0000000140014D66
#290.MFC140U ref: 0000000140014D7A
#1034.MFC140U ref: 0000000140014DA3
#290.MFC140U ref: 0000000140014DB5
#1034.MFC140U ref: 0000000140014DDA
#316.MFC140U ref: 0000000140014DE5
#316.MFC140U ref: 0000000140014DF1
#1504.MFC140U ref: 0000000140014E04
#1504.MFC140U ref: 0000000140014E16

Part of subcall function 00000001400162E0: #1501.MFC140U ref: 0000000140016321
Part of subcall function 00000001400162E0: #1501.MFC140U ref: 000000014001632F

#1504.MFC140U ref: 0000000140014E50
#1504.MFC140U ref: 0000000140014E62

Part of subcall function 00000001400162E0: #2344.MFC140U ref: 0000000140016351

#1504.MFC140U ref: 0000000140014E8C
#1504.MFC140U ref: 0000000140014E9E
#1504.MFC140U ref: 0000000140014EC8
#1504.MFC140U ref: 0000000140014EDA
#1504.MFC140U ref: 0000000140014F04
#1504.MFC140U ref: 0000000140014F16
#1504.MFC140U ref: 0000000140014F40
#1504.MFC140U ref: 0000000140014F52
#1504.MFC140U ref: 0000000140014F7C
#1504.MFC140U ref: 0000000140014F8E
#1504.MFC140U ref: 0000000140014FB8
#1504.MFC140U ref: 0000000140014FCA
#1504.MFC140U ref: 0000000140014FF4
#1504.MFC140U ref: 0000000140015006
#1504.MFC140U ref: 0000000140015030
#1504.MFC140U ref: 0000000140015042
#1504.MFC140U ref: 000000014001506C
#1504.MFC140U ref: 000000014001507E
#1504.MFC140U ref: 00000001400150A8
#1504.MFC140U ref: 00000001400150BA
#1504.MFC140U ref: 00000001400150E4
#1504.MFC140U ref: 00000001400150F6
#1504.MFC140U ref: 0000000140015120
#1504.MFC140U ref: 0000000140015132
#1504.MFC140U ref: 000000014001515C
#1504.MFC140U ref: 000000014001516E
#1504.MFC140U ref: 0000000140015198
#1504.MFC140U ref: 00000001400151AA
#1504.MFC140U ref: 00000001400151D4
#1504.MFC140U ref: 00000001400151E6
#1504.MFC140U ref: 0000000140015210
#1504.MFC140U ref: 0000000140015222
#1504.MFC140U ref: 000000014001524C
#1504.MFC140U ref: 000000014001525E
#1504.MFC140U ref: 0000000140015288
#1504.MFC140U ref: 000000014001529A
#1504.MFC140U ref: 00000001400152C4
#1504.MFC140U ref: 00000001400152D6
#1504.MFC140U ref: 0000000140015300
#1504.MFC140U ref: 0000000140015312
#1504.MFC140U ref: 000000014001533C
#1504.MFC140U ref: 000000014001534E
#1504.MFC140U ref: 0000000140015378
#1504.MFC140U ref: 000000014001538A
#1504.MFC140U ref: 00000001400153B4
#1504.MFC140U ref: 00000001400153C6
#1504.MFC140U ref: 0000000140015400
#1504.MFC140U ref: 0000000140015412
#1504.MFC140U ref: 000000014001544C
#1504.MFC140U ref: 000000014001545E
#1504.MFC140U ref: 0000000140015488
#1504.MFC140U ref: 000000014001549A
#1504.MFC140U ref: 00000001400154C4
#1504.MFC140U ref: 00000001400154D6
#1504.MFC140U ref: 0000000140015500
#1504.MFC140U ref: 0000000140015512
#1504.MFC140U ref: 000000014001553C
#1504.MFC140U ref: 000000014001554E
#1504.MFC140U ref: 0000000140015578
#1504.MFC140U ref: 000000014001558A
#1504.MFC140U ref: 00000001400155B4
#1504.MFC140U ref: 00000001400155C6
#1504.MFC140U ref: 0000000140015600
#1504.MFC140U ref: 0000000140015612
#1504.MFC140U ref: 000000014001564C
#1504.MFC140U ref: 000000014001565E
#1504.MFC140U ref: 0000000140015688
#1504.MFC140U ref: 000000014001569A
#1504.MFC140U ref: 00000001400156C4
#1504.MFC140U ref: 00000001400156D6
#1504.MFC140U ref: 0000000140015728
#1504.MFC140U ref: 000000014001573A
#1504.MFC140U ref: 0000000140015774
#1504.MFC140U ref: 0000000140015786
#1504.MFC140U ref: 00000001400157B0
#1504.MFC140U ref: 00000001400157C2
#1504.MFC140U ref: 00000001400157EC
#1504.MFC140U ref: 00000001400157FE
#1504.MFC140U ref: 0000000140015828
#1504.MFC140U ref: 000000014001583A
#1504.MFC140U ref: 0000000140015864
#1504.MFC140U ref: 0000000140015876
#1504.MFC140U ref: 00000001400158A0
#1504.MFC140U ref: 00000001400158B2
SysAllocString.OLEAUT32 ref: 0000000140015A25
SysFreeString.OLEAUT32 ref: 0000000140015A5B

Part of subcall function 0000000140005EC0: #2350.MFC140U ref: 0000000140005ED2

#1034.MFC140U ref: 0000000140015AAE
#1034.MFC140U ref: 0000000140015ABA

Part of subcall function 0000000140011CB0: CoCreateInstance.OLE32 ref: 0000000140011D07

Strings

sc_view2d_ctrl, xrefs: 0000000140012974
sc_stlio, xrefs: 0000000140012415
SCAPS.ScSamlightClientCtrl Property Page, xrefs: 0000000140014609
{6CB4C672-5FC4-11d3-9B2D-008048EEE00C}, xrefs: 00000001400152B8
sc_lines3d, xrefs: 0000000140012302
sc_layersolid, xrefs: 0000000140012339
ScapsSamSliceScrollCtrl, xrefs: 0000000140015506
SCAPS.ScLayerFile2D, xrefs: 0000000140013359
SCAPS.ScOpticModuleCtrl, xrefs: 0000000140013C81
sc_triamesh3d, xrefs: 00000001400122CB
sc_layer_file_2d, xrefs: 00000001400124BA
SCAPS.ScLayerSolid, xrefs: 000000014001338D
SCAPS.ScSCAPSDeviceUSC3, xrefs: 0000000140014C3B
sc_text3d, xrefs: 0000000140012528
OBJLIST.ObjlistPropPage.1, xrefs: 0000000140013C44
{85E6C1F2-9889-11D1-8DB7-008048E1AD3F}, xrefs: 00000001400154F4
VIEW2DCTRL.View2DCtrlPropPage.2, xrefs: 0000000140012BD1, 000000014001449B
{FB219084-5C40-11d1-9715-008048EEE00C}, xrefs: 000000014001518C
SCAPS.ScSingleLine2D, xrefs: 0000000140012F0A
SCAPS.ScGetOpticMessageCtrl, xrefs: 0000000140013B8D
{F5D75221-4966-11d1-96F6-008048EEE00C}, xrefs: 000000014001509C
SCAPS.ScControlMotion, xrefs: 000000014001495F
sc_setup, xrefs: 0000000140011F80, 0000000140015A1E
{30EABC0D-4EA6-42ee-A20B-B6B786FD38E8}, xrefs: 0000000140011F22
SCAPS Sam CliIO, xrefs: 0000000140015652
ScapsSamLight, xrefs: 00000001400157B6
SCAPS.ScGetGuiMessageCtrl, xrefs: 0000000140013A99
SCAPS SAM Hatcher, xrefs: 000000014001568E
SCAPS.ScStylePropertyPropPage, xrefs: 0000000140014108
SCAPS.LightExpsoureCtrlPropPage, xrefs: 0000000140013A5C
sc_sc_render, xrefs: 00000001400127F3
SCAPS.ScLineArray2D, xrefs: 0000000140012DF7
{10C990F4-65A6-11d1-9722-008048EEE00C}, xrefs: 0000000140014F70
ScapsSamEntityGroups, xrefs: 0000000140014F0A
Local AppWizard-Generated Applications, xrefs: 0000000140012163
SCAPS.ScRTC2DeviceStandard, xrefs: 0000000140013325
sc_beam_komp, xrefs: 00000001400126A9
{DEF0CFD2-6A2B-11d1-972B-008048EEE00C}, xrefs: 0000000140014EF8
ScapsSamPixelIO, xrefs: 0000000140015126
{D696C6F4-E53E-11D2-9AD6-008048EEE00C}, xrefs: 00000001400153A8
{661FD164-E68C-11D2-9AD8-008048EEE00C}, xrefs: 0000000140011ED8
ScapsSamOpticModule2DCtrl, xrefs: 0000000140015406
sc_pixelio, xrefs: 0000000140012483
ScapsSamLines3D, xrefs: 00000001400150EA
SCAPS.ScLineArrays3D, xrefs: 00000001400133F5
SCAPS.ScPixelArrays2D, xrefs: 000000014001352D
SCAPS.ScGetKernelMessageCtrl, xrefs: 0000000140013B13
{B6F97133-7206-11D1-9736-008048EEE00C}, xrefs: 000000014001547C
ScapsSamBeamCompensator, xrefs: 0000000140014FBE
ScapsSamPixel2D, xrefs: 0000000140015162
SCAPS.ScDocArchive, xrefs: 0000000140012C3F
{12719843-3D8F-11d1-96E0-008048EEE00C}, xrefs: 00000001400152F4
ScapsSamView3DCtrl, xrefs: 00000001400155BA
{AA589B71-409C-11d1-96E6-008048EEE00C}, xrefs: 0000000140014FE8
{A7D53E15-EDAC-11d1-8C7D-008048EEDCB8}, xrefs: 0000000140015114
SCAPS.ScError, xrefs: 00000001400132EE
SCAPS.ScSPICEDeviceStandard, xrefs: 0000000140014CB5
SCAPS.ScLineStylePropertyCtrl, xrefs: 0000000140014A90
?sc_get_num_display_digits@@YAJXZ, xrefs: 0000000140012018
{03A49ED6-812C-11D1-974F-008048EEE00C}, xrefs: 0000000140015640
sc_property, xrefs: 00000001400126E0
SCAPS.ScSamlightClientCtrlPropPage, xrefs: 00000001400146C0
ScapsSamMessageCtrl, xrefs: 0000000140015452
SCAPS.ScMultiHeadTool, xrefs: 0000000140013735
{85FAB022-7961-11D1-8C1F-008048EEDCB8}, xrefs: 000000014001581C
SCAPS.ScSerialNumber2D, xrefs: 0000000140012A50
sc_gui, xrefs: 00000001400123DE
SCAPS.ScEntityPropertySheetCtrl, xrefs: 00000001400139A5
{3551CEE2-51F7-11d1-9709-008048EEE00C}, xrefs: 000000014001527C
SCAPS.ScUserControlGalvoModLaser2D, xrefs: 000000014001308B
{604E5801-3D93-11d1-96E0-008048EEE00C}, xrefs: 0000000140014E80
SCAPS.ScEntityPropertySheetPropPage, xrefs: 00000001400139E2
SCAPS.ScBitMapPropertyPropPage, xrefs: 0000000140013F20
SCAPS.ScSCAPSDeviceStandard, xrefs: 0000000140013249
SCAPS.ScHatchPropertyCtrl, xrefs: 0000000140014182
sc_entity_groups, xrefs: 0000000140012226
{C13C9276-4D50-11d1-9702-008048eee00c}, xrefs: 0000000140014DF8
{36101D53-43CD-11D2-8E73-008048E1AD3F}, xrefs: 000000014001536C, 0000000140015440
{2D41398A-68AB-11D1-972A-008048EEE00C}, xrefs: 000000014001567C
SCAPS.ScDateTimePropertyCtrl, xrefs: 00000001400149D9
{62ca3361-764a-11d1-8d8c-008048e1ad3f}, xrefs: 0000000140014E44
SCAPS.ScLayer, xrefs: 0000000140012D52
SCAPS SAM Message Control, xrefs: 000000014001582E
View2DCtrl.SC_View2DCtrlPropPageDisplay, xrefs: 00000001400143E4
{E7246634-5CCD-11d1-9716-008048EEE00C}, xrefs: 00000001400157E0
SCAPS.ScOpticConfigCtrl, xrefs: 0000000140014ACD
SCAPS.ScWinText2D, xrefs: 0000000140012A19
MESSAGE.ScGetKernelMessagePropPage.1, xrefs: 0000000140013B50
SCAPS.ScPolyLines3D, xrefs: 0000000140013491
SCAPS.LightExposureCtrl, xrefs: 0000000140013A1F
SAMLight already running!, xrefs: 0000000140011EF9
ScapsSamText2D, xrefs: 0000000140014E0A
SCAPS.ScBarCode39, xrefs: 0000000140012AF5
{62CA3361-764A-11d1-8D8C-008048E1AD3F}, xrefs: 000000014001556C
SCAPS.ScStandardEntityCtrl, xrefs: 00000001400135FD
SCAPS.ScLineArrays2D, xrefs: 0000000140012E2E
SCAPS.ScLayerFilePixel, xrefs: 00000001400134C5
SCAPS.ScTriaCone, xrefs: 0000000140013839
ScapsSamPoints2D, xrefs: 0000000140015216
sc_optic, xrefs: 0000000140012672
SCAPS.ScPixelArray2D, xrefs: 00000001400134F9
SCAPS.ScSpiral2D, xrefs: 00000001400147B4
SCAPS.ScRTC6DeviceStandard, xrefs: 000000014001482E
SCAPS.ScVarEntityPropertyPropPage, xrefs: 000000014001432D
ScapsSamLayerSolid, xrefs: 00000001400150AE
{00113F72-CC82-11D1-8C6C-008048EEDCB8}, xrefs: 0000000140015530
?sc_resource_get_language@@YA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ, xrefs: 0000000140012080
ScapsSamStlIO, xrefs: 0000000140015252
SCAPS.ScBarCode12Chars2D, xrefs: 0000000140012ABE
SCAPS.ScSpecialGeometryPropertyCtrl, xrefs: 0000000140014C78
SCAPS.ScConvertTool, xrefs: 000000014001499C
{591FB863-B2CA-11d1-8C4B-008048EEDCB8}, xrefs: 0000000140014FAC
sc_cliio, xrefs: 00000001400123A7
SCAPS.ScWinTextChars2D, xrefs: 0000000140012A87
SCAPS.ScConnectionToolCtrl, xrefs: 00000001400145CC
sc_view3d_ctrl, xrefs: 0000000140012898
VIEW2DCTRL.View2DCtrlPropPage.3, xrefs: 0000000140012C08, 00000001400144D8
SCAPS SAM SamlightClientCtrlEx, xrefs: 000000014001473A, 00000001400156CA
SCAPS.ScGeometryPropertyCtrl, xrefs: 000000014001408E
{1042FC31-722A-11d1-8D89-008048E1AD3F}, xrefs: 0000000140015240
ScapsInternalSamOpticDevices, xrefs: 0000000140015606
?sc_set_in_sc_setup@@YAXH@Z, xrefs: 0000000140012107
ScapsSamOpticModule2D, xrefs: 0000000140014F82
SCAPS.ScHatchPropertyPropPage, xrefs: 00000001400141BF
SCAPS.ScDimensionPropertyPropPage, xrefs: 0000000140013F9A
sc_sam_close_usc, xrefs: 0000000140011EA4
{09D394E2-8E22-11d4-9386-0060673AC7A2}, xrefs: 00000001400155F4
VIEW2DCTRL.View2DCtrlPropPage.1, xrefs: 0000000140012B9A, 000000014001445E
SCAPS.ScPointCloud2D, xrefs: 00000001400135C9
MESSAGE.ScGetOpticMessagePropPage.1, xrefs: 0000000140013BCA
SCAPS.ScPixelArray3D, xrefs: 0000000140013595
SLICESCROLL.SC_SliceScrollCtrlCtrl.1, xrefs: 0000000140013D75
SCAPS.ScDimensionPropertyCtrl, xrefs: 0000000140013F5D
SCAPS.ScPolyLine2D, xrefs: 0000000140012E65
SCAPS.ScEllipse2D, xrefs: 0000000140012DC0
ScapsSamGui, xrefs: 0000000140014FFA
SCAPS.ScWinText3D, xrefs: 0000000140013665
?sc_resource_save_settings@@YAXXZ, xrefs: 0000000140012065
sc_kernel, xrefs: 0000000140012181
{661FD165-E68C-11D2-9AD8-008048EEE00C}, xrefs: 00000001400157A4
sc_message_ctrl, xrefs: 000000014001282A
SCAPS.ScEntityListCtrl, xrefs: 0000000140013C07
SCAPS.ScUIIPropertyCtrl, xrefs: 0000000140014D6C
SCAPS.ScBitMapPropertyCtrl, xrefs: 0000000140013EE3
sc_scanlab_devices, xrefs: 0000000140012785
OPTICMODULECTRL.OpticModuleCtrlPropPage.2, xrefs: 0000000140013CBE
{FF12A4F2-1667-400b-B86A-48447DF171B9}, xrefs: 0000000140015858
{E5123AF4-487B-11D1-96F4-008048EEE00C}, xrefs: 0000000140015330
?sc_set_in_registration@@YAXH@Z, xrefs: 00000001400120EC
SCAPS.ScVectorTool, xrefs: 000000014001379D
SCAPS.ScTransformationTool, xrefs: 0000000140014D2F
SCAPS.ScScannerPixelArray2D, xrefs: 0000000140013561
SCAPS.ScRender, xrefs: 0000000140014DA9
SCAPS.ScChain2D, xrefs: 0000000140014922
SCAPS.ScView2DCtrl, xrefs: 0000000140012B63, 0000000140014421
SCAPS.ScTriaSolid, xrefs: 00000001400138D5
SCAPS.ScBarCodePropertyCtrlEx, xrefs: 0000000140013E2C
SCAPS.ScDeviceLaserPropertyCtrl, xrefs: 00000001400130F9
SCAPS.ScBeamCompensator, xrefs: 0000000140013167
SCAPS.SAMLightFlashCtrl, xrefs: 000000014001486B
SCAPS.ScTriaBox, xrefs: 0000000140013805
SCAPS.ScZDimensionPropertyPropPage, xrefs: 00000001400143A7
ScapsSamProperty, xrefs: 00000001400151DA
SCAPS SCANLAB Devices, xrefs: 000000014001586A
SCAPS.ScHatcher, xrefs: 0000000140013280
{B2333F12-24BF-4E8F-BDB4-19C895A7A246}, xrefs: 0000000140015894
SCAPS.ScEvent, xrefs: 0000000140014A16
SCAPS.ScDeviceDelaysPropertyCtrl, xrefs: 00000001400130C2
ScapsSamPixel3D, xrefs: 000000014001519E
SCAPS.ScEntities2D, xrefs: 0000000140012CAD
sc_basicio, xrefs: 00000001400121B8
SCAPS.ScLayerFileHpgl, xrefs: 00000001400131D5
SCAPS.ScBarCode39Chars2D, xrefs: 0000000140012B2C
SCAPS.ScDeviceMainPropertyCtrl, xrefs: 0000000140013130
sc_slice_scroll_ctrl, xrefs: 0000000140012861
{0965E464-D235-11D1-97A8-008048EEE00C}, xrefs: 0000000140014EBC
SCAPS SAM ControlAdIo, xrefs: 00000001400157F2
sc_text2d, xrefs: 00000001400124F1
SCAPS.ScRTC5DeviceStandard, xrefs: 00000001400147F1
?sc_set_num_display_digits@@YAXJ@Z, xrefs: 000000014001209B
sc_standard_prop_ctrl, xrefs: 0000000140012906
SC_LightExposureCtrlComOnly, xrefs: 0000000140014777, 000000014001572E
SCAPS.ScGeometryPropertyPropPage, xrefs: 0000000140014145
SCAPS.ScTriangle2D, xrefs: 0000000140012F41
SCAPS.ScText2DPropertyPropPage, xrefs: 0000000140014239
SCAPS.ScText2DProperty Property Page, xrefs: 000000014001458F
ScapsSamKernel, xrefs: 0000000140014E92
ScapsSamEntityListCtrl, xrefs: 000000014001548E
SCAPS.ScEventPropertyCtrl, xrefs: 0000000140014A53
ScapsSamHpglIO, xrefs: 0000000140015036
{14AEADE3-C258-4495-A218-58CBFD55005D}, xrefs: 000000014001571C
SCAPS.ScGuiMessageManager, xrefs: 000000014001319E
SCAPS.ScAlignTool, xrefs: 00000001400148E5
SCAPS.ScRectangle2D, xrefs: 0000000140012ED3
OPTICMODULECTRL.SC_PropertyPageShowFlags, xrefs: 0000000140013D38
ScapsSamLayerFile2D, xrefs: 0000000140015072
SC_Setup already running!, xrefs: 0000000140011F41
SCAPS.ScPolyLines2D, xrefs: 0000000140012E9C
sc_tria_slicer, xrefs: 0000000140012596
ScSamLightCtrls, xrefs: 00000001400153BA
SCAPS.ScRTC3DeviceStandard, xrefs: 00000001400132B7
sc_kernel_basic_x64.dll, xrefs: 0000000140011FFB
SCAPS.ScEntities3D, xrefs: 0000000140012CE4
sc_hatcher, xrefs: 000000014001255F
ScapsSamEntityPropertySheetCtrl, xrefs: 000000014001537E
GSI HC/2, xrefs: 0000000140011E4C
SCAPS.ScControlRTC2, xrefs: 0000000140012FAF
sc_obj_list_ctrl, xrefs: 00000001400128CF
ScapsSamTriaMesh, xrefs: 0000000140015306
SCAPS.ScUserPropertyCtrl, xrefs: 0000000140014276
SCAPS.ScBarCodePropertyPropPageEx, xrefs: 0000000140013EA6
SCAPS.ScView3DCtrl, xrefs: 0000000140014515
{37882354-E80B-11D2-9AD8-008048EEE00C}, xrefs: 00000001400154B8
?sc_set_register_type_lib@@YAXH@Z, xrefs: 0000000140012122
{D2EB8E16-D2F5-11d2-84DE-00C0DFEA4A3A}, xrefs: 0000000140015060
sc_light_ctrl, xrefs: 00000001400129E2
SCAPS.ScStylePropertyCtrl, xrefs: 00000001400140CB
SCAPS.ScOpticModule2D, xrefs: 0000000140012F78
SCAPS.ScTriaMesh3D, xrefs: 00000001400138A1
?sc_resource_set_edit@@YAXH@Z, xrefs: 000000014001213D
sc_ad_io, xrefs: 000000014001263B
OPTICMODULECTRL.OpticModuleCtrlPropPage.3, xrefs: 0000000140013CFB
SCAPS.Sc3DDimensionPropertyCtrl, xrefs: 00000001400148A8
?sc_resource_set_language@@YAXV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z, xrefs: 00000001400120B6
SCAPS.ScLayerFileCli, xrefs: 0000000140013212
SCAPS.ScTriaSlicer, xrefs: 000000014001393D
{EEC215C3-996E-11D1-9767-008048EEE00C}, xrefs: 00000001400153F4
Error, xrefs: 0000000140011F00
SCAPS.ScSCAPSDeviceUSC2, xrefs: 0000000140014BFE
?sc_resource_load_settings@@YAXXZ, xrefs: 000000014001204A
{7D75E254-487B-11D1-96F4-008048EEE00C}, xrefs: 0000000140014F34
SCAPS.ScEntityInfoPropertyCtrl, xrefs: 0000000140013FD7
SCAPS.ScUserPropertyPropPage, xrefs: 00000001400142B3
{B9218932-9346-11d1-9762-008048EEE00C}, xrefs: 0000000140015150
SCAPS.ScSpline2D, xrefs: 0000000140014CF2
SCAPS.ScSamlightClientCtrl, xrefs: 0000000140014646
Error during OLE-Init., xrefs: 0000000140011F5E
GSI HC/3, xrefs: 0000000140011E78
ScapsSamDataBase, xrefs: 0000000140014ECE
SCAPS.ScLineBox3D, xrefs: 0000000140013429
SCAPS.ScEntityInfoPropertyPropPage, xrefs: 0000000140014014
SCAPS.ScCorrTable, xrefs: 000000014001301D
ScapsSamLines2D, xrefs: 0000000140014F46
sc_optic_module_ctrl, xrefs: 00000001400129AB
SLICESCROLL.ScSliceScrollCtrlPropPage.1, xrefs: 0000000140013DB2
SCAPS SAM SamlightClientCtrl, xrefs: 0000000140014683, 000000014001577A
SCAPS.ScDevicePropertySheetCtrl, xrefs: 0000000140013971
sc_hpglio, xrefs: 000000014001244C
SCAPS.ScText2DPropertyCtrl, xrefs: 00000001400141FC
sc_optic_devices, xrefs: 000000014001274E
sc_entity_prop_sheet_ctrl, xrefs: 000000014001293D
SCAPS.ScPointCloud3D, xrefs: 0000000140014B0A
MESSAGE.ScGetGuiMessagePropPage.1, xrefs: 0000000140013AD6
{22C1DCFD-1974-40fb-9193-1D299C09903C}, xrefs: 0000000140015768
SCAPS.ScOpticModule3D2D, xrefs: 0000000140013054
ScapsSamComIOCtrl, xrefs: 00000001400154CA
{B4D158A4-0366-11d2-8C87-008048EEDCB8}, xrefs: 0000000140015204
sc_lines2d, xrefs: 0000000140012294
SCAPS.ScSamlightClientCtrlEx, xrefs: 00000001400146FD
SCAPS.ScTriaFileStl, xrefs: 0000000140013631
SCAPS.ScVarEntityPropertyCtrl, xrefs: 00000001400142F0
{E526359F-40A0-11D1-96E6-008048EEE00C}, xrefs: 00000001400155A8
sc_tools, xrefs: 0000000140012717
SCAPS.ScPointClouds2D, xrefs: 0000000140014B47
ScapsSamView2DCtrl, xrefs: 0000000140014E56, 000000014001557E
sc_prolines, xrefs: 0000000140012370
SCAPS.ScZDimensionPropertyCtrl, xrefs: 000000014001436A
sc_data_base, xrefs: 00000001400121EF
SCAPS.ScJobRoot, xrefs: 0000000140012D1B
sc_pixel3d, xrefs: 00000001400125CD
VIEW3DCTRL.View3DCtrlPropPage.1, xrefs: 0000000140014552
sc_co_light_ctrl, xrefs: 00000001400127BC
SCAPS.ScItemSelectTool, xrefs: 0000000140013701
SCAPS.ScLineArray3D, xrefs: 00000001400133C1
SCAPS.ScExposurePropertyPropPage, xrefs: 0000000140014051
SCAPS.ScSortTool, xrefs: 0000000140013769
SCAPS.ScViewTool, xrefs: 00000001400137D1
{3551CEEB-51F7-11d1-9709-008048EEE00C}, xrefs: 00000001400150D8
SCAPS.ScTriaCylinder, xrefs: 000000014001386D
SCAPS.ScFilterTool, xrefs: 00000001400136CD
ScapsSamTools, xrefs: 00000001400152CA
{A9741D9D-E7CB-4ff3-8268-0C3B55EC4B52}, xrefs: 00000001400156B8
SCAPS SAM Render, xrefs: 00000001400158A6
SCAPS.ScBarCodePropertyCtrl, xrefs: 0000000140013DEF
SCAPS.ScRTCScanAloneDeviceStandard, xrefs: 0000000140014BC1
SCAPS.ScHatch, xrefs: 0000000140012D89
ScapsSamText3D, xrefs: 000000014001528E
sc_points2d, xrefs: 000000014001225D
{2D413984-68AB-11d1-972A-008048EEE00C}, xrefs: 0000000140015024
sc_pixel2d, xrefs: 0000000140012604
SCAPS.ScBasicTool, xrefs: 0000000140013699
SCAPS.ScDocStorage, xrefs: 0000000140012C76
ScapsSamStdProperty, xrefs: 0000000140015542
SCAPS.ScPolyLine3D, xrefs: 000000014001345D
ScapsSamTriaSlicer, xrefs: 0000000140015342
?sc_resource_is_edit@@YAHXZ, xrefs: 000000014001202F
SCAPS.ScRTC4DeviceStandard, xrefs: 0000000140014B84
?sc_set_optic_setup@@YAXH@Z, xrefs: 00000001400120D1
SCAPS.ScStandardDevice, xrefs: 0000000140012FE6
SCAPS.ScTriaSphere, xrefs: 0000000140013909
SCAPS.ScBarCodePropertyPropPage, xrefs: 0000000140013E69
{31EE8E23-CBD1-11D1-8C6C-008048EEDCB8}, xrefs: 00000001400151C8

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #1034$#290$#1504$AddressProc$Close$Window$#1501#2344#286#316FindMessageOpenString$#11709#13199#13545#1641#2212#2270#2350#4726AllocCommonControlsCreateDeleteFreeInitInitializeInstanceLibraryLoadRegisterValue_wcsdupfree
String ID: ?sc_get_num_display_digits@@YAJXZ$?sc_resource_get_language@@YA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ$?sc_resource_is_edit@@YAHXZ$?sc_resource_load_settings@@YAXXZ$?sc_resource_save_settings@@YAXXZ$?sc_resource_set_edit@@YAXH@Z$?sc_resource_set_language@@YAXV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z$?sc_set_in_registration@@YAXH@Z$?sc_set_in_sc_setup@@YAXH@Z$?sc_set_num_display_digits@@YAXJ@Z$?sc_set_optic_setup@@YAXH@Z$?sc_set_register_type_lib@@YAXH@Z$Error$Error during OLE-Init.$GSI HC/2$GSI HC/3$Local AppWizard-Generated Applications$MESSAGE.ScGetGuiMessagePropPage.1$MESSAGE.ScGetKernelMessagePropPage.1$MESSAGE.ScGetOpticMessagePropPage.1$OBJLIST.ObjlistPropPage.1$OPTICMODULECTRL.OpticModuleCtrlPropPage.2$OPTICMODULECTRL.OpticModuleCtrlPropPage.3$OPTICMODULECTRL.SC_PropertyPageShowFlags$SAMLight already running!$SCAPS SAM ControlAdIo$SCAPS SAM Hatcher$SCAPS SAM Message Control$SCAPS SAM Render$SCAPS SAM SamlightClientCtrl$SCAPS SAM SamlightClientCtrlEx$SCAPS SCANLAB Devices$SCAPS Sam CliIO$SCAPS.LightExposureCtrl$SCAPS.LightExpsoureCtrlPropPage$SCAPS.SAMLightFlashCtrl$SCAPS.Sc3DDimensionPropertyCtrl$SCAPS.ScAlignTool$SCAPS.ScBarCode12Chars2D$SCAPS.ScBarCode39$SCAPS.ScBarCode39Chars2D$SCAPS.ScBarCodePropertyCtrl$SCAPS.ScBarCodePropertyCtrlEx$SCAPS.ScBarCodePropertyPropPage$SCAPS.ScBarCodePropertyPropPageEx$SCAPS.ScBasicTool$SCAPS.ScBeamCompensator$SCAPS.ScBitMapPropertyCtrl$SCAPS.ScBitMapPropertyPropPage$SCAPS.ScChain2D$SCAPS.ScConnectionToolCtrl$SCAPS.ScControlMotion$SCAPS.ScControlRTC2$SCAPS.ScConvertTool$SCAPS.ScCorrTable$SCAPS.ScDateTimePropertyCtrl$SCAPS.ScDeviceDelaysPropertyCtrl$SCAPS.ScDeviceLaserPropertyCtrl$SCAPS.ScDeviceMainPropertyCtrl$SCAPS.ScDevicePropertySheetCtrl$SCAPS.ScDimensionPropertyCtrl$SCAPS.ScDimensionPropertyPropPage$SCAPS.ScDocArchive$SCAPS.ScDocStorage$SCAPS.ScEllipse2D$SCAPS.ScEntities2D$SCAPS.ScEntities3D$SCAPS.ScEntityInfoPropertyCtrl$SCAPS.ScEntityInfoPropertyPropPage$SCAPS.ScEntityListCtrl$SCAPS.ScEntityPropertySheetCtrl$SCAPS.ScEntityPropertySheetPropPage$SCAPS.ScError$SCAPS.ScEvent$SCAPS.ScEventPropertyCtrl$SCAPS.ScExposurePropertyPropPage$SCAPS.ScFilterTool$SCAPS.ScGeometryPropertyCtrl$SCAPS.ScGeometryPropertyPropPage$SCAPS.ScGetGuiMessageCtrl$SCAPS.ScGetKernelMessageCtrl$SCAPS.ScGetOpticMessageCtrl$SCAPS.ScGuiMessageManager$SCAPS.ScHatch$SCAPS.ScHatchPropertyCtrl$SCAPS.ScHatchPropertyPropPage$SCAPS.ScHatcher$SCAPS.ScItemSelectTool$SCAPS.ScJobRoot$SCAPS.ScLayer$SCAPS.ScLayerFile2D$SCAPS.ScLayerFileCli$SCAPS.ScLayerFileHpgl$SCAPS.ScLayerFilePixel$SCAPS.ScLayerSolid$SCAPS.ScLineArray2D$SCAPS.ScLineArray3D$SCAPS.ScLineArrays2D$SCAPS.ScLineArrays3D$SCAPS.ScLineBox3D$SCAPS.ScLineStylePropertyCtrl$SCAPS.ScMultiHeadTool$SCAPS.ScOpticConfigCtrl$SCAPS.ScOpticModule2D$SCAPS.ScOpticModule3D2D$SCAPS.ScOpticModuleCtrl$SCAPS.ScPixelArray2D$SCAPS.ScPixelArray3D$SCAPS.ScPixelArrays2D$SCAPS.ScPointCloud2D$SCAPS.ScPointCloud3D$SCAPS.ScPointClouds2D$SCAPS.ScPolyLine2D$SCAPS.ScPolyLine3D$SCAPS.ScPolyLines2D$SCAPS.ScPolyLines3D$SCAPS.ScRTC2DeviceStandard$SCAPS.ScRTC3DeviceStandard$SCAPS.ScRTC4DeviceStandard$SCAPS.ScRTC5DeviceStandard$SCAPS.ScRTC6DeviceStandard$SCAPS.ScRTCScanAloneDeviceStandard$SCAPS.ScRectangle2D$SCAPS.ScRender$SCAPS.ScSCAPSDeviceStandard$SCAPS.ScSCAPSDeviceUSC2$SCAPS.ScSCAPSDeviceUSC3$SCAPS.ScSPICEDeviceStandard$SCAPS.ScSamlightClientCtrl$SCAPS.ScSamlightClientCtrl Property Page$SCAPS.ScSamlightClientCtrlEx$SCAPS.ScSamlightClientCtrlPropPage$SCAPS.ScScannerPixelArray2D$SCAPS.ScSerialNumber2D$SCAPS.ScSingleLine2D$SCAPS.ScSortTool$SCAPS.ScSpecialGeometryPropertyCtrl$SCAPS.ScSpiral2D$SCAPS.ScSpline2D$SCAPS.ScStandardDevice$SCAPS.ScStandardEntityCtrl$SCAPS.ScStylePropertyCtrl$SCAPS.ScStylePropertyPropPage$SCAPS.ScText2DProperty Property Page$SCAPS.ScText2DPropertyCtrl$SCAPS.ScText2DPropertyPropPage$SCAPS.ScTransformationTool$SCAPS.ScTriaBox$SCAPS.ScTriaCone$SCAPS.ScTriaCylinder$SCAPS.ScTriaFileStl$SCAPS.ScTriaMesh3D$SCAPS.ScTriaSlicer$SCAPS.ScTriaSolid$SCAPS.ScTriaSphere$SCAPS.ScTriangle2D$SCAPS.ScUIIPropertyCtrl$SCAPS.ScUserControlGalvoModLaser2D$SCAPS.ScUserPropertyCtrl$SCAPS.ScUserPropertyPropPage$SCAPS.ScVarEntityPropertyCtrl$SCAPS.ScVarEntityPropertyPropPage$SCAPS.ScVectorTool$SCAPS.ScView2DCtrl$SCAPS.ScView3DCtrl$SCAPS.ScViewTool$SCAPS.ScWinText2D$SCAPS.ScWinText3D$SCAPS.ScWinTextChars2D$SCAPS.ScZDimensionPropertyCtrl$SCAPS.ScZDimensionPropertyPropPage$SC_LightExposureCtrlComOnly$SC_Setup already running!$SLICESCROLL.SC_SliceScrollCtrlCtrl.1$SLICESCROLL.ScSliceScrollCtrlPropPage.1$ScSamLightCtrls$ScapsInternalSamOpticDevices$ScapsSamBeamCompensator$ScapsSamComIOCtrl$ScapsSamDataBase$ScapsSamEntityGroups$ScapsSamEntityListCtrl$ScapsSamEntityPropertySheetCtrl$ScapsSamGui$ScapsSamHpglIO$ScapsSamKernel$ScapsSamLayerFile2D$ScapsSamLayerSolid$ScapsSamLight$ScapsSamLines2D$ScapsSamLines3D$ScapsSamMessageCtrl$ScapsSamOpticModule2D$ScapsSamOpticModule2DCtrl$ScapsSamPixel2D$ScapsSamPixel3D$ScapsSamPixelIO$ScapsSamPoints2D$ScapsSamProperty$ScapsSamSliceScrollCtrl$ScapsSamStdProperty$ScapsSamStlIO$ScapsSamText2D$ScapsSamText3D$ScapsSamTools$ScapsSamTriaMesh$ScapsSamTriaSlicer$ScapsSamView2DCtrl$ScapsSamView3DCtrl$VIEW2DCTRL.View2DCtrlPropPage.1$VIEW2DCTRL.View2DCtrlPropPage.2$VIEW2DCTRL.View2DCtrlPropPage.3$VIEW3DCTRL.View3DCtrlPropPage.1$View2DCtrl.SC_View2DCtrlPropPageDisplay$sc_ad_io$sc_basicio$sc_beam_komp$sc_cliio$sc_co_light_ctrl$sc_data_base$sc_entity_groups$sc_entity_prop_sheet_ctrl$sc_gui$sc_hatcher$sc_hpglio$sc_kernel$sc_kernel_basic_x64.dll$sc_layer_file_2d$sc_layersolid$sc_light_ctrl$sc_lines2d$sc_lines3d$sc_message_ctrl$sc_obj_list_ctrl$sc_optic$sc_optic_devices$sc_optic_module_ctrl$sc_pixel2d$sc_pixel3d$sc_pixelio$sc_points2d$sc_prolines$sc_property$sc_sam_close_usc$sc_sc_render$sc_scanlab_devices$sc_setup$sc_slice_scroll_ctrl$sc_standard_prop_ctrl$sc_stlio$sc_text2d$sc_text3d$sc_tools$sc_tria_slicer$sc_triamesh3d$sc_view2d_ctrl$sc_view3d_ctrl${00113F72-CC82-11D1-8C6C-008048EEDCB8}${03A49ED6-812C-11D1-974F-008048EEE00C}${0965E464-D235-11D1-97A8-008048EEE00C}${09D394E2-8E22-11d4-9386-0060673AC7A2}${1042FC31-722A-11d1-8D89-008048E1AD3F}${10C990F4-65A6-11d1-9722-008048EEE00C}${12719843-3D8F-11d1-96E0-008048EEE00C}${14AEADE3-C258-4495-A218-58CBFD55005D}${22C1DCFD-1974-40fb-9193-1D299C09903C}${2D413984-68AB-11d1-972A-008048EEE00C}${2D41398A-68AB-11D1-972A-008048EEE00C}${30EABC0D-4EA6-42ee-A20B-B6B786FD38E8}${31EE8E23-CBD1-11D1-8C6C-008048EEDCB8}${3551CEE2-51F7-11d1-9709-008048EEE00C}${3551CEEB-51F7-11d1-9709-008048EEE00C}${36101D53-43CD-11D2-8E73-008048E1AD3F}${37882354-E80B-11D2-9AD8-008048EEE00C}${591FB863-B2CA-11d1-8C4B-008048EEDCB8}${604E5801-3D93-11d1-96E0-008048EEE00C}${62CA3361-764A-11d1-8D8C-008048E1AD3F}${62ca3361-764a-11d1-8d8c-008048e1ad3f}${661FD164-E68C-11D2-9AD8-008048EEE00C}${661FD165-E68C-11D2-9AD8-008048EEE00C}${6CB4C672-5FC4-11d3-9B2D-008048EEE00C}${7D75E254-487B-11D1-96F4-008048EEE00C}${85E6C1F2-9889-11D1-8DB7-008048E1AD3F}${85FAB022-7961-11D1-8C1F-008048EEDCB8}${A7D53E15-EDAC-11d1-8C7D-008048EEDCB8}${A9741D9D-E7CB-4ff3-8268-0C3B55EC4B52}${AA589B71-409C-11d1-96E6-008048EEE00C}${B2333F12-24BF-4E8F-BDB4-19C895A7A246}${B4D158A4-0366-11d2-8C87-008048EEDCB8}${B6F97133-7206-11D1-9736-008048EEE00C}${B9218932-9346-11d1-9762-008048EEE00C}${C13C9276-4D50-11d1-9702-008048eee00c}${D2EB8E16-D2F5-11d2-84DE-00C0DFEA4A3A}${D696C6F4-E53E-11D2-9AD6-008048EEE00C}${DEF0CFD2-6A2B-11d1-972B-008048EEE00C}${E5123AF4-487B-11D1-96F4-008048EEE00C}${E526359F-40A0-11D1-96E6-008048EEE00C}${E7246634-5CCD-11d1-9716-008048EEE00C}${EEC215C3-996E-11D1-9767-008048EEE00C}${F5D75221-4966-11d1-96F6-008048EEE00C}${FB219084-5C40-11d1-9715-008048EEE00C}${FF12A4F2-1667-400b-B86A-48447DF171B9}
API String ID: 2557960474-239216379
Opcode ID: 55f0776cc67c335a49a2fee4acba8861f8d691ef7df8f4f9edc7b58494550f10
Instruction ID: 6c62aab661657da33a7ca4a690303413871efebda6506b2136ddf6fb8212c915
Opcode Fuzzy Hash: 55f0776cc67c335a49a2fee4acba8861f8d691ef7df8f4f9edc7b58494550f10
Instruction Fuzzy Hash: 0283E571221D86E2EA12EF62EC947D92320FB897D6F815026F60E575B5DF38CA4DC348

