Edit tour

Windows Analysis Report
SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe

Overview

General Information

Sample name:	SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe
Analysis ID:	1430716
MD5:	a96ef52e95bb72ff1cfb04a8fe9fd14c
SHA1:	6f52dcd60eb5f373345791d6e2f745793f692315
SHA256:	b47316ca08d8a0d5b9f7c1479612c74dbd2922251adca3552e9c5cdf2e785731
Tags:	exe
Infos:

Detection

Score:	36
Range:	0 - 100
Whitelisted:	false
Confidence:	40%

Signatures

Snort IDS alert for network traffic

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Detected potential crypto function

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found evasive API chain (date check)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

May check the online IP address of the machine

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Potential key logger detected (key state polling based)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Analysis Advice

Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior

Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--")

Sample monitors window changes (e.g. starting applications), analyze the sample with the 'Simulates keyboard and window changes' cookbook

Process Tree

System is w10x64

SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe (PID: 3572 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe" MD5: A96EF52E95BB72FF1CFB04A8FE9FD14C)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

ET MALWARE Tensorshare Google Analytics Checkin - Source IP: 192.168.2.5 - Destination IP: 142.251.2.100

Timestamp:	04/24/24-04:28:01.933308
SID:	2043421
Source Port:	49710
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe

Binary or memory string: -----BEGIN PUBLIC KEY-----

Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe

Static PE information: certificate valid

Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:

Binary string: F:\Jenkins\WorkSpace\workspace\Common_Downloader\Branches\InstallWithoutUninstall\release\Setup.pdb source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp

Networking

Snort IDS alert for network traffic

Source: Traffic

Snort IDS: 2043421 ET MALWARE Tensorshare Google Analytics Checkin 192.168.2.5:49710 -> 142.251.2.100:80

Source: Joe Sandbox View

IP Address: 208.95.112.1 208.95.112.1

Source: unknown

DNS query: name: ip-api.com

Source: global traffic

HTTP traffic detected: GET /csv HTTP/1.1Accept: */*Accept-Language: zh-cnAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; MyIE2; .NET CLR 1.1.4322)Host: ip-api.comCache-Control: no-cache