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001D9C0 Relevance: 22.6, APIs: 15, Instructions: 89
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__scrt_initialize_crt.LIBCMT ref: 000000014001D9CF
__scrt_fastfail.LIBCMT ref: 000000014001D9DD

Part of subcall function 000000014001EA6C: IsProcessorFeaturePresent.KERNEL32 ref: 000000014001EA88
Part of subcall function 000000014001EA6C: memset.VCRUNTIME140 ref: 000000014001EAA8
Part of subcall function 000000014001EA6C: RtlCaptureContext.KERNEL32 ref: 000000014001EAB1
Part of subcall function 000000014001EA6C: RtlLookupFunctionEntry.KERNEL32 ref: 000000014001EACB
Part of subcall function 000000014001EA6C: RtlVirtualUnwind.KERNEL32 ref: 000000014001EB0C
Part of subcall function 000000014001EA6C: memset.VCRUNTIME140 ref: 000000014001EB3F
Part of subcall function 000000014001EA6C: IsDebuggerPresent.KERNEL32 ref: 000000014001EB60
Part of subcall function 000000014001EA6C: SetUnhandledExceptionFilter.KERNEL32 ref: 000000014001EB81
Part of subcall function 000000014001EA6C: UnhandledExceptionFilter.KERNEL32 ref: 000000014001EB8C

__scrt_acquire_startup_lock.LIBCMT ref: 000000014001D9EB
__scrt_fastfail.LIBCMT ref: 000000014001DA02
_initterm_e.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 000000014001DA23
__scrt_release_startup_lock.LIBCMT ref: 000000014001DA5F
__scrt_is_nonwritable_in_current_image.LIBCMT ref: 000000014001DA75
__scrt_is_nonwritable_in_current_image.LIBCMT ref: 000000014001DAA5
_register_thread_local_exe_atexit_callback.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 000000014001DAB1
__scrt_get_show_window_mode.LIBCMT ref: 000000014001DAB6
_get_wide_winmain_command_line.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 000000014001DABE
__scrt_is_managed_app.LIBCMT ref: 000000014001DAD9
exit.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 000000014001DAE4
_cexit.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 000000014001DAEE
__scrt_uninitialize_crt.LIBCMT ref: 000000014001DAF7

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled__scrt_fastfail__scrt_is_nonwritable_in_current_imagememset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual__scrt_acquire_startup_lock__scrt_get_show_window_mode__scrt_initialize_crt__scrt_is_managed_app__scrt_release_startup_lock__scrt_uninitialize_crt_cexit_get_wide_winmain_command_line_initterm_e_register_thread_local_exe_atexit_callbackexit
String ID:
API String ID: 2574693447-0
Opcode ID: 9d0190c51bc5252c32d9de1746b2ae2139ed8b8ad3c85b80cf4586ad2bbb49e2
Instruction ID: 1e61777f054a1178846eaab59cad12a7543850560a6f1caf0320e1224604db5b
Opcode Fuzzy Hash: 9d0190c51bc5252c32d9de1746b2ae2139ed8b8ad3c85b80cf4586ad2bbb49e2
Instruction Fuzzy Hash: 0D315C3160424185FA67FB63A4623E93391AF9D7C8F844026BB4A4F2F7DE7AC945C312

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400174B0 Relevance: 17.5, APIs: 8, Strings: 2, Instructions: 46
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExW.KERNELBASE(?,?,?,?,?,0000000140011E6C), ref: 00000001400174E6
RegOpenKeyExW.ADVAPI32(?,?,?,?,?,0000000140011E6C), ref: 000000014001750F
#1641.MFC140U(?,?,?,?,?,0000000140011E6C), ref: 000000014001751C
RegDeleteValueW.ADVAPI32(?,?,?,?,?,0000000140011E6C), ref: 000000014001752A
RegCloseKey.ADVAPI32(?,?,?,?,?,0000000140011E6C), ref: 0000000140017539
RegCloseKey.ADVAPI32(?,?,?,?,?,0000000140011E6C), ref: 0000000140017544
RegCloseKey.ADVAPI32(?,?,?,?,?,0000000140011E6C), ref: 0000000140017555
RegCloseKey.ADVAPI32(?,?,?,?,?,0000000140011E6C), ref: 0000000140017560

Strings

SCAPS, xrefs: 00000001400174C0
ScStdDevices, xrefs: 0000000140017508

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: Close$Open$#1641DeleteValue
String ID: SCAPS$ScStdDevices
API String ID: 2581666424-1535483189
Opcode ID: 687be6077d814b9ed99685491bb5ad75ec8717f07e41c04c3005ca38aed1660e
Instruction ID: 7aaa0505fdfbe85a99518203954c8296ed723a787641885374ed1f4af9d929ac
Opcode Fuzzy Hash: 687be6077d814b9ed99685491bb5ad75ec8717f07e41c04c3005ca38aed1660e
Instruction Fuzzy Hash: 98110D75715A4082EB119F62F844B9AA7A4F78CBD5F400125EB4D87B78EFBCC5858B00

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 000000014000DDA0 Relevance: 145.8, APIs: 66, Strings: 17, Instructions: 508
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_wgetenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0 ref: 000000014000DDE4
#280.MFC140U ref: 000000014000DDF5
#7893.MFC140U ref: 000000014000DDFF
#3951.MFC140U ref: 000000014000DE23
#1034.MFC140U ref: 000000014000DE35
#1089.MFC140U ref: 000000014000DE40
#1501.MFC140U ref: 000000014000DE56
#1034.MFC140U ref: 000000014000DE64
#1089.MFC140U ref: 000000014000DE6F
#286.MFC140U ref: 000000014000DE85
#280.MFC140U ref: 000000014000DE96
#1670.MFC140U ref: 000000014000DEA9
new.LIBCMT ref: 000000014000DEB4
#316.MFC140U ref: 000000014000DEF7
#1503.MFC140U ref: 000000014000DF0A
#990.MFC140U ref: 000000014000DF25
#3203.MFC140U ref: 000000014000DF82
#286.MFC140U ref: 000000014000DF9B
#1034.MFC140U ref: 000000014000DFB9
#1641.MFC140U ref: 000000014000DFC4
#1641.MFC140U ref: 000000014000DFE4
#286.MFC140U ref: 000000014000E008
#1034.MFC140U ref: 000000014000E026
#1503.MFC140U ref: 000000014000E04C

Part of subcall function 00000001400017D0: #316.MFC140U ref: 0000000140001805

#1501.MFC140U ref: 000000014000E06D
#1670.MFC140U ref: 000000014000E07F
#990.MFC140U ref: 000000014000E089
#3203.MFC140U ref: 000000014000E0E6
#286.MFC140U ref: 000000014000E0FF
#1034.MFC140U ref: 000000014000E11D
#1641.MFC140U ref: 000000014000E128
#1641.MFC140U ref: 000000014000E169
#286.MFC140U ref: 000000014000E18D
#1034.MFC140U ref: 000000014000E1AB
#1503.MFC140U ref: 000000014000E1BD
#1034.MFC140U ref: 000000014000E6C7

Strings

Updating OpticModuleCtrl... Ok, xrefs: 000000014000DFFC
Updating OpticModuleCtrl..., xrefs: 000000014000DF8F
e, xrefs: 000000014000E0B9
Error, xrefs: 000000014000E6AB
SCAPS_SAM, xrefs: 000000014000DDDD
Updating View2DCtrl... Ok, xrefs: 000000014000E181
Updating OpticModule..., xrefs: 000000014000E1B1
Failed, xrefs: 000000014000E51E, 000000014000E577, 000000014000E5CC, 000000014000E621, 000000014000E666
Updating Optic Styles..., xrefs: 000000014000E3BA
\system\sc_view2d_ctrl2.pro, xrefs: 000000014000E073
\system\sc_optic_module_ctrl2.pro, xrefs: 000000014000DE9D
OK, xrefs: 000000014000E371, 000000014000E48A
\system\rtc2.stp, xrefs: 000000014000E292
Loading View2DCtrl..., xrefs: 000000014000E040
SCAPS Environment variable not found!!, xrefs: 000000014000E6B2
Updating View2DCtrl..., xrefs: 000000014000E0F3
Loading OpticModuleCtrl..., xrefs: 000000014000DEFE

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #1034$#286$#1641$#1503$#1089#1501#1670#280#316#3203#990$#3951#7893_wgetenv
String ID: Failed$ OK$Error$Loading OpticModuleCtrl...$Loading View2DCtrl...$SCAPS Environment variable not found!!$SCAPS_SAM$Updating Optic Styles...$Updating OpticModule...$Updating OpticModuleCtrl...$Updating OpticModuleCtrl... Ok$Updating View2DCtrl...$Updating View2DCtrl... Ok$\system\rtc2.stp$\system\sc_optic_module_ctrl2.pro$\system\sc_view2d_ctrl2.pro$e
API String ID: 3296264108-199456517
Opcode ID: 0256fe2c4befa41582df245949d7504e319dd6bcde72a5daa72f6a5df7e7f210
Instruction ID: 5e0bcccc176ef62c09a04fbfb035f20f5c39270c7bbe278c30f88c6ebb06fd0e
Opcode Fuzzy Hash: 0256fe2c4befa41582df245949d7504e319dd6bcde72a5daa72f6a5df7e7f210
Instruction Fuzzy Hash: 8A421072200A8196EB52EF66E8903DD7360F789BD5F804016FB4E57AB9DF78CA49C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400112E0 Relevance: 142.2, APIs: 68, Strings: 13, Instructions: 488
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

BroadcastSystemMessageW.USER32 ref: 000000014001132D

Part of subcall function 0000000140016A40: new.LIBCMT ref: 0000000140016A7F

BroadcastSystemMessageW.USER32 ref: 0000000140011367
BroadcastSystemMessageW.USER32 ref: 00000001400113A4
BroadcastSystemMessageW.USER32 ref: 00000001400113DA
BroadcastSystemMessageW.USER32 ref: 000000014001141B
BroadcastSystemMessageW.USER32 ref: 000000014001145C
BroadcastSystemMessageW.USER32 ref: 000000014001149E
_wgetenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0 ref: 00000001400114AB
#316.MFC140U ref: 00000001400114B8
#286.MFC140U ref: 00000001400114CB
#1670.MFC140U ref: 00000001400114DD
#1501.MFC140U ref: 00000001400114EB
#1034.MFC140U ref: 00000001400114F6
BroadcastSystemMessageW.USER32 ref: 0000000140011528
#1034.MFC140U ref: 0000000140011533
BroadcastSystemMessageW.USER32 ref: 0000000140011569
_wgetenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0 ref: 0000000140011576
#316.MFC140U ref: 0000000140011583
#286.MFC140U ref: 0000000140011596
#1670.MFC140U ref: 00000001400115A8
#1501.MFC140U ref: 00000001400115B6
#1034.MFC140U ref: 00000001400115C1
BroadcastSystemMessageW.USER32 ref: 00000001400115F3
#1034.MFC140U ref: 00000001400115FE
BroadcastSystemMessageW.USER32 ref: 0000000140011634
_wgetenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0 ref: 0000000140011641
#316.MFC140U ref: 000000014001164E
BroadcastSystemMessageW.USER32 ref: 0000000140011683
#1034.MFC140U ref: 000000014001168E
#280.MFC140U ref: 00000001400116B9
#286.MFC140U ref: 00000001400116D2
#1034.MFC140U ref: 0000000140011701
#1034.MFC140U ref: 000000014001171C
#280.MFC140U ref: 0000000140011795
_wgetenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0 ref: 00000001400117C4
#286.MFC140U ref: 00000001400117DA
#286.MFC140U ref: 00000001400117EC

Part of subcall function 0000000140005870: #5709.MFC140U ref: 00000001400058A4
Part of subcall function 0000000140005870: #285.MFC140U ref: 00000001400058B0
Part of subcall function 0000000140005870: #5674.MFC140U ref: 00000001400058C1
Part of subcall function 0000000140005870: #1641.MFC140U ref: 00000001400058CC
Part of subcall function 0000000140005870: #5674.MFC140U ref: 00000001400058D8
Part of subcall function 0000000140005870: #1641.MFC140U ref: 00000001400058E3
Part of subcall function 0000000140005870: #2921.MFC140U ref: 00000001400058F9

#1501.MFC140U ref: 000000014001180C
#1034.MFC140U ref: 0000000140011817
#1641.MFC140U ref: 0000000140011821
MessageBoxW.USER32 ref: 0000000140011839
#1034.MFC140U ref: 0000000140011844
#1034.MFC140U ref: 000000014001184F
BroadcastSystemMessageW.USER32 ref: 0000000140011881

Part of subcall function 0000000140017880: new.LIBCMT ref: 00000001400178AF
Part of subcall function 0000000140017880: #13864.MFC140U ref: 00000001400178FB
Part of subcall function 0000000140017880: #5240.MFC140U ref: 000000014001792A
Part of subcall function 0000000140017880: #4335.MFC140U ref: 0000000140017939
Part of subcall function 0000000140017880: #13767.MFC140U ref: 0000000140017958
Part of subcall function 0000000140017880: #13767.MFC140U ref: 00000001400179DD

Strings

FromInstall, xrefs: 00000001400116C7
Select Folder, xrefs: 0000000140011830
\usc1\, xrefs: 0000000140011933
wdapi1230.dll, xrefs: 00000001400119FD
\system\sc_light_settings.sam, xrefs: 000000014001159D
SCAPS_SAM, xrefs: 00000001400114A4, 000000014001156F, 000000014001163A, 00000001400117BD
wdapi1230_32.dll, xrefs: 0000000140011A2F
wdapi1010.dll, xrefs: 0000000140011999
Please use: , xrefs: 00000001400117E1
\system\sc_settings.sam, xrefs: 00000001400114D2
wdapi1010_32.dll, xrefs: 00000001400119CB
\system\, xrefs: 000000014001191B
Loading of Frame failed, xrefs: 0000000140011B2C

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: Message$BroadcastSystem$#1034$#286$_wgetenv$#1501#1641#316$#13767#1670#280#5674$#13864#285#2921#4335#5240#5709
String ID: FromInstall$Loading of Frame failed$Please use: $SCAPS_SAM$Select Folder$\system\$\system\sc_light_settings.sam$\system\sc_settings.sam$\usc1\$wdapi1010.dll$wdapi1010_32.dll$wdapi1230.dll$wdapi1230_32.dll
API String ID: 1682183063-656715112
Opcode ID: 3707f58a5d5ca08aa72f8b35e8cfeedf4874ac0291683b500f3f5b0d2a1117f4
Instruction ID: 296c49b9ee6c28d2b14555f56ee3dda0600c361cdf657b82bb0ada29516bfaab
Opcode Fuzzy Hash: 3707f58a5d5ca08aa72f8b35e8cfeedf4874ac0291683b500f3f5b0d2a1117f4
Instruction Fuzzy Hash: 3B325C32611A51D6EB56DF22E8587DC3360F789B89F50102AF70E0BAB9DF35CA89C744

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140017880 Relevance: 107.1, APIs: 47, Strings: 14, Instructions: 360
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

new.LIBCMT ref: 00000001400178AF

Part of subcall function 000000014001DCAC: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,0000000140016724), ref: 000000014001DCD8

#13864.MFC140U ref: 00000001400178FB
#13864.MFC140U ref: 0000000140017907
#2686.MFC140U ref: 0000000140017915
#5240.MFC140U ref: 000000014001792A
#4335.MFC140U ref: 0000000140017939
#13767.MFC140U ref: 0000000140017958
#2344.MFC140U ref: 00000001400179BD
#13767.MFC140U ref: 00000001400179DD
#1641.MFC140U ref: 0000000140017A75

Part of subcall function 0000000140018480: #990.MFC140U ref: 00000001400184BA
Part of subcall function 0000000140018480: #316.MFC140U ref: 00000001400184D1

#2344.MFC140U ref: 0000000140017A45
#2344.MFC140U ref: 0000000140017AA4
#286.MFC140U ref: 0000000140017ACB
#1641.MFC140U ref: 0000000140017B06
#1034.MFC140U ref: 0000000140017B20
#1034.MFC140U ref: 0000000140017B2B
#2344.MFC140U ref: 0000000140017B41
#286.MFC140U ref: 0000000140017B5C
#1641.MFC140U ref: 0000000140017B76
#1034.MFC140U ref: 0000000140017B90
#1034.MFC140U ref: 0000000140017B9B
#286.MFC140U ref: 0000000140017BCA
#1641.MFC140U ref: 0000000140017BE4
#1034.MFC140U ref: 0000000140017BFE
#1034.MFC140U ref: 0000000140017C09
_wgetenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0 ref: 0000000140017C21
#286.MFC140U ref: 0000000140017C3E
#1670.MFC140U ref: 0000000140017C5C
#316.MFC140U ref: 0000000140017C66
#4656.MFC140U ref: 0000000140017C7F
#1641.MFC140U ref: 0000000140017C89
#1641.MFC140U ref: 0000000140017C96
_wspawnlp.API-MS-WIN-CRT-PROCESS-L1-1-0 ref: 0000000140017CB9
#1034.MFC140U ref: 0000000140017CC4
#1034.MFC140U ref: 0000000140017CCF
#316.MFC140U ref: 0000000140017CD9
#4954.MFC140U ref: 0000000140017CE9
SHGetSpecialFolderPathW.SHELL32 ref: 0000000140017CFB
#12240.MFC140U ref: 0000000140017D0A
#286.MFC140U ref: 0000000140017D47
#12443.MFC140U ref: 0000000140017D64
#1034.MFC140U ref: 0000000140017D94
_wspawnlp.API-MS-WIN-CRT-PROCESS-L1-1-0 ref: 0000000140017DC4
#1034.MFC140U ref: 0000000140017DCF
#1034.MFC140U ref: 0000000140017DDA
MessageBoxW.USER32 ref: 0000000140017E05
#1034.MFC140U ref: 0000000140017E26

Strings

Error, xrefs: 0000000140017DF5
SCAPS_SAM, xrefs: 0000000140017C1A
Interface\, xrefs: 0000000140017BBF
_d.exe, xrefs: 0000000140017C4C
Unregister Classes..., xrefs: 000000014001794A
.exe, xrefs: 0000000140017C55
_d., xrefs: 0000000140017D52
%s\system\%s, xrefs: 0000000140017C74
Failed to retrieve syswow64 directory, xrefs: 0000000140017DFC
Unregister Type Libraries..., xrefs: 00000001400179CF
DlSoftWrapper, xrefs: 0000000140017C33
regsvr32.exe, xrefs: 0000000140017DB4, 0000000140017DBB
CLSID\, xrefs: 0000000140017AC0, 0000000140017B51
/unregserver, xrefs: 0000000140017CAD

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #1034$#1641$#286$#2344$#316$#13767#13864_wspawnlp$#12240#12443#1670#2686#4335#4656#4954#5240#990FolderMessagePathSpecial_wgetenvmalloc
String ID: %s\system\%s$.exe$/unregserver$CLSID\$DlSoftWrapper$Error$Failed to retrieve syswow64 directory$Interface\$SCAPS_SAM$Unregister Classes...$Unregister Type Libraries...$_d.$_d.exe$regsvr32.exe
API String ID: 881108457-336234393
Opcode ID: c209f55d0a5f72cfb575fc0768750a6df5cf533b95580cf73ea9495b868ef007
Instruction ID: a68a073365d6369d9ffee19a611326fcfabe56425f45bbde09c50c536f697dac
Opcode Fuzzy Hash: c209f55d0a5f72cfb575fc0768750a6df5cf533b95580cf73ea9495b868ef007
Instruction Fuzzy Hash: A6F14631211A4091EB12EB63E8947E82371FB8CBD5F854526FB0E5B6B6DF39C989C344

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140007F70 Relevance: 91.4, APIs: 41, Strings: 11, Instructions: 395
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

new.LIBCMT ref: 0000000140007FB2

Part of subcall function 000000014001DCAC: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,0000000140016724), ref: 000000014001DCD8

#13864.MFC140U ref: 0000000140008002
#13767.MFC140U ref: 0000000140008015
#316.MFC140U ref: 000000014000801F
#1503.MFC140U ref: 0000000140008032
#990.MFC140U ref: 000000014000804D
#3203.MFC140U ref: 00000001400080AA
#1670.MFC140U ref: 00000001400080BF
#286.MFC140U ref: 0000000140008101

Part of subcall function 0000000140018A40: #1641.MFC140U ref: 0000000140018A4C
Part of subcall function 0000000140018A40: SendMessageW.USER32 ref: 0000000140018A64
Part of subcall function 0000000140018A40: #14128.MFC140U ref: 0000000140018A6F

#1034.MFC140U ref: 000000014000811F
#286.MFC140U ref: 0000000140008131
#1034.MFC140U ref: 000000014000814F

Part of subcall function 000000014000E8F0: #7837.MFC140U ref: 000000014000E919

#286.MFC140U ref: 00000001400081F6
#1034.MFC140U ref: 0000000140008214
#1501.MFC140U ref: 000000014000824B

Part of subcall function 0000000140007A40: #1034.MFC140U ref: 0000000140007A88

Part of subcall function 0000000140003960: #5709.MFC140U(?,?,?,?,?,?,?,?,000000014000943B), ref: 0000000140003994
Part of subcall function 0000000140003960: #285.MFC140U(?,?,?,?,?,?,?,?,000000014000943B), ref: 00000001400039A0
Part of subcall function 0000000140003960: #13949.MFC140U(?,?,?,?,?,?,?,?,000000014000943B), ref: 00000001400039B1
Part of subcall function 0000000140003960: #5674.MFC140U(?,?,?,?,?,?,?,?,000000014000943B), ref: 00000001400039BC
Part of subcall function 0000000140003960: #1641.MFC140U(?,?,?,?,?,?,?,?,000000014000943B), ref: 00000001400039C7
Part of subcall function 0000000140003960: #2921.MFC140U(?,?,?,?,?,?,?,?,000000014000943B), ref: 00000001400039DD

#316.MFC140U ref: 0000000140008281
#1641.MFC140U ref: 0000000140008290
_wfindfirst64i32.API-MS-WIN-CRT-FILESYSTEM-L1-1-0 ref: 00000001400082A0
#1501.MFC140U ref: 00000001400082D4
#1034.MFC140U ref: 00000001400082E0
#1670.MFC140U ref: 00000001400082F2

Part of subcall function 0000000140009B30: #1641.MFC140U(?,?,?,?,?,?,?,?,?,?,?,?,00000034,0000000140002F97), ref: 0000000140009BA3
Part of subcall function 0000000140009B30: SysFreeString.OLEAUT32 ref: 0000000140009BEB

#4511.MFC140U ref: 000000014000834F
#1034.MFC140U ref: 000000014000839D
#1034.MFC140U ref: 00000001400083A9
_wfindnext64i32.API-MS-WIN-CRT-FILESYSTEM-L1-1-0 ref: 00000001400083CE
#1501.MFC140U ref: 0000000140008401
#1034.MFC140U ref: 000000014000840D
#1670.MFC140U ref: 000000014000841F
#4511.MFC140U ref: 0000000140008478
#1034.MFC140U ref: 00000001400084C8
#1034.MFC140U ref: 00000001400084D6

Part of subcall function 0000000140007D90: #4511.MFC140U ref: 0000000140007DD2
Part of subcall function 0000000140007D90: #1641.MFC140U ref: 0000000140007DE3
Part of subcall function 0000000140007D90: _wsplitpath.API-MS-WIN-CRT-FILESYSTEM-L1-1-0 ref: 0000000140007E0B
Part of subcall function 0000000140007D90: #286.MFC140U ref: 0000000140007E1B
Part of subcall function 0000000140007D90: #1670.MFC140U ref: 0000000140007E2C
Part of subcall function 0000000140007D90: #1670.MFC140U ref: 0000000140007E3F
Part of subcall function 0000000140007D90: #1670.MFC140U ref: 0000000140007E51
Part of subcall function 0000000140007D90: #1641.MFC140U ref: 0000000140007E5C
Part of subcall function 0000000140007D90: #1641.MFC140U ref: 0000000140007E68
Part of subcall function 0000000140007D90: CopyFileW.KERNEL32 ref: 0000000140007E7A
Part of subcall function 0000000140007D90: #1641.MFC140U ref: 0000000140007E83
Part of subcall function 0000000140007D90: #1641.MFC140U ref: 0000000140007ECD
Part of subcall function 0000000140007D90: #1641.MFC140U ref: 0000000140007EE9
Part of subcall function 0000000140007D90: #286.MFC140U ref: 0000000140007F0E
Part of subcall function 0000000140007D90: #1034.MFC140U ref: 0000000140007F2C
Part of subcall function 0000000140007D90: #1034.MFC140U ref: 0000000140007F38

_wfindnext64i32.API-MS-WIN-CRT-FILESYSTEM-L1-1-0 ref: 00000001400084FB
_findclose.API-MS-WIN-CRT-FILESYSTEM-L1-1-0 ref: 000000014000850C
#286.MFC140U ref: 0000000140008523
#1034.MFC140U ref: 0000000140008541
#1034.MFC140U ref: 0000000140008568
#1034.MFC140U ref: 0000000140008574
#1034.MFC140U ref: 0000000140008595
#1034.MFC140U ref: 00000001400085A1
#1454.MFC140U ref: 0000000140008612
#1034.MFC140U ref: 000000014000861D

Part of subcall function 0000000140018860: #446.MFC140U ref: 0000000140018883
Part of subcall function 0000000140018860: #990.MFC140U ref: 00000001400188A2

Strings

Settings file , xrefs: 0000000140008361, 000000014000848A
Failed, xrefs: 00000001400080B3, 00000001400081EA
Updating to V2.5..., xrefs: 0000000140008007
d, xrefs: 000000014000807D
...., xrefs: 0000000140008373, 000000014000849E
No files to update., xrefs: 0000000140008517
Searching for files..., xrefs: 0000000140008125
_save_v_2_4.sam, xrefs: 0000000140008343, 000000014000846C
Updating setting files..., xrefs: 00000001400080F5
Loading OpticModuleCtrl..., xrefs: 0000000140008026
\*.sam, xrefs: 0000000140008263

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #1034$#1641$#1670#286$#1501#4511$#316#990_wfindnext64i32$#13767#13864#13949#14128#1454#1503#285#2921#3203#446#5674#5709#7837CopyFileFreeMessageSendString_findclose_wfindfirst64i32_wsplitpathmalloc
String ID: Failed$....$Loading OpticModuleCtrl...$No files to update.$Searching for files...$Settings file $Updating setting files...$Updating to V2.5...$\*.sam$_save_v_2_4.sam$d
API String ID: 516354235-3230061478
Opcode ID: fa8a06d4d17f4d38412de55df988bd4ffd91b79f5ca46cf2184d21017d3b6483
Instruction ID: 27fada144a95ad6e2f5658248f474e202905735822b9fd7caec18730a9c7834e
Opcode Fuzzy Hash: fa8a06d4d17f4d38412de55df988bd4ffd91b79f5ca46cf2184d21017d3b6483
Instruction Fuzzy Hash: 9C125072200B8592EB12DF26E8943E97360FB89BD5F445026EF4E57679DF78C949C340

Uniqueness

Uniqueness Score: -1.00%

Function 000000014000CC20 Relevance: 84.5, APIs: 38, Strings: 10, Instructions: 460
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

#280.MFC140U ref: 000000014000CC63
#7893.MFC140U ref: 000000014000CC6D
#3951.MFC140U ref: 000000014000CC97
#1034.MFC140U ref: 000000014000CCA9
#1089.MFC140U ref: 000000014000CCB7
#1501.MFC140U ref: 000000014000CCCD
#1034.MFC140U ref: 000000014000CCDB
#1089.MFC140U ref: 000000014000CCE9
new.LIBCMT ref: 000000014000CCF3
#990.MFC140U ref: 000000014000CD32
#316.MFC140U ref: 000000014000CD49
#3203.MFC140U ref: 000000014000CD96
#1641.MFC140U ref: 000000014000CDA8
#1641.MFC140U ref: 000000014000CDD2

Part of subcall function 00000001400017D0: #316.MFC140U ref: 0000000140001805

#286.MFC140U ref: 000000014000CF18
#1034.MFC140U ref: 000000014000CF34
#1641.MFC140U ref: 000000014000CFE6
#286.MFC140U ref: 000000014000D00C
#1034.MFC140U ref: 000000014000D028
#286.MFC140U ref: 000000014000D039
#1034.MFC140U ref: 000000014000D055
#1034.MFC140U ref: 000000014000D3F0

Strings

Failed, xrefs: 000000014000D39A
Setup Defaults RTC2-CO2...... Ok, xrefs: 000000014000D001
d, xrefs: 000000014000CD6B
Setup Defaults RTC1000-CO2...... Ok, xrefs: 000000014000D22A
Setup Defaults RTC2-CO2..., xrefs: 000000014000CF0D
Setup Defaults RTC1000-Yag...... Ok, xrefs: 000000014000D2E3
Setup Defaults RTC2-Yag..., xrefs: 000000014000D02E
Setup Defaults RTC1000-CO2..., xrefs: 000000014000D136
Setup Defaults RTC1000-Yag..., xrefs: 000000014000D257
Setup Defaults RTC2-Yag...... Ok, xrefs: 000000014000D0BA

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #1034$#1641#286$#1089#316$#1501#280#3203#3951#7893#990
String ID: Failed$Setup Defaults RTC1000-CO2...$Setup Defaults RTC1000-CO2...... Ok$Setup Defaults RTC1000-Yag...$Setup Defaults RTC1000-Yag...... Ok$Setup Defaults RTC2-CO2...$Setup Defaults RTC2-CO2...... Ok$Setup Defaults RTC2-Yag...$Setup Defaults RTC2-Yag...... Ok$d
API String ID: 4088525374-538011519
Opcode ID: 40a97c947ef286cbe6aaf1ed407678b1b9958c88dd5a8db0b9a8028d504db509
Instruction ID: f2db82ad140af4eb947a4c2b301609097492ecc4d8a81b1dc4bdbf721583d7d9
Opcode Fuzzy Hash: 40a97c947ef286cbe6aaf1ed407678b1b9958c88dd5a8db0b9a8028d504db509
Instruction Fuzzy Hash: 27321C72610B8496EB51DF3AE8943EC3361FB89B88F549116EB4E47A79DF34CA49C300

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140010290 Relevance: 82.6, APIs: 45, Strings: 2, Instructions: 383
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SendMessageW.USER32(?,?,?,000000014000F9D9), ref: 00000001400102E8
memset.VCRUNTIME140 ref: 0000000140010324
#1641.MFC140U ref: 0000000140010373
#1034.MFC140U ref: 00000001400103BA
#1641.MFC140U ref: 00000001400103CF
SendMessageW.USER32 ref: 0000000140010407
#1641.MFC140U ref: 000000014001041C
SendMessageW.USER32 ref: 0000000140010457
#1641.MFC140U ref: 000000014001047E
SendMessageW.USER32 ref: 00000001400104B7
#13299.MFC140U ref: 00000001400104EE
SendMessageW.USER32 ref: 0000000140010505
#1034.MFC140U ref: 0000000140010511
#7780.MFC140U ref: 000000014001039E

Part of subcall function 000000014000FBC0: #1641.MFC140U(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FC18
Part of subcall function 000000014000FBC0: LoadLibraryExW.KERNEL32(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FC26
Part of subcall function 000000014000FBC0: #280.MFC140U(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FC37
Part of subcall function 000000014000FBC0: #316.MFC140U(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FC43
Part of subcall function 000000014000FBC0: GetModuleFileNameW.KERNEL32(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FC63
Part of subcall function 000000014000FBC0: #1503.MFC140U(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FC75
Part of subcall function 000000014000FBC0: #1501.MFC140U(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FC87
Part of subcall function 000000014000FBC0: #316.MFC140U(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FC92
Part of subcall function 000000014000FBC0: #316.MFC140U(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FC9E
Part of subcall function 000000014000FBC0: #1641.MFC140U(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FCAC
Part of subcall function 000000014000FBC0: _wsplitpath.API-MS-WIN-CRT-FILESYSTEM-L1-1-0(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FCD6
Part of subcall function 000000014000FBC0: #1503.MFC140U(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FCE8
Part of subcall function 000000014000FBC0: #1503.MFC140U(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FCFA
Part of subcall function 000000014000FBC0: #1501.MFC140U(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FD1F
Part of subcall function 000000014000FBC0: #1034.MFC140U(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FD2B
Part of subcall function 000000014000FBC0: #1641.MFC140U(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FD36
Part of subcall function 000000014000FBC0: _wfindfirst64i32.API-MS-WIN-CRT-FILESYSTEM-L1-1-0(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FD43
Part of subcall function 000000014000FBC0: _findclose.API-MS-WIN-CRT-FILESYSTEM-L1-1-0(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FD51
Part of subcall function 000000014000FBC0: #1501.MFC140U(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FD7F
Part of subcall function 000000014000FBC0: #1034.MFC140U(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FD8B

#2344.MFC140U ref: 000000014001052B
memset.VCRUNTIME140 ref: 0000000140010562
#1641.MFC140U ref: 00000001400105B1
#7780.MFC140U ref: 00000001400105DF
#1034.MFC140U ref: 00000001400105FB
#1641.MFC140U ref: 0000000140010610
SendMessageW.USER32 ref: 0000000140010647
#1641.MFC140U ref: 000000014001065C
SendMessageW.USER32 ref: 0000000140010697
#1641.MFC140U ref: 00000001400106AC
SendMessageW.USER32 ref: 00000001400106E7
#13299.MFC140U ref: 000000014001071E
SendMessageW.USER32 ref: 0000000140010735
#1034.MFC140U ref: 0000000140010741
#2344.MFC140U ref: 000000014001075B
memset.VCRUNTIME140 ref: 0000000140010792
#280.MFC140U ref: 00000001400107CF
#1641.MFC140U ref: 00000001400107DB
#7780.MFC140U ref: 0000000140010809
#1034.MFC140U ref: 0000000140010825
#1641.MFC140U ref: 000000014001083A
SendMessageW.USER32 ref: 0000000140010877
#1641.MFC140U ref: 000000014001088C
SendMessageW.USER32 ref: 00000001400108C7
#1641.MFC140U ref: 00000001400108DC
SendMessageW.USER32 ref: 0000000140010917
#13299.MFC140U ref: 000000014001094E
SendMessageW.USER32 ref: 0000000140010965
#1034.MFC140U ref: 0000000140010971

Part of subcall function 0000000140003960: #5709.MFC140U(?,?,?,?,?,?,?,?,000000014000943B), ref: 0000000140003994
Part of subcall function 0000000140003960: #285.MFC140U(?,?,?,?,?,?,?,?,000000014000943B), ref: 00000001400039A0
Part of subcall function 0000000140003960: #13949.MFC140U(?,?,?,?,?,?,?,?,000000014000943B), ref: 00000001400039B1
Part of subcall function 0000000140003960: #5674.MFC140U(?,?,?,?,?,?,?,?,000000014000943B), ref: 00000001400039BC
Part of subcall function 0000000140003960: #1641.MFC140U(?,?,?,?,?,?,?,?,000000014000943B), ref: 00000001400039C7
Part of subcall function 0000000140003960: #2921.MFC140U(?,?,?,?,?,?,?,?,000000014000943B), ref: 00000001400039DD

#2344.MFC140U ref: 000000014001098B
SendMessageW.USER32 ref: 00000001400109AC

Strings

_x64.dll, xrefs: 000000014001035C
_x64.ocx, xrefs: 000000014001059A

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #1641$MessageSend$#1034$#13299#1501#1503#2344#316#7780memset$#280$#13949#285#2921#5674#5709FileLibraryLoadModuleName_findclose_wfindfirst64i32_wsplitpath
String ID: _x64.dll$_x64.ocx
API String ID: 2170565388-1602723597
Opcode ID: cd3c8c491cd3ef5970e5b01e47bb829a82e5b2c4afb69bfd8f592976ed307f4f
Instruction ID: dd19ea4716e0f5b86637be97fc0a3fb0749adc1765d79df2c56ad8bd0208a34f
Opcode Fuzzy Hash: cd3c8c491cd3ef5970e5b01e47bb829a82e5b2c4afb69bfd8f592976ed307f4f
Instruction Fuzzy Hash: 16125B72214A80C2EB12DF26E8907DE77A1F788BD4F545026EB8957A78DF79C589CB00

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140006230 Relevance: 80.7, APIs: 42, Strings: 4, Instructions: 218
fileprocesswindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

#1641.MFC140U ref: 000000014000627E
CreateFileW.KERNEL32 ref: 00000001400062AA
#316.MFC140U ref: 00000001400062BD
#4656.MFC140U ref: 00000001400062D3
#1641.MFC140U ref: 00000001400062DE
MessageBoxW.USER32 ref: 00000001400062F5
#1034.MFC140U ref: 0000000140006301
_ftime64.API-MS-WIN-CRT-TIME-L1-1-0 ref: 0000000140006313
_localtime64.API-MS-WIN-CRT-TIME-L1-1-0 ref: 000000014000631D
#316.MFC140U ref: 000000014000632A
#1641.MFC140U ref: 0000000140006334
#306.MFC140U ref: 0000000140006342
#1641.MFC140U ref: 000000014000634E
#306.MFC140U ref: 000000014000635C
#4658.MFC140U ref: 00000001400063B3
#1034.MFC140U ref: 00000001400063BF
#1034.MFC140U ref: 00000001400063CB
WriteFile.KERNEL32 ref: 00000001400063E5
memset.VCRUNTIME140 ref: 0000000140006403
GetStdHandle.KERNEL32 ref: 000000014000641B
#280.MFC140U ref: 0000000140006434
#4947.MFC140U ref: 000000014000643F
#1641.MFC140U ref: 000000014000644B
CreateProcessW.KERNEL32 ref: 0000000140006489
GetLastError.KERNEL32 ref: 0000000140006497

Strings

Error opening logfile %s, xrefs: 00000001400062C7
Error starting process: %s%s %s, xrefs: 00000001400064FF
Error, xrefs: 00000001400062EC, 0000000140006525
%04d-%02d-%02d%02i:%02i:%02i.%03uExecuting %s %s, xrefs: 00000001400063A8

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #1641$#1034$#306#316CreateFile$#280#4656#4658#4947ErrorHandleLastMessageProcessWrite_ftime64_localtime64memset
String ID: %04d-%02d-%02d%02i:%02i:%02i.%03uExecuting %s %s$Error$Error opening logfile %s$Error starting process: %s%s %s
API String ID: 1590769828-1301822355
Opcode ID: e78f5caf07854db834e4eca3fe9effc9421000ec5d4b59e0e0570b140747974b
Instruction ID: 11d895602f8c5fb307f6bf41dd76ad7127904551c2bef0bb0ed1dc7ec5172e40
Opcode Fuzzy Hash: e78f5caf07854db834e4eca3fe9effc9421000ec5d4b59e0e0570b140747974b
Instruction Fuzzy Hash: CEB12732214A409AEB11DF66E8547DE77B0F78CBA9F50011AEB4E53A78DF38C949CB44

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140006DEC Relevance: 38.7, APIs: 17, Strings: 5, Instructions: 162COMMON

Download Yara Rule

APIs

new.LIBCMT ref: 00000001400167F0

Part of subcall function 000000014001DCAC: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,0000000140016724), ref: 000000014001DCD8

#13864.MFC140U ref: 0000000140016839
#13864.MFC140U ref: 0000000140016845
#2686.MFC140U ref: 0000000140016853
#5240.MFC140U ref: 0000000140016868
#4335.MFC140U ref: 0000000140016877
#13767.MFC140U ref: 00000001400168AA
#316.MFC140U ref: 00000001400168E0
#1501.MFC140U ref: 0000000140016911
#2344.MFC140U ref: 000000014001693F

Part of subcall function 0000000140018070: __stdio_common_vswprintf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00000001400180B4

#8449.MFC140U ref: 0000000140016976
#1034.MFC140U ref: 0000000140016A08

Part of subcall function 0000000140018480: #990.MFC140U ref: 00000001400184BA
Part of subcall function 0000000140018480: #316.MFC140U ref: 00000001400184D1

#286.MFC140U ref: 000000014001699F
#1670.MFC140U ref: 00000001400169B2
#1641.MFC140U ref: 00000001400169BD
#8449.MFC140U ref: 00000001400169D7
#1034.MFC140U ref: 00000001400169E2

Strings

End, xrefs: 00000001400169C9
Error, xrefs: 0000000140016968
Files registered!, xrefs: 00000001400169A6
Register Externals..., xrefs: 000000014001689C
Registration of the External Modules failed!, xrefs: 0000000140016961

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #1034#13864#316#8449$#13767#1501#1641#1670#2344#2686#286#4335#5240#990__stdio_common_vswprintfmalloc
String ID: Files registered!$End$Error$Register Externals...$Registration of the External Modules failed!
API String ID: 866853007-372740046
Opcode ID: e7f38cfdd3ae50073d6454957136b4b544258896d9db27a16b470d7941212b3a
Instruction ID: 502dcd01389fd3284b11c9e52027c5cc514e676529981358504d0aa76588668a
Opcode Fuzzy Hash: e7f38cfdd3ae50073d6454957136b4b544258896d9db27a16b470d7941212b3a
Instruction Fuzzy Hash: 3C717E36211A4081FB66EB67E8903E92361FBCCBD0F51452ABB4E4B7B5DE39C949C344

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140019E40 Relevance: 33.4, APIs: 14, Strings: 5, Instructions: 122filesynchronizationsleepCOMMON

Download Yara Rule

APIs

OpenMutexW.KERNEL32 ref: 0000000140019E9B
CreateMutexW.KERNEL32 ref: 0000000140019EB7
OpenFileMappingW.KERNEL32 ref: 0000000140019EDD
Sleep.KERNEL32 ref: 0000000140019F0A
MapViewOfFile.KERNEL32 ref: 0000000140019F3A
OpenEventW.KERNEL32 ref: 0000000140019F71
OpenEventW.KERNEL32 ref: 0000000140019F89
ResetEvent.KERNEL32 ref: 0000000140019F96
ResetEvent.KERNEL32 ref: 0000000140019FA0
#316.MFC140U ref: 0000000140019FB9
#4656.MFC140U ref: 0000000140019FD3
#1641.MFC140U ref: 0000000140019FDE
CreateMutexW.KERNEL32 ref: 0000000140019FEB
#1034.MFC140U ref: 000000014001A01C

Strings

SC_USC1_SERVER_IN_EVENT{54DD8A65-8CCE-49c9-ADAE-87DCAFE7629F}, xrefs: 0000000140019F63
SC_USC1_MUTEX{54DD8A65-8CCE-49c9-ADAE-87DCAFE7629F}, xrefs: 0000000140019E8D, 0000000140019EAC
SC_USC1_SERVER_FILE{54DD8A65-8CCE-49c9-ADAE-87DCAFE7629F}, xrefs: 0000000140019ECF
SC_USC1_SERVER_OUT_EVENT{54DD8A65-8CCE-49c9-ADAE-87DCAFE7629F}, xrefs: 0000000140019F7B
SC_USC1_SERVER_INFORM_MUTEX{54DD8A65-8CCE-49c9-ADAE-87DCAFE7629F}%i, xrefs: 0000000140019FC7

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: EventOpen$Mutex$CreateFileReset$#1034#1641#316#4656MappingSleepView
String ID: SC_USC1_MUTEX{54DD8A65-8CCE-49c9-ADAE-87DCAFE7629F}$SC_USC1_SERVER_FILE{54DD8A65-8CCE-49c9-ADAE-87DCAFE7629F}$SC_USC1_SERVER_INFORM_MUTEX{54DD8A65-8CCE-49c9-ADAE-87DCAFE7629F}%i$SC_USC1_SERVER_IN_EVENT{54DD8A65-8CCE-49c9-ADAE-87DCAFE7629F}$SC_USC1_SERVER_OUT_EVENT{54DD8A65-8CCE-49c9-ADAE-87DCAFE7629F}
API String ID: 2120976312-3565218236
Opcode ID: 13b8d2ce7d070e85a385b0e55cc11bb1a8d5d8716622f5e76377af82a089bc07
Instruction ID: 93aef5076eb117831acfbd6b1918eda9a22e04d945bb14a2f354a257801412db
Opcode Fuzzy Hash: 13b8d2ce7d070e85a385b0e55cc11bb1a8d5d8716622f5e76377af82a089bc07
Instruction Fuzzy Hash: 63512A32600B4082E766DF26E8543D973A1F79CBA4F544239EB5A4B7B8DF39C889C740

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140015BA0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 47COMMON

Download Yara Rule

APIs

#10163.MFC140U ref: 0000000140015BB7
#2212.MFC140U ref: 0000000140015BBC
FindResourceW.KERNEL32 ref: 0000000140015BD2
#2212.MFC140U ref: 0000000140015BE0
LoadResource.KERNEL32 ref: 0000000140015BEC
LockResource.KERNEL32 ref: 0000000140015BFA
#286.MFC140U ref: 0000000140015C0C
#4656.MFC140U ref: 0000000140015C3B
#1034.MFC140U ref: 0000000140015C47
#14128.MFC140U ref: 0000000140015C52

Strings

sc_setup, Version %i.%i.%i build-%04d, xrefs: 0000000140015C34

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: Resource$#2212$#10163#1034#14128#286#4656FindLoadLock
String ID: sc_setup, Version %i.%i.%i build-%04d
API String ID: 32185954-4197729869
Opcode ID: 5b890b5472d87354b40967f262a7dec12fee80d9850f347b701217b7e4da0eb5
Instruction ID: 888e79cf70bd4f4729a3d50fcdceb9d73db54dcd1cc16c3549217ef05ffeacd8
Opcode Fuzzy Hash: 5b890b5472d87354b40967f262a7dec12fee80d9850f347b701217b7e4da0eb5
Instruction Fuzzy Hash: F9114C31211B5082EB16AF27E4503A9A3A0FB8CBE5F444225AB594B7F9EF79C584C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140011130 Relevance: 10.6, APIs: 7, Instructions: 115memoryCOMMON

Download Yara Rule

APIs

AllocateAndInitializeSid.ADVAPI32 ref: 00000001400111A8
GetNamedSecurityInfoW.ADVAPI32 ref: 00000001400111F8
SetEntriesInAclW.ADVAPI32 ref: 000000014001124D
SetNamedSecurityInfoW.ADVAPI32 ref: 0000000140011279
LocalFree.KERNEL32 ref: 000000014001128A
LocalFree.KERNEL32 ref: 0000000140011299
FreeSid.ADVAPI32 ref: 00000001400112A8

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: Free$InfoLocalNamedSecurity$AllocateEntriesInitialize
String ID:
API String ID: 4283330726-0
Opcode ID: a762de095411d7ec24f269e17f24a56a99efb9571e6ea14c49778459ce2dca95
Instruction ID: 7c0de485dbd963dd8a1e261e670f6e089b1b4753ea831094bd96014c3a5ae1f8
Opcode Fuzzy Hash: a762de095411d7ec24f269e17f24a56a99efb9571e6ea14c49778459ce2dca95
Instruction Fuzzy Hash: 54511632615B408AE721CFA6E8907DDB7B5F788788F40012AEF4997B28DF38C5598B44

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001F7DC Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 000000014001F83D
IsDebuggerPresent.KERNEL32 ref: 000000014001F855
OutputDebugStringW.KERNEL32 ref: 000000014001F866

Strings

ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 000000014001F85F

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: DebugDebuggerErrorLastOutputPresentString
String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
API String ID: 389471666-631824599
Opcode ID: 745eaf52052fc7f1d8565377741b2b9b4e2b77a8e61dfbd5102978acc57dec91
Instruction ID: 9be5af66707e461b15057228303c6ad9e879ddc9ddfbeac95c3ef1797e7edc54
Opcode Fuzzy Hash: 745eaf52052fc7f1d8565377741b2b9b4e2b77a8e61dfbd5102978acc57dec91
Instruction Fuzzy Hash: 84118E32610B40A7F7069B63EA453E933A4FB583C9F404129EB4987AB0EF79D4B8C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140006050 Relevance: 1.5, APIs: 1, Instructions: 33comCOMMON

Download Yara Rule

APIs

CoCreateInstance.OLE32 ref: 00000001400060A7

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: CreateInstance
String ID:
API String ID: 542301482-0
Opcode ID: 2da0105590116e5284dd67e1f0715ad332fd1750928daa11d9e55c076ca31b33
Instruction ID: cc9c1e3bf1f4a648ecd899a1324433aaa35f498bdab39b0f2d313397ad7515b5
Opcode Fuzzy Hash: 2da0105590116e5284dd67e1f0715ad332fd1750928daa11d9e55c076ca31b33
Instruction Fuzzy Hash: E50114B1251A05C5FF13DF26F8503A663A2F768B85F884415EB4C476B0DF39C995C314

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001C010 Relevance: .4, Instructions: 381COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db067444cfc7cb63fbc19287f0d3cb9c95df86e1ccae63e8cd813eafc3f59703
Instruction ID: bcd582105ad34e21d13f0e3208c505b52d42e1f56c707308e0774f5b105372cd
Opcode Fuzzy Hash: db067444cfc7cb63fbc19287f0d3cb9c95df86e1ccae63e8cd813eafc3f59703
Instruction Fuzzy Hash: F40242738261609BE781CB1ED049B6B33A9F744355F23832BEF9263281D637AC09D794

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001C226 Relevance: .2, Instructions: 213COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d286b13ffae1578e684bb1020083730452a778b0e1c4c2c8477c30c38cd9494
Instruction ID: 2cf073d2a5fa0ebf735bcaa9b00e6816b6da3dcc4e3d926c44d8a1cc582ebaf6
Opcode Fuzzy Hash: 9d286b13ffae1578e684bb1020083730452a778b0e1c4c2c8477c30c38cd9494
Instruction Fuzzy Hash: 95A11F738261709BD3818B1ED059B6F33A9F744355F23832BDF9267281C637AC0997A5

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001C668 Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 816a1cd97f4f6555d8d12e36408626fa01f870780b9b5c51c9c8f8a63a8f156d
Instruction ID: 240dbb7843e288cbd7680f5b3f273716e522c512970102d81b5e8fcf70ced10f
Opcode Fuzzy Hash: 816a1cd97f4f6555d8d12e36408626fa01f870780b9b5c51c9c8f8a63a8f156d
Instruction Fuzzy Hash: 20515F57548EE853D61A0B3E85127EA6291FFD9305F01C306EFE12B683E722E378B610

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001C8E8 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a6cf7086033877038e98547aab7e423bf7c8cca03c2a5b6a100fcbf2f159150
Instruction ID: 28464f83c9a2cead37c0a823f6b5e28417837cf4e6e86e32c49791a9289238e3
Opcode Fuzzy Hash: 9a6cf7086033877038e98547aab7e423bf7c8cca03c2a5b6a100fcbf2f159150
Instruction Fuzzy Hash: 40310E53D16A9852E7136B3D530B3B7D3A2BBD43E9F3183419BC562A46E73D5344A210

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001EC44 Relevance: .0, Instructions: 2COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e82411ae24c7e96129d9ee6d1192705e66f356a5251a02373596254d388936db
Instruction ID: c44f59ccd17a5edb79446cddda4cf55beee04a6a7c7e417965b55f73f8831e19
Opcode Fuzzy Hash: e82411ae24c7e96129d9ee6d1192705e66f356a5251a02373596254d388936db
Instruction Fuzzy Hash: 98A00231304C40E0F7078B12ED54394B334F768380F420015E20A470709F3D9995C341

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140015C70 Relevance: 107.0, APIs: 40, Strings: 21, Instructions: 247
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_wcsicmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 0000000140015CB9
_wcsicmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 0000000140015CE3
#1503.MFC140U ref: 0000000140015FB8

Strings

language, xrefs: 0000000140015E5F
unregister, xrefs: 0000000140015EAF
uninstall_usc1, xrefs: 0000000140015EFF
hardware, xrefs: 0000000140015D03
release, xrefs: 0000000140015CAF
update_to_20_samlight, xrefs: 0000000140015D46
SCAPS_SAM, xrefs: 00000001400160BF
fonts, xrefs: 0000000140015DCC
samlight, xrefs: 0000000140015CD9
showerror, xrefs: 0000000140015DAC
check_path, xrefs: 0000000140015E8C
disable_rtc1000, xrefs: 0000000140015E3C
copy, xrefs: 0000000140015F7C
update_to_25, xrefs: 0000000140015D69
check_64, xrefs: 0000000140015F2C
install_usc1, xrefs: 0000000140015ED2
SCAPS_SAM=, xrefs: 000000014001602D, 00000001400160D1
update_to_20, xrefs: 0000000140015D26
debug, xrefs: 0000000140015D8C
setup_defaults, xrefs: 0000000140015DEC
file_path, xrefs: 0000000140015E0F

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: _wcsicmp$#1503
String ID: SCAPS_SAM$SCAPS_SAM=$check_64$check_path$copy$debug$disable_rtc1000$file_path$fonts$hardware$install_usc1$language$release$samlight$setup_defaults$showerror$uninstall_usc1$unregister$update_to_20$update_to_20_samlight$update_to_25
API String ID: 2697526350-3843548057
Opcode ID: 5ea5cead762e1ec44d3fdfc693b298ddc068fa6a64e661e7f0e348c1e12eec25
Instruction ID: f4e1d7bf22d02b9d7bfcbaac0bee35ec02829c9f38bd89d9d9c83efe9d5f13a6
Opcode Fuzzy Hash: 5ea5cead762e1ec44d3fdfc693b298ddc068fa6a64e661e7f0e348c1e12eec25
Instruction Fuzzy Hash: 27D11C71208600D6FB529F33E9587E933A1F74DBC9F448029EB0A4B6B5DB7AC949C741

Uniqueness

Uniqueness Score: -1.00%

Function 000000014000FBC0 Relevance: 89.5, APIs: 48, Strings: 3, Instructions: 263
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

#1641.MFC140U(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FC18
LoadLibraryExW.KERNEL32(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FC26
#280.MFC140U(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FC37
#316.MFC140U(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FC43
GetModuleFileNameW.KERNEL32(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FC63
#1503.MFC140U(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FC75
#1501.MFC140U(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FC87
#316.MFC140U(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FC92
#316.MFC140U(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FC9E
#1641.MFC140U(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FCAC
_wsplitpath.API-MS-WIN-CRT-FILESYSTEM-L1-1-0(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FCD6
#1503.MFC140U(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FCE8
#1503.MFC140U(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FCFA

Part of subcall function 0000000140005870: #5709.MFC140U ref: 00000001400058A4
Part of subcall function 0000000140005870: #285.MFC140U ref: 00000001400058B0
Part of subcall function 0000000140005870: #5674.MFC140U ref: 00000001400058C1
Part of subcall function 0000000140005870: #1641.MFC140U ref: 00000001400058CC
Part of subcall function 0000000140005870: #5674.MFC140U ref: 00000001400058D8
Part of subcall function 0000000140005870: #1641.MFC140U ref: 00000001400058E3
Part of subcall function 0000000140005870: #2921.MFC140U ref: 00000001400058F9

#1501.MFC140U(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FD1F
#1034.MFC140U(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FD2B
#1641.MFC140U(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FD36
_wfindfirst64i32.API-MS-WIN-CRT-FILESYSTEM-L1-1-0(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FD43
_findclose.API-MS-WIN-CRT-FILESYSTEM-L1-1-0(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FD51

Part of subcall function 000000014000F7F0: #286.MFC140U ref: 000000014000F831

#1501.MFC140U(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FD7F
#1034.MFC140U(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FD8B
#1501.MFC140U(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FD9D

Part of subcall function 00000001400059C0: #5709.MFC140U ref: 00000001400059F6
Part of subcall function 00000001400059C0: #285.MFC140U ref: 0000000140005A02
Part of subcall function 00000001400059C0: #5674.MFC140U ref: 0000000140005A13
Part of subcall function 00000001400059C0: #1641.MFC140U ref: 0000000140005A1E
Part of subcall function 00000001400059C0: #13949.MFC140U ref: 0000000140005A2A
Part of subcall function 00000001400059C0: #2921.MFC140U ref: 0000000140005A40

FreeLibrary.KERNEL32(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FDB0
#1034.MFC140U(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FDBC
#1034.MFC140U(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FDC8
#1641.MFC140U(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FDEB
GetFileVersionInfoSizeW.VERSION(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FDF9
#1641.MFC140U(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FE15
GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FE26
VerQueryValueW.VERSION(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FE49
#4181.MFC140U(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FE5E
#316.MFC140U(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FE69
#4656.MFC140U(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FE81
#1667.MFC140U(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FEA1
#4656.MFC140U(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FEB8
#1667.MFC140U(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FEE8
#1034.MFC140U(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FEF4
#4656.MFC140U(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FF0B
#1667.MFC140U(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FF40
#1034.MFC140U(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FF4C
#4656.MFC140U(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FF63
#1667.MFC140U(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FF91
#1034.MFC140U(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FF9D
#1501.MFC140U(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FFAD
#1501.MFC140U(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014000FFD6
#1034.MFC140U(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014001000B
#1034.MFC140U(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014001001F
#1034.MFC140U(?,00000000,00000000,00000000,?,0000000140010820), ref: 000000014001002B

Strings

%x , %X, xrefs: 000000014000FD60
Version not found , xrefs: 000000014000FFBE, 000000014000FFE7
File not found , xrefs: 000000014000FDD1

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #1034$#1641$#1501$#1667#316#4656$#1503#5674File$#285#2921#5709InfoLibraryVersion$#13949#280#286#4181FreeLoadModuleNameQuerySizeValue_findclose_wfindfirst64i32_wsplitpath
String ID: %x , %X$File not found $Version not found
API String ID: 1404946419-2595051349
Opcode ID: eebdc8e0a1d279c5277b5960493a46fd22af81fd7fef184e726d07c66f26e897
Instruction ID: cd4916da9fed1c5e1204b245ea3216026032f826ebd10d5a915c6bd8c0c87c1a
Opcode Fuzzy Hash: eebdc8e0a1d279c5277b5960493a46fd22af81fd7fef184e726d07c66f26e897
Instruction Fuzzy Hash: 87C12E71214A8192EB52DF22E8947DA7360FB89BD5F805016FB4E87678EF38CA4DC744

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140004470 Relevance: 73.7, APIs: 36, Strings: 6, Instructions: 187
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

#4335.MFC140U ref: 00000001400044AD
SendMessageW.USER32 ref: 00000001400044D4
_wgetenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0 ref: 00000001400044E1
#286.MFC140U ref: 00000001400044EE
#1670.MFC140U ref: 0000000140004500
#491.MFC140U ref: 000000014000450A
#1641.MFC140U ref: 0000000140004514
#4561.MFC140U ref: 0000000140004524
#316.MFC140U ref: 000000014000452F
#4578.MFC140U ref: 0000000140004564
#5382.MFC140U ref: 0000000140004573
#1501.MFC140U ref: 0000000140004580
#1034.MFC140U ref: 000000014000458B
#316.MFC140U ref: 00000001400045A9
#5674.MFC140U ref: 00000001400045CD
#8452.MFC140U ref: 00000001400045E5
#1501.MFC140U ref: 00000001400045F3
#5674.MFC140U ref: 000000014000460D
#8452.MFC140U ref: 0000000140004625
#1501.MFC140U ref: 0000000140004633
#1034.MFC140U ref: 000000014000463E
#7893.MFC140U ref: 0000000140004648
#2909.MFC140U ref: 000000014000465D
#2909.MFC140U ref: 0000000140004672
#2903.MFC140U ref: 0000000140004690
#2903.MFC140U ref: 00000001400046A5
#1641.MFC140U ref: 00000001400046B3
#1034.MFC140U ref: 00000001400046CD
#8451.MFC140U ref: 00000001400046EC
#1641.MFC140U ref: 00000001400046F6
SendMessageW.USER32 ref: 000000014000470F
#1034.MFC140U ref: 000000014000471A
RedrawWindow.USER32 ref: 0000000140004732
#1034.MFC140U ref: 000000014000473D
#1122.MFC140U ref: 0000000140004748
#1034.MFC140U ref: 0000000140004752

Strings

chinese_traditional, xrefs: 000000014000469A
default, xrefs: 0000000140004667
SCAPS_SAM, xrefs: 00000001400044DA
english, xrefs: 0000000140004546, 0000000140004652
chinese, xrefs: 0000000140004685
\system\sc_resource_sc_*.sam, xrefs: 00000001400044F5

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #1034$#1501#1641$#2903#2909#316#5674#8452MessageSend$#1122#1670#286#4335#4561#4578#491#5382#7893#8451RedrawWindow_wgetenv
String ID: SCAPS_SAM$\system\sc_resource_sc_*.sam$chinese$chinese_traditional$default$english
API String ID: 2133027535-1403244304
Opcode ID: 67424c76ad6755c71ce09ef474866ea3d7429d79c756a5cee9ab5d340c45e21d
Instruction ID: 97b0398811e0480cad3234f94639a1986783b1fb301a17e115ac17cb1cac4591
Opcode Fuzzy Hash: 67424c76ad6755c71ce09ef474866ea3d7429d79c756a5cee9ab5d340c45e21d
Instruction Fuzzy Hash: 92818F7220094196EB12DF22EC547E82370FB9DBDAF451125BB0E475B9EF34C949C345

Uniqueness

Uniqueness Score: -1.00%

Function 000000014000D8F0 Relevance: 73.7, APIs: 30, Strings: 12, Instructions: 169
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0000000140003960: #5709.MFC140U(?,?,?,?,?,?,?,?,000000014000943B), ref: 0000000140003994
Part of subcall function 0000000140003960: #285.MFC140U(?,?,?,?,?,?,?,?,000000014000943B), ref: 00000001400039A0
Part of subcall function 0000000140003960: #13949.MFC140U(?,?,?,?,?,?,?,?,000000014000943B), ref: 00000001400039B1
Part of subcall function 0000000140003960: #5674.MFC140U(?,?,?,?,?,?,?,?,000000014000943B), ref: 00000001400039BC
Part of subcall function 0000000140003960: #1641.MFC140U(?,?,?,?,?,?,?,?,000000014000943B), ref: 00000001400039C7
Part of subcall function 0000000140003960: #2921.MFC140U(?,?,?,?,?,?,?,?,000000014000943B), ref: 00000001400039DD

#280.MFC140U ref: 000000014000D921

Part of subcall function 000000014001B7A0: GetCurrentProcess.KERNEL32 ref: 000000014001B7C2

#1670.MFC140U ref: 000000014000D945
#277.MFC140U ref: 000000014000D958
#1667.MFC140U ref: 000000014000D967
#1665.MFC140U ref: 000000014000D976
#316.MFC140U ref: 000000014000D980
#1499.MFC140U ref: 000000014000D990
#1667.MFC140U ref: 000000014000D99D
#1670.MFC140U ref: 000000014000D9AE
#1665.MFC140U ref: 000000014000D9BD
#286.MFC140U ref: 000000014000D9E4

Part of subcall function 0000000140018820: #1641.MFC140U(?,?,?,000000014000D9FB), ref: 000000014001882C
Part of subcall function 0000000140018820: #13767.MFC140U(?,?,?,000000014000D9FB), ref: 0000000140018838
Part of subcall function 0000000140018820: #14128.MFC140U(?,?,?,000000014000D9FB), ref: 0000000140018842

#1034.MFC140U ref: 000000014000DA00
#286.MFC140U ref: 000000014000DA11

Part of subcall function 00000001400187C0: #5240.MFC140U(?,?,?,000000014000DA28), ref: 00000001400187DA
Part of subcall function 00000001400187C0: #1641.MFC140U(?,?,?,000000014000DA28), ref: 00000001400187EA
Part of subcall function 00000001400187C0: #13767.MFC140U(?,?,?,000000014000DA28), ref: 00000001400187F6
Part of subcall function 00000001400187C0: #14128.MFC140U(?,?,?,000000014000DA28), ref: 0000000140018800

#1034.MFC140U ref: 000000014000DA2D

Part of subcall function 0000000140018740: #1501.MFC140U(?,?,?,000000014000DA43), ref: 0000000140018750
Part of subcall function 0000000140018740: #14128.MFC140U(?,?,?,000000014000DA43), ref: 000000014001875B

#316.MFC140U ref: 000000014000DA51
#4656.MFC140U ref: 000000014000DA6A
#4656.MFC140U ref: 000000014000DA93
#4656.MFC140U ref: 000000014000DABC
#4656.MFC140U ref: 000000014000DAE5
#316.MFC140U ref: 000000014000DB00
#4656.MFC140U ref: 000000014000DB19
#4656.MFC140U ref: 000000014000DB42
#4656.MFC140U ref: 000000014000DB6B
#4656.MFC140U ref: 000000014000DB94
#1034.MFC140U ref: 000000014000DBB0
#1034.MFC140U ref: 000000014000DBBB
#1034.MFC140U ref: 000000014000DBC6
#1034.MFC140U ref: 000000014000DBD1
#1034.MFC140U ref: 000000014000DBDC
#1034.MFC140U ref: 000000014000DBE7

Strings

USB\VID_137B&PID_0002*, xrefs: 000000014000DAAA, 000000014000DB59
FileName:, xrefs: 000000014000DA06
devcon.exe scaps_delete %s, xrefs: 000000014000DA5F, 000000014000DA88, 000000014000DAB1, 000000014000DADA
USB\VID_137B&PID_0003*, xrefs: 000000014000DAD3, 000000014000DB82
\usc_install_log.txt, xrefs: 000000014000D909
devcon.exe removeall %s, xrefs: 000000014000DB0E, 000000014000DB37, 000000014000DB60, 000000014000DB89
Uninstalling driver..., xrefs: 000000014000D9D9
\devcon_x64.exe, xrefs: 000000014000D92D
\devcon.exe, xrefs: 000000014000D934
USB\VID_137B&PID_0001*, xrefs: 000000014000DA81, 000000014000DB30
\sc_usc_winusb.inf, xrefs: 000000014000D9A3
USB\VID_04B4&PID_4381*, xrefs: 000000014000DA58, 000000014000DB07

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #1034#4656$#14128#1641#316$#13767#1665#1667#1670#286$#13949#1499#1501#277#280#285#2921#5240#5674#5709CurrentProcess
String ID: FileName:$USB\VID_04B4&PID_4381*$USB\VID_137B&PID_0001*$USB\VID_137B&PID_0002*$USB\VID_137B&PID_0003*$Uninstalling driver...$\devcon.exe$\devcon_x64.exe$\sc_usc_winusb.inf$\usc_install_log.txt$devcon.exe removeall %s$devcon.exe scaps_delete %s
API String ID: 2603651393-451257890
Opcode ID: 1efeda7eae5e6648e4bfd46f1d2838ed4f2992f848824f192bb81445268c8043
Instruction ID: 5e358ec4897f61d14357983eceec01bb0a56ada2219d5ef6f58609984ae5721d
Opcode Fuzzy Hash: 1efeda7eae5e6648e4bfd46f1d2838ed4f2992f848824f192bb81445268c8043
Instruction Fuzzy Hash: 7B91DB72610A16A6EF02DBA2EC943DC2731F759799F815016E70E635B9DF38CA4EC384

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140008E20 Relevance: 66.7, APIs: 27, Strings: 11, Instructions: 156
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 000000014001B990: #286.MFC140U(?,?,?,?,?,000000014001B7B9), ref: 000000014001B9CC
Part of subcall function 000000014001B990: #1034.MFC140U(?,?,?,?,?,000000014001B7B9), ref: 000000014001B9E6

#316.MFC140U ref: 0000000140008E4A
#316.MFC140U ref: 0000000140008E55
#316.MFC140U ref: 0000000140008E60
#280.MFC140U ref: 0000000140008E6E

Part of subcall function 0000000140003960: #5709.MFC140U(?,?,?,?,?,?,?,?,000000014000943B), ref: 0000000140003994
Part of subcall function 0000000140003960: #285.MFC140U(?,?,?,?,?,?,?,?,000000014000943B), ref: 00000001400039A0
Part of subcall function 0000000140003960: #13949.MFC140U(?,?,?,?,?,?,?,?,000000014000943B), ref: 00000001400039B1
Part of subcall function 0000000140003960: #5674.MFC140U(?,?,?,?,?,?,?,?,000000014000943B), ref: 00000001400039BC
Part of subcall function 0000000140003960: #1641.MFC140U(?,?,?,?,?,?,?,?,000000014000943B), ref: 00000001400039C7
Part of subcall function 0000000140003960: #2921.MFC140U(?,?,?,?,?,?,?,?,000000014000943B), ref: 00000001400039DD

Part of subcall function 000000014001B7A0: GetCurrentProcess.KERNEL32 ref: 000000014001B7C2

#1670.MFC140U ref: 0000000140008EA6

Part of subcall function 0000000140005920: #5709.MFC140U ref: 0000000140005951
Part of subcall function 0000000140005920: #285.MFC140U ref: 000000014000595D
Part of subcall function 0000000140005920: #5674.MFC140U ref: 0000000140005973
Part of subcall function 0000000140005920: #1641.MFC140U ref: 000000014000597E
Part of subcall function 0000000140005920: #2921.MFC140U ref: 0000000140005999

#1665.MFC140U ref: 0000000140008EC5
#1499.MFC140U ref: 0000000140008ED4
#1667.MFC140U ref: 0000000140008EE1
#1670.MFC140U ref: 0000000140008EF2
#1665.MFC140U ref: 0000000140008F01
#316.MFC140U ref: 0000000140008F31
#4656.MFC140U ref: 0000000140008F47
#286.MFC140U ref: 0000000140008F6F
#1034.MFC140U ref: 0000000140008F8C
#316.MFC140U ref: 0000000140008F96
#4656.MFC140U ref: 0000000140008FB3
#4656.MFC140U ref: 0000000140008FE0
#4656.MFC140U ref: 000000014000900D
#4656.MFC140U ref: 000000014000903A
#1034.MFC140U ref: 0000000140009056
#1034.MFC140U ref: 0000000140009061
#1034.MFC140U ref: 000000014000906C
#1034.MFC140U ref: 0000000140009077
#1034.MFC140U ref: 0000000140009082
#1034.MFC140U ref: 000000014000908D
#1034.MFC140U ref: 0000000140009098
#1034.MFC140U ref: 00000001400090A3

Part of subcall function 0000000140018740: #1501.MFC140U(?,?,?,000000014000DA43), ref: 0000000140018750
Part of subcall function 0000000140018740: #14128.MFC140U(?,?,?,000000014000DA43), ref: 000000014001875B

Strings

USB\VID_137B&PID_0001, xrefs: 0000000140008FCA
\usc_install_log.txt, xrefs: 0000000140008E75
devcon.exe dp_add %s, xrefs: 0000000140008F3C
USB\VID_04B4&PID_4381, xrefs: 0000000140008F9D
\devcon_x64.exe, xrefs: 0000000140008E8E
\devcon.exe, xrefs: 0000000140008E95
devcon.exe rescan, xrefs: 0000000140008F64
USB\VID_137B&PID_0002, xrefs: 0000000140008FF7
\sc_usc_winusb.inf, xrefs: 0000000140008EE7
devcon.exe update %s %s, xrefs: 0000000140008FA8, 0000000140008FD5, 0000000140009002, 000000014000902F
USB\VID_137B&PID_0003, xrefs: 0000000140009024