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe

Code function: 0_2_00462620 libssh2_scp_recv,libssh2_session_last_errno,

0_2_00462620

Source: global traffic

Source: unknown

DNS traffic detected: queries for: www.tenorshare.com

Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000003.2316041826.0000000005D55000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4486545605.0000000005D55000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.mic
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://curl.haxx.se/docs/http-cookies.html
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	String found in binary or memory: http://curl.haxx.se/docs/http-cookies.html#
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	String found in binary or memory: http://dl.tenorshare.net/AnyDataRecovery_any_x64.exe
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	String found in binary or memory: http://dl.tenorshare.net/AnyDataRecovery_net_x64.exe
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	String found in binary or memory: http://dl.tenorshare.net/AnyDataRecovery_ts_x64.exe
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	String found in binary or memory: http://download.wondershare.com/cbs_down/drfone_recover_full3366.exe
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4485724599.0000000004BF6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4486149405.00000000051DD000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: http://ip-api.com/csv
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	String found in binary or memory: http://ocsp.digicert.com0
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	String found in binary or memory: http://ocsp.digicert.com0A
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	String found in binary or memory: http://ocsp.digicert.com0C
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	String found in binary or memory: http://ocsp.digicert.com0X
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://update.tenorshare.cn/download/checkCross?cross_end_id=%s
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://update.tenorshare.com/queryDownloader?LanguageId=%d&SoftWareID=%d&SiteID=%d%s
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://update.tenorshare.com/queryDownloader?LanguageId=%d&SoftWareID=%d&SiteID=%d%s&package_type=2h
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	String found in binary or memory: http://www.digicert.com/CPS0
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000003.2315698031.0000000005D7E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4486594205.0000000005D84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google-analytics.com/collect
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.google-analytics.com/collect&av=&an=&el=&ea=&t=event&ec=&cid=v=1&tid=
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000003.2315698031.0000000005D7E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4486594205.0000000005D84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google-analytics.com/collectB570DC9;J
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000003.2315698031.0000000005D7E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4486594205.0000000005D84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google-analytics.com/collectB570DC9WJ
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000003.2315698031.0000000005D7E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4486594205.0000000005D84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google-analytics.com/collectct
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.openssl.org/support/faq.html
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4485257293.0000000000A49000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.tenorshare.com/downloads/service/softwarelog.txt
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.tenorshare.com/downloads/service/softwarelog.txthttp://ip-api.com/csvsuccess/QueryTools?L
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://analytics-test.afirstsoft.cn/collector
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://analytics-test.afirstsoft.cn/collectorurl:mac
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://analytics.afirstsoft.cn/collect
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://check.mobie.app
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4485204905.0000000000A0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://check.mobie.appcloudd$L
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	String found in binary or memory: https://download.any-data-recovery.com/downloads/extra/AnyDataRecovery_any_x64.exe
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4485204905.0000000000A0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download.tenorshare.com/down
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4485204905.0000000000A0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download.tenorshare.com/downad
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4485724599.0000000004C9B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4486454657.0000000005CD2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download.tenorshare.com/downloads/extra/4ddigdllfixer_4ddig.exe
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000003.2316041826.0000000005CD2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4486454657.0000000005CD2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download.tenorshare.com/downloads/extra/4ddigdllfixer_4ddig.exe;
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4485724599.0000000004C01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download.tenorshare.com/downloads/extra/4ddigdllfixer_4ddig.exexD
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000003.2022813160.0000000000A4F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000003.2022904676.0000000000A79000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000003.2315512780.0000000000A8C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4485286343.0000000000AAB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download.tenorshare.com/downloads/extra/4ddigdllfixer_4ddig.exey
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	String found in binary or memory: https://download.tenorshare.com/downloads/extra/AnyDataRecovery_ts_x64.exe
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	String found in binary or memory: https://download.tenorshare.net/downloads/extra/AnyDataRecovery_net_x64.exe
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4485204905.0000000000A0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download.tenorshh
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://integrated.tenorshare.com/api/v1/ticket/feedback
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://integrated.tenorshare.com/api/v1/ticket/feedback&subject=&version=&log_id=&content=&useremai
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://product-alert.afirstsoft.cn/api/exception/send
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://product-alert.afirstsoft.cn/api/exception/sendpid=%d&type=2&exception_code=Hash_Check_Fail_C
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://update.tenorshare.cn/download/checkCross?cross_end_id=%s
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://update.tenorshare.cn/queryDownloader?LanguageId=%d&SoftWareID=%d&SiteID=%d%s
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://update.tenorshare.com/download/checkCross?cross_end_id=%s
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://update.tenorshare.com/queryDownloader?LanguageId=%d&SoftWareID=%d&SiteID=%d%s
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://update.tenorshare.com/queryDownloader?LanguageId=1033&SoftWareID=%d&SiteID=1%s
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000003.2315698031.0000000005D7E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4486594205.0000000005D84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google-analytics.com/g/collect
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4485724599.0000000004CAF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google-analytics.com/g/collect?v=2&_ss=1&_c=1&sid=1677653616&cid=1B2303A8ECF4BB570DC9
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4485724599.0000000004C6D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google-analytics.com/g/collect?v=2&_ss=1&_c=1&sid=1677653616&cid=1B2303A8ECF4BB570DC9&ti
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.google-analytics.com/g/collect?v=2&_ss=1&_c=1&sid=1677653616&cid=SoftDataReport
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4485724599.0000000004C6D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.tenorshare.com/
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4485724599.0000000004C6D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.tenorshare.com/downloads/service/softwarelog.txt
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4485724599.0000000004C6D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.tenorshare.com/downloads/service/softwarelog.txtnQ

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe

Code function: 0_2_00474DE0 GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,

0_2_00474DE0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Code function: 0_2_004FC7D0	0_2_004FC7D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Code function: 0_2_005094D4	0_2_005094D4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Code function: 0_2_005097B0	0_2_005097B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Code function: 0_2_004F5FB8	0_2_004F5FB8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Code function: 0_2_004FE025	0_2_004FE025
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Code function: 0_2_0053C150	0_2_0053C150
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Code function: 0_2_005E21E0	0_2_005E21E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Code function: 0_2_005F05F0	0_2_005F05F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Code function: 0_2_00466820	0_2_00466820
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Code function: 0_2_00506AA3	0_2_00506AA3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Code function: 0_2_00432B50	0_2_00432B50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Code function: 0_2_005FCCF0	0_2_005FCCF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Code function: 0_2_0050504E	0_2_0050504E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Code function: 0_2_005E301A	0_2_005E301A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Code function: 0_2_006090CD	0_2_006090CD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Code function: 0_2_004FB3DA	0_2_004FB3DA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Code function: 0_2_004F145C	0_2_004F145C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Code function: 0_2_005E97DB	0_2_005E97DB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Code function: 0_2_00463870	0_2_00463870
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Code function: 0_2_00467920	0_2_00467920
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Code function: 0_2_005E9A0A	0_2_005E9A0A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Code function: 0_2_005E9C39	0_2_005E9C39
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Code function: 0_2_004FBDCB	0_2_004FBDCB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Code function: 0_2_004F9E9E	0_2_004F9E9E