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #1034$#316#4656$#1641#1665#1670#285#286#2921#5674#5709$#13949#14128#1499#1501#1667#280CurrentProcess
String ID: USB\VID_04B4&PID_4381$USB\VID_137B&PID_0001$USB\VID_137B&PID_0002$USB\VID_137B&PID_0003$\devcon.exe$\devcon_x64.exe$\sc_usc_winusb.inf$\usc_install_log.txt$devcon.exe dp_add %s$devcon.exe rescan$devcon.exe update %s %s
API String ID: 3387884737-2811465781
Opcode ID: f9eab47d2ffa1723489d0f17d249fb8020f7db999019b4ea03db62bf5f597046
Instruction ID: 664f13a887c24974d029f1565f247ae1d828a9f4e4552c532972c98eab27e443
Opcode Fuzzy Hash: f9eab47d2ffa1723489d0f17d249fb8020f7db999019b4ea03db62bf5f597046
Instruction Fuzzy Hash: 3E812E72610A05A6EB12EFA1DC943DC2331FB4979DF815016E60E579B9DF38CA4EC384

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140004BA0 Relevance: 63.2, APIs: 21, Strings: 15, Instructions: 176libraryloaderCOMMON

Download Yara Rule

APIs

#316.MFC140U ref: 0000000140004C3D
#316.MFC140U ref: 0000000140004C99
#502.MFC140U ref: 0000000140004CAF
_wgetenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0 ref: 0000000140004CDA
#286.MFC140U ref: 0000000140004D0E
#1034.MFC140U ref: 0000000140004D3B
#1034.MFC140U ref: 0000000140004D47
#1503.MFC140U ref: 0000000140004D5C
#1670.MFC140U ref: 0000000140004D70
LoadLibraryW.KERNEL32 ref: 0000000140004D8C
GetProcAddress.KERNEL32 ref: 0000000140004DF9
GetProcAddress.KERNEL32 ref: 0000000140004E14
GetProcAddress.KERNEL32 ref: 0000000140004E2F
GetProcAddress.KERNEL32 ref: 0000000140004E4A
GetProcAddress.KERNEL32 ref: 0000000140004E65
GetProcAddress.KERNEL32 ref: 0000000140004E80
GetProcAddress.KERNEL32 ref: 0000000140004E9B
GetProcAddress.KERNEL32 ref: 0000000140004EB6
GetProcAddress.KERNEL32 ref: 0000000140004ED1
GetProcAddress.KERNEL32 ref: 0000000140004EEC
GetProcAddress.KERNEL32 ref: 0000000140004F07

Part of subcall function 0000000140005FD0: CoCreateInstance.OLE32 ref: 0000000140006027

Strings

SetupDiDestroyDeviceInfoList, xrefs: 0000000140004E3C
\usc1, xrefs: 0000000140004D62
\system, xrefs: 0000000140004D15
SCAPS_SAM, xrefs: 0000000140004CD3
SetupCloseInfFile, xrefs: 0000000140004EA8
SetupOpenInfFileW, xrefs: 0000000140004E8D
SetupGetLineTextW, xrefs: 0000000140004EDE
SetupDiRemoveDevice, xrefs: 0000000140004E06
SetupGetInfFileListW, xrefs: 0000000140004E72
SetupDiGetClassDevsA, xrefs: 0000000140004DEF
SetupFindFirstLineW, xrefs: 0000000140004EC3
setupapi.dll, xrefs: 0000000140004D85
SetupDiOpenClassRegKey, xrefs: 0000000140004EF9
SetupDiEnumDeviceInfo, xrefs: 0000000140004E21
SetupDiEnumDeviceInterfaces, xrefs: 0000000140004E57

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: AddressProc$#1034#316$#1503#1670#286#502CreateInstanceLibraryLoad_wgetenv
String ID: SCAPS_SAM$SetupCloseInfFile$SetupDiDestroyDeviceInfoList$SetupDiEnumDeviceInfo$SetupDiEnumDeviceInterfaces$SetupDiGetClassDevsA$SetupDiOpenClassRegKey$SetupDiRemoveDevice$SetupFindFirstLineW$SetupGetInfFileListW$SetupGetLineTextW$SetupOpenInfFileW$\system$\usc1$setupapi.dll
API String ID: 3023040093-2462864063
Opcode ID: dc94ebf6a8b8ebe9bfe59e57667a6d6829e3b14089d71f8defd2ff1a5d2c87d0
Instruction ID: 2869d0f9d62b8e421a340298d29ae4556e9816da961bd0d3b0ad0293016b168c
Opcode Fuzzy Hash: dc94ebf6a8b8ebe9bfe59e57667a6d6829e3b14089d71f8defd2ff1a5d2c87d0
Instruction Fuzzy Hash: F8A1EB76201F80E3EB4A9B22E9943D9B368F748791F415219EB6D53275EF34DAB8C304

Uniqueness

Uniqueness Score: -1.00%

Function 000000014000C8E0 Relevance: 56.2, APIs: 29, Strings: 3, Instructions: 184COMMON

Download Yara Rule

APIs

#1501.MFC140U ref: 000000014000C923

Part of subcall function 0000000140007A40: #1034.MFC140U ref: 0000000140007A88

Part of subcall function 0000000140003960: #5709.MFC140U(?,?,?,?,?,?,?,?,000000014000943B), ref: 0000000140003994
Part of subcall function 0000000140003960: #285.MFC140U(?,?,?,?,?,?,?,?,000000014000943B), ref: 00000001400039A0
Part of subcall function 0000000140003960: #13949.MFC140U(?,?,?,?,?,?,?,?,000000014000943B), ref: 00000001400039B1
Part of subcall function 0000000140003960: #5674.MFC140U(?,?,?,?,?,?,?,?,000000014000943B), ref: 00000001400039BC
Part of subcall function 0000000140003960: #1641.MFC140U(?,?,?,?,?,?,?,?,000000014000943B), ref: 00000001400039C7
Part of subcall function 0000000140003960: #2921.MFC140U(?,?,?,?,?,?,?,?,000000014000943B), ref: 00000001400039DD

#316.MFC140U ref: 000000014000C962
#1641.MFC140U ref: 000000014000C96E
_wfindfirst64i32.API-MS-WIN-CRT-FILESYSTEM-L1-1-0 ref: 000000014000C97C
#1501.MFC140U ref: 000000014000C9B0
#1034.MFC140U ref: 000000014000C9BC
#1670.MFC140U ref: 000000014000C9CC

Part of subcall function 0000000140009B30: #1641.MFC140U(?,?,?,?,?,?,?,?,?,?,?,?,00000034,0000000140002F97), ref: 0000000140009BA3
Part of subcall function 0000000140009B30: SysFreeString.OLEAUT32 ref: 0000000140009BEB

#286.MFC140U ref: 000000014000CA0C
#8409.MFC140U ref: 000000014000CA18
#2903.MFC140U ref: 000000014000CA2A
#2903.MFC140U ref: 000000014000CA47
#286.MFC140U ref: 000000014000CA62
#1034.MFC140U ref: 000000014000CA87
#1034.MFC140U ref: 000000014000CA93
_wfindnext64i32.API-MS-WIN-CRT-FILESYSTEM-L1-1-0 ref: 000000014000CAA1
#1501.MFC140U ref: 000000014000CAD1
#1034.MFC140U ref: 000000014000CADD
#1670.MFC140U ref: 000000014000CAED
#286.MFC140U ref: 000000014000CB2B
#8409.MFC140U ref: 000000014000CB37
#2903.MFC140U ref: 000000014000CB49
#2903.MFC140U ref: 000000014000CB66
#286.MFC140U ref: 000000014000CB81
#1034.MFC140U ref: 000000014000CBA6
#1034.MFC140U ref: 000000014000CBB2
_wfindnext64i32.API-MS-WIN-CRT-FILESYSTEM-L1-1-0 ref: 000000014000CBC0
_findclose.API-MS-WIN-CRT-FILESYSTEM-L1-1-0 ref: 000000014000CBD1
#1034.MFC140U ref: 000000014000CBE5
#1034.MFC140U ref: 000000014000CBF1

Strings

sc_light_settings.sam, xrefs: 000000014000CA3B, 000000014000CB5A
sc_settings.sam, xrefs: 000000014000CA1E, 000000014000CB3D
\*.sam, xrefs: 000000014000C944

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #1034$#286#2903$#1501#1641$#1670#8409_wfindnext64i32$#13949#285#2921#316#5674#5709FreeString_findclose_wfindfirst64i32
String ID: \*.sam$sc_light_settings.sam$sc_settings.sam
API String ID: 4261590495-2341380902
Opcode ID: fc240a426798926a5a1228fae44f060e04ec4306fe76fc4deb2da64d31944bf0
Instruction ID: cd36edebfbc36d5190eb2eac2c80a746cfd84c3f00379e8bae4f8ae294e7dbc0
Opcode Fuzzy Hash: fc240a426798926a5a1228fae44f060e04ec4306fe76fc4deb2da64d31944bf0
Instruction Fuzzy Hash: 56917472214A8192EB22EF26F8947D96360FB89BD9F445125F74E475B8DF38CA4DC700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140008C30 Relevance: 50.9, APIs: 24, Strings: 5, Instructions: 105stringCOMMON

Download Yara Rule

APIs

_wgetenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0 ref: 0000000140008C69
#286.MFC140U ref: 0000000140008C77
#1670.MFC140U ref: 0000000140008C8A
#1667.MFC140U ref: 0000000140008C98
GetWindowsDirectoryW.KERNEL32 ref: 0000000140008CA8
#286.MFC140U ref: 0000000140008CB8
#1670.MFC140U ref: 0000000140008CCB
#1667.MFC140U ref: 0000000140008CD9
#491.MFC140U ref: 0000000140008CE4
#1641.MFC140U ref: 0000000140008CEF
#4561.MFC140U ref: 0000000140008D00
#1641.MFC140U ref: 0000000140008D2B
AddFontResourceW.GDI32 ref: 0000000140008D34
#1122.MFC140U ref: 0000000140008D44
#1034.MFC140U ref: 0000000140008D4F
#1034.MFC140U ref: 0000000140008D5B
#1641.MFC140U ref: 0000000140008D6D
lstrcpyW.KERNEL32 ref: 0000000140008D96
lstrcatW.KERNEL32 ref: 0000000140008DAA
#1641.MFC140U ref: 0000000140008DB5
WriteProfileStringW.KERNEL32 ref: 0000000140008DCC
#1122.MFC140U ref: 0000000140008DD8
#1034.MFC140U ref: 0000000140008DE3
#1034.MFC140U ref: 0000000140008DEF

Part of subcall function 00000001400088D0: #1641.MFC140U ref: 00000001400088E0
Part of subcall function 00000001400088D0: #1641.MFC140U ref: 00000001400088EC
Part of subcall function 00000001400088D0: CopyFileW.KERNEL32 ref: 00000001400088FB

Strings

\fonts\, xrefs: 0000000140008C7E
SCAPS_SAM, xrefs: 0000000140008C62
fonts, xrefs: 0000000140008DC5
(TrueType), xrefs: 0000000140008D9C
\Fonts\, xrefs: 0000000140008CBF

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #1641$#1034$#1122#1667#1670#286$#4561#491CopyDirectoryFileFontProfileResourceStringWindowsWrite_wgetenvlstrcatlstrcpy
String ID: (TrueType)$SCAPS_SAM$\Fonts\$\fonts\$fonts
API String ID: 1186686384-1818163314
Opcode ID: 6b3ef6517611ce13184fc905a3a5335a880d934ef7fdefb3785ddea6aae84d29
Instruction ID: 1d7977df996e2efc828206a2d6bd1b9713f5aafc8b6ad2c6eb04f0e27999f3c3
Opcode Fuzzy Hash: 6b3ef6517611ce13184fc905a3a5335a880d934ef7fdefb3785ddea6aae84d29
Instruction Fuzzy Hash: C6510C72214A4192EA229B12F8943DA6360FB9D7D5F810126B78E876B5EF3CCA4DC744

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140003D50 Relevance: 44.0, APIs: 20, Strings: 5, Instructions: 203comCOMMON

Download Yara Rule

APIs

#10163.MFC140U ref: 0000000140003D87
CoCreateInstance.OLE32 ref: 0000000140003DF3
#1501.MFC140U ref: 0000000140003EEA
#1034.MFC140U ref: 0000000140003EF5
#12600.MFC140U ref: 0000000140003F08
#2909.MFC140U ref: 0000000140003F19
#1034.MFC140U ref: 0000000140003F28
#5674.MFC140U ref: 0000000140003F35
#8058.MFC140U ref: 0000000140003F46
#1501.MFC140U ref: 0000000140003F53
#1034.MFC140U ref: 0000000140003F5E
#2715.MFC140U ref: 0000000140003F8C
#2909.MFC140U ref: 0000000140003FB0
#2909.MFC140U ref: 0000000140003FC4
#1503.MFC140U ref: 0000000140003FD8
#2909.MFC140U ref: 0000000140003FF1
#1503.MFC140U ref: 0000000140004005
#2909.MFC140U ref: 000000014000401E
#1503.MFC140U ref: 0000000140004032
#14128.MFC140U ref: 0000000140004045

Strings

_uc, xrefs: 0000000140003F0F
sc_english, xrefs: 0000000140004014, 0000000140004028
sc_chinese, xrefs: 0000000140003FA6, 0000000140003FCE
sc_chinese_traditional, xrefs: 0000000140003FBA
sc_turkish, xrefs: 0000000140003FE7, 0000000140003FFB

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #2909$#1034#1503$#1501$#10163#12600#14128#2715#5674#8058CreateInstance
String ID: _uc$sc_chinese$sc_chinese_traditional$sc_english$sc_turkish
API String ID: 2617745268-460830223
Opcode ID: f1223360fe15f526e799f9e6a61736ff66c82a49d6153fb216c384dd58b040e9
Instruction ID: 740869fda3083fa01d368b41e1dc0eee27831ee1badd425b45a4abfdf277429b
Opcode Fuzzy Hash: f1223360fe15f526e799f9e6a61736ff66c82a49d6153fb216c384dd58b040e9
Instruction Fuzzy Hash: BEA121B2701B4096FB16DB66E8543E823B1B78CBE5F455019EF0A67AB5CF78C989C304

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400090D0 Relevance: 42.1, APIs: 20, Strings: 4, Instructions: 92windowCOMMON

Download Yara Rule

APIs

_wgetenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0 ref: 00000001400090F3
#286.MFC140U ref: 0000000140009104
#1670.MFC140U ref: 000000014000911A
#491.MFC140U ref: 0000000140009125
#1641.MFC140U ref: 0000000140009133
#4561.MFC140U ref: 0000000140009144
#316.MFC140U ref: 0000000140009153
#4578.MFC140U ref: 000000014000916A
#5382.MFC140U ref: 000000014000917E
#1501.MFC140U ref: 000000014000918F
#1034.MFC140U ref: 000000014000919E

Part of subcall function 0000000140008C30: _wgetenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0 ref: 0000000140008C69
Part of subcall function 0000000140008C30: #286.MFC140U ref: 0000000140008C77
Part of subcall function 0000000140008C30: #1670.MFC140U ref: 0000000140008C8A
Part of subcall function 0000000140008C30: #1667.MFC140U ref: 0000000140008C98
Part of subcall function 0000000140008C30: GetWindowsDirectoryW.KERNEL32 ref: 0000000140008CA8
Part of subcall function 0000000140008C30: #286.MFC140U ref: 0000000140008CB8
Part of subcall function 0000000140008C30: #1670.MFC140U ref: 0000000140008CCB
Part of subcall function 0000000140008C30: #1667.MFC140U ref: 0000000140008CD9
Part of subcall function 0000000140008C30: #491.MFC140U ref: 0000000140008CE4
Part of subcall function 0000000140008C30: #1641.MFC140U ref: 0000000140008CEF
Part of subcall function 0000000140008C30: #4561.MFC140U ref: 0000000140008D00
Part of subcall function 0000000140008C30: #1641.MFC140U ref: 0000000140008D2B
Part of subcall function 0000000140008C30: AddFontResourceW.GDI32 ref: 0000000140008D34
Part of subcall function 0000000140008C30: #1122.MFC140U ref: 0000000140008D44
Part of subcall function 0000000140008C30: #1034.MFC140U ref: 0000000140008D4F
Part of subcall function 0000000140008C30: #1034.MFC140U ref: 0000000140008D5B

PostMessageW.USER32 ref: 00000001400091CD
#316.MFC140U ref: 00000001400091DF
#4656.MFC140U ref: 00000001400091FD
#1641.MFC140U ref: 000000014000920B
#8449.MFC140U ref: 0000000140009222
#1034.MFC140U ref: 0000000140009230
#1034.MFC140U ref: 000000014000923F
#1122.MFC140U ref: 000000014000924B
#1034.MFC140U ref: 0000000140009259

Strings

Error, xrefs: 0000000140009218
\fonts\sc_*.ttf, xrefs: 000000014000910B
%s:Installing LaserFonts failed!, xrefs: 00000001400091EE
SCAPS_SAM, xrefs: 00000001400090EC

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #1034$#1641$#1670#286$#1122#1667#316#4561#491_wgetenv$#1501#4578#4656#5382#8449DirectoryFontMessagePostResourceWindows
String ID: %s:Installing LaserFonts failed!$Error$SCAPS_SAM$\fonts\sc_*.ttf
API String ID: 3682216482-664730387
Opcode ID: 1a866812ca699d5ce0300fc0c9b4ad903457efe1cd5965654812bc2a8a39c8f4
Instruction ID: 74bad549d1d1c3fab0f93f8d64234199ba89b530c3d38712a79d94312b55179b
Opcode Fuzzy Hash: 1a866812ca699d5ce0300fc0c9b4ad903457efe1cd5965654812bc2a8a39c8f4
Instruction Fuzzy Hash: FB413632204A8192EB71EB62E8947DA7321FBD9795F404125E74E83AB5DF38CA4DC744

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140017570 Relevance: 40.7, APIs: 27, Instructions: 174COMMON

Download Yara Rule

APIs

Part of subcall function 000000014001B7A0: GetCurrentProcess.KERNEL32 ref: 000000014001B7C2

#316.MFC140U ref: 00000001400175EB

Part of subcall function 000000014001DF88: _onexit.LIBCMT ref: 000000014001DF8C

Part of subcall function 000000014001E3B4: EnterCriticalSection.KERNEL32 ref: 000000014001E3C4
Part of subcall function 000000014001E3B4: LeaveCriticalSection.KERNEL32 ref: 000000014001E404

#7893.MFC140U ref: 0000000140017611
#4946.MFC140U ref: 0000000140017627
#12240.MFC140U ref: 0000000140017659
#8409.MFC140U ref: 0000000140017666
#316.MFC140U ref: 0000000140017692
#7893.MFC140U ref: 00000001400176B8
#4946.MFC140U ref: 00000001400176CE
#12240.MFC140U ref: 0000000140017700
#8409.MFC140U ref: 000000014001770D
#8409.MFC140U ref: 0000000140017716
#5674.MFC140U ref: 0000000140017723
#8058.MFC140U ref: 0000000140017734
#1641.MFC140U ref: 000000014001774D
#2903.MFC140U ref: 0000000140017759
#5674.MFC140U ref: 000000014001776A
#8058.MFC140U ref: 000000014001777E
#1641.MFC140U ref: 0000000140017797
#2903.MFC140U ref: 00000001400177A3
#1034.MFC140U ref: 00000001400177C8
#1034.MFC140U ref: 00000001400177DB

Part of subcall function 000000014001E414: EnterCriticalSection.KERNEL32 ref: 000000014001E424

#1641.MFC140U ref: 000000014001780A
_wunlink.API-MS-WIN-CRT-FILESYSTEM-L1-1-0 ref: 0000000140017818
GetFileAttributesW.KERNEL32 ref: 0000000140017820
#1641.MFC140U ref: 0000000140017851
GetFileAttributesW.KERNEL32 ref: 000000014001785A
#1034.MFC140U ref: 0000000140017869

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #1641$#1034#8409CriticalSection$#12240#2903#316#4946#5674#7893#8058AttributesEnterFile$CurrentLeaveProcess_onexit_wunlink
String ID:
API String ID: 3191934047-0
Opcode ID: b10f5eaad4db381ee1c7735f969874c05ec0282c1785a0859693c3cdc808d502
Instruction ID: 315e8a0113ab131f414e69f2b964bc1aa705b2dca3a19fb1fd6f7b507fc03570
Opcode Fuzzy Hash: b10f5eaad4db381ee1c7735f969874c05ec0282c1785a0859693c3cdc808d502
Instruction Fuzzy Hash: 67812A3164498092EB62EB27E8547D92360F7887E1F940226FB5E876F5DF78C98AC704

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140018DF0 Relevance: 40.6, APIs: 27, Instructions: 138COMMON

Download Yara Rule

APIs

#316.MFC140U ref: 0000000140018E25
#277.MFC140U ref: 0000000140018E38
#7893.MFC140U ref: 0000000140018E4A
#5674.MFC140U ref: 0000000140018E63
#1641.MFC140U ref: 0000000140018E70
#13889.MFC140U ref: 0000000140018E81
#1501.MFC140U ref: 0000000140018E93
#1034.MFC140U ref: 0000000140018E9F
#5674.MFC140U ref: 0000000140018EA8
#5674.MFC140U ref: 0000000140018EB8
#5674.MFC140U ref: 0000000140018ECC
#7893.MFC140U ref: 0000000140018EDD
#12600.MFC140U ref: 0000000140018EFA
#5674.MFC140U ref: 0000000140018F0D
#1631.MFC140U ref: 0000000140018F1D
#1034.MFC140U ref: 0000000140018F41
#3726.MFC140U ref: 0000000140018F5D
#1987.MFC140U ref: 0000000140018F6E
#12600.MFC140U ref: 0000000140018F84
#1501.MFC140U ref: 0000000140018F91
#1034.MFC140U ref: 0000000140018F9D
#4181.MFC140U ref: 0000000140018FA5
#7893.MFC140U ref: 0000000140018FAE
#1988.MFC140U ref: 0000000140018FCB
#1034.MFC140U ref: 0000000140018FD6
#1034.MFC140U ref: 0000000140018FE5
#1034.MFC140U ref: 0000000140018FEF

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #1034$#5674$#7893$#12600#1501$#13889#1631#1641#1987#1988#277#316#3726#4181
String ID:
API String ID: 2602280352-0
Opcode ID: 0ef03896a60d6be55d93cf251014fa6fe3982d30e3095c434da0f27dc999e3c4
Instruction ID: c37464d06aa3add73603276936a3598893b2c3b86b56eb4b926b56075d8a586d
Opcode Fuzzy Hash: 0ef03896a60d6be55d93cf251014fa6fe3982d30e3095c434da0f27dc999e3c4
Instruction Fuzzy Hash: 9F517335214A4096EB629F23E8543D97361FB8ABD1F404125EF4E477B5DF39CA4AC704

Uniqueness

Uniqueness Score: -1.00%

Function 000000014000EE70 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 222comCOMMON

Download Yara Rule

APIs

#10163.MFC140U ref: 000000014000EEAC
#1503.MFC140U ref: 000000014000EECA
#1503.MFC140U ref: 000000014000EEF2
#1503.MFC140U ref: 000000014000EF1A
CoCreateInstance.OLE32 ref: 000000014000EF8B
#1503.MFC140U ref: 000000014000F00C
#1503.MFC140U ref: 000000014000F0A0
#1503.MFC140U ref: 000000014000F0F8
#316.MFC140U ref: 000000014000F167
#2431.MFC140U ref: 000000014000F18F
#2431.MFC140U ref: 000000014000F1B6
#1641.MFC140U ref: 000000014000F1C0
#5240.MFC140U ref: 000000014000F1D1
#13767.MFC140U ref: 000000014000F1DC
#1034.MFC140U ref: 000000014000F1E6
SysFreeString.OLEAUT32 ref: 000000014000F1F1
SysFreeString.OLEAUT32 ref: 000000014000F1FC
#14128.MFC140U ref: 000000014000F21F

Strings

USB license:%s, xrefs: 000000014000F184
USC license:%s, xrefs: 000000014000F1AB
Yes, xrefs: 000000014000EFFE, 000000014000F092, 000000014000F0EA

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #1503$#2431FreeString$#10163#1034#13767#14128#1641#316#5240CreateInstance
String ID: USB license:%s$USC license:%s$Yes
API String ID: 2398011683-1196210860
Opcode ID: 8be48ac68a7670737f7636f2ee7b6e440ff52ad8df25178cde38d9efdf673d8a
Instruction ID: 17a6ef52128328ab67e255dc4e7b409c5f6691d887565474a9ffadbec2b42652
Opcode Fuzzy Hash: 8be48ac68a7670737f7636f2ee7b6e440ff52ad8df25178cde38d9efdf673d8a
Instruction Fuzzy Hash: 7AC12676700A85EAEB16DF66E4943EC33B0F788B98F408116EB1D57AA4DF78C959C340

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400171B0 Relevance: 35.1, APIs: 13, Strings: 7, Instructions: 108windowlibraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 00000001400189C0: PeekMessageW.USER32 ref: 00000001400189DE
Part of subcall function 00000001400189C0: SendMessageW.USER32(?,?,?,?,?,?,?,?,?,00000000,0000000140017FB2), ref: 0000000140018A03
Part of subcall function 00000001400189C0: PeekMessageW.USER32 ref: 0000000140018A1E

#1641.MFC140U ref: 000000014001722B
CoLoadLibrary.OLE32 ref: 0000000140017265
SysFreeString.OLEAUT32 ref: 0000000140017271
GetProcAddress.KERNEL32 ref: 0000000140017286
#1641.MFC140U ref: 0000000140017294
MessageBoxW.USER32 ref: 00000001400172AC
CoFreeLibrary.OLE32 ref: 00000001400172B5
MessageBoxW.USER32 ref: 000000014001732F

Strings

Error getting DllRegisterServer, xrefs: 000000014001729A
DllRegisterServer, xrefs: 000000014001727C
Operation cancelled!, xrefs: 0000000140017201
Error register server, xrefs: 00000001400172CC
Error, xrefs: 000000014001731B
Info, xrefs: 00000001400171FA
DLL "%s" not registered, error code %d, xrefs: 000000014001730A

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: Message$#1641FreeLibraryPeek$AddressLoadProcSendString
String ID: DLL "%s" not registered, error code %d$DllRegisterServer$Error$Error getting DllRegisterServer$Error register server$Info$Operation cancelled!
API String ID: 1570520582-164586443
Opcode ID: cf44085a07ffe5c7578d9b18b35d7c0feaeac47eab14b7b43494036460cc127c
Instruction ID: f7f8eb4cf849364c07c0e685daf8717a5004d985ac85bceca598380156830d22
Opcode Fuzzy Hash: cf44085a07ffe5c7578d9b18b35d7c0feaeac47eab14b7b43494036460cc127c
Instruction Fuzzy Hash: 37412B34215B4081FA679B63A854BE963A1B78CBD4F55012AFF5E4B7B0DF39CA468340

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140003BE0 Relevance: 31.6, APIs: 13, Strings: 5, Instructions: 64COMMON

Download Yara Rule

APIs

#14128.MFC140U ref: 0000000140003BFC
_wgetenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0 ref: 0000000140003C08
#286.MFC140U ref: 0000000140003C16
#316.MFC140U ref: 0000000140003C22
#316.MFC140U ref: 0000000140003C2E
#4656.MFC140U ref: 0000000140003C4D
#4656.MFC140U ref: 0000000140003C64

Part of subcall function 0000000140019540: #1641.MFC140U ref: 0000000140019544
Part of subcall function 0000000140019540: GetFileAttributesW.KERNEL32 ref: 000000014001954D

#1641.MFC140U ref: 0000000140003C7D
#1641.MFC140U ref: 0000000140003C8B

Part of subcall function 00000001400047A0: _wsopen_dispatch.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00000001400047D9
Part of subcall function 00000001400047A0: _wsopen_dispatch.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 000000014000480F
Part of subcall function 00000001400047A0: _close.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 0000000140004824

#4656.MFC140U ref: 0000000140003CC4
#1034.MFC140U ref: 0000000140003CD8
#1034.MFC140U ref: 0000000140003CE4
#1034.MFC140U ref: 0000000140003CF0

Strings

File already exist, xrefs: 0000000140003CA3
SCAPS_SAM, xrefs: 0000000140003C01
%s\system\sc_resource_sc_default_uc.sam, xrefs: 0000000140003C58
%s\system\sc_resource_sc_%s_uc.sam, xrefs: 0000000140003C41
sc_%s, xrefs: 0000000140003CBD

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #1034#1641#4656$#316_wsopen_dispatch$#14128#286AttributesFile_close_wgetenv
String ID: %s\system\sc_resource_sc_%s_uc.sam$%s\system\sc_resource_sc_default_uc.sam$File already exist$SCAPS_SAM$sc_%s
API String ID: 1668331643-141018401
Opcode ID: 93cf18b0863fa5dd58d70ea2f8f2a6cf035c27e2010ba6fdf45939a9013b3935
Instruction ID: fe21ac7bfdf4b364edd55ad27fd908690a7d86bbe018a0edf6feb527c973fdbe
Opcode Fuzzy Hash: 93cf18b0863fa5dd58d70ea2f8f2a6cf035c27e2010ba6fdf45939a9013b3935
Instruction Fuzzy Hash: 13312F35214A4192EB02EB52F8543D9A330FB9E7E1F900116FB5E836B9DF78C949C744

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140007D90 Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 110fileCOMMON

Download Yara Rule

APIs

#4511.MFC140U ref: 0000000140007DD2
#1641.MFC140U ref: 0000000140007DE3
_wsplitpath.API-MS-WIN-CRT-FILESYSTEM-L1-1-0 ref: 0000000140007E0B
#286.MFC140U ref: 0000000140007E1B
#1670.MFC140U ref: 0000000140007E2C
#1670.MFC140U ref: 0000000140007E3F
#1670.MFC140U ref: 0000000140007E51
#1641.MFC140U ref: 0000000140007E5C
#1641.MFC140U ref: 0000000140007E68
CopyFileW.KERNEL32 ref: 0000000140007E7A
#1641.MFC140U ref: 0000000140007E83

Part of subcall function 000000014000E930: #7837.MFC140U ref: 000000014000E952

#1641.MFC140U ref: 0000000140007ECD
#1641.MFC140U ref: 0000000140007EE9

Part of subcall function 000000014000E9B0: #7837.MFC140U ref: 000000014000E9F0

#286.MFC140U ref: 0000000140007F0E

Part of subcall function 0000000140018A40: #1641.MFC140U ref: 0000000140018A4C
Part of subcall function 0000000140018A40: SendMessageW.USER32 ref: 0000000140018A64
Part of subcall function 0000000140018A40: #14128.MFC140U ref: 0000000140018A6F

#1034.MFC140U ref: 0000000140007F2C
#1034.MFC140U ref: 0000000140007F38

Strings

_save_v_2_4.sam, xrefs: 0000000140007DC8, 0000000140007E45

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #1641$#1670$#1034#286#7837$#14128#4511CopyFileMessageSend_wsplitpath
String ID: _save_v_2_4.sam
API String ID: 1391676759-717713547
Opcode ID: 8062a7750a27df26bdeac070516bf7bd893af014b32221371254d02a4a90ea2c
Instruction ID: 62ae6e08bf163a93236b103b49afda7ceb039842c537b83977a4acc25e055a56
Opcode Fuzzy Hash: 8062a7750a27df26bdeac070516bf7bd893af014b32221371254d02a4a90ea2c
Instruction Fuzzy Hash: 92412932214A8592EB11EB17E8947EA6321FBC9FD5F404025EA4E47B78EF3DC90AC740

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140010060 Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 137windowfileCOMMON

Download Yara Rule

APIs

#1641.MFC140U(?,?,?,?,?,?,?,000000014000F980), ref: 00000001400100A4
_wfopen.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,000000014000F980), ref: 00000001400100B4
SendMessageW.USER32(?,?,?,?,?,?,?,000000014000F980), ref: 00000001400100D8
memset.VCRUNTIME140(?,?,?,?,?,?,?,000000014000F980), ref: 000000014001010A
#316.MFC140U(?,?,?,?,?,?,?,000000014000F980), ref: 000000014001012C
SendMessageW.USER32(?,?,?,?,?,?,?,000000014000F980), ref: 0000000140010156
#1670.MFC140U(?,?,?,?,?,?,?,000000014000F980), ref: 0000000140010164
#1670.MFC140U(?,?,?,?,?,?,?,000000014000F980), ref: 0000000140010175
#1670.MFC140U(?,?,?,?,?,?,?,000000014000F980), ref: 000000014001018D
#1641.MFC140U(?,?,?,?,?,?,?,000000014000F980), ref: 0000000140010197
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,000000014000F980), ref: 0000000140010211
#5674.MFC140U(?,?,?,?,?,?,?,000000014000F980), ref: 0000000140010226
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,000000014000F980), ref: 000000014001023A
#1034.MFC140U(?,?,?,?,?,?,?,000000014000F980), ref: 0000000140010245
fclose.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,000000014000F980), ref: 0000000140010259

Strings

, xrefs: 000000014001016A

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #1670$#1641MessageSend$#1034#316#5674ByteCharMultiWide_wfopenfclosefwritememset
String ID:
API String ID: 4270132392-1776720792
Opcode ID: 9e6f2bdd4bd28dd83892a60f9ae24352775404800eacb2f1f8a859ec3a9f5b89
Instruction ID: adab3fb59dfe113aea03c982c2d2e160b9a95868400f5b2de8ef9e7fa1c2a396
Opcode Fuzzy Hash: 9e6f2bdd4bd28dd83892a60f9ae24352775404800eacb2f1f8a859ec3a9f5b89
Instruction Fuzzy Hash: A9514F32210A9096EB129F26EC947D93760F74D7E8F445225FB6E4B6E8DF79C549C300

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140006CF0 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 76windowCOMMON

Download Yara Rule

APIs

Part of subcall function 000000014001B990: #286.MFC140U(?,?,?,?,?,000000014001B7B9), ref: 000000014001B9CC
Part of subcall function 000000014001B990: #1034.MFC140U(?,?,?,?,?,000000014001B7B9), ref: 000000014001B9E6

Part of subcall function 000000014001B7A0: GetCurrentProcess.KERNEL32 ref: 000000014001B7C2

#286.MFC140U ref: 00000001400173B1
#1670.MFC140U ref: 00000001400173D1
#286.MFC140U ref: 00000001400173E3
#2415.MFC140U ref: 00000001400173FB
_wspawnlp.API-MS-WIN-CRT-PROCESS-L1-1-0 ref: 0000000140017429
MessageBoxW.USER32 ref: 0000000140017457
#1034.MFC140U ref: 0000000140017476
#1034.MFC140U ref: 0000000140017482

Strings

/u, xrefs: 00000001400173EF
Result, xrefs: 000000014001742F
Completed successfully, xrefs: 0000000140017441
Error (un)registering shell extension dll, xrefs: 0000000140017450
_d.dll, xrefs: 00000001400173C1
.dll, xrefs: 00000001400173CA
sc_shell_provider_x64, xrefs: 00000001400173A5
regsvr32.exe, xrefs: 0000000140017419, 0000000140017420

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #1034#286$#1670#2415CurrentMessageProcess_wspawnlp
String ID: /u$.dll$Completed successfully$Error (un)registering shell extension dll$Result$_d.dll$regsvr32.exe$sc_shell_provider_x64
API String ID: 4140255600-1287953482
Opcode ID: f7f6a817db73b3f67114a144fcb4eda39a9d54fa54b4a4f5239eee6563d44f29
Instruction ID: 0fb6d51535e51b4dab881f3554ec3e1d38eeff36b8e666cc547571a6660b2e2c
Opcode Fuzzy Hash: f7f6a817db73b3f67114a144fcb4eda39a9d54fa54b4a4f5239eee6563d44f29
Instruction Fuzzy Hash: 2F31AF31214A8592EB12DB26E8907D96370F78C7D5F90111AF79E4B5F8DF38CA49C740

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140016A40 Relevance: 26.3, APIs: 9, Strings: 6, Instructions: 87COMMON

Download Yara Rule

APIs

new.LIBCMT ref: 0000000140016A7F

Part of subcall function 000000014001DCAC: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,0000000140016724), ref: 000000014001DCD8

Strings

PATH, xrefs: 0000000140016B73
.dll, xrefs: 0000000140016C38
Register Debug..., xrefs: 0000000140016B34
SCAPS_SAM, xrefs: 0000000140016BD1
Register SAM Modules..., xrefs: 0000000140016B3B
.ocx, xrefs: 0000000140016C4A

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: malloc
String ID: .dll$.ocx$PATH$Register Debug...$Register SAM Modules...$SCAPS_SAM
API String ID: 2803490479-4199011663
Opcode ID: 1e9728fbfe5599e7d472f6a888b6d9f88e7a683db851c15933e533b464829bb2
Instruction ID: 40876a8a2789755400b3b6111649fe0330714e6e7af658f1a0847a34c6234d71
Opcode Fuzzy Hash: 1e9728fbfe5599e7d472f6a888b6d9f88e7a683db851c15933e533b464829bb2
Instruction Fuzzy Hash: 77413931240A4195FB229B67EC903E533A5BBCC7D4F45452ABB0E8B6B5DF39C949C344

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140006D00 Relevance: 26.3, APIs: 8, Strings: 7, Instructions: 74windowCOMMON

Download Yara Rule

APIs

Part of subcall function 000000014001B990: #286.MFC140U(?,?,?,?,?,000000014001B7B9), ref: 000000014001B9CC
Part of subcall function 000000014001B990: #1034.MFC140U(?,?,?,?,?,000000014001B7B9), ref: 000000014001B9E6

Part of subcall function 000000014001B7A0: GetCurrentProcess.KERNEL32 ref: 000000014001B7C2

#286.MFC140U ref: 00000001400173B1
#1670.MFC140U ref: 00000001400173D1
#286.MFC140U ref: 00000001400173E3
#2415.MFC140U ref: 00000001400173FB
_wspawnlp.API-MS-WIN-CRT-PROCESS-L1-1-0 ref: 0000000140017429
MessageBoxW.USER32 ref: 0000000140017457
#1034.MFC140U ref: 0000000140017476
#1034.MFC140U ref: 0000000140017482

Strings

/u, xrefs: 00000001400173EF
Result, xrefs: 000000014001742F
Completed successfully, xrefs: 0000000140017441
_d.dll, xrefs: 00000001400173C1
.dll, xrefs: 00000001400173CA
sc_shell_provider_x64, xrefs: 00000001400173A5
regsvr32.exe, xrefs: 0000000140017419, 0000000140017420

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #1034#286$#1670#2415CurrentMessageProcess_wspawnlp
String ID: /u$.dll$Completed successfully$Result$_d.dll$regsvr32.exe$sc_shell_provider_x64
API String ID: 4140255600-2266602795
Opcode ID: 26c7335d75f247e33e0a99eccaf60c808d6bf1d533558ec33367f54991a0c210
Instruction ID: caa5366276c63f6cb539a82509b11c92da1399c553657d0da48409eca929ab3d
Opcode Fuzzy Hash: 26c7335d75f247e33e0a99eccaf60c808d6bf1d533558ec33367f54991a0c210
Instruction Fuzzy Hash: 3B315E32214A8592EB12DB26E8907DA6370F78C7D5F90111AF79E4B5F8DF39CA49CB40

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140006D10 Relevance: 26.3, APIs: 8, Strings: 7, Instructions: 74windowCOMMON

Download Yara Rule

APIs

Part of subcall function 000000014001B990: #286.MFC140U(?,?,?,?,?,000000014001B7B9), ref: 000000014001B9CC
Part of subcall function 000000014001B990: #1034.MFC140U(?,?,?,?,?,000000014001B7B9), ref: 000000014001B9E6

Part of subcall function 000000014001B7A0: GetCurrentProcess.KERNEL32 ref: 000000014001B7C2

#286.MFC140U ref: 00000001400173B1
#1670.MFC140U ref: 00000001400173D1
#286.MFC140U ref: 00000001400173E3
#2415.MFC140U ref: 00000001400173FB
_wspawnlp.API-MS-WIN-CRT-PROCESS-L1-1-0 ref: 0000000140017429
MessageBoxW.USER32 ref: 0000000140017457
#1034.MFC140U ref: 0000000140017476
#1034.MFC140U ref: 0000000140017482

Strings

/u, xrefs: 00000001400173EF
Result, xrefs: 000000014001742F
Completed successfully, xrefs: 0000000140017441
_d.dll, xrefs: 00000001400173C1
.dll, xrefs: 00000001400173CA
sc_shell_provider_x64, xrefs: 00000001400173A5
regsvr32.exe, xrefs: 0000000140017419, 0000000140017420

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #1034#286$#1670#2415CurrentMessageProcess_wspawnlp
String ID: /u$.dll$Completed successfully$Result$_d.dll$regsvr32.exe$sc_shell_provider_x64
API String ID: 4140255600-2266602795
Opcode ID: e3bf8d3a5ed6932c8028aca6295619c0f69b8b3fc41aeefe8e7cbc65ce0a2199
Instruction ID: fdfa8645fdbf81b4fa526985b249916f5917ae2a06ea183db10c4acf1369c9e2
Opcode Fuzzy Hash: e3bf8d3a5ed6932c8028aca6295619c0f69b8b3fc41aeefe8e7cbc65ce0a2199
Instruction Fuzzy Hash: 18317031214A8592EB12DB26E8907D96370F78C7D5F901116F79E4B5B8DF39CA49C740

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140007100 Relevance: 24.8, APIs: 13, Strings: 1, Instructions: 256COMMON

Download Yara Rule

APIs

_sopen_dispatch.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00000001400071C7
_read.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00000001400071E7
_read.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 0000000140007215
_close.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 0000000140007232
_lseek.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 0000000140007293
_read.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00000001400072A5
_read.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00000001400072E0
_tell.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00000001400072E8
_lseek.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 000000014000736D
_read.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 000000014000738F
_lseek.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 000000014000740E
_close.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 000000014000742D
MultiByteToWideChar.KERNEL32 ref: 000000014000748B

Strings

name, xrefs: 0000000140007220

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: _read$_lseek$_close$ByteCharMultiWide_sopen_dispatch_tell
String ID: name
API String ID: 3657118347-1579384326
Opcode ID: 13268cd18ec37e924aeb8113624a3d319545357275601eafd3f94138243cc676
Instruction ID: e63a4a68f4c715f9939fe67626a6fc29ae3959d8e2d59ef9b31d1c5a453f7e87
Opcode Fuzzy Hash: 13268cd18ec37e924aeb8113624a3d319545357275601eafd3f94138243cc676
Instruction Fuzzy Hash: 6FA114723106E049E7629F36A8507ED3B92E34D7E9F444625FBAA47BE9DA3CC505C310

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140008650 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 139registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00000001400075A0: #1034.MFC140U(?,?,?,?,?,0000000140004D7E), ref: 00000001400075DC

Part of subcall function 00000001400074F0: #1034.MFC140U ref: 0000000140007543

RegOpenKeyExW.ADVAPI32(?,?,?,?,?,?,00000000,?,?,?,0000000140004D7E), ref: 00000001400086DF
RegOpenKeyExW.ADVAPI32(?,?,?,?,?,?,00000000,?,?,?,0000000140004D7E), ref: 000000014000870C
RegEnumValueW.ADVAPI32 ref: 0000000140008762
#286.MFC140U(?,?,?,?,?,?,00000000,?,?,?,0000000140004D7E), ref: 0000000140008784
#2396.MFC140U(?,?,?,?,?,?,00000000,?,?,?,0000000140004D7E), ref: 0000000140008790
CLSIDFromString.OLE32(?,?,?,?,?,?,00000000,?,?,?,0000000140004D7E), ref: 000000014000879D
new.LIBCMT ref: 00000001400087AA

Part of subcall function 000000014001DCAC: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,0000000140016724), ref: 000000014001DCD8

#286.MFC140U(?,?,?,?,?,?,00000000,?,?,?,0000000140004D7E), ref: 00000001400087C7
#280.MFC140U(?,?,?,?,?,?,00000000,?,?,?,0000000140004D7E), ref: 00000001400087DD
#1034.MFC140U(?,?,?,?,?,?,00000000,?,?,?,0000000140004D7E), ref: 000000014000881A
#1034.MFC140U(?,?,?,?,?,?,00000000,?,?,?,0000000140004D7E), ref: 0000000140008826
RegEnumValueW.ADVAPI32 ref: 0000000140008873

Strings

SCAPS, xrefs: 00000001400086D1
ScStdDevices, xrefs: 0000000140008700

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #1034$#286EnumOpenValue$#2396#280FromStringmalloc
String ID: SCAPS$ScStdDevices
API String ID: 363120550-1535483189
Opcode ID: 5f747d1d8a71fd913a04e715c7dbc89bcfa6122ef26930e995878432fefb25db
Instruction ID: 3e70fe682a7ac79da4757220867485791c68e773fbed84ec521ee3058aae7c34
Opcode Fuzzy Hash: 5f747d1d8a71fd913a04e715c7dbc89bcfa6122ef26930e995878432fefb25db
Instruction Fuzzy Hash: E2614D32618B8096E761DF22F8447DE77A4F789794F904226FB8D43AA8EF78C545CB40

Uniqueness

Uniqueness Score: -1.00%

Function 000000014000FA50 Relevance: 22.8, APIs: 8, Strings: 5, Instructions: 70windowCOMMON

Download Yara Rule

APIs

#10163.MFC140U ref: 000000014000FA62
SendMessageW.USER32 ref: 000000014000FAAE
#4724.MFC140U ref: 000000014000FAB7
SendMessageW.USER32 ref: 000000014000FACE
SendMessageW.USER32 ref: 000000014000FB04
SendMessageW.USER32 ref: 000000014000FB35
SendMessageW.USER32 ref: 000000014000FB66
SendMessageW.USER32 ref: 000000014000FB97

Strings

Version, xrefs: 000000014000FB6C
Build, xrefs: 000000014000FB42
Location, xrefs: 000000014000FB11
d, xrefs: 000000014000FB73
File, xrefs: 000000014000FADB

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: MessageSend$#10163#4724
String ID: Build$File$Location$Version$d
API String ID: 1262742710-2068235041
Opcode ID: e5632f78799a3ff1505e87ad7a45cabeffaa53e5a96b9219772471ed63cee0a7
Instruction ID: 95ecd83441dae22cf0ca00edabd3f6b16113b0acea7e7998748bcafd4527b39d
Opcode Fuzzy Hash: e5632f78799a3ff1505e87ad7a45cabeffaa53e5a96b9219772471ed63cee0a7
Instruction Fuzzy Hash: 4A312F36214B8186E751DF52E444BDA7760F389B88F504029FF8D07B69CF7AC989CB60

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140016FB7 Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 70COMMON

Download Yara Rule

APIs

#286.MFC140U ref: 0000000140016FB7
#12443.MFC140U ref: 0000000140016FD5
#1034.MFC140U ref: 0000000140017005
_wspawnlp.API-MS-WIN-CRT-PROCESS-L1-1-0 ref: 0000000140017030
#1034.MFC140U ref: 0000000140017041
#1034.MFC140U ref: 000000014001704C
#1034.MFC140U ref: 000000014001708D
#1034.MFC140U ref: 0000000140017098
#1034.MFC140U ref: 00000001400170A3
#1034.MFC140U ref: 0000000140017170
#1034.MFC140U ref: 000000014001717B

Strings

_d., xrefs: 0000000140016FC3
regsvr32.exe, xrefs: 0000000140017020, 0000000140017027

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #1034$#12443#286_wspawnlp
String ID: _d.$regsvr32.exe
API String ID: 4172882844-2560458151
Opcode ID: f407462f2ae4b6129a07abf2a78aceebdfa10c4a6adfd16a295e5ff2182ad082
Instruction ID: b6ddf271b5b8b79cad54f0d907852814dc348d35948f622db8bb60a36dd43027
Opcode Fuzzy Hash: f407462f2ae4b6129a07abf2a78aceebdfa10c4a6adfd16a295e5ff2182ad082
Instruction Fuzzy Hash: 1B31E872711A45A6EB22DFA2E8943D82370FB5D799F405026EA0E53678DF34CE4DC384

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001A770 Relevance: 22.7, APIs: 15, Instructions: 174windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32 ref: 000000014001A7B8
#316.MFC140U ref: 000000014001A7CB
#5672.MFC140U ref: 000000014001A7DC
CopyRect.USER32 ref: 000000014001A7EA
#4721.MFC140U ref: 000000014001A82F
GetSysColor.USER32 ref: 000000014001A876

Part of subcall function 000000014001E3B4: EnterCriticalSection.KERNEL32 ref: 000000014001E3C4
Part of subcall function 000000014001E3B4: LeaveCriticalSection.KERNEL32 ref: 000000014001E404

GetSysColor.USER32 ref: 000000014001A8B2
GetSysColor.USER32 ref: 000000014001A8EE
GetSysColor.USER32 ref: 000000014001A92A
#4499.MFC140U ref: 000000014001A958
GetSysColor.USER32 ref: 000000014001A99F
#4499.MFC140U ref: 000000014001A9C6
#5674.MFC140U ref: 000000014001AA1C
#1641.MFC140U ref: 000000014001AA29
#1034.MFC140U ref: 000000014001AA51

Part of subcall function 000000014001E414: EnterCriticalSection.KERNEL32 ref: 000000014001E424

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: Color$CriticalSection$#4499Enter$#1034#1641#316#4721#5672#5674CopyLeaveMessageRectSend
String ID:
API String ID: 3462664341-0
Opcode ID: 91555db2def0db17fb4d0c0de41b65027847a715c50471aa6815c73ce704165e
Instruction ID: 5bc3302a439ac6e42200190234f8757bee4f3a1a17b665f14c1c53d60b775d60
Opcode Fuzzy Hash: 91555db2def0db17fb4d0c0de41b65027847a715c50471aa6815c73ce704165e
Instruction Fuzzy Hash: 62913635200A5087EB12DB26E9803D87360F78DBE0F514225FB9AC76B5DF79C956CB48

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400097E0 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 224memoryCOMMON

Download Yara Rule

APIs

SysAllocString.OLEAUT32 ref: 000000014000984F
SysFreeString.OLEAUT32 ref: 00000001400098A3
SysAllocString.OLEAUT32 ref: 00000001400098CF
SysFreeString.OLEAUT32 ref: 0000000140009922
SysAllocString.OLEAUT32 ref: 000000014000994E
SysFreeString.OLEAUT32 ref: 00000001400099A1
SysAllocString.OLEAUT32 ref: 00000001400099BE

Part of subcall function 0000000140005EC0: #2350.MFC140U ref: 0000000140005ED2

SysFreeString.OLEAUT32 ref: 0000000140009A0F

Strings

SCAPS, xrefs: 0000000140009848
SCAPS.LightExposureCtrl, xrefs: 00000001400099B7
ScPropertyPageSettings, xrefs: 0000000140009947
ScView2DCtrl, xrefs: 00000001400098C8

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: String$AllocFree$#2350
String ID: SCAPS$SCAPS.LightExposureCtrl$ScPropertyPageSettings$ScView2DCtrl
API String ID: 719250235-3448103334
Opcode ID: cfe689e42387a6148e59b2fa8eff68319c5d3cd7870a1003495e0d935810b5fe
Instruction ID: 9f1c41efbdc12be1ca2d1a2406ea505cc49c47d0798367472d4b760873dc8fd9
Opcode Fuzzy Hash: cfe689e42387a6148e59b2fa8eff68319c5d3cd7870a1003495e0d935810b5fe
Instruction Fuzzy Hash: 17A12472701B008AEB16CF6AE4543EC23B5FB8AB88F05592AEF5A577A4DE38C555C340

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140002730 Relevance: 21.1, APIs: 14, Instructions: 106windowCOMMON

Download Yara Rule

APIs

#10163.MFC140U ref: 000000014000274F
SendMessageW.USER32 ref: 0000000140002766
#316.MFC140U ref: 0000000140002771
#4656.MFC140U ref: 0000000140002791
#1641.MFC140U ref: 000000014000279C
SendMessageW.USER32 ref: 00000001400027B4
SendMessageW.USER32 ref: 00000001400027D1
SendMessageW.USER32 ref: 00000001400027E9
#1641.MFC140U ref: 0000000140002821
SendMessageW.USER32 ref: 0000000140002839
SendMessageW.USER32 ref: 0000000140002851
#1641.MFC140U ref: 0000000140002891
#14128.MFC140U ref: 00000001400028B9
#1034.MFC140U ref: 00000001400028C4

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: MessageSend$#1641$#10163#1034#14128#316#4656
String ID:
API String ID: 2648534157-0
Opcode ID: ca4a79385f5cf5b5be86c59e6de93d0190d4233ddc68685e372e4887ccb9439f
Instruction ID: 32a3a468a09d1ff8f621f16fe1f20c06e480fc7fcdddd3faccca5686bbd9972e
Opcode Fuzzy Hash: ca4a79385f5cf5b5be86c59e6de93d0190d4233ddc68685e372e4887ccb9439f
Instruction Fuzzy Hash: 32419D36601A9082E752AB27EC547DA6360F7C9BD4F449131BF4E87AB5CE34C8868750

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140019570 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 96COMMON

Download Yara Rule

APIs

#316.MFC140U ref: 00000001400195E2

Part of subcall function 000000014001DF88: _onexit.LIBCMT ref: 000000014001DF8C

Part of subcall function 000000014001E3B4: EnterCriticalSection.KERNEL32 ref: 000000014001E3C4
Part of subcall function 000000014001E3B4: LeaveCriticalSection.KERNEL32 ref: 000000014001E404

#964.MFC140U ref: 0000000140019629
InitializeCriticalSectionAndSpinCount.KERNEL32 ref: 0000000140019646
GetLastError.KERNEL32 ref: 0000000140019650
EnterCriticalSection.KERNEL32 ref: 0000000140019698
_wgetenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0 ref: 00000001400196AE
#1503.MFC140U ref: 00000001400196C3
#1670.MFC140U ref: 00000001400196D7
LeaveCriticalSection.KERNEL32 ref: 00000001400196F5
#1034.MFC140U ref: 0000000140019718

Part of subcall function 000000014001E414: EnterCriticalSection.KERNEL32 ref: 000000014001E424

Strings

SCAPS_SAM, xrefs: 00000001400196A7
\system\, xrefs: 00000001400196C9

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: CriticalSection$Enter$Leave$#1034#1503#1670#316#964CountErrorInitializeLastSpin_onexit_wgetenv
String ID: SCAPS_SAM$\system\
API String ID: 627262424-3516088844
Opcode ID: eac4e80c0864d98508df9dc33abc432509f7d2e96bb841da913857b46169718f
Instruction ID: 382b16dd24abd6ef7cda574b8cd1b666fed43475cbeda61a51b9e4a9b255b9ee
Opcode Fuzzy Hash: eac4e80c0864d98508df9dc33abc432509f7d2e96bb841da913857b46169718f
Instruction Fuzzy Hash: 6A51D831200A5091FB12DB67E8943D933A0B79CBE4F854229BB69872F9DF79C949C718

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001A180 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 53processCOMMON

Download Yara Rule

APIs

_wgetenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0 ref: 000000014001A199
#286.MFC140U ref: 000000014001A1B7
#316.MFC140U ref: 000000014001A1C6
#1670.MFC140U ref: 000000014001A1DC
memset.VCRUNTIME140 ref: 000000014001A1ED
#1641.MFC140U ref: 000000014001A202
CreateProcessW.KERNEL32 ref: 000000014001A23B
#1034.MFC140U ref: 000000014001A256
#1034.MFC140U ref: 000000014001A265

Strings

h, xrefs: 000000014001A1F2
\system\sc_usc_server.exe, xrefs: 000000014001A1CD
SCAPS_SAM, xrefs: 000000014001A192

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #1034$#1641#1670#286#316CreateProcess_wgetenvmemset
String ID: SCAPS_SAM$\system\sc_usc_server.exe$h
API String ID: 2271488619-2848450608
Opcode ID: 6971db20f231f6af73c41a14e084ffd8ad758fe76af48d0ef2678d44f73d5e49
Instruction ID: cc49cb68f152e5171a1fc19c1301b1e670097fa165db57d5bd5d5cc36e444173
Opcode Fuzzy Hash: 6971db20f231f6af73c41a14e084ffd8ad758fe76af48d0ef2678d44f73d5e49
Instruction Fuzzy Hash: AF214131614A8196D7219B25E8943DA7360F79D371F504225A7AE83AF4EF3CC98DCB04

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400019F0 Relevance: 21.0, APIs: 6, Strings: 6, Instructions: 49COMMON

Download Yara Rule

APIs

_wgetenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0 ref: 0000000140001A10
#286.MFC140U ref: 0000000140001A3F
#1670.MFC140U ref: 0000000140001A78
#1501.MFC140U ref: 0000000140001A8A
#14128.MFC140U ref: 0000000140001A99
#1034.MFC140U ref: 0000000140001AA4

Strings

SCAPS_SAM not found!, xrefs: 0000000140001A26
Error, xrefs: 0000000140001A1F
\system\sc_light_settings.sam, xrefs: 0000000140001A50
SCAPS_SAM, xrefs: 0000000140001A09
\system\, xrefs: 0000000140001A6C
\system\sc_settings.sam, xrefs: 0000000140001A5E

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #1034#14128#1501#1670#286_wgetenv
String ID: Error$SCAPS_SAM$SCAPS_SAM not found!$\system\$\system\sc_light_settings.sam$\system\sc_settings.sam
API String ID: 3126259006-1065099383
Opcode ID: 67cd7da1adf763347533e7e918055bf6a56d4019c8fadbf0f95e2369b2c7ea34
Instruction ID: 981fac533282cc827ff53dc62208ed34ae17e3443cab2094a2d4bae2c1bce17c
Opcode Fuzzy Hash: 67cd7da1adf763347533e7e918055bf6a56d4019c8fadbf0f95e2369b2c7ea34
Instruction Fuzzy Hash: AA115971215A4192EA52DF16F8803E96361FB8E7E5F844229F71A471B8DF38CA09C305

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140011B80 Relevance: 19.6, APIs: 13, Instructions: 63fileCOMMON

Download Yara Rule

APIs

#316.MFC140U ref: 0000000140011BB4
#4946.MFC140U ref: 0000000140011BC5
SHGetSpecialFolderPathW.SHELL32 ref: 0000000140011BD7
#12240.MFC140U ref: 0000000140011BE5
#1641.MFC140U ref: 0000000140011BEE
_wsplitpath.API-MS-WIN-CRT-FILESYSTEM-L1-1-0 ref: 0000000140011C0E
_wmakepath.API-MS-WIN-CRT-FILESYSTEM-L1-1-0 ref: 0000000140011C33
#1665.MFC140U ref: 0000000140011C43
#1670.MFC140U ref: 0000000140011C56
#1641.MFC140U ref: 0000000140011C61
#1641.MFC140U ref: 0000000140011C6D
CopyFileW.KERNEL32 ref: 0000000140011C7C
#1034.MFC140U ref: 0000000140011C88

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #1641$#1034#12240#1665#1670#316#4946CopyFileFolderPathSpecial_wmakepath_wsplitpath
String ID:
API String ID: 1380016769-0
Opcode ID: 788efbda508912e1db9a897994c8782c7d87e9dcba46ea81016bcf2fe4ef3721
Instruction ID: ed941f3f9fe22064108c469068f1cd8f2a89c032b7b47820bd17eec9eb3e376c
Opcode Fuzzy Hash: 788efbda508912e1db9a897994c8782c7d87e9dcba46ea81016bcf2fe4ef3721
Instruction Fuzzy Hash: 14311E36224A8082EB619F22F8557DA7361FBC9B95F405225E75E03AB8DF3CC509CB04

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400191A0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 129COMMON

Download Yara Rule

APIs

?_Xbad_alloc@std@@YAXXZ.MSVCP140 ref: 00000001400191C2
new.LIBCMT ref: 00000001400191C9
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00000001400191D6

Strings

invalid string position, xrefs: 000000014001923A, 0000000140019261
string too long, xrefs: 0000000140019296

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: Xbad_alloc@std@@_invalid_parameter_noinfo_noreturn
String ID: invalid string position$string too long
API String ID: 511923668-4289949731
Opcode ID: 3d10aa529a49a3f479458b8f76d6f1ba80631a10602170cbf230da17366304a1
Instruction ID: 8cbea565d98fdee383b2b577519701baa49cd0526cef30b7f43fc501126ec788
Opcode Fuzzy Hash: 3d10aa529a49a3f479458b8f76d6f1ba80631a10602170cbf230da17366304a1
Instruction Fuzzy Hash: E941AE31201A4491EF1ADB17D58439873A1F75CBE4FA40925EB6A0BBF9DF7AC592C340

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001B200 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 90timewindowCOMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,?,?,000000014001B05B), ref: 000000014001B262
#2344.MFC140U(?,?,?,000000014001B05B), ref: 000000014001B27A

Part of subcall function 000000014001B5A0: GetCurrentThreadId.KERNEL32 ref: 000000014001B62E
Part of subcall function 000000014001B5A0: RaiseException.KERNEL32 ref: 000000014001B64D

EnterCriticalSection.KERNEL32 ref: 000000014001B2B9
SetTimer.USER32 ref: 000000014001B2D1
#286.MFC140U ref: 000000014001B307
MessageBoxW.USER32 ref: 000000014001B34D
KillTimer.USER32 ref: 000000014001B362
LeaveCriticalSection.KERNEL32 ref: 000000014001B36F
#1034.MFC140U ref: 000000014001B37B

Strings

dont_force_message_focus, xrefs: 000000014001B2FB
SC_MsgBoxThread, xrefs: 000000014001B292

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: CriticalSectionTimer$#1034#2344#286CurrentEnterExceptionKillLeaveMessageRaiseThreadmemset
String ID: SC_MsgBoxThread$dont_force_message_focus
API String ID: 4217689223-2674984546
Opcode ID: f8a9d496c7e579db1670af7b970043b4812180ab5a20b6c9ce17d3c782f0cf16
Instruction ID: f817b379860bf73ccd688bd69bc3779ddcd4704915593135b1641cc39fef293a
Opcode Fuzzy Hash: f8a9d496c7e579db1670af7b970043b4812180ab5a20b6c9ce17d3c782f0cf16
Instruction Fuzzy Hash: D6414231214B8086EB56DF26E4403DA73A0FB4DBA4F584225EB5D4B6B9DF39C949C740

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140017E50 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 79COMMON

Download Yara Rule

APIs

Part of subcall function 00000001400189C0: PeekMessageW.USER32 ref: 00000001400189DE
Part of subcall function 00000001400189C0: SendMessageW.USER32(?,?,?,?,?,?,?,?,?,00000000,0000000140017FB2), ref: 0000000140018A03
Part of subcall function 00000001400189C0: PeekMessageW.USER32 ref: 0000000140018A1E

#1641.MFC140U ref: 0000000140017EA1
CLSIDFromProgID.OLE32 ref: 0000000140017EDE
SysFreeString.OLEAUT32 ref: 0000000140017EE9
ProgIDFromCLSID.OLE32 ref: 0000000140017EF9
#286.MFC140U ref: 0000000140017F11
#1641.MFC140U ref: 0000000140017F1B
#2294.MFC140U ref: 0000000140017F29
#1034.MFC140U ref: 0000000140017F38

Strings

SCAPS.ScTriaBox, xrefs: 0000000140017F4E

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: Message$#1641FromPeekProg$#1034#2294#286FreeSendString
String ID: SCAPS.ScTriaBox
API String ID: 135846759-3314625781
Opcode ID: 618f893f46f3d58d18dcabf1613ac0616b501699daaaf533ed6895b0c49181b7
Instruction ID: 98d49779d355abe7cd7c0b37aaffa9d5b5e228658c195caf82d0317edfd1c63e
Opcode Fuzzy Hash: 618f893f46f3d58d18dcabf1613ac0616b501699daaaf533ed6895b0c49181b7
Instruction Fuzzy Hash: FF314331205B4182EA629B23F8547EA63A0BB8DBD5F541129BB8E4B7B4EF3DC9458740

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140016A8F Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 75windowCOMMON

Download Yara Rule

APIs

Part of subcall function 0000000140018480: #990.MFC140U ref: 00000001400184BA
Part of subcall function 0000000140018480: #316.MFC140U ref: 00000001400184D1

#13864.MFC140U ref: 0000000140016ACA
#13864.MFC140U ref: 0000000140016AD6
#2686.MFC140U ref: 0000000140016AE4
#5240.MFC140U ref: 0000000140016AFA
#4335.MFC140U ref: 0000000140016B09
#13767.MFC140U ref: 0000000140016B51
_wgetenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0 ref: 0000000140016B7A
MessageBoxW.USER32 ref: 0000000140016B9B
_wgetenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0 ref: 0000000140016BD8

Strings

environment variable not found, xrefs: 0000000140016B8C
PATH, xrefs: 0000000140016B73
Register Debug..., xrefs: 0000000140016B34
PATH=?, xrefs: 0000000140016B85
Register SAM Modules..., xrefs: 0000000140016B3B

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #13864_wgetenv$#13767#2686#316#4335#5240#990Message
String ID: PATH$PATH=?$Register Debug...$Register SAM Modules...$environment variable not found
API String ID: 617971081-4020705390
Opcode ID: 6b97f1cbf2571c049c3e334153a551cc04dcf321f81fde660a3fa8423bc61f95
Instruction ID: 1045c94e05bc8b70ff334efb62b7771fa3792445d79e7c109a93a51f7a10e65c
Opcode Fuzzy Hash: 6b97f1cbf2571c049c3e334153a551cc04dcf321f81fde660a3fa8423bc61f95
Instruction Fuzzy Hash: 6A310931241A4091FB67DB63E8913E52361AB8CBC4F55443AEF0E573B5DE7AC889C300

Uniqueness

Uniqueness Score: -1.00%

Function 000000014000DC00 Relevance: 18.1, APIs: 12, Instructions: 96windowsleepCOMMON

Download Yara Rule

APIs

BroadcastSystemMessageW.USER32 ref: 000000014000DC4A
Sleep.KERNEL32 ref: 000000014000DC55
#7893.MFC140U ref: 000000014000DC5E
#2903.MFC140U ref: 000000014000DC72
#4181.MFC140U ref: 000000014000DC7F
#1501.MFC140U ref: 000000014000DC99
new.LIBCMT ref: 000000014000DCA4
#13864.MFC140U ref: 000000014000DCE9
#13864.MFC140U ref: 000000014000DCF5
#2686.MFC140U ref: 000000014000DD03
BroadcastSystemMessageW.USER32 ref: 000000014000DD76
#1034.MFC140U ref: 000000014000DD80

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #13864BroadcastMessageSystem$#1034#1501#2686#2903#4181#7893Sleep
String ID:
API String ID: 3375581566-0
Opcode ID: a241d76669437413a78822ecf12e5b1085a84ef0f89260f164d97c5e32c04853
Instruction ID: 6243813285ae9aac9ce75fb729ad8adc6e21606fb7e8eaccfd62391997bd57f4
Opcode Fuzzy Hash: a241d76669437413a78822ecf12e5b1085a84ef0f89260f164d97c5e32c04853
Instruction Fuzzy Hash: A9414871614A4182FB56EB27F8547EA7361BB89BD4F04812AFB4A077B6DF38C809C710

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001B670 Relevance: 18.1, APIs: 12, Instructions: 67threadtimeCOMMON

Download Yara Rule

APIs

KillTimer.USER32 ref: 000000014001B697
SetTimer.USER32 ref: 000000014001B6B1
EnumThreadWindows.USER32 ref: 000000014001B6CB
GetForegroundWindow.USER32 ref: 000000014001B6DE
GetForegroundWindow.USER32 ref: 000000014001B6FB
GetWindowThreadProcessId.USER32 ref: 000000014001B706
GetCurrentThreadId.KERNEL32 ref: 000000014001B70E
AttachThreadInput.USER32 ref: 000000014001B72C
BringWindowToTop.USER32 ref: 000000014001B739
ShowWindow.USER32 ref: 000000014001B74B
BringWindowToTop.USER32 ref: 000000014001B775
ShowWindow.USER32 ref: 000000014001B787

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: Window$Thread$BringForegroundShowTimer$AttachCurrentEnumInputKillProcessWindows
String ID:
API String ID: 2348816688-0
Opcode ID: 5ebf64ce5b2fb9ac07335970812b65aa617b97f6cc20251c95c24ddbe32fc92d
Instruction ID: a45e66d24f746d728cfca538e46822fc9a7db96ceb7f5fab65e93f16c7cf9ff2
Opcode Fuzzy Hash: 5ebf64ce5b2fb9ac07335970812b65aa617b97f6cc20251c95c24ddbe32fc92d
Instruction Fuzzy Hash: BF313E35614B8082E7969B62E84439927A5F78CFC9F095029FF4A4B7B8CF38C985C711

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001FC80 Relevance: 17.5, APIs: 6, Strings: 4, Instructions: 48COMMON

Download Yara Rule

APIs

#316.MFC140U ref: 000000014001FC92
#4656.MFC140U ref: 000000014001FCE1
#4656.MFC140U ref: 000000014001FCF8
#1641.MFC140U ref: 000000014001FD02
#2270.MFC140U ref: 000000014001FD10
#1034.MFC140U ref: 000000014001FD1A

Strings

%Ts (%Ts:%d), xrefs: 000000014001FCF1
C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\atlmfc\include\afxwin2.inl, xrefs: 000000014001FCB3
Exception thrown in destructor, xrefs: 000000014001FCBA
%Ts (%Ts:%d)%Ts, xrefs: 000000014001FCDA

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #4656$#1034#1641#2270#316
String ID: %Ts (%Ts:%d)$%Ts (%Ts:%d)%Ts$C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\atlmfc\include\afxwin2.inl$Exception thrown in destructor
API String ID: 697350253-1343599323
Opcode ID: d76db345077eafbac5f39d6adc48c06b5b27a03504a1c0ee1209f2a52f2efc3a
Instruction ID: ec7b2ff973cff26c0c0505aaa5b22537b4fa6d23228cb9db55017371c0d7b13d
Opcode Fuzzy Hash: d76db345077eafbac5f39d6adc48c06b5b27a03504a1c0ee1209f2a52f2efc3a
Instruction Fuzzy Hash: 58115872210A8496EB12DF22EC407E82320F78DB99F845026FB0E43A78DF39CA48C704

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140016360 Relevance: 16.7, APIs: 11, Instructions: 218COMMON

Download Yara Rule

APIs

#2344.MFC140U ref: 000000014001638D
#1034.MFC140U ref: 00000001400163C8
#1034.MFC140U ref: 00000001400163D2
memset.VCRUNTIME140 ref: 000000014001642D
#316.MFC140U ref: 0000000140016459
#316.MFC140U ref: 0000000140016464
memset.VCRUNTIME140 ref: 00000001400164AC
#1034.MFC140U ref: 0000000140016539
#1034.MFC140U ref: 0000000140016543
#2344.MFC140U ref: 00000001400165A3
memset.VCRUNTIME140 ref: 00000001400165F3

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #1034$memset$#2344#316
String ID:
API String ID: 1702603104-0
Opcode ID: e4c2a84091f8ffc7bac0a2745a4862bdcb1d9f9fd2911b4c28c1c6c7936a03ec
Instruction ID: f13d8deb28002e091d3ab086985e6bbd6d86772e0431e1b0e6973e6a6aed0376
Opcode Fuzzy Hash: e4c2a84091f8ffc7bac0a2745a4862bdcb1d9f9fd2911b4c28c1c6c7936a03ec
Instruction Fuzzy Hash: 7B918B72201B9082EE16DF2AD9903E863A1E788FC8F144525AB5E4B7B9CF75C952C380

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001A540 Relevance: 16.6, APIs: 11, Instructions: 105windowCOMMON

Download Yara Rule

APIs

#5240.MFC140U ref: 000000014001A57A
CopyRect.USER32 ref: 000000014001A58A
GetWindowRect.USER32 ref: 000000014001A5A3
SendMessageW.USER32 ref: 000000014001A5CB
GetObjectW.GDI32 ref: 000000014001A5E7
SendMessageW.USER32 ref: 000000014001A600

Part of subcall function 000000014001AC00: GetStockObject.GDI32 ref: 000000014001AC17
Part of subcall function 000000014001AC00: GetStockObject.GDI32 ref: 000000014001AC28
Part of subcall function 000000014001AC00: #3828.MFC140U ref: 000000014001AC3B
Part of subcall function 000000014001AC00: #2475.MFC140U ref: 000000014001AC46

#3058.MFC140U ref: 000000014001A63A
CreateFontIndirectW.GDI32 ref: 000000014001A659
#2475.MFC140U ref: 000000014001A665
SendMessageW.USER32 ref: 000000014001A684
SendMessageW.USER32 ref: 000000014001A69F

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: MessageSend$Object$#2475RectStock$#3058#3828#5240CopyCreateFontIndirectWindow
String ID:
API String ID: 4170829283-0
Opcode ID: 5b255d003bc7fac17b61cc6cb4de07917bbddb977606558560c9b2abc11d7f2f
Instruction ID: 77f585543ba55faf5cd8ae6af2c20f5a0772daff4a2d58a8ae953b074ed00dc5
Opcode Fuzzy Hash: 5b255d003bc7fac17b61cc6cb4de07917bbddb977606558560c9b2abc11d7f2f
Instruction Fuzzy Hash: D8416C72300A8097EB16EB23E9547E97361F789BE4F014211EF2A4B7A4DF39C4568700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001B800 Relevance: 16.6, APIs: 11, Instructions: 78threadsleepCOMMON

Download Yara Rule

APIs

GetCurrentThread.KERNEL32 ref: 000000014001B82F
GetThreadPriority.KERNEL32 ref: 000000014001B83B
SetThreadPriority.KERNEL32 ref: 000000014001B84C
#316.MFC140U ref: 000000014001B871

Part of subcall function 000000014001B500: #2212.MFC140U ref: 000000014001B515
Part of subcall function 000000014001B500: #1503.MFC140U ref: 000000014001B53C
Part of subcall function 000000014001B500: #1670.MFC140U ref: 000000014001B550
Part of subcall function 000000014001B500: #1670.MFC140U ref: 000000014001B575
Part of subcall function 000000014001B500: #1641.MFC140U ref: 000000014001B57E

ResumeThread.KERNEL32 ref: 000000014001B8CA
GetExitCodeThread.KERNEL32 ref: 000000014001B8E0
Sleep.KERNEL32 ref: 000000014001B8F8
GetExitCodeThread.KERNEL32 ref: 000000014001B90E
SetThreadPriority.KERNEL32 ref: 000000014001B927
#1034.MFC140U ref: 000000014001B943
#1453.MFC140U ref: 000000014001B94F

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: Thread$Priority$#1670CodeExit$#1034#1453#1503#1641#2212#316CurrentResumeSleep
String ID:
API String ID: 2885715787-0
Opcode ID: a0807618ed4efd34c6080ee4f78a871c394f7d595bc0a552085b5ff039287a82
Instruction ID: a103496ff2bdd0225079137fb89df08195ad0d0485bb464d849b635d523ef2a5
Opcode Fuzzy Hash: a0807618ed4efd34c6080ee4f78a871c394f7d595bc0a552085b5ff039287a82
Instruction Fuzzy Hash: 1E312F32214A80C2E7619B16F8547DA7360F7DCBA0F844125EB9E877B4DF38C999CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400047A0 Relevance: 16.6, APIs: 11, Instructions: 76COMMON

Download Yara Rule

APIs

_wsopen_dispatch.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00000001400047D9
_wsopen_dispatch.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 000000014000480F
_close.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 0000000140004824
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 0000000140004839
_read.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 000000014000484D
_write.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 0000000140004868
_read.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 0000000140004879
_write.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 000000014000488E
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 0000000140004897
_close.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 000000014000489F
_close.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00000001400048A7

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: _close$_read_write_wsopen_dispatch$freemalloc
String ID:
API String ID: 3582495634-0
Opcode ID: 00351168f3499ce5fc1049340abd03f99edb65cfef6eb403c2e5de5d16b9686c
Instruction ID: 79e520b232482f827391596b5b92e96e6eb8c8b3d35508b328935961254dd9e3
Opcode Fuzzy Hash: 00351168f3499ce5fc1049340abd03f99edb65cfef6eb403c2e5de5d16b9686c
Instruction Fuzzy Hash: 7B312B76704A5087E7219F12B8043AEB262F78DBD1F554128EF8A83BA5DF7CC9458B84

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140009270 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 88windowsleepCOMMON

Download Yara Rule

APIs

BroadcastSystemMessageW.USER32 ref: 00000001400092B6
Sleep.KERNEL32 ref: 00000001400092C1
new.LIBCMT ref: 00000001400092CC

Part of subcall function 000000014001DCAC: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,0000000140016724), ref: 000000014001DCD8

#13864.MFC140U ref: 0000000140009311
#13864.MFC140U ref: 000000014000931D
#286.MFC140U ref: 0000000140009367
#1034.MFC140U ref: 0000000140009385
BroadcastSystemMessageW.USER32 ref: 00000001400093E3

Part of subcall function 0000000140018480: #990.MFC140U ref: 00000001400184BA
Part of subcall function 0000000140018480: #316.MFC140U ref: 00000001400184D1

Strings

Installing driver..., xrefs: 000000014000935B

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #13864BroadcastMessageSystem$#1034#286#316#990Sleepmalloc
String ID: Installing driver...
API String ID: 873303361-403088641
Opcode ID: 5cf090fe504ee13ff3448cc6845f6d0736d45d50eb1d4ee1c9e86167a18075ef
Instruction ID: 98a466da079cf957e8a3fcb8ea59084ccc13408f70e429140bb295760a33f577
Opcode Fuzzy Hash: 5cf090fe504ee13ff3448cc6845f6d0736d45d50eb1d4ee1c9e86167a18075ef
Instruction Fuzzy Hash: 22412635A16A4092FB12DB57E8543AA6361FBC8BD0F118129BB4A47BB6CE39C905CB44

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140006BD0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 64COMMON

Download Yara Rule

APIs

Part of subcall function 00000001400197A0: #964.MFC140U ref: 00000001400197D6
Part of subcall function 00000001400197A0: InitializeCriticalSectionAndSpinCount.KERNEL32 ref: 00000001400197EC
Part of subcall function 00000001400197A0: GetLastError.KERNEL32 ref: 00000001400197F6

#286.MFC140U ref: 0000000140006C23
_wgetenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0 ref: 0000000140006C33
#286.MFC140U ref: 0000000140006C41

Part of subcall function 0000000140005870: #5709.MFC140U ref: 00000001400058A4
Part of subcall function 0000000140005870: #285.MFC140U ref: 00000001400058B0
Part of subcall function 0000000140005870: #5674.MFC140U ref: 00000001400058C1
Part of subcall function 0000000140005870: #1641.MFC140U ref: 00000001400058CC
Part of subcall function 0000000140005870: #5674.MFC140U ref: 00000001400058D8
Part of subcall function 0000000140005870: #1641.MFC140U ref: 00000001400058E3
Part of subcall function 0000000140005870: #2921.MFC140U ref: 00000001400058F9

#1034.MFC140U ref: 0000000140006C5E
#1034.MFC140U ref: 0000000140006C6A
#280.MFC140U ref: 0000000140006C93

Part of subcall function 00000001400199E0: #1641.MFC140U ref: 0000000140019A3A
Part of subcall function 00000001400199E0: #306.MFC140U ref: 0000000140019A48
Part of subcall function 00000001400199E0: #1034.MFC140U ref: 0000000140019AC6
Part of subcall function 00000001400199E0: #1034.MFC140U ref: 0000000140019AD0

#1034.MFC140U ref: 0000000140006CC0

Strings

\intermed\st.zip, xrefs: 0000000140006C17
SCAPS_SAM, xrefs: 0000000140006C2C

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #1034$#1641$#286#5674$#280#285#2921#306#5709#964CountCriticalErrorInitializeLastSectionSpin_wgetenv
String ID: SCAPS_SAM$\intermed\st.zip
API String ID: 3330852759-3447482422
Opcode ID: 1025ce7fa4013b9239c41aa909f631e99ec57cce23276024b9fe7b96707807c1
Instruction ID: e39376414233096987eceb891dc723ac762a6f0a4e1f934a44752e0558aeab9e
Opcode Fuzzy Hash: 1025ce7fa4013b9239c41aa909f631e99ec57cce23276024b9fe7b96707807c1
Instruction Fuzzy Hash: 42215531228A4092EB12EB11F8947DA7360FBD97A1F401215F75E876F9DF78C909CB44

Uniqueness

Uniqueness Score: -1.00%

Function 000000014000E700 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 57COMMON

Download Yara Rule

APIs

_wgetenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0 ref: 000000014000E725
#286.MFC140U ref: 000000014000E73F

Part of subcall function 0000000140003960: #5709.MFC140U(?,?,?,?,?,?,?,?,000000014000943B), ref: 0000000140003994
Part of subcall function 0000000140003960: #285.MFC140U(?,?,?,?,?,?,?,?,000000014000943B), ref: 00000001400039A0
Part of subcall function 0000000140003960: #13949.MFC140U(?,?,?,?,?,?,?,?,000000014000943B), ref: 00000001400039B1
Part of subcall function 0000000140003960: #5674.MFC140U(?,?,?,?,?,?,?,?,000000014000943B), ref: 00000001400039BC
Part of subcall function 0000000140003960: #1641.MFC140U(?,?,?,?,?,?,?,?,000000014000943B), ref: 00000001400039C7
Part of subcall function 0000000140003960: #2921.MFC140U(?,?,?,?,?,?,?,?,000000014000943B), ref: 00000001400039DD

Part of subcall function 0000000140007F70: new.LIBCMT ref: 0000000140007FB2
Part of subcall function 0000000140007F70: #13864.MFC140U ref: 0000000140008002
Part of subcall function 0000000140007F70: #13767.MFC140U ref: 0000000140008015
Part of subcall function 0000000140007F70: #316.MFC140U ref: 000000014000801F
Part of subcall function 0000000140007F70: #1503.MFC140U ref: 0000000140008032
Part of subcall function 0000000140007F70: #990.MFC140U ref: 000000014000804D
Part of subcall function 0000000140007F70: #3203.MFC140U ref: 00000001400080AA
Part of subcall function 0000000140007F70: #1670.MFC140U ref: 00000001400080BF
Part of subcall function 0000000140007F70: #1454.MFC140U ref: 0000000140008612
Part of subcall function 0000000140007F70: #1034.MFC140U ref: 000000014000861D

#1034.MFC140U ref: 000000014000E76F
#1034.MFC140U ref: 000000014000E77B
#286.MFC140U ref: 000000014000E789

Part of subcall function 000000014000C8E0: #1501.MFC140U ref: 000000014000C923
Part of subcall function 000000014000C8E0: #316.MFC140U ref: 000000014000C962
Part of subcall function 000000014000C8E0: #1641.MFC140U ref: 000000014000C96E
Part of subcall function 000000014000C8E0: _wfindfirst64i32.API-MS-WIN-CRT-FILESYSTEM-L1-1-0 ref: 000000014000C97C
Part of subcall function 000000014000C8E0: #1501.MFC140U ref: 000000014000C9B0
Part of subcall function 000000014000C8E0: #1034.MFC140U ref: 000000014000C9BC
Part of subcall function 000000014000C8E0: #1670.MFC140U ref: 000000014000C9CC
Part of subcall function 000000014000C8E0: #286.MFC140U ref: 000000014000CA0C
Part of subcall function 000000014000C8E0: #8409.MFC140U ref: 000000014000CA18
Part of subcall function 000000014000C8E0: #2903.MFC140U ref: 000000014000CA2A
Part of subcall function 000000014000C8E0: #2903.MFC140U ref: 000000014000CA47
Part of subcall function 000000014000C8E0: #286.MFC140U ref: 000000014000CA62
Part of subcall function 000000014000C8E0: #1034.MFC140U ref: 000000014000CA87
Part of subcall function 000000014000C8E0: #1034.MFC140U ref: 000000014000CA93
Part of subcall function 000000014000C8E0: _wfindnext64i32.API-MS-WIN-CRT-FILESYSTEM-L1-1-0 ref: 000000014000CAA1

#1034.MFC140U ref: 000000014000E7B6
#1034.MFC140U ref: 000000014000E7C2

Part of subcall function 0000000140008650: RegOpenKeyExW.ADVAPI32(?,?,?,?,?,?,00000000,?,?,?,0000000140004D7E), ref: 00000001400086DF
Part of subcall function 0000000140008650: RegOpenKeyExW.ADVAPI32(?,?,?,?,?,?,00000000,?,?,?,0000000140004D7E), ref: 000000014000870C
Part of subcall function 0000000140008650: RegEnumValueW.ADVAPI32 ref: 0000000140008762
Part of subcall function 0000000140008650: #286.MFC140U(?,?,?,?,?,?,00000000,?,?,?,0000000140004D7E), ref: 0000000140008784
Part of subcall function 0000000140008650: #2396.MFC140U(?,?,?,?,?,?,00000000,?,?,?,0000000140004D7E), ref: 0000000140008790
Part of subcall function 0000000140008650: CLSIDFromString.OLE32(?,?,?,?,?,?,00000000,?,?,?,0000000140004D7E), ref: 000000014000879D
Part of subcall function 0000000140008650: new.LIBCMT ref: 00000001400087AA
Part of subcall function 0000000140008650: #286.MFC140U(?,?,?,?,?,?,00000000,?,?,?,0000000140004D7E), ref: 00000001400087C7
Part of subcall function 0000000140008650: #280.MFC140U(?,?,?,?,?,?,00000000,?,?,?,0000000140004D7E), ref: 00000001400087DD

Strings

\system, xrefs: 000000014000E746, 000000014000E790
SCAPS_SAM, xrefs: 000000014000E71E

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #1034$#286$#1501#1641#1670#2903#316Open$#13767#13864#13949#1454#1503#2396#280#285#2921#3203#5674#5709#8409#990EnumFromStringValue_wfindfirst64i32_wfindnext64i32_wgetenv
String ID: SCAPS_SAM$\system
API String ID: 4081448939-659525086
Opcode ID: 527cbe15f40279eb2bda47bce3c17876cf550e04e831170cdc61a6fa00fb6f44
Instruction ID: 8e2839bc5253122b99020d2caad640e4113e5a8ca3972cb7663cd72582809a8a
Opcode Fuzzy Hash: 527cbe15f40279eb2bda47bce3c17876cf550e04e831170cdc61a6fa00fb6f44
Instruction Fuzzy Hash: 40115171215A4092DA12EB52F8543EAA361FB8DBE1F404125FB5E837B8DF7CC949C744

Uniqueness

Uniqueness Score: -1.00%

Function 000000014000F580 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

#10163.MFC140U ref: 000000014000F597
#316.MFC140U ref: 000000014000F5A1
SendMessageW.USER32 ref: 000000014000F5BE
#4656.MFC140U ref: 000000014000F5DF
#1641.MFC140U ref: 000000014000F5EA
SendMessageW.USER32 ref: 000000014000F602
SendMessageW.USER32 ref: 000000014000F62C
#1034.MFC140U ref: 000000014000F638

Strings

All, xrefs: 000000014000F5A8

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: MessageSend$#10163#1034#1641#316#4656
String ID: All
API String ID: 3126581079-55916349
Opcode ID: 7f64d7073094e2f004c11320211169584b77b18bc1c1f85fa11c6d062f1dfab8
Instruction ID: 1499586cb117fe6b27e328e426395b7847c7e55d5708053c763f86b83d00e59c
Opcode Fuzzy Hash: 7f64d7073094e2f004c11320211169584b77b18bc1c1f85fa11c6d062f1dfab8
Instruction Fuzzy Hash: 10113D3221494082E712DF66FC947D92370F789BE5F914135EB5E4BAB8CE39C985C740

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140007A40 Relevance: 15.2, APIs: 10, Instructions: 192COMMON

Download Yara Rule

APIs

#1034.MFC140U ref: 0000000140007A88
memset.VCRUNTIME140 ref: 0000000140007AF3
#316.MFC140U ref: 0000000140007B1D
memset.VCRUNTIME140 ref: 0000000140007B58
#316.MFC140U ref: 0000000140007B82
#1034.MFC140U ref: 0000000140007BBF
memset.VCRUNTIME140 ref: 0000000140007C66
#316.MFC140U ref: 0000000140007C8D
#2344.MFC140U ref: 0000000140007CD3
#2344.MFC140U ref: 0000000140007CD9

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #316memset$#1034#2344
String ID:
API String ID: 287938542-0
Opcode ID: 71a0cf824225a61e65283382ebd5b531a6cff17bcf20f443bb86faadce4407f2
Instruction ID: ca5cfc1050fb12011f753b725e98c75153f9c53aa1b6fb4aa70cdfb20970166b
Opcode Fuzzy Hash: 71a0cf824225a61e65283382ebd5b531a6cff17bcf20f443bb86faadce4407f2
Instruction Fuzzy Hash: C7717FB2711B4482EE1ADF26E550BE86361EB88FC4F148415EB5E4BBB5DF38C452C340

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140006980 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 85windowCOMMON

Download Yara Rule

APIs

#286.MFC140U ref: 0000000140006A12
#280.MFC140U ref: 0000000140006A2D

Part of subcall function 0000000140017570: #316.MFC140U ref: 00000001400175EB
Part of subcall function 0000000140017570: #7893.MFC140U ref: 0000000140017611
Part of subcall function 0000000140017570: #4946.MFC140U ref: 0000000140017627
Part of subcall function 0000000140017570: #12240.MFC140U ref: 0000000140017659
Part of subcall function 0000000140017570: #8409.MFC140U ref: 0000000140017666
Part of subcall function 0000000140017570: #316.MFC140U ref: 0000000140017692
Part of subcall function 0000000140017570: #7893.MFC140U ref: 00000001400176B8
Part of subcall function 0000000140017570: #4946.MFC140U ref: 00000001400176CE
Part of subcall function 0000000140017570: #12240.MFC140U ref: 0000000140017700
Part of subcall function 0000000140017570: #8409.MFC140U ref: 000000014001770D
Part of subcall function 0000000140017570: #8409.MFC140U ref: 0000000140017716
Part of subcall function 0000000140017570: #5674.MFC140U ref: 0000000140017723
Part of subcall function 0000000140017570: #8058.MFC140U ref: 0000000140017734
Part of subcall function 0000000140017570: #1641.MFC140U ref: 000000014001774D

DeleteMenu.USER32 ref: 0000000140006A6D
DeleteMenu.USER32 ref: 0000000140006A7F
DrawMenuBar.USER32 ref: 0000000140006A89
#1034.MFC140U ref: 0000000140006AE1

Strings

{30EABC0D-4EA6-42ee-A20B-B6B786FD38E8}, xrefs: 0000000140006ACC
d:\scaps\dlls\debug\sc_kernel_d.dll, xrefs: 0000000140006A06

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #8409Menu$#12240#316#4946#7893Delete$#1034#1641#280#286#5674#8058Draw
String ID: d:\scaps\dlls\debug\sc_kernel_d.dll${30EABC0D-4EA6-42ee-A20B-B6B786FD38E8}
API String ID: 2254772887-1430226775
Opcode ID: 65aeba0a3d36048d0223383f64b51af22ce4c314a510242db78cb9091d71c865
Instruction ID: e3ed49a891cfdecf8f98b02bcaf7e397b94ace59f2c8e862d0b1866d02619f77
Opcode Fuzzy Hash: 65aeba0a3d36048d0223383f64b51af22ce4c314a510242db78cb9091d71c865
Instruction Fuzzy Hash: D1418F71314F4082EB11DB26E8543AA7361FB8DBE4F448125EB9E576B8DF39C549CB40

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140005F50 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 31COMMON

Download Yara Rule

APIs

#7893.MFC140U ref: 0000000140005F60
#2903.MFC140U ref: 0000000140005F74
#4181.MFC140U ref: 0000000140005F81
_wgetenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0 ref: 0000000140005F8E
#1503.MFC140U ref: 0000000140005F9F
#1670.MFC140U ref: 0000000140005FAF

Strings

\usc1, xrefs: 0000000140005FA5
SCAPS_SAM, xrefs: 0000000140005F87

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #1503#1670#2903#4181#7893_wgetenv
String ID: SCAPS_SAM$\usc1
API String ID: 2997880786-2138987310
Opcode ID: 79eeed031bda7f44e56985081858d160bd8b60adebd0e0362e75a6b75e39a6fd
Instruction ID: 9482507edad3fa5f1f0744bb270843667c5c77225c6c22e15f9e9ba54015a348
Opcode Fuzzy Hash: 79eeed031bda7f44e56985081858d160bd8b60adebd0e0362e75a6b75e39a6fd
Instruction Fuzzy Hash: E1F0A9B474160682FF57AF13B8543E55354AB5DBD6F481029EA1A07270EF3CC989C754

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001BC60 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 21libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32 ref: 000000014001BC72
GetProcAddress.KERNEL32 ref: 000000014001BC8D
GetProcAddress.KERNEL32 ref: 000000014001BCA8
GetProcAddress.KERNEL32 ref: 000000014001BCC3

Strings

SHGetStockIconInfo, xrefs: 000000014001BC7F
SHGetFolderPathW, xrefs: 000000014001BC6B
SHCreateItemFromParsingName, xrefs: 000000014001BCB5
SetCurrentProcessExplicitAppUserModelID, xrefs: 000000014001BC9A

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: AddressProc
String ID: SHCreateItemFromParsingName$SHGetFolderPathW$SHGetStockIconInfo$SetCurrentProcessExplicitAppUserModelID
API String ID: 190572456-469649042
Opcode ID: 07253df12e28b7464bcc7e1c8256820495b022e1734fddfc589c6076915f6997
Instruction ID: 3991db8d17e7fd284bc862b4b8233d3f4f264e10eec172a6b039926b4f0bc31e
Opcode Fuzzy Hash: 07253df12e28b7464bcc7e1c8256820495b022e1734fddfc589c6076915f6997
Instruction Fuzzy Hash: 23016D74941F16D5EB02DF13F8843D523A5B78CBD2F820165F68A47A30DF7C86998304

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001BAA0 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 20libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32 ref: 000000014001BAB2
GetProcAddress.KERNEL32 ref: 000000014001BACD
GetProcAddress.KERNEL32 ref: 000000014001BAE8
GetProcAddress.KERNEL32 ref: 000000014001BB03

Strings

Wow64DisableWow64FsRedirection, xrefs: 000000014001BABF
IsWow64Process, xrefs: 000000014001BAAB
GetModuleHandleExW, xrefs: 000000014001BAF5
Wow64RevertWow64FsRedirection, xrefs: 000000014001BADA

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: AddressProc
String ID: GetModuleHandleExW$IsWow64Process$Wow64DisableWow64FsRedirection$Wow64RevertWow64FsRedirection
API String ID: 190572456-944162643
Opcode ID: a3f2edaebd834ed9d1de4fa52d57833241ec0c6becfafb695ee8625c824f6c04
Instruction ID: 0e99f6a0b139bb8cdb616dfef1f5f523d42bf61de95a9fe11e62065c51a8f0d8
Opcode Fuzzy Hash: a3f2edaebd834ed9d1de4fa52d57833241ec0c6becfafb695ee8625c824f6c04
Instruction Fuzzy Hash: EDF02DB4512B16D1FB029F23F8843D523A0B38D7D2F825226FA5947730DF788659C314

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140002070 Relevance: 13.6, APIs: 9, Instructions: 72windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32 ref: 000000014000209F
GetDC.USER32 ref: 00000001400020AC
SendMessageW.USER32 ref: 00000001400020CB
SelectObject.GDI32 ref: 00000001400020DD
GetTabbedTextExtentW.USER32 ref: 000000014000210E
SendMessageW.USER32 ref: 0000000140002125
SendMessageW.USER32 ref: 0000000140002142
SelectObject.GDI32 ref: 0000000140002154
ReleaseDC.USER32 ref: 0000000140002160

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: MessageSend$ObjectSelect$ExtentReleaseTabbedText
String ID:
API String ID: 144094928-0
Opcode ID: c3bd1eb40d396191cbfb256735e37e0edf686f1e72b264be305bfa35cbd70e3c
Instruction ID: 7b55ba45efeb17c5e994e6f50f389657c95552eaec423127ae7089fa0be1906e
Opcode Fuzzy Hash: c3bd1eb40d396191cbfb256735e37e0edf686f1e72b264be305bfa35cbd70e3c
Instruction Fuzzy Hash: B6318C35200A8082EB25DB23F864B9A6360F78CBE4F409125EF5E47BA9CE39C4818700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140002190 Relevance: 13.6, APIs: 9, Instructions: 69windowCOMMON

Download Yara Rule

APIs

#3599.MFC140U ref: 00000001400021C3
#3599.MFC140U ref: 00000001400021D7
#3599.MFC140U ref: 00000001400021EB
#4335.MFC140U ref: 000000014000222C
#5240.MFC140U ref: 0000000140002239
#4335.MFC140U ref: 000000014000225F
SendMessageW.USER32 ref: 0000000140002276
#5240.MFC140U ref: 0000000140002288
#4335.MFC140U ref: 0000000140002292

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #3599#4335$#5240$MessageSend
String ID:
API String ID: 2862196627-0
Opcode ID: 2bc02cf7e8df492b2f0672bee9300897e7feae4eb040415e93f00a9150af2c45
Instruction ID: 9ca8f3d35c59c0b46ad2f969d4939b872ca0a352e920afe7dd8c566d058a4698
Opcode Fuzzy Hash: 2bc02cf7e8df492b2f0672bee9300897e7feae4eb040415e93f00a9150af2c45
Instruction Fuzzy Hash: 95212FB170568051FB5BDAA3A5553FA1341DB8CBC4F588031BF094FBEACE79C9429310

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400040C0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 62windowCOMMON

Download Yara Rule

APIs

#14128.MFC140U ref: 00000001400040D7

Part of subcall function 0000000140004470: #4335.MFC140U ref: 00000001400044AD
Part of subcall function 0000000140004470: SendMessageW.USER32 ref: 00000001400044D4
Part of subcall function 0000000140004470: _wgetenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0 ref: 00000001400044E1
Part of subcall function 0000000140004470: #286.MFC140U ref: 00000001400044EE
Part of subcall function 0000000140004470: #1670.MFC140U ref: 0000000140004500
Part of subcall function 0000000140004470: #491.MFC140U ref: 000000014000450A
Part of subcall function 0000000140004470: #1641.MFC140U ref: 0000000140004514
Part of subcall function 0000000140004470: #4561.MFC140U ref: 0000000140004524
Part of subcall function 0000000140004470: #316.MFC140U ref: 000000014000452F
Part of subcall function 0000000140004470: #4578.MFC140U ref: 0000000140004564
Part of subcall function 0000000140004470: #5382.MFC140U ref: 0000000140004573
Part of subcall function 0000000140004470: #1501.MFC140U ref: 0000000140004580
Part of subcall function 0000000140004470: #1034.MFC140U ref: 000000014000458B
Part of subcall function 0000000140004470: #316.MFC140U ref: 00000001400045A9
Part of subcall function 0000000140004470: #5674.MFC140U ref: 00000001400045CD
Part of subcall function 0000000140004470: #8452.MFC140U ref: 00000001400045E5
Part of subcall function 0000000140004470: #1501.MFC140U ref: 00000001400045F3

SendMessageW.USER32 ref: 000000014000412E
#8449.MFC140U ref: 000000014000414E

Strings

Please select an available language from the list, xrefs: 0000000140004144
_uc, xrefs: 0000000140004188
Invalid selection, xrefs: 000000014000413D

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #1501#316MessageSend$#1034#14128#1641#1670#286#4335#4561#4578#491#5382#5674#8449#8452_wgetenv
String ID: Invalid selection$Please select an available language from the list$_uc
API String ID: 604312572-2520218188
Opcode ID: 662877c82f6db8b9efbe44abbb855c9d70be41f9a61c399411fc4a6566e83ee8
Instruction ID: 8c95e9b78954d5773a2f376d653b81c98496affcee0f4d17c7ebace12f06f29c
Opcode Fuzzy Hash: 662877c82f6db8b9efbe44abbb855c9d70be41f9a61c399411fc4a6566e83ee8
Instruction Fuzzy Hash: 0D3166B1111A81C2FB669B22F8147E92360E74DBE4F051639BB1A176F2CF3888D9C318

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400048D0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 51COMMON

Download Yara Rule

APIs

#963.MFC140U ref: 00000001400048EC
#280.MFC140U ref: 000000014000490D

Part of subcall function 0000000140018DF0: #316.MFC140U ref: 0000000140018E25
Part of subcall function 0000000140018DF0: #277.MFC140U ref: 0000000140018E38
Part of subcall function 0000000140018DF0: #7893.MFC140U ref: 0000000140018E4A
Part of subcall function 0000000140018DF0: #5674.MFC140U ref: 0000000140018E63
Part of subcall function 0000000140018DF0: #1641.MFC140U ref: 0000000140018E70
Part of subcall function 0000000140018DF0: #13889.MFC140U ref: 0000000140018E81
Part of subcall function 0000000140018DF0: #1501.MFC140U ref: 0000000140018E93
Part of subcall function 0000000140018DF0: #1034.MFC140U ref: 0000000140018E9F
Part of subcall function 0000000140018DF0: #5674.MFC140U ref: 0000000140018EA8
Part of subcall function 0000000140018DF0: #5674.MFC140U ref: 0000000140018EB8
Part of subcall function 0000000140018DF0: #5674.MFC140U ref: 0000000140018ECC
Part of subcall function 0000000140018DF0: #7893.MFC140U ref: 0000000140018EDD
Part of subcall function 0000000140018DF0: #12600.MFC140U ref: 0000000140018EFA
Part of subcall function 0000000140018DF0: #5674.MFC140U ref: 0000000140018F0D
Part of subcall function 0000000140018DF0: #1631.MFC140U ref: 0000000140018F1D
Part of subcall function 0000000140018DF0: #1034.MFC140U ref: 0000000140018F41
Part of subcall function 0000000140018DF0: #3726.MFC140U ref: 0000000140018F5D
Part of subcall function 0000000140018DF0: #1987.MFC140U ref: 0000000140018F6E
Part of subcall function 0000000140018DF0: #12600.MFC140U ref: 0000000140018F84

#2903.MFC140U ref: 000000014000493B
#2903.MFC140U ref: 0000000140004958
#2903.MFC140U ref: 0000000140004975
#1429.MFC140U ref: 000000014000498A

Strings

resource, xrefs: 0000000140004951

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #5674$#2903$#1034#12600#7893$#13889#1429#1501#1631#1641#1987#277#280#316#3726#963
String ID: resource
API String ID: 452270610-3163681814
Opcode ID: 3f0b291b526386bc57c84b67a1919899f427ec4d7461d09949fe87f99c8fa54a
Instruction ID: 6b7a730f397f48ee6beae7bc3f0655f8c0cc9e4aa2a88e4626f56c60fb1a9cf9
Opcode Fuzzy Hash: 3f0b291b526386bc57c84b67a1919899f427ec4d7461d09949fe87f99c8fa54a
Instruction Fuzzy Hash: 99114FB1304A4091EF32CB16F8503EA6364FB99BD4F48412AAB5D471FAEF39C904C740

Uniqueness

Uniqueness Score: -1.00%

Function 000000014000F8D0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 50windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32 ref: 000000014000F909
#489.MFC140U ref: 000000014000F94F
#3952.MFC140U ref: 000000014000F95A
#1121.MFC140U ref: 000000014000F992

Part of subcall function 0000000140010060: #1641.MFC140U(?,?,?,?,?,?,?,000000014000F980), ref: 00000001400100A4
Part of subcall function 0000000140010060: _wfopen.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,000000014000F980), ref: 00000001400100B4
Part of subcall function 0000000140010060: SendMessageW.USER32(?,?,?,?,?,?,?,000000014000F980), ref: 00000001400100D8
Part of subcall function 0000000140010060: memset.VCRUNTIME140(?,?,?,?,?,?,?,000000014000F980), ref: 000000014001010A
Part of subcall function 0000000140010060: #316.MFC140U(?,?,?,?,?,?,?,000000014000F980), ref: 000000014001012C
Part of subcall function 0000000140010060: SendMessageW.USER32(?,?,?,?,?,?,?,000000014000F980), ref: 0000000140010156
Part of subcall function 0000000140010060: #1670.MFC140U(?,?,?,?,?,?,?,000000014000F980), ref: 0000000140010164
Part of subcall function 0000000140010060: #1670.MFC140U(?,?,?,?,?,?,?,000000014000F980), ref: 0000000140010175
Part of subcall function 0000000140010060: #1670.MFC140U(?,?,?,?,?,?,?,000000014000F980), ref: 000000014001018D
Part of subcall function 0000000140010060: #1641.MFC140U(?,?,?,?,?,?,?,000000014000F980), ref: 0000000140010197

#1034.MFC140U ref: 000000014000F986

Strings

*.txt, xrefs: 000000014000F941
Text Files (*.txt)|*.txt||, xrefs: 000000014000F92A

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #1670MessageSend$#1641$#1034#1121#316#3952#489_wfopenmemset
String ID: *.txt$Text Files (*.txt)|*.txt||
API String ID: 4079428314-2010474421
Opcode ID: 99c5f6c0e467dfb8d75208d8480fe6aaffeec021d1c2421f84c9e728d11c5765
Instruction ID: 27cf33010ba84ae84c1ed8d94c50fec3f76f464e74c1f92f0d5c25319aad973c
Opcode Fuzzy Hash: 99c5f6c0e467dfb8d75208d8480fe6aaffeec021d1c2421f84c9e728d11c5765
Instruction Fuzzy Hash: 59116A32224A8192EB21DB22F8507EB7361F7D97A4F405125B69D87AB5DF79C504CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400043B0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 43windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32 ref: 00000001400043E6
#316.MFC140U ref: 00000001400043F6
SendMessageW.USER32 ref: 000000014000440F
#5672.MFC140U ref: 0000000140004424
#2903.MFC140U ref: 0000000140004435
#1034.MFC140U ref: 0000000140004447

Strings

english, xrefs: 0000000140004429

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: MessageSend$#1034#2903#316#5672
String ID: english
API String ID: 1232171395-746783232
Opcode ID: 942be12eb9990b11be582d82830c9e88e911ae7e9180f6c2f215cc99ec5a69a5
Instruction ID: 4f2f51838ae4b045997a538316e7a326165c5fc424960ced80208fa0cb679a51
Opcode Fuzzy Hash: 942be12eb9990b11be582d82830c9e88e911ae7e9180f6c2f215cc99ec5a69a5
Instruction Fuzzy Hash: 85115E76614D8082E7119B26F8547DAA321F7C9BA4F904226EB6E47EF8DF38C846C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001B500 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 37COMMON

Download Yara Rule

APIs

#2212.MFC140U ref: 000000014001B515
#1503.MFC140U ref: 000000014001B53C
#1670.MFC140U ref: 000000014001B550
#1670.MFC140U ref: 000000014001B575
#1641.MFC140U ref: 000000014001B57E

Strings

- , xrefs: 000000014001B542
Error, xrefs: 000000014001B564

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #1670$#1503#1641#2212
String ID: - $Error
API String ID: 1520059175-255195998
Opcode ID: 487caef89a1e453011208953934fbadbc5d05c5dbc7ca261341b83771d667360
Instruction ID: e9596d7f211981e30bfdf83fe27b3fe133b26e0ee55ded9f16e2fc98a0915ef2
Opcode Fuzzy Hash: 487caef89a1e453011208953934fbadbc5d05c5dbc7ca261341b83771d667360
Instruction Fuzzy Hash: 0001ED71200B8191EF669F16F984399A362F748BD1F489025AB5E076B9EF79C894C344

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140004250 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 36windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32 ref: 0000000140004274
#316.MFC140U ref: 0000000140004284
SendMessageW.USER32 ref: 000000014000429D
#4656.MFC140U ref: 00000001400042CA
#14128.MFC140U ref: 00000001400042D5
#1034.MFC140U ref: 00000001400042E0

Strings

sc_%s, xrefs: 00000001400042C3

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: MessageSend$#1034#14128#316#4656
String ID: sc_%s
API String ID: 2753284889-400337923
Opcode ID: 2d20b00bb93d0dd8748d808c8c000a650f20314ec4948a0cbc796d7b4515bfe2
Instruction ID: 2b34b63591dfc3629ccc49b580fbafcc48c4e9a24410dfd4f47da32dd1a2c4e0
Opcode Fuzzy Hash: 2d20b00bb93d0dd8748d808c8c000a650f20314ec4948a0cbc796d7b4515bfe2
Instruction Fuzzy Hash: 4301D43621498082E711EB26EC547D92321E7C9BB5F905231FB2D4BAF4CF38C94AC744

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400029D0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 32windowCOMMON

Download Yara Rule

APIs

#2212.MFC140U ref: 00000001400029EC
#2514.MFC140U ref: 00000001400029F5
#286.MFC140U ref: 0000000140002A07
#1641.MFC140U ref: 0000000140002A13
SendMessageW.USER32 ref: 0000000140002A2C

Part of subcall function 0000000140002610: SendMessageW.USER32 ref: 0000000140002FF2
Part of subcall function 0000000140002610: #316.MFC140U ref: 0000000140003002
Part of subcall function 0000000140002610: SendMessageW.USER32 ref: 000000014000301B
Part of subcall function 0000000140002610: #6775.MFC140U ref: 0000000140003030
Part of subcall function 0000000140002610: #1034.MFC140U ref: 0000000140003062

#1034.MFC140U ref: 0000000140002A40

Part of subcall function 0000000140001DA0: #2212.MFC140U ref: 0000000140001DC2

Strings

sc_settings.sam, xrefs: 00000001400029FB

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: MessageSend$#1034#2212$#1641#2514#286#316#6775
String ID: sc_settings.sam
API String ID: 59971034-3625927955
Opcode ID: 9c5d20f2b6f0dd50e2456df4481b6d9bee6da1848a4e038b8e9011b3232d9239
Instruction ID: 6341abde51eceb5d3f8808a4cd1f9ecf2dd0ff8d3b4cb4887e94b0dab94c4a47
Opcode Fuzzy Hash: 9c5d20f2b6f0dd50e2456df4481b6d9bee6da1848a4e038b8e9011b3232d9239
Instruction Fuzzy Hash: 86018171500A4092EA12AF26E8543E96320F7CA7B5F541321BB7E872F6DF39C986C350

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400023A0 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 30COMMON

Download Yara Rule

APIs

#8449.MFC140U ref: 00000001400023BD

Part of subcall function 0000000140002F30: #316.MFC140U ref: 0000000140002F4F
Part of subcall function 0000000140002F30: SendMessageW.USER32 ref: 0000000140002F68
Part of subcall function 0000000140002F30: #1034.MFC140U ref: 0000000140002FA8

Strings

Do you want to import USC-2 Settings? This will overwrite your current USC-3 Settings!, xrefs: 00000001400023B3
Error during import., xrefs: 0000000140002403
Error, xrefs: 00000001400023FC
Are you sure?, xrefs: 00000001400023AC
Settings have been imported., xrefs: 00000001400023E5
Imported, xrefs: 00000001400023DE

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #1034#316#8449MessageSend
String ID: Are you sure?$Do you want to import USC-2 Settings? This will overwrite your current USC-3 Settings!$Error$Error during import.$Imported$Settings have been imported.
API String ID: 3616906317-510882746
Opcode ID: 1fb6b7b9454e8995eac1cb793e040c0d00eb8bb3df7e7e29ebdaa229beb0dbad
Instruction ID: 3bb3ed0bcd3e2702e2034cb4043922034b09e489526f3d3e08a59f6a19a1d60a
Opcode Fuzzy Hash: 1fb6b7b9454e8995eac1cb793e040c0d00eb8bb3df7e7e29ebdaa229beb0dbad
Instruction Fuzzy Hash: 48F05EB061068680FA6AD747B441BE41355A71C7CCF842026FB1C1F2B5DA79CAEAC345

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001AAC0 Relevance: 12.1, APIs: 8, Instructions: 58stringwindowCOMMON

Download Yara Rule

APIs

GetDC.USER32 ref: 000000014001AAE5
#4721.MFC140U ref: 000000014001AAEE
SendMessageW.USER32 ref: 000000014001AB04
#4722.MFC140U ref: 000000014001AB0D
GetTextMetricsW.GDI32 ref: 000000014001AB2B
lstrlenW.KERNEL32 ref: 000000014001AB34
GetTextExtentPoint32W.GDI32 ref: 000000014001AB49
ReleaseDC.USER32 ref: 000000014001AB6F

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: Text$#4721#4722ExtentMessageMetricsPoint32ReleaseSendlstrlen
String ID:
API String ID: 2501181807-0
Opcode ID: 8a89f8da2cc950e6d0fd8c4e46849bc8d7c3fd5044f83a9cfbfe021559311b59
Instruction ID: f61ca0faed147940e1395c6af17a04eb864833cc86c34fc1251023a469b17e11
Opcode Fuzzy Hash: 8a89f8da2cc950e6d0fd8c4e46849bc8d7c3fd5044f83a9cfbfe021559311b59
Instruction Fuzzy Hash: B0212936204A4087EB15DB22E9547AD77A0FB8DFD5F004126EF4D47B25DF38D5558B00

Uniqueness

Uniqueness Score: -1.00%

Function 000000014000ED80 Relevance: 12.0, APIs: 8, Instructions: 44COMMON

Download Yara Rule

APIs

#3697.MFC140U ref: 000000014000ED9F
#3687.MFC140U ref: 000000014000EDB3
#3687.MFC140U ref: 000000014000EDC7
#3687.MFC140U ref: 000000014000EDDB
#3687.MFC140U ref: 000000014000EDEF
#3697.MFC140U ref: 000000014000EE03
#3697.MFC140U ref: 000000014000EE17
#3687.MFC140U ref: 000000014000EE2B

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #3687$#3697
String ID:
API String ID: 4293394273-0
Opcode ID: 5be5187e8c2aa9053d6b1313b37e61a09aecf72b5e97e797cf10d5e224ee4938
Instruction ID: 090fd3e5126879560a2ec091fc31062f901a09ba01e5ae1a19ea725b984e37b2
Opcode Fuzzy Hash: 5be5187e8c2aa9053d6b1313b37e61a09aecf72b5e97e797cf10d5e224ee4938
Instruction Fuzzy Hash: 7B11EDB5214AC4A1E705EAA2C2553FD1322D78DBC4F988032EF151FB9ACF39C58A8355

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140019030 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 97COMMON

Download Yara Rule

APIs

memmove.VCRUNTIME140 ref: 00000001400190EB
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 000000014001910D
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 000000014001911D
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 000000014001912D
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 000000014001913A

Strings

AAD, xrefs: 000000014001903F

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$memmove
String ID: AAD
API String ID: 15630516-382387496
Opcode ID: 2393f8aa68bd25f5e9998d0da0af4343a7cfbfc6bdeac9fae4b75f88c15a59c1
Instruction ID: 8e0287a713b0b72bce848e7139f99902966cfc5c32a82b804afe748ddc1d4ceb
Opcode Fuzzy Hash: 2393f8aa68bd25f5e9998d0da0af4343a7cfbfc6bdeac9fae4b75f88c15a59c1
Instruction Fuzzy Hash: 8C318231605B4591FB1ADB2BE54839962A1E74CFE4F504624AB7A0BBFDCF7AC491C380

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140003450 Relevance: 10.6, APIs: 7, Instructions: 53windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32 ref: 0000000140003479
#316.MFC140U ref: 00000001400034B5
#4656.MFC140U ref: 00000001400034CB
#1641.MFC140U ref: 00000001400034D6
SendMessageW.USER32 ref: 00000001400034EE
#1034.MFC140U ref: 00000001400034FA
SendMessageW.USER32 ref: 000000014000351E

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: MessageSend$#1034#1641#316#4656
String ID:
API String ID: 3219447933-0
Opcode ID: ecc23f12ea5f2571ab2128e76a309ceb6b8b6c2023af6f492349da7c2eff4209
Instruction ID: eb793f55b46ac2e51b466d032506884f623ace2672d390dae55f5d1135bca942
Opcode Fuzzy Hash: ecc23f12ea5f2571ab2128e76a309ceb6b8b6c2023af6f492349da7c2eff4209
Instruction Fuzzy Hash: AA21903230498083EB12DB6AF8907DAA370F789BE5F505125EB5E43AB4CF38C945C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140005870 Relevance: 10.5, APIs: 7, Instructions: 43COMMON

Download Yara Rule

APIs

#5709.MFC140U ref: 00000001400058A4
#285.MFC140U ref: 00000001400058B0
#5674.MFC140U ref: 00000001400058C1
#1641.MFC140U ref: 00000001400058CC
#5674.MFC140U ref: 00000001400058D8
#1641.MFC140U ref: 00000001400058E3
#2921.MFC140U ref: 00000001400058F9

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #1641#5674$#285#2921#5709
String ID:
API String ID: 4072202163-0
Opcode ID: dded5d62fb654c22c7fabb0754cc286c73e692c5f5dae549878159dc55d50347
Instruction ID: 27fb229e9956a2a485406ae266413dec3d7eb9526f40f310b2d17dd4d9f19a8e
Opcode Fuzzy Hash: dded5d62fb654c22c7fabb0754cc286c73e692c5f5dae549878159dc55d50347
Instruction Fuzzy Hash: 08014C75204B408ADB429F17B85439AA6A0F78DFE1F144228FF9A437B4CF3CC8458B00

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400181E0 Relevance: 10.5, APIs: 1, Strings: 5, Instructions: 35COMMON

Download Yara Rule

APIs

#12582.MFC140U ref: 0000000140018260

Strings

[ID], xrefs: 0000000140018204
[Power], xrefs: 0000000140018259
[Speed], xrefs: 0000000140018243
[Name], xrefs: 000000014001822A
[ScannerStyle], xrefs: 000000014001826F

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #12582
String ID: [ID]$[Name]$[Power]$[ScannerStyle]$[Speed]
API String ID: 192003367-2715249472
Opcode ID: 82b043c6d83b6479c6898fcf54473a87795ca3e9e677c69f1480ecb2ffd7a50b
Instruction ID: f4fe6d5134e681e1e3257350ce5acbcbaaf8dff47167b92586e0e245a5886a4e
Opcode Fuzzy Hash: 82b043c6d83b6479c6898fcf54473a87795ca3e9e677c69f1480ecb2ffd7a50b
Instruction Fuzzy Hash: A30188B6600B8090E712DF1AE1403EA6362F78CBC4F844222EF185BA79DF79C296C340

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140007060 Relevance: 10.5, APIs: 7, Instructions: 32COMMON

Download Yara Rule

APIs

Part of subcall function 000000014000F660: #446.MFC140U(?,?,?,?,?,0000000140007081), ref: 000000014000F683
Part of subcall function 000000014000F660: #316.MFC140U(?,?,?,?,?,0000000140007081), ref: 000000014000F6A7
Part of subcall function 000000014000F660: #316.MFC140U(?,?,?,?,?,0000000140007081), ref: 000000014000F6B5
Part of subcall function 000000014000F660: #316.MFC140U(?,?,?,?,?,0000000140007081), ref: 000000014000F6C3
Part of subcall function 000000014000F660: #990.MFC140U(?,?,?,?,?,0000000140007081), ref: 000000014000F6D9

#3951.MFC140U ref: 000000014000708F
#1158.MFC140U ref: 000000014000709D
#1034.MFC140U ref: 00000001400070AB
#1034.MFC140U ref: 00000001400070BA
#1034.MFC140U ref: 00000001400070C9
#1149.MFC140U ref: 00000001400070D8
#1089.MFC140U ref: 00000001400070E3

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #1034#316$#1089#1149#1158#3951#446#990
String ID:
API String ID: 4187025814-0
Opcode ID: ff2f9b175d14cf58f2b4a68e31c09ab2d7635e51f842243ad1af5ca44317ed00
Instruction ID: a0d0ef05476f8033651d91773968adc7a009b986a6be053a489e2921487e368b
Opcode Fuzzy Hash: ff2f9b175d14cf58f2b4a68e31c09ab2d7635e51f842243ad1af5ca44317ed00
Instruction Fuzzy Hash: 41014931125984A3E632FB51E8543EA6320FBD9761F405221B39E875F5DF38CA48D704

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140002940 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 32windowCOMMON

Download Yara Rule

APIs

#2212.MFC140U ref: 000000014000295C
#286.MFC140U ref: 0000000140002977
#1641.MFC140U ref: 0000000140002983
SendMessageW.USER32 ref: 000000014000299C

Part of subcall function 0000000140002610: SendMessageW.USER32 ref: 0000000140002FF2
Part of subcall function 0000000140002610: #316.MFC140U ref: 0000000140003002
Part of subcall function 0000000140002610: SendMessageW.USER32 ref: 000000014000301B
Part of subcall function 0000000140002610: #6775.MFC140U ref: 0000000140003030
Part of subcall function 0000000140002610: #1034.MFC140U ref: 0000000140003062

#1034.MFC140U ref: 00000001400029B0

Part of subcall function 0000000140001DA0: #2212.MFC140U ref: 0000000140001DC2

Strings

sc_light_settings.sam, xrefs: 000000014000296B

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: MessageSend$#1034#2212$#1641#286#316#6775
String ID: sc_light_settings.sam
API String ID: 246176484-877870852
Opcode ID: dc42be9e34365eaf9106e4b933f9812fc635c6cf928364a271bb4a928cc8163a
Instruction ID: 2d1f005663514f98f3dbc5df68b71d3e3e25f1a4fa019c94d449cb976a6426a5
Opcode Fuzzy Hash: dc42be9e34365eaf9106e4b933f9812fc635c6cf928364a271bb4a928cc8163a
Instruction Fuzzy Hash: 9C018C71510A4092EA02AF26E8543E96320F7CA7B5F540321FB7E872F6DF39C98AC350

Uniqueness

Uniqueness Score: -1.00%

Function 000000014000F370 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 19COMMON

Download Yara Rule

APIs

#10163.MFC140U ref: 000000014000F379
_wgetenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0 ref: 000000014000F385
#1503.MFC140U ref: 000000014000F3A1
#14128.MFC140U ref: 000000014000F3AC

Strings

not set, xrefs: 000000014000F39A
SCAPS_SAM, xrefs: 000000014000F37E

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #10163#14128#1503_wgetenv
String ID: SCAPS_SAM$not set
API String ID: 2021240957-749412861
Opcode ID: 29d6716a685c47e0214e6be35493b1e623e1beced9765e8516c6acb774df048a
Instruction ID: 8a615ca013ecb27d8644921799615c0daf2052076133100bd9bab52fba45e086
Opcode Fuzzy Hash: 29d6716a685c47e0214e6be35493b1e623e1beced9765e8516c6acb774df048a
Instruction Fuzzy Hash: CBE046B0701A1181FF07EB27A8643E41391AB5CBC1F884024AA0D0B2B1EF39CA8A8700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014000D720 Relevance: 9.1, APIs: 6, Instructions: 121COMMON

Download Yara Rule

APIs

Part of subcall function 00000001400074F0: #1034.MFC140U ref: 0000000140007543

qsort.API-MS-WIN-CRT-UTILITY-L1-1-0 ref: 000000014000D792
#2344.MFC140U ref: 000000014000D8C7
#2344.MFC140U ref: 000000014000D8CD
#2344.MFC140U ref: 000000014000D8D3
#2344.MFC140U ref: 000000014000D8D9
#2344.MFC140U ref: 000000014000D8DF

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #2344$#1034qsort
String ID:
API String ID: 758096488-0
Opcode ID: ca23115a8aceb006f68b4db586b40f5a5fbd2d91d6d8e3d02444b02db9092539
Instruction ID: e8cb3b252d52f8fcbd722b3ecb45179e26cbb3412b67af1822cdc20a6a628797
Opcode Fuzzy Hash: ca23115a8aceb006f68b4db586b40f5a5fbd2d91d6d8e3d02444b02db9092539
Instruction Fuzzy Hash: 47413CF2710A40A2EA06DB6BE5847DE3762F789BD4F404413EB1D07AE6DF36E1A48350

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400109E0 Relevance: 9.1, APIs: 6, Instructions: 107COMMON

Download Yara Rule

APIs

#14278.MFC140U ref: 0000000140010A00
#12087.MFC140U ref: 0000000140010A0A
#14225.MFC140U ref: 0000000140010AF9

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #12087#14225#14278
String ID:
API String ID: 300454724-0
Opcode ID: 8f945e7395c74f76a9342d21f7474c8562e8c153ab6258ca8ebe80267d86673f
Instruction ID: 199fbd3cbf8716d79d5e4ad0b3f972bba959ca09ad5f6864c6ae785c5b04f77e
Opcode Fuzzy Hash: 8f945e7395c74f76a9342d21f7474c8562e8c153ab6258ca8ebe80267d86673f
Instruction Fuzzy Hash: 2D31F97631469086EA26CE17D1807E9A3A1FB4DBD4F185221FF990F7A5DF3AC452C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400199E0 Relevance: 9.1, APIs: 6, Instructions: 84COMMON

Download Yara Rule

APIs

#1641.MFC140U ref: 0000000140019A3A
#306.MFC140U ref: 0000000140019A48
#1034.MFC140U ref: 0000000140019AC6
#1034.MFC140U ref: 0000000140019AD0
#1034.MFC140U ref: 0000000140019AE8
#1034.MFC140U ref: 0000000140019AF2

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #1034$#1641#306
String ID:
API String ID: 2083336510-0
Opcode ID: 98ef8f44e0a4aa7cf7d619bfac279f5832cc5026f637907e15ef0a2450d8756b
Instruction ID: 79ff52986fa6f2da5fad82a28215a51e9c87b1dbe392dad3c8be44fd96f2498e
Opcode Fuzzy Hash: 98ef8f44e0a4aa7cf7d619bfac279f5832cc5026f637907e15ef0a2450d8756b
Instruction Fuzzy Hash: 28313D76204B4486DB11DF2AE4503ADB7A0FB8EFE4F444215EB5D477A4CB39C845CB81

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400067C0 Relevance: 9.1, APIs: 6, Instructions: 73COMMON

Download Yara Rule

APIs

memmove.VCRUNTIME140(00000000,?,00000000,000000014000D87E), ref: 0000000140006839
memset.VCRUNTIME140(00000000,?,00000000,000000014000D87E), ref: 0000000140006851
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,?,00000000,000000014000D87E), ref: 0000000140006889
_invalid_parameter_noinfo.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0000000140006895
#2344.MFC140U ref: 000000014000689B
#2344.MFC140U(00000000,?,00000000,000000014000D87E), ref: 00000001400068A1

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #2344$_errno_invalid_parameter_noinfomemmovememset
String ID:
API String ID: 237665636-0
Opcode ID: e3286b11a6e9bdc5f1ac6ac3a7b8465aa228a4b900e3e32f7211edc7ef78c986
Instruction ID: 0732cd6fe7bc7e410385f3b6a78e586ed5163b425d73bbcf12838b478f61a754
Opcode Fuzzy Hash: e3286b11a6e9bdc5f1ac6ac3a7b8465aa228a4b900e3e32f7211edc7ef78c986
Instruction Fuzzy Hash: 46219DB1601A8492FE06EB27E5443E9A722FB58BE4F548625EF290B2B1EF39C455C300

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140001AC0 Relevance: 9.1, APIs: 6, Instructions: 67COMMON

Download Yara Rule

APIs

#446.MFC140U ref: 0000000140001AE5
#316.MFC140U ref: 0000000140001AFC
#990.MFC140U ref: 0000000140001B4D
#990.MFC140U ref: 0000000140001B65
#990.MFC140U ref: 0000000140001B7D
#990.MFC140U ref: 0000000140001BA6

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #990$#316#446
String ID:
API String ID: 2261328260-0
Opcode ID: 1c265ce24756e2efda886974be89ce2c8ed62353b30a6c5f304e07f180898355
Instruction ID: 889cb747fdc9cf4cab78f44adaf046e2e6f57253f97f45c3e551d29e8feba034
Opcode Fuzzy Hash: 1c265ce24756e2efda886974be89ce2c8ed62353b30a6c5f304e07f180898355
Instruction Fuzzy Hash: 83311C36245B84A2D7069F62FD403D9B368F78D7A0F485225EB9C43765EF38E564C300

Uniqueness

Uniqueness Score: -1.00%

Function 000000014000E7E0 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,0000000140009739,?,?,?,?,0000000140007C52), ref: 000000014000E802
_invalid_parameter_noinfo.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,0000000140009739,?,?,?,?,0000000140007C52), ref: 000000014000E80E
memmove.VCRUNTIME140(?,?,?,0000000140009739,?,?,?,?,0000000140007C52), ref: 000000014000E839
memset.VCRUNTIME140(?,?,?,0000000140009739,?,?,?,?,0000000140007C52), ref: 000000014000E855
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,0000000140009739,?,?,?,?,0000000140007C52), ref: 000000014000E864
_invalid_parameter_noinfo.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,0000000140009739,?,?,?,?,0000000140007C52), ref: 000000014000E870

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: _errno_invalid_parameter_noinfo$memmovememset
String ID:
API String ID: 3340966502-0
Opcode ID: 4c2240299c0176b999650d94e348b15fcc4458cff75939ab32b01f7b799224f0
Instruction ID: fa88c84f27e1efb7b3b4dfb3d8e4723acdf33c9647c5b35276c147f7761b3934
Opcode Fuzzy Hash: 4c2240299c0176b999650d94e348b15fcc4458cff75939ab32b01f7b799224f0
Instruction Fuzzy Hash: A311C071B14AA082FB929B57F50439AA250EB4CFD0F489424FF5927B6ADE38C9828700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140019B10 Relevance: 9.0, APIs: 6, Instructions: 44fileCOMMON

Download Yara Rule

APIs

UnmapViewOfFile.KERNEL32 ref: 0000000140019B22
CloseHandle.KERNEL32 ref: 0000000140019B31
CloseHandle.KERNEL32 ref: 0000000140019B40
CloseHandle.KERNEL32 ref: 0000000140019B4F
CloseHandle.KERNEL32 ref: 0000000140019B5E
CloseHandle.KERNEL32 ref: 0000000140019B6D

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: CloseHandle$FileUnmapView
String ID:
API String ID: 260491571-0
Opcode ID: f406de3e7214e2da020c39752e789caa9592a704fa8602c8d26eda81289c1f54
Instruction ID: c96f641ada3960a848c4f952296a769b0f00d27361fd55e792827bbe5d800a68
Opcode Fuzzy Hash: f406de3e7214e2da020c39752e789caa9592a704fa8602c8d26eda81289c1f54
Instruction Fuzzy Hash: 9111CB76202B40CAEB96DF66E49036833E4FB4CF58F144228AB4E87368DF34C854C750

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140003960 Relevance: 9.0, APIs: 6, Instructions: 40COMMON

Download Yara Rule

APIs

#5709.MFC140U(?,?,?,?,?,?,?,?,000000014000943B), ref: 0000000140003994
#285.MFC140U(?,?,?,?,?,?,?,?,000000014000943B), ref: 00000001400039A0
#13949.MFC140U(?,?,?,?,?,?,?,?,000000014000943B), ref: 00000001400039B1
#5674.MFC140U(?,?,?,?,?,?,?,?,000000014000943B), ref: 00000001400039BC
#1641.MFC140U(?,?,?,?,?,?,?,?,000000014000943B), ref: 00000001400039C7
#2921.MFC140U(?,?,?,?,?,?,?,?,000000014000943B), ref: 00000001400039DD

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #13949#1641#285#2921#5674#5709
String ID:
API String ID: 3514866421-0
Opcode ID: 95fb22bdd5748ae89e1e258c129188889899e24b6afe342dc2181eced604ce23
Instruction ID: 9078f233cdac264f301e6a9eae95f769ad0db88d423fd6697089804a32a0f335
Opcode Fuzzy Hash: 95fb22bdd5748ae89e1e258c129188889899e24b6afe342dc2181eced604ce23
Instruction Fuzzy Hash: BC011A75204B408AE7429F17B85435AA6A0F78DFE1F144228FE9A437A8CF7CC8468B00

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400049A0 Relevance: 9.0, APIs: 6, Instructions: 38COMMON

Download Yara Rule

APIs

#963.MFC140U ref: 00000001400049BC
#280.MFC140U ref: 00000001400049DD

Part of subcall function 0000000140018DF0: #316.MFC140U ref: 0000000140018E25
Part of subcall function 0000000140018DF0: #277.MFC140U ref: 0000000140018E38
Part of subcall function 0000000140018DF0: #7893.MFC140U ref: 0000000140018E4A
Part of subcall function 0000000140018DF0: #5674.MFC140U ref: 0000000140018E63
Part of subcall function 0000000140018DF0: #1641.MFC140U ref: 0000000140018E70
Part of subcall function 0000000140018DF0: #13889.MFC140U ref: 0000000140018E81
Part of subcall function 0000000140018DF0: #1501.MFC140U ref: 0000000140018E93
Part of subcall function 0000000140018DF0: #1034.MFC140U ref: 0000000140018E9F
Part of subcall function 0000000140018DF0: #5674.MFC140U ref: 0000000140018EA8
Part of subcall function 0000000140018DF0: #5674.MFC140U ref: 0000000140018EB8
Part of subcall function 0000000140018DF0: #5674.MFC140U ref: 0000000140018ECC
Part of subcall function 0000000140018DF0: #7893.MFC140U ref: 0000000140018EDD
Part of subcall function 0000000140018DF0: #12600.MFC140U ref: 0000000140018EFA
Part of subcall function 0000000140018DF0: #5674.MFC140U ref: 0000000140018F0D
Part of subcall function 0000000140018DF0: #1631.MFC140U ref: 0000000140018F1D
Part of subcall function 0000000140018DF0: #1034.MFC140U ref: 0000000140018F41
Part of subcall function 0000000140018DF0: #3726.MFC140U ref: 0000000140018F5D
Part of subcall function 0000000140018DF0: #1987.MFC140U ref: 0000000140018F6E
Part of subcall function 0000000140018DF0: #12600.MFC140U ref: 0000000140018F84

#8058.MFC140U ref: 0000000140004A0D
#2903.MFC140U ref: 0000000140004A1E
#1034.MFC140U ref: 0000000140004A31
#1429.MFC140U ref: 0000000140004A3D

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #5674$#1034$#12600#7893$#13889#1429#1501#1631#1641#1987#277#280#2903#316#3726#8058#963
String ID:
API String ID: 4204713746-0
Opcode ID: 3945c6e90e40aaaa6c3d2b8face41966267d3b364f5c10086d0477b7502b3e18
Instruction ID: 402e7552097d5bbac693f5a30708c5983d98f7f3a405d5f63ac3a53a2ca84b7e
Opcode Fuzzy Hash: 3945c6e90e40aaaa6c3d2b8face41966267d3b364f5c10086d0477b7502b3e18
Instruction Fuzzy Hash: 00011231204A4092DB31DB11E8543DA6320F7D97E1F405215EA9E876F9DF3CC949C740

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400059C0 Relevance: 9.0, APIs: 6, Instructions: 38COMMON

Download Yara Rule

APIs

#5709.MFC140U ref: 00000001400059F6
#285.MFC140U ref: 0000000140005A02
#5674.MFC140U ref: 0000000140005A13
#1641.MFC140U ref: 0000000140005A1E
#13949.MFC140U ref: 0000000140005A2A
#2921.MFC140U ref: 0000000140005A40

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #13949#1641#285#2921#5674#5709
String ID:
API String ID: 3514866421-0
Opcode ID: fe4454e29431e9e240a21dbdd56b6c34e663fc0a426fcf280954ab3ff69d2d88
Instruction ID: 3005605ebd5c5c49ab9fa0895ccb5f7ea98b8257045587a2fdf61f279669be26
Opcode Fuzzy Hash: fe4454e29431e9e240a21dbdd56b6c34e663fc0a426fcf280954ab3ff69d2d88
Instruction Fuzzy Hash: 9001E575214B808ADB419F17B85435AB7A0F78DFE1F184228EE9A47BA8CF7CD4458B00

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400166B0 Relevance: 9.0, APIs: 6, Instructions: 36COMMON

Download Yara Rule

APIs

?_Xbad_alloc@std@@YAXXZ.MSVCP140 ref: 00000001400166CF
?_Xbad_alloc@std@@YAXXZ.MSVCP140 ref: 00000001400166F0
new.LIBCMT ref: 00000001400166FA
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0000000140016707

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: Xbad_alloc@std@@$_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 2582267257-0
Opcode ID: dd219381801aafce69ff5c7435c6525f0e319de0f635253ec51a22d4db6ad478
Instruction ID: 99ac9017210b8faac4b8305a10ed672151b4622ec526fd4b2fc9ff8b8c01992c
Opcode Fuzzy Hash: dd219381801aafce69ff5c7435c6525f0e319de0f635253ec51a22d4db6ad478
Instruction Fuzzy Hash: 1DF04FB5B12A0591EE1AE773A99539821A05B5C7F0F800B29B77D077F4FE7D489A8200

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140008AC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 91COMMON

Download Yara Rule

APIs

Part of subcall function 00000001400060D0: CoCreateInstance.OLE32 ref: 0000000140006127

Part of subcall function 0000000140006050: CoCreateInstance.OLE32 ref: 00000001400060A7

Part of subcall function 0000000140001AC0: #446.MFC140U ref: 0000000140001AE5
Part of subcall function 0000000140001AC0: #316.MFC140U ref: 0000000140001AFC
Part of subcall function 0000000140001AC0: #990.MFC140U ref: 0000000140001B4D
Part of subcall function 0000000140001AC0: #990.MFC140U ref: 0000000140001B65
Part of subcall function 0000000140001AC0: #990.MFC140U ref: 0000000140001B7D
Part of subcall function 0000000140001AC0: #990.MFC140U ref: 0000000140001BA6

#280.MFC140U ref: 0000000140008B8A
#1501.MFC140U ref: 0000000140008BA3
#1034.MFC140U ref: 0000000140008BAD
#3951.MFC140U ref: 0000000140008BB8

Strings

No valid license for Hardware Settings!, xrefs: 0000000140008C01

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #990$CreateInstance$#1034#1501#280#316#3951#446
String ID: No valid license for Hardware Settings!
API String ID: 3958136817-3879884527
Opcode ID: d1c88f3c64c6ec5bf2d6805a8ff9843b28aed8cf0b3acc52152f5056a84cb5e3
Instruction ID: b739020cae12f9fb4a6b3f13a9524b9413be13b6cadacb72a888c02d468d4aca
Opcode Fuzzy Hash: d1c88f3c64c6ec5bf2d6805a8ff9843b28aed8cf0b3acc52152f5056a84cb5e3
Instruction Fuzzy Hash: 66413972205A4081EA66DF26E4A03EA7361FB8CBD0F488125AF9E477A5DF39C559C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400078B0 Relevance: 7.6, APIs: 5, Instructions: 120COMMONLIBRARYCODE

Download Yara Rule

APIs

memset.VCRUNTIME140 ref: 0000000140007936
memset.VCRUNTIME140 ref: 000000014000796A
#2344.MFC140U ref: 0000000140007A2B
#2344.MFC140U ref: 0000000140007A31

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #2344memset
String ID:
API String ID: 1732844871-0
Opcode ID: 135310086f78d179a52249350fe7cbc21b2ec262490949f2f2da5714f8d6ab3d
Instruction ID: 7c8b2d93812538fd3878ca8b3c5d901fa8a0c3358f5f77b86d2ab4fe715f33c8
Opcode Fuzzy Hash: 135310086f78d179a52249350fe7cbc21b2ec262490949f2f2da5714f8d6ab3d
Instruction Fuzzy Hash: FA41A4B2701B8582E925DB57F5403E973A1F78D7C0F588421EB8E4BB72DB39D5528340

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001ACA0 Relevance: 7.6, APIs: 5, Instructions: 84COMMON

Download Yara Rule

APIs

#261.MFC140U ref: 000000014001AD1E
#14278.MFC140U ref: 000000014001ACCC

Part of subcall function 000000014001AE70: #14225.MFC140U ref: 000000014001AEC9

#12087.MFC140U ref: 000000014001AD3B
#261.MFC140U ref: 000000014001AD98
#1501.MFC140U ref: 000000014001ADB1

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #261$#12087#14225#14278#1501
String ID:
API String ID: 1800252866-0
Opcode ID: 8de4bbed9887f4dd47519698ddb70abae7478156b53fd9bb95d5077895ebbe31
Instruction ID: 64b1e79264b7d899bfedaee4fc51e9ed6612b6ea10d59eb5dcb9f00fafadfa74
Opcode Fuzzy Hash: 8de4bbed9887f4dd47519698ddb70abae7478156b53fd9bb95d5077895ebbe31
Instruction Fuzzy Hash: 3B317C35300A4086EA129B27E4403F96361F74EBE5F444225FF590BBE5CF3AC942CB81

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400161A0 Relevance: 7.6, APIs: 5, Instructions: 70registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.ADVAPI32 ref: 00000001400161D5
RegEnumKeyExW.ADVAPI32 ref: 0000000140016227
RegDeleteKeyW.ADVAPI32 ref: 0000000140016296
RegCloseKey.ADVAPI32 ref: 00000001400162A3

Part of subcall function 00000001400161A0: RegEnumKeyExW.ADVAPI32 ref: 0000000140016281

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: Enum$CloseDeleteOpen
String ID:
API String ID: 2095303065-0
Opcode ID: a85cd60bea1b10da2daf9f30895d79cde19ec60475d8dc3e10748374befd9602
Instruction ID: 3625f289ef93f19ef6f2b81ae1b3319c0605cfcee2f24cbe936f9da41e9754fa
Opcode Fuzzy Hash: a85cd60bea1b10da2daf9f30895d79cde19ec60475d8dc3e10748374befd9602
Instruction Fuzzy Hash: 3D312736208F8086E7618F66F88479AB3A4F7C9BC4F440125EBC947B28DF7DC9498B00

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400190B8 Relevance: 7.6, APIs: 5, Instructions: 62COMMON

Download Yara Rule

APIs

memmove.VCRUNTIME140 ref: 00000001400190EB
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 000000014001910D
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 000000014001911D
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 000000014001912D
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 000000014001913A

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$memmove
String ID:
API String ID: 15630516-0
Opcode ID: a806bf1fe732955e8204fed65e4256da835e0eb4e42eaa70705b2b3506c00afb
Instruction ID: 2f3500b680dc3e9fc9707fad44dd49056b7b2d1955dbb75cf9a05e4aa57ad04a
Opcode Fuzzy Hash: a806bf1fe732955e8204fed65e4256da835e0eb4e42eaa70705b2b3506c00afb
Instruction Fuzzy Hash: 62214932604A5592FB0ADF26E4883996360E749FD4F400415EB5A0BBFECFBAC9D18380

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140017F80 Relevance: 7.6, APIs: 5, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 00000001400189C0: PeekMessageW.USER32 ref: 00000001400189DE
Part of subcall function 00000001400189C0: SendMessageW.USER32(?,?,?,?,?,?,?,?,?,00000000,0000000140017FB2), ref: 0000000140018A03
Part of subcall function 00000001400189C0: PeekMessageW.USER32 ref: 0000000140018A1E

#1641.MFC140U ref: 0000000140017FDD
CLSIDFromString.OLE32 ref: 000000014001801A
SysFreeString.OLEAUT32 ref: 0000000140018024
#2297.MFC140U ref: 000000014001803B

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: Message$PeekString$#1641#2297FreeFromSend
String ID:
API String ID: 439310766-0
Opcode ID: 580d1b8a7042dffb70b9ca0ba3e8502a9362d8020e71f94ef199f35c78802d78
Instruction ID: 6136fdf3d1557e474fca434811bf7fabca5bd4cfce3de70ef55503e36287727d
Opcode Fuzzy Hash: 580d1b8a7042dffb70b9ca0ba3e8502a9362d8020e71f94ef199f35c78802d78
Instruction Fuzzy Hash: A3214D31205B4082EA629B23F8553EA63A0BB8DBD4F441625BB9E4B6B5EF39C5558700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140002610 Relevance: 7.5, APIs: 5, Instructions: 40windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32 ref: 0000000140002FF2
#316.MFC140U ref: 0000000140003002
SendMessageW.USER32 ref: 000000014000301B
#6775.MFC140U ref: 0000000140003030

Part of subcall function 0000000140009500: #1667.MFC140U ref: 0000000140009543
Part of subcall function 0000000140009500: SysAllocString.OLEAUT32 ref: 0000000140009696

Part of subcall function 0000000140003180: SendMessageW.USER32 ref: 00000001400031BB
Part of subcall function 0000000140003180: #4335.MFC140U ref: 00000001400031E3

#1034.MFC140U ref: 0000000140003062

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: MessageSend$#1034#1667#316#4335#6775AllocString
String ID:
API String ID: 886775953-0
Opcode ID: 33dcab9c6fc535e2fb59810baa8c855fc18b4f18d997c015c6a56ca7335ca207
Instruction ID: b9ffa0c9c5aa1d72d3f5c91ffd931b2b491a925eb9044b318b3fd988be8828ba
Opcode Fuzzy Hash: 33dcab9c6fc535e2fb59810baa8c855fc18b4f18d997c015c6a56ca7335ca207
Instruction Fuzzy Hash: CF11D67121098092E751DB26EC547D92320E7C97A5F645234FB1D4B9F8CF39C98AC754

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400110A0 Relevance: 7.5, APIs: 5, Instructions: 38COMMON

Download Yara Rule

APIs

#1034.MFC140U ref: 00000001400110C1
#1034.MFC140U ref: 00000001400110CC
#1034.MFC140U ref: 00000001400110D7
#1034.MFC140U ref: 00000001400110E2
#1059.MFC140U ref: 00000001400110EC

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #1034$#1059
String ID:
API String ID: 17008175-0
Opcode ID: 2e5651cb12950a3e0d4bb3c162eab2698db9e94ab13ee99135a776b2bdf69a98
Instruction ID: b4c92f5edfdd45789ad455b71fe5f18f18b27a7f663ae126a3145c9eb51173a9
Opcode Fuzzy Hash: 2e5651cb12950a3e0d4bb3c162eab2698db9e94ab13ee99135a776b2bdf69a98
Instruction Fuzzy Hash: 4E01D630140A0092E721AB26E8513D96220EBCEBB1F144220E76E472F6DF39C884C245

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140009770 Relevance: 7.5, APIs: 5, Instructions: 38COMMON

Download Yara Rule

APIs

_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0000000140009781
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0000000140009794
_invalid_parameter_noinfo.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00000001400097C9
#2344.MFC140U ref: 00000001400097CF

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: _errno$#2344_invalid_parameter_noinfo
String ID:
API String ID: 914342385-0
Opcode ID: 2725fbeb1a3438f46040da0760fc2f3d45a18c3393de66dd5180d761ebe3505b
Instruction ID: 860315dc8e451058cea4ab9c1b990bd5c036ecf90bbc0841e0247a2b674c6f2d
Opcode Fuzzy Hash: 2725fbeb1a3438f46040da0760fc2f3d45a18c3393de66dd5180d761ebe3505b
Instruction Fuzzy Hash: 76F01CF6A25A0482FB57AF93AC087E82194AB5CBC5F910408EB09073B6EB3D08944711

Uniqueness

Uniqueness Score: -1.00%

Function 000000014000F660 Relevance: 7.5, APIs: 5, Instructions: 37COMMON

Download Yara Rule

APIs

#446.MFC140U(?,?,?,?,?,0000000140007081), ref: 000000014000F683
#316.MFC140U(?,?,?,?,?,0000000140007081), ref: 000000014000F6A7
#316.MFC140U(?,?,?,?,?,0000000140007081), ref: 000000014000F6B5
#316.MFC140U(?,?,?,?,?,0000000140007081), ref: 000000014000F6C3
#990.MFC140U(?,?,?,?,?,0000000140007081), ref: 000000014000F6D9

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #316$#446#990
String ID:
API String ID: 442286065-0
Opcode ID: 26d429f845c5c61c7979af3c5f2bdab9eda0bec96ab8a68382869bc3568a0204
Instruction ID: 01bff8566e9b8d3441c268764641dcb4539339271e6cd6bbc4782310b95273ca
Opcode Fuzzy Hash: 26d429f845c5c61c7979af3c5f2bdab9eda0bec96ab8a68382869bc3568a0204
Instruction Fuzzy Hash: BB011A32204B80A2D7069B61ED843D9B360FB8E7B1F544225EBAD877B5DF78D969C304

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140002680 Relevance: 7.5, APIs: 5, Instructions: 37windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32 ref: 00000001400026B2
#316.MFC140U ref: 00000001400026C2
SendMessageW.USER32 ref: 00000001400026DB
#6775.MFC140U ref: 00000001400026F0

Part of subcall function 000000014000A100: #1667.MFC140U ref: 000000014000A13F
Part of subcall function 000000014000A100: SysAllocString.OLEAUT32 ref: 000000014000A22F
Part of subcall function 000000014000A100: SysFreeString.OLEAUT32 ref: 000000014000A27A
Part of subcall function 000000014000A100: #1034.MFC140U ref: 000000014000A294

Part of subcall function 0000000140003180: SendMessageW.USER32 ref: 00000001400031BB
Part of subcall function 0000000140003180: #4335.MFC140U ref: 00000001400031E3

#1034.MFC140U ref: 000000014000271E

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: MessageSend$#1034String$#1667#316#4335#6775AllocFree
String ID:
API String ID: 109216521-0
Opcode ID: 7c562de22706f97a506782054acf6429102ef46149207bf104eb807973aaf70d
Instruction ID: a636d4ce389a2701dddbe3e6303762a5bf522f32adfe0569bd8c309160df0dfd
Opcode Fuzzy Hash: 7c562de22706f97a506782054acf6429102ef46149207bf104eb807973aaf70d
Instruction Fuzzy Hash: 8801F57121098082E751DB25EC547D92320E78ABA4F540234FB2D4B6F4CF38C98AC744

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140006E60 Relevance: 7.5, APIs: 5, Instructions: 35COMMON

Download Yara Rule

APIs

Part of subcall function 0000000140003690: #446.MFC140U ref: 00000001400036B8
Part of subcall function 0000000140003690: #316.MFC140U ref: 00000001400036CF
Part of subcall function 0000000140003690: #316.MFC140U ref: 00000001400036DD
Part of subcall function 0000000140003690: #990.MFC140U ref: 0000000140003727

#3951.MFC140U ref: 0000000140006E94
#1053.MFC140U ref: 0000000140006EA2
#1034.MFC140U ref: 0000000140006EDA
#1034.MFC140U ref: 0000000140006EE9
#1089.MFC140U ref: 0000000140006EF5

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #1034#316$#1053#1089#3951#446#990
String ID:
API String ID: 2461601665-0
Opcode ID: 3d3f197d9a539397258f0c8e81df70760db2caef55763c002620f068c6b3043c
Instruction ID: adbac0f122d4d70c80d34c7b1036757960bfdac51b83b4d508832939b21ed13c
Opcode Fuzzy Hash: 3d3f197d9a539397258f0c8e81df70760db2caef55763c002620f068c6b3043c
Instruction Fuzzy Hash: 03010035214A80A2E672EB11F8913DA7364FBD97A0FC15216B39E476F6DE38C649CB04

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140005920 Relevance: 7.5, APIs: 5, Instructions: 34COMMON

Download Yara Rule

APIs

#5709.MFC140U ref: 0000000140005951
#285.MFC140U ref: 000000014000595D
#5674.MFC140U ref: 0000000140005973
#1641.MFC140U ref: 000000014000597E
#2921.MFC140U ref: 0000000140005999

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #1641#285#2921#5674#5709
String ID:
API String ID: 3943967081-0
Opcode ID: bdbf2543f6a0be4983fc398234c13c52a28aeade3d4f5342b9a2096e7d5ed2b3
Instruction ID: 361939031f1f78a6177eccf2b964673709fb047c40d8742edd5a88d19db7b91a
Opcode Fuzzy Hash: bdbf2543f6a0be4983fc398234c13c52a28aeade3d4f5342b9a2096e7d5ed2b3
Instruction Fuzzy Hash: 7701E835618B9086E7418B16F49436AA7A0F78DBE5F104218FEAA43BA8DF7CD545CB01

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140016730 Relevance: 7.5, APIs: 5, Instructions: 31COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,000000014000108F), ref: 0000000140016743
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,000000014000108F), ref: 000000014001675F
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,000000014000108F), ref: 000000014001676F
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,000000014000108F), ref: 000000014001677F
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,000000014000108F), ref: 000000014001678C

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: 3f54e51537b5add59bcf7b72d6a6dbbd6c7774e1660e29a52a6237c7fad62527
Instruction ID: 31f17dcd642b4e8050305ffda4f453f9713a1922a3da1c37327f551ee5ec9d2a
Opcode Fuzzy Hash: 3f54e51537b5add59bcf7b72d6a6dbbd6c7774e1660e29a52a6237c7fad62527
Instruction Fuzzy Hash: 12F090B0A0492491FA0A9773E98C39C22565B0CBF5F010B19A37A07AF9DE7D0CD88201

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140006B10 Relevance: 7.5, APIs: 5, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 000000014000EC80: #446.MFC140U(?,?,?,?,?,0000000140006B2C), ref: 000000014000EC9E
Part of subcall function 000000014000EC80: #316.MFC140U(?,?,?,?,?,0000000140006B2C), ref: 000000014000ECB5
Part of subcall function 000000014000EC80: #316.MFC140U(?,?,?,?,?,0000000140006B2C), ref: 000000014000ECC3
Part of subcall function 000000014000EC80: #316.MFC140U(?,?,?,?,?,0000000140006B2C), ref: 000000014000ECD1

#3951.MFC140U ref: 0000000140006B32
#1034.MFC140U ref: 0000000140006B40
#1034.MFC140U ref: 0000000140006B4F
#1034.MFC140U ref: 0000000140006B5E
#1089.MFC140U ref: 0000000140006B6A

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #1034#316$#1089#3951#446
String ID:
API String ID: 1954489404-0
Opcode ID: 8656ac25f5f0265f24b818cf8912866b3f2fb71c77cce29ad755d612537f2dfd
Instruction ID: b9d67dd8477f968db57b9a68e5fa64a6cd837ba9c60dd90198f61d13c9787362
Opcode Fuzzy Hash: 8656ac25f5f0265f24b818cf8912866b3f2fb71c77cce29ad755d612537f2dfd
Instruction Fuzzy Hash: 39F01235134980A2E662AB11EC613D96320FBDA771F815211B2AE825F5DF38CA0DCB44

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140009500 Relevance: 6.1, APIs: 4, Instructions: 123memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 0000000140003960: #5709.MFC140U(?,?,?,?,?,?,?,?,000000014000943B), ref: 0000000140003994
Part of subcall function 0000000140003960: #285.MFC140U(?,?,?,?,?,?,?,?,000000014000943B), ref: 00000001400039A0
Part of subcall function 0000000140003960: #13949.MFC140U(?,?,?,?,?,?,?,?,000000014000943B), ref: 00000001400039B1
Part of subcall function 0000000140003960: #5674.MFC140U(?,?,?,?,?,?,?,?,000000014000943B), ref: 00000001400039BC
Part of subcall function 0000000140003960: #1641.MFC140U(?,?,?,?,?,?,?,?,000000014000943B), ref: 00000001400039C7
Part of subcall function 0000000140003960: #2921.MFC140U(?,?,?,?,?,?,?,?,000000014000943B), ref: 00000001400039DD

#1667.MFC140U ref: 0000000140009543
#1034.MFC140U ref: 000000014000970A

Part of subcall function 0000000140009B30: #1641.MFC140U(?,?,?,?,?,?,?,?,?,?,?,?,00000034,0000000140002F97), ref: 0000000140009BA3
Part of subcall function 0000000140009B30: SysFreeString.OLEAUT32 ref: 0000000140009BEB

SysAllocString.OLEAUT32 ref: 0000000140009696
SysFreeString.OLEAUT32 ref: 00000001400096DE

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: String$#1641Free$#1034#13949#1667#285#2921#5674#5709Alloc
String ID:
API String ID: 1233798935-0
Opcode ID: fb2bedef48f7f50dfb35dfb0080bd350dcc7e66734987d750e49cb3461533674
Instruction ID: a8c119b9b5f80328474c4ec3aec57cedfaf875e2b0a257dd196db0d6688fba89
Opcode Fuzzy Hash: fb2bedef48f7f50dfb35dfb0080bd350dcc7e66734987d750e49cb3461533674
Instruction Fuzzy Hash: 5F513576204B8492DA5ADB26E5943ED7361FB89BD4F448122EBAD037A5DF38C5A8C300

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400052C0 Relevance: 6.1, APIs: 4, Instructions: 116COMMON

Download Yara Rule

APIs

#1425.MFC140U ref: 000000014000534F
#1129.MFC140U ref: 000000014000536B
#1034.MFC140U ref: 0000000140005378
#1034.MFC140U ref: 00000001400053D5

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #1034$#1129#1425
String ID:
API String ID: 159776809-0
Opcode ID: 27da2017ba4552d493a0f5e084339f362b5fed11b46f3ae473d61d88d7d36c2c
Instruction ID: 9a7faa05e14c0a2ac7b32a9fe62cde12c1b1a43d6b2a512fbed58eac648fe81a
Opcode Fuzzy Hash: 27da2017ba4552d493a0f5e084339f362b5fed11b46f3ae473d61d88d7d36c2c
Instruction Fuzzy Hash: 5F412836202B4091EB02DF66E9A03DD7364FB8ABA5F045232AB6D576F5CF34C559C304

Uniqueness

Uniqueness Score: -1.00%

Function 000000014000A100 Relevance: 6.1, APIs: 4, Instructions: 97memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 0000000140003960: #5709.MFC140U(?,?,?,?,?,?,?,?,000000014000943B), ref: 0000000140003994
Part of subcall function 0000000140003960: #285.MFC140U(?,?,?,?,?,?,?,?,000000014000943B), ref: 00000001400039A0
Part of subcall function 0000000140003960: #13949.MFC140U(?,?,?,?,?,?,?,?,000000014000943B), ref: 00000001400039B1
Part of subcall function 0000000140003960: #5674.MFC140U(?,?,?,?,?,?,?,?,000000014000943B), ref: 00000001400039BC
Part of subcall function 0000000140003960: #1641.MFC140U(?,?,?,?,?,?,?,?,000000014000943B), ref: 00000001400039C7
Part of subcall function 0000000140003960: #2921.MFC140U(?,?,?,?,?,?,?,?,000000014000943B), ref: 00000001400039DD

#1667.MFC140U ref: 000000014000A13F
#1034.MFC140U ref: 000000014000A294

Part of subcall function 0000000140009B30: #1641.MFC140U(?,?,?,?,?,?,?,?,?,?,?,?,00000034,0000000140002F97), ref: 0000000140009BA3
Part of subcall function 0000000140009B30: SysFreeString.OLEAUT32 ref: 0000000140009BEB

SysAllocString.OLEAUT32 ref: 000000014000A22F
SysFreeString.OLEAUT32 ref: 000000014000A27A

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: String$#1641Free$#1034#13949#1667#285#2921#5674#5709Alloc
String ID:
API String ID: 1233798935-0
Opcode ID: d56b5a99f8020fe36458e6f7e761285ca3672339c20c18e8b4553183edfcede8
Instruction ID: 092b1177e06669c3374913bc431a4294b91bcd4f0157e78d38982d4c99608ff1
Opcode Fuzzy Hash: d56b5a99f8020fe36458e6f7e761285ca3672339c20c18e8b4553183edfcede8
Instruction Fuzzy Hash: 0F41AC72305B8091DA69DF26E5943EDB3A0FB8ABD4F444125EBAD037A5DF38C598C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001AE70 Relevance: 6.1, APIs: 4, Instructions: 67COMMON

Download Yara Rule

APIs

#14225.MFC140U ref: 000000014001AEC9
#12030.MFC140U ref: 000000014001AF0B
#2344.MFC140U ref: 000000014001AF3A
#2340.MFC140U ref: 000000014001AF45

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #12030#14225#2340#2344
String ID:
API String ID: 1460255360-0
Opcode ID: abaf1aac17cd5a1c893ee78d4a5e42fdbb6917642f1acca8898b7292daaffc98
Instruction ID: a949cb62d357ce72fdc0c8f2b8ef39f63d2954e8c647faec8a19440b31b7378d
Opcode Fuzzy Hash: abaf1aac17cd5a1c893ee78d4a5e42fdbb6917642f1acca8898b7292daaffc98
Instruction Fuzzy Hash: 9D21D27630068046EE629B5AA1043E9A6E1F78E7D0F2C0735FF451FBA5EA3EC8438700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140019C40 Relevance: 6.1, APIs: 4, Instructions: 54synchronizationCOMMON

Download Yara Rule

APIs

ResetEvent.KERNEL32 ref: 0000000140019C88
SetEvent.KERNEL32 ref: 0000000140019C92
WaitForSingleObject.KERNEL32 ref: 0000000140019CA1
WaitForSingleObject.KERNEL32 ref: 0000000140019CC3

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: EventObjectSingleWait$Reset
String ID:
API String ID: 3348509387-0
Opcode ID: f443188405f7e0f9548015559a9e5055b37251994922dd6144c10ca555f1bf25
Instruction ID: 199a9adc89de56cef4556d657996393c5e4f0f339a017d005f2e812dadda30e4
Opcode Fuzzy Hash: f443188405f7e0f9548015559a9e5055b37251994922dd6144c10ca555f1bf25
Instruction Fuzzy Hash: 09118E3271060082EB459B67E1913AC23A1FB8CBE0F501620EB1A4BBE5CF39C8A5C780

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001A0A0 Relevance: 6.0, APIs: 4, Instructions: 50synchronizationCOMMON

Download Yara Rule

APIs

ResetEvent.KERNEL32(?,?,00000000,0000000140019D5C), ref: 000000014001A0EC
SetEvent.KERNEL32(?,?,00000000,0000000140019D5C), ref: 000000014001A0F6
WaitForSingleObject.KERNEL32(?,?,00000000,0000000140019D5C), ref: 000000014001A105
WaitForSingleObject.KERNEL32(?,?,00000000,0000000140019D5C), ref: 000000014001A125

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: EventObjectSingleWait$Reset
String ID:
API String ID: 3348509387-0
Opcode ID: 1d8897e9a2e485909319f7bd2aca9d202e2ad3361dc0962c0e31307fa636b483
Instruction ID: 8a452a149dfdb34ae27f93a2858eef2cd96ba07051b5fc4ba46c1819e4cb4b63
Opcode Fuzzy Hash: 1d8897e9a2e485909319f7bd2aca9d202e2ad3361dc0962c0e31307fa636b483
Instruction Fuzzy Hash: A1113D3261065082EB519F26E4803AD3361F78DFA4F551221FF5A8B2A5CF39C8C6C740

Uniqueness

Uniqueness Score: -1.00%

Function 000000014000F7F0 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

#286.MFC140U ref: 000000014000F831
_localtime64_s.API-MS-WIN-CRT-TIME-L1-1-0 ref: 000000014000F841
wcsftime.API-MS-WIN-CRT-TIME-L1-1-0 ref: 000000014000F868
#286.MFC140U ref: 000000014000F880

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #286$_localtime64_swcsftime
String ID:
API String ID: 1884029608-0
Opcode ID: cc01f8aeeede9c7ff21497124931c1b08f26a6065c3478fb7c991f884679f823
Instruction ID: c49b3f8db3eacf5f8960d54cabc2ecfbe2551660d9c1316189f6c70907e5fce9
Opcode Fuzzy Hash: cc01f8aeeede9c7ff21497124931c1b08f26a6065c3478fb7c991f884679f823
Instruction Fuzzy Hash: D111917120478482EA26DB12F8043EA6361BB8DBD1F508225BF5E47AF8DF3CC5059700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140003690 Relevance: 6.0, APIs: 4, Instructions: 46COMMON

Download Yara Rule

APIs

#446.MFC140U ref: 00000001400036B8
#316.MFC140U ref: 00000001400036CF
#316.MFC140U ref: 00000001400036DD

Part of subcall function 000000014001A300: #990.MFC140U(?,?,?,?,?,00000001400036F8), ref: 000000014001A31B

#990.MFC140U ref: 0000000140003727

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #316#990$#446
String ID:
API String ID: 657805508-0
Opcode ID: 7055971c8142d2594cc0b89e8b3d0d5b2bd0254c53038477957193ae515aaecf
Instruction ID: f49530b022adeac6a6a1b03fa1ace2639281c25c436fa5b2c84c82509d4ef023
Opcode Fuzzy Hash: 7055971c8142d2594cc0b89e8b3d0d5b2bd0254c53038477957193ae515aaecf
Instruction Fuzzy Hash: A0110432210B90A6D7069F61E9403C9B368F78DBA0F440226EBAD43BB9DF78C565C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400030C0 Relevance: 6.0, APIs: 4, Instructions: 42windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,?,?,0000000140003374), ref: 00000001400030E9
SendMessageW.USER32(?,?,?,0000000140003374), ref: 0000000140003105
SendMessageW.USER32(?,?,?,0000000140003374), ref: 0000000140003124
SendMessageW.USER32(?,?,?,0000000140003374), ref: 0000000140003146

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 73d2d6083211d566c5904056501650bb456302570c3623dd887f990683c313f5
Instruction ID: 90b5c41c3c26e3fc1ad2763a64953a88bc65050c160d6f598a8898c46dafea3a
Opcode Fuzzy Hash: 73d2d6083211d566c5904056501650bb456302570c3623dd887f990683c313f5
Instruction Fuzzy Hash: 8601B13571468082F7918B66F980B9A6320F78CBD0F95A030AF0E47F78CE38C8D18700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140018AF0 Relevance: 6.0, APIs: 4, Instructions: 41COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0000000140018B1F
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0000000140018B2F
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0000000140018B3F
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0000000140018B4C

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: 02ad3179551aa3bada893f5bddda9f8102992ebf20c09a9eab453529fc31ac6f
Instruction ID: f08526bff1cc30fe7fe20debafac4145e8d8dddef1ff78d744c245057b06cb3c
Opcode Fuzzy Hash: 02ad3179551aa3bada893f5bddda9f8102992ebf20c09a9eab453529fc31ac6f
Instruction Fuzzy Hash: D9018F72604A0482FF2A9B26E4883982351E71EFE5F100A04EBAE0B3F2CF7D85D18344

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140010D10 Relevance: 6.0, APIs: 4, Instructions: 40COMMON

Download Yara Rule

APIs

#316.MFC140U(?,?,?,?,?,0000000140010CE4), ref: 0000000140010D3A
#316.MFC140U(?,?,?,?,?,0000000140010CE4), ref: 0000000140010D45
#316.MFC140U(?,?,?,?,?,0000000140010CE4), ref: 0000000140010D50
#316.MFC140U(?,?,?,?,?,0000000140010CE4), ref: 0000000140010D5B

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #316
String ID:
API String ID: 3154712110-0
Opcode ID: b1e95d0845a3475b74d04403d2050eae85283102a40bbbf2389d75c4a8b49eb9
Instruction ID: 5f8050ecb36269625cb84e2e7f3c2793d910d7d69173e63d666de73b9777677c
Opcode Fuzzy Hash: b1e95d0845a3475b74d04403d2050eae85283102a40bbbf2389d75c4a8b49eb9
Instruction Fuzzy Hash: DA119336502F409AD781AF35E84438933E8F74DB69F444239DA9DCB3A8EF348898C354

Uniqueness

Uniqueness Score: -1.00%

Function 000000014000ED00 Relevance: 6.0, APIs: 4, Instructions: 35COMMON

Download Yara Rule

APIs

#1034.MFC140U ref: 000000014000ED24
#1034.MFC140U ref: 000000014000ED32
#1034.MFC140U ref: 000000014000ED40
#1089.MFC140U ref: 000000014000ED4A

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #1034$#1089
String ID:
API String ID: 3031300194-0
Opcode ID: 80cd4fb09ef9a925e0eaca5704bbca5e004706b37c8a2708e91b119cd8c98015
Instruction ID: a8ba63f03dd40393f370227c51d178c4b1b842f20eedb4b641afd58f0c2a9cf2
Opcode Fuzzy Hash: 80cd4fb09ef9a925e0eaca5704bbca5e004706b37c8a2708e91b119cd8c98015
Instruction Fuzzy Hash: 16F09C31154E4082E722AB66F8513D96210FF8EBF1F555231F7AE072F6DF39C9458245

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140001500 Relevance: 6.0, APIs: 4, Instructions: 34COMMON

Download Yara Rule

APIs

#964.MFC140U ref: 0000000140001516
InitializeCriticalSectionAndSpinCount.KERNEL32 ref: 0000000140001533
GetLastError.KERNEL32 ref: 000000014000153D
_onexit.LIBCMT ref: 000000014001DF8C

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #964CountCriticalErrorInitializeLastSectionSpin_onexit
String ID:
API String ID: 2583237219-0
Opcode ID: 70861140fbdba52e1df05f91d50ac3f270c4e13c5783bc7bed2000e79d5d9ca8
Instruction ID: 6772bb5e31eacf955bdf4ef714963f1a8b72359244ced60474d41617cd20596a
Opcode Fuzzy Hash: 70861140fbdba52e1df05f91d50ac3f270c4e13c5783bc7bed2000e79d5d9ca8
Instruction Fuzzy Hash: F7F04F70620A11D1F712AB77AC553E522A167DC3E1F81432AF66AC72F1EE3CC6068204

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001AC00 Relevance: 6.0, APIs: 4, Instructions: 32COMMON

Download Yara Rule

APIs

GetStockObject.GDI32 ref: 000000014001AC17
GetStockObject.GDI32 ref: 000000014001AC28
#3828.MFC140U ref: 000000014001AC3B
#2475.MFC140U ref: 000000014001AC46

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: ObjectStock$#2475#3828
String ID:
API String ID: 1914599619-0
Opcode ID: a3dcd66f7e81985ddb63e34eab4774e9e00ee32286790f03edd8874e511ae95b
Instruction ID: d51cc01bfce24079f4235a71b1b3b868ae3bab666bc90a8587a1284c5a044ad8
Opcode Fuzzy Hash: a3dcd66f7e81985ddb63e34eab4774e9e00ee32286790f03edd8874e511ae95b
Instruction Fuzzy Hash: DEF03736315A8082EB169B23F5507EAA761EB8DBD0F188135FF4A0BB65DF39D9818740

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140010EE0 Relevance: 6.0, APIs: 4, Instructions: 32COMMON

Download Yara Rule

APIs

#1034.MFC140U ref: 0000000140010F18
#1034.MFC140U ref: 0000000140010F23
#1034.MFC140U ref: 0000000140010F2E
#1034.MFC140U ref: 0000000140010F39

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #1034
String ID:
API String ID: 4183836952-0
Opcode ID: cbbff8fc0473367061fbf7fa4587e4fe411c0365dcf1c994a051626f658f7042
Instruction ID: ebdefd1ff2e0c017eb305db29b494f202d98700454808886c9353c4fd97b46ea
Opcode Fuzzy Hash: cbbff8fc0473367061fbf7fa4587e4fe411c0365dcf1c994a051626f658f7042
Instruction Fuzzy Hash: D6011932214E40A3D711AF65E8943AD6320FB8ABB2F544225A76E436F8DF78C958D748

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400042F0 Relevance: 6.0, APIs: 4, Instructions: 30COMMON

Download Yara Rule

APIs

#316.MFC140U ref: 000000014000430F
#5240.MFC140U ref: 000000014000431E
#7893.MFC140U ref: 0000000140004338
#1034.MFC140U ref: 0000000140004350

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #1034#316#5240#7893
String ID:
API String ID: 263385091-0
Opcode ID: a66036aa296be7b991a306de89e57579a0dc437d69ba976f0bdba0459b30075f
Instruction ID: dad9fb337f12753ebf2f1bfc00846c1a0960d0447313fbde59b910ca7cee4c58
Opcode Fuzzy Hash: a66036aa296be7b991a306de89e57579a0dc437d69ba976f0bdba0459b30075f
Instruction Fuzzy Hash: 6FF0623120494182DB119B26E8443AE6330EBCABF1F544325EB6E476F9CF39C545C704

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400041E0 Relevance: 6.0, APIs: 4, Instructions: 28windowCOMMON

Download Yara Rule

APIs

#5240.MFC140U ref: 00000001400041EE
SendMessageW.USER32 ref: 0000000140004202
#4181.MFC140U ref: 0000000140004220
#5240.MFC140U ref: 000000014000422E

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #5240$#4181MessageSend
String ID:
API String ID: 2563952697-0
Opcode ID: 6ce1b3cc518fe12b27c588a7be96cf215f4efe3206440d076cc38d5eee56dd88
Instruction ID: f5eb1356fe24259e553b7a13635aa281224ca04e22e216f1fd032ff80a265d8c
Opcode Fuzzy Hash: 6ce1b3cc518fe12b27c588a7be96cf215f4efe3206440d076cc38d5eee56dd88
Instruction Fuzzy Hash: 51F012B171158282F727AB37E8617EA1251DBDCBC4F54A035BF064B6B6DE39C9419304

Uniqueness

Uniqueness Score: -1.00%

Function 000000014000EC80 Relevance: 6.0, APIs: 4, Instructions: 28COMMON

Download Yara Rule

APIs

#446.MFC140U(?,?,?,?,?,0000000140006B2C), ref: 000000014000EC9E
#316.MFC140U(?,?,?,?,?,0000000140006B2C), ref: 000000014000ECB5
#316.MFC140U(?,?,?,?,?,0000000140006B2C), ref: 000000014000ECC3
#316.MFC140U(?,?,?,?,?,0000000140006B2C), ref: 000000014000ECD1

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #316$#446
String ID:
API String ID: 1530140214-0
Opcode ID: f0d2ab69715d714d5d21b8885d56a065e66b903404ebbf795ac23b3a70599aca
Instruction ID: 6e8f12570c104ff4a1111c7a2061069b355e60c7dd4a330ff083a9008e5128e6
Opcode Fuzzy Hash: f0d2ab69715d714d5d21b8885d56a065e66b903404ebbf795ac23b3a70599aca
Instruction Fuzzy Hash: B3F0E731110F8092D742AF61EC443D933A4E78DBB6F440234AEAD8A3B8EF388959C314

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400187C0 Relevance: 6.0, APIs: 4, Instructions: 25COMMON

Download Yara Rule

APIs

#5240.MFC140U(?,?,?,000000014000DA28), ref: 00000001400187DA
#1641.MFC140U(?,?,?,000000014000DA28), ref: 00000001400187EA
#13767.MFC140U(?,?,?,000000014000DA28), ref: 00000001400187F6
#14128.MFC140U(?,?,?,000000014000DA28), ref: 0000000140018800

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #13767#14128#1641#5240
String ID:
API String ID: 3945742715-0
Opcode ID: 5712f25d38cc79e84cdef3b49d51ae033930ee8b35ac965885c8847e09295f46
Instruction ID: f6293f125caff1fff3228657dc512807d1d7862a4c54430b4a1cb5e18a44a190
Opcode Fuzzy Hash: 5712f25d38cc79e84cdef3b49d51ae033930ee8b35ac965885c8847e09295f46
Instruction Fuzzy Hash: D6F03031709A9081EB46DB17F4413AA6261FB8CFC0F189034FF4E4BB6AEE39C9428704

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140006F20 Relevance: 6.0, APIs: 4, Instructions: 24COMMON

Download Yara Rule

APIs

#2212.MFC140U ref: 0000000140006F32
#2514.MFC140U ref: 0000000140006F3B
#286.MFC140U ref: 0000000140006F4D

Part of subcall function 000000014000CC20: #280.MFC140U ref: 000000014000CC63
Part of subcall function 000000014000CC20: #7893.MFC140U ref: 000000014000CC6D
Part of subcall function 000000014000CC20: #3951.MFC140U ref: 000000014000CC97
Part of subcall function 000000014000CC20: #1034.MFC140U ref: 000000014000CCA9
Part of subcall function 000000014000CC20: #1089.MFC140U ref: 000000014000CCB7
Part of subcall function 000000014000CC20: #1034.MFC140U ref: 000000014000D3F0

#1034.MFC140U ref: 0000000140006F6C

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #1034$#1089#2212#2514#280#286#3951#7893
String ID:
API String ID: 74899329-0
Opcode ID: 8346c8f6330041cb9e2c90637cc9600ebcb03dd7566dde23328298a8fa23dc86
Instruction ID: 0bc47654705017e7cd37b2ff100676a37ad61bfd94bdd02d1735179f1d04f6e7
Opcode Fuzzy Hash: 8346c8f6330041cb9e2c90637cc9600ebcb03dd7566dde23328298a8fa23dc86
Instruction Fuzzy Hash: B2F08C71210A0092E612AB16E8503E96320E7CE7E4F501311F7AE872F6CE39C949C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140006D20 Relevance: 6.0, APIs: 4, Instructions: 23COMMON

Download Yara Rule

APIs

#2212.MFC140U ref: 0000000140006D32
#2514.MFC140U ref: 0000000140006D3B
#286.MFC140U ref: 0000000140006D4D

Part of subcall function 0000000140008AC0: #280.MFC140U ref: 0000000140008B8A
Part of subcall function 0000000140008AC0: #1501.MFC140U ref: 0000000140008BA3
Part of subcall function 0000000140008AC0: #1034.MFC140U ref: 0000000140008BAD
Part of subcall function 0000000140008AC0: #3951.MFC140U ref: 0000000140008BB8

#1034.MFC140U ref: 0000000140006D67

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #1034$#1501#2212#2514#280#286#3951
String ID:
API String ID: 1785279886-0
Opcode ID: e8cfdefa1c10aff50375a7031c376defa0668c1439adc25eeaa800777940d261
Instruction ID: b7bf8f95895560fd0b60d39706d82d7be6fe553fa8af96d675294aee2c1a5600
Opcode Fuzzy Hash: e8cfdefa1c10aff50375a7031c376defa0668c1439adc25eeaa800777940d261
Instruction Fuzzy Hash: F7F01C75214A0092EA12AB16E8503E96320E7CE7E5F551211FBAE876F6DE39C949C704

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140019340 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94COMMON

Download Yara Rule

APIs

?_Xlength_error@std@@YAXPEBD@Z.MSVCP140(?,?,?,00000001400015E6), ref: 00000001400193C4
memmove.VCRUNTIME140(?,?,?,00000001400015E6), ref: 000000014001943E

Strings

string too long, xrefs: 00000001400193BD

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: Xlength_error@std@@memmove
String ID: string too long
API String ID: 1146228739-2556327735
Opcode ID: abbf630a257e066e84f02379314c7962b2d01c10de72de40f156faa2f8a44b3d
Instruction ID: 29052466626a6473f0e753500e6a80b6044b0775b303e06cb0c86e26b67264fb
Opcode Fuzzy Hash: abbf630a257e066e84f02379314c7962b2d01c10de72de40f156faa2f8a44b3d
Instruction Fuzzy Hash: 44314D32714A4081EF1A8B1BE14439D6261E75CFD4F984521EF6E0BBEDDB7AC6928340

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140019470 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

?_Xout_of_range@std@@YAXPEBD@Z.MSVCP140(?,?,?,000000014001928B), ref: 000000014001948D

Strings

invalid string position, xrefs: 0000000140019486

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: Xout_of_range@std@@
String ID: invalid string position
API String ID: 1960685668-1799206989
Opcode ID: e86e66f0dfdfdc72452e5490d1e840ddb531dd767464e532f075b54a744d8627
Instruction ID: 1765d6f0d5366e12251c174c06732086367e4af4980dcc2cc7fa32f6b5bf00e2
Opcode Fuzzy Hash: e86e66f0dfdfdc72452e5490d1e840ddb531dd767464e532f075b54a744d8627
Instruction Fuzzy Hash: 42214D72314B8881EF0A8F2EF5843992761F75CFC8FA85121EB5D0B7A9DA3AC595C340

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140010B90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON

Download Yara Rule

APIs

?_Xlength_error@std@@YAXPEBD@Z.MSVCP140 ref: 0000000140010BEE
memmove.VCRUNTIME140 ref: 0000000140010C18

Strings

vector<T> too long, xrefs: 0000000140010BE7

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: Xlength_error@std@@memmove
String ID: vector<T> too long
API String ID: 1146228739-3788999226
Opcode ID: 9dc675e0d2d408ba261ab41abbf05f57560e7601f6a92b4e20a1b7e6443708b9
Instruction ID: 13d5a6118e1a74ebdd6ab402768da505c2c5326f39a7da57be5e51b54053b7ff
Opcode Fuzzy Hash: 9dc675e0d2d408ba261ab41abbf05f57560e7601f6a92b4e20a1b7e6443708b9
Instruction Fuzzy Hash: 69111F32611F8485DA119F16E840389B7A8F748BE4F584725ABBC47BF4EF78C5668740

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140001030 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28COMMON

Download Yara Rule

APIs

Part of subcall function 0000000140010B90: ?_Xlength_error@std@@YAXPEBD@Z.MSVCP140 ref: 0000000140010BEE
Part of subcall function 0000000140010B90: memmove.VCRUNTIME140 ref: 0000000140010C18

_onexit.LIBCMT ref: 000000014001DF8C

Strings

sc_samlight_client_ctrl.ocx, xrefs: 0000000140001045
sc_ex_samlight_client_ctrl.dll, xrefs: 0000000140001034

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: Xlength_error@std@@_onexitmemmove
String ID: sc_ex_samlight_client_ctrl.dll$sc_samlight_client_ctrl.ocx
API String ID: 1607962595-139340760
Opcode ID: 767f64c0167527c8ee727f0094694d5d02ff1f14c55022c13e0134f2ff06145d
Instruction ID: 8669cf06a8fe41349b4cc49a35049f8ead2e099be2c01522b3e6bc23e12abbf4
Opcode Fuzzy Hash: 767f64c0167527c8ee727f0094694d5d02ff1f14c55022c13e0134f2ff06145d
Instruction Fuzzy Hash: 9FF03C71A24B4590EA12DB62F8817D57360F79C388F904226F68D57676EB3CC259C740

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140016BE6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 27windowCOMMON

Download Yara Rule

APIs

MessageBoxW.USER32 ref: 0000000140016B9B

Strings

environment variable not found, xrefs: 0000000140016B8C
SCAPS_SAM=?, xrefs: 0000000140016BE6

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: Message
String ID: SCAPS_SAM=?$environment variable not found
API String ID: 2030045667-1090523486
Opcode ID: 86c5aa6a7e79b4ac3ff57c0e35144eb0a083cbe09f9ad926099c738842b28640
Instruction ID: 35780669cca110b39be95e01167399d6eff8543f3606d34fbec909792c6ce2a3
Opcode Fuzzy Hash: 86c5aa6a7e79b4ac3ff57c0e35144eb0a083cbe09f9ad926099c738842b28640
Instruction Fuzzy Hash: 41F0B736351B8490EB6ACB66E4447D92368A74CBE0F55446BEE1E13770CF7AC886D300

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001B990 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON

Download Yara Rule

APIs

#286.MFC140U(?,?,?,?,?,000000014001B7B9), ref: 000000014001B9CC
#1034.MFC140U(?,?,?,?,?,000000014001B7B9), ref: 000000014001B9E6

Strings

Kernel32.dll, xrefs: 000000014001B9C0

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #1034#286
String ID: Kernel32.dll
API String ID: 661860208-1926710522
Opcode ID: eebf392994475d13d4a671a258beebfbe8509d087b03ea05d112a2848ffaab25
Instruction ID: 68a7db6455d6cfc7405dc0c8eaf479836d4966a3210664323251481797f91175
Opcode Fuzzy Hash: eebf392994475d13d4a671a258beebfbe8509d087b03ea05d112a2848ffaab25
Instruction Fuzzy Hash: B7F03431100B04A1EA12AB1AE8943D96760E78E7E1F841221FBA94B2F9DF3DC589C304

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001BB70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON

Download Yara Rule

APIs

#286.MFC140U(?,?,?,?,?,0000000140010CF1), ref: 000000014001BBAC
#1034.MFC140U(?,?,?,?,?,0000000140010CF1), ref: 000000014001BBC6

Strings

Shell32.dll, xrefs: 000000014001BBA0

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #1034#286
String ID: Shell32.dll
API String ID: 661860208-1312634127
Opcode ID: c699fcc36e037cb06b4139cdb15cc54cf738eda244b009bf216af282b8fc8c60
Instruction ID: 1927d9c3ebd580b4551ceae1f0e4cab220d4cfccef9184d727e0085f5872d26e
Opcode Fuzzy Hash: c699fcc36e037cb06b4139cdb15cc54cf738eda244b009bf216af282b8fc8c60
Instruction Fuzzy Hash: 66F05835100B04A1EA12AB16F8943DA6760E78E7F1F841221FBAE476F9DF3DC589C304

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400028F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON

Download Yara Rule

APIs

#8449.MFC140U ref: 000000014000291F

Strings

Warning, xrefs: 0000000140002911
Settings file not saved! Exit without saving?, xrefs: 0000000140002918

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: #8449
String ID: Settings file not saved! Exit without saving?$Warning
API String ID: 2995864628-1382470544
Opcode ID: 422e17f745b32e6e26c0abe0d1f21fcf57d72f1463e93bdca0d2dbcbba8bcb58
Instruction ID: 329e22f350d846221b37cae99f4dbef31b450849faa58dded4358c25ac4f1dbc
Opcode Fuzzy Hash: 422e17f745b32e6e26c0abe0d1f21fcf57d72f1463e93bdca0d2dbcbba8bcb58
Instruction Fuzzy Hash: 87E04FF1A01584D1FE77CB47A8587E82290E35C7D9F681436FF084F2B096394ADAD741

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400015A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON

Download Yara Rule

APIs

_onexit.LIBCMT ref: 000000014001DF8C

Strings

AAD, xrefs: 00000001400015C1
AAD, xrefs: 00000001400015A4, 00000001400015D3

Memory Dump Source

Source File: 00000000.00000002.2126964809.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.2126949213.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2126987210.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127014741.000000014003F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127032230.0000000140043000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127048666.0000000140047000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_sc_setup_x64.jbxd

Similarity

API ID: _onexit
String ID: AAD$AAD
API String ID: 572287377-3502023328
Opcode ID: a017922cbc4aff6f101f5f014f736e2122a5a53735348f1aaadad2ac596f493f
Instruction ID: eae92353549da42872f83548e51d74c995d8af637a34a3f4fc4e228c2b482d26
Opcode Fuzzy Hash: a017922cbc4aff6f101f5f014f736e2122a5a53735348f1aaadad2ac596f493f
Instruction Fuzzy Hash: 00F06D3075475180F703EB23EC853D02290639C7C5F81016AF6098BAF2EB7D838AC706

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report sc_setup_x64.exe

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_sc_setup_x64.exe_10f9a047a950d8fb8b3fb7b54dcc2af97e45377f_701d5e3e_a0c07dd9-6508-46a2-847c-554e04d89f5c\Report.wer

C:\ProgramData\Microsoft\Windows\WER\Temp\WERC256.tmp.dmp

C:\ProgramData\Microsoft\Windows\WER\Temp\WERC2D4.tmp.WERInternalMetadata.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WERC304.tmp.xml

C:\Windows\appcompat\Programs\Amcache.hve

Static File Info

General

File Icon

Static PE Info

General

Authenticode Signature

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

Behavior

Windows Analysis Report
sc_setup_x64.exe

Function 0000000140011E10 Relevance: 1446.7, APIs: 523, Strings: 302, Instructions: 2920
libraryloaderwindowCOMMON

Function 000000014001D9C0 Relevance: 22.6, APIs: 15, Instructions: 89
COMMON

Function 00000001400174B0 Relevance: 17.5, APIs: 8, Strings: 2, Instructions: 46
registryCOMMON

Function 000000014000DDA0 Relevance: 145.8, APIs: 66, Strings: 17, Instructions: 508
COMMON

Function 00000001400112E0 Relevance: 142.2, APIs: 68, Strings: 13, Instructions: 488
windowCOMMON

Function 0000000140017880 Relevance: 107.1, APIs: 47, Strings: 14, Instructions: 360
windowCOMMON

Function 0000000140007F70 Relevance: 91.4, APIs: 41, Strings: 11, Instructions: 395
COMMON

Function 000000014000CC20 Relevance: 84.5, APIs: 38, Strings: 10, Instructions: 460
COMMON

Function 0000000140010290 Relevance: 82.6, APIs: 45, Strings: 2, Instructions: 383
windowCOMMON

Function 0000000140006230 Relevance: 80.7, APIs: 42, Strings: 4, Instructions: 218
fileprocesswindowCOMMON

Function 0000000140015C70 Relevance: 107.0, APIs: 40, Strings: 21, Instructions: 247
COMMON

Function 000000014000FBC0 Relevance: 89.5, APIs: 48, Strings: 3, Instructions: 263
libraryCOMMON

Function 0000000140004470 Relevance: 73.7, APIs: 36, Strings: 6, Instructions: 187
windowCOMMON

Function 000000014000D8F0 Relevance: 73.7, APIs: 30, Strings: 12, Instructions: 169
COMMON

Function 0000000140008E20 Relevance: 66.7, APIs: 27, Strings: 11, Instructions: 156
COMMON