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Code function: String function: 005CAC20 appears 35 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Code function: String function: 0052A7A0 appears 40 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Code function: String function: 005F7169 appears 55 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Code function: String function: 0048BF00 appears 38 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Code function: String function: 005CA540 appears 72 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Code function: String function: 00465C70 appears 224 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Code function: String function: 00555D20 appears 47 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Code function: String function: 0053A000 appears 36 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Code function: String function: 00485D60 appears 35 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Code function: String function: 004A8EC0 appears 66 times

Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: classification engine

Classification label: sus36.winEXE@1/1@3/1

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe

Code function: 0_2_00502C49 FindResourceW,LoadResource,FreeResource,SizeofResource,LockResource,FreeResource,

0_2_00502C49

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe

Mutant created: \Sessions\1\BaseNamedObjects\AFS_Downloader_437

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe

File created: C:\Users\user\AppData\Local\Temp\4ddigdllfixer_4ddig

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	String found in binary or memory: id-cmc-addExtensions
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	String found in binary or memory: set-addPolicy
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	String found in binary or memory: Unable to complete request for channel-process-startup
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	String found in binary or memory: /AddUserLog?USER_ID=
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	String found in binary or memory: /AddRegLog?USER_ID=

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Section loaded: sensapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Section loaded: firewallapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Section loaded: fwbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Section loaded: fwpolicyiomgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Section loaded: msftedit.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Section loaded: windows.globalization.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Section loaded: bcp47mrm.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Section loaded: globinputhost.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Section loaded: dlnashext.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Section loaded: wpdshext.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Section loaded: dhcpcsvc.dll	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe

File opened: C:\Windows\SysWOW64\msftedit.dll

Jump to behavior

Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe

Static PE information: certificate valid

Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe

Static file information: File size 2009360 > 1048576

Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe

Static PE information: Raw size of UPX1 is bigger than: 0x100000 < 0x1c2c00

Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe

Code function: 0_2_004D61F0 LoadLibraryW,GetProcAddress,GetSystemInfo,GetVersionExW,GetSystemMetrics,GetSystemMetrics,

0_2_004D61F0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Code function: 0_2_005CAC66 push ecx; ret	0_2_005CAC79
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Code function: 0_2_0045DDB0 push ecx; mov dword ptr [esp], ebx	0_2_0045DDB1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Code function: 0_2_005C9F6A push ecx; ret	0_2_005C9F7D

Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Window / User API: threadDelayed 6733			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Window / User API: threadDelayed 3181			Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe

Evasive API call chain: GetSystemTimeAsFileTime,DecisionNodes

graph_0-69201

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe TID: 3140	Thread sleep time: -3366500s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe TID: 3140	Thread sleep time: -1590500s >= -30000s			Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe

Last function: Thread delayed

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe

Code function: 0_2_004D61F0 LoadLibraryW,GetProcAddress,GetSystemInfo,GetVersionExW,GetSystemMetrics,GetSystemMetrics,

0_2_004D61F0

Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4485724599.0000000004C01000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWp
Source: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4485724599.0000000004CAF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe

Code function: 0_2_005E7470 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_005E7470

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe

Code function: 0_2_004D61F0 LoadLibraryW,GetProcAddress,GetSystemInfo,GetVersionExW,GetSystemMetrics,GetSystemMetrics,

0_2_004D61F0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe

Code function: 0_2_005F9427 mov eax, dword ptr fs:[00000030h]

0_2_005F9427

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Code function: 0_2_005E7470 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		0_2_005E7470
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Code function: 0_2_005C9B35 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,		0_2_005C9B35

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe

Code function: 0_2_004386C0 cpuid

0_2_004386C0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	0_2_00608149
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Code function: EnumSystemLocalesW,	0_2_005FF266
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Code function: GetLocaleInfoW,	0_2_005FF730
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Code function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,	0_2_00607811
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Code function: EnumSystemLocalesW,	0_2_00607AD4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Code function: EnumSystemLocalesW,	0_2_00607A89
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Code function: EnumSystemLocalesW,	0_2_00607B6F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	0_2_00607F75

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe

Code function: 0_2_005C8160 GetLocalTime,_swprintf_s,

0_2_005C8160

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe

Code function: 0_2_004D61F0 LoadLibraryW,GetProcAddress,GetSystemInfo,GetVersionExW,GetSystemMetrics,GetSystemMetrics,

0_2_004D61F0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe

Code function: 0_2_0045B4B0 libssh2_channel_forward_listen_ex,libssh2_session_last_errno,

0_2_0045B4B0

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	1 DLL Side-Loading	1 Virtualization/Sandbox Evasion	1 Input Capture	1 System Time Discovery	Remote Services	1 Input Capture	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Native API	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Query Registry	Remote Desktop Protocol	11 Archive Collected Data	2 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	21 Obfuscated Files or Information	Security Account Manager	11 Security Software Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Software Packing	NTDS	1 Virtualization/Sandbox Evasion	Distributed Component Object Model	Input Capture	12 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	1 Process Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	Steganography	Cached Domain Credentials	1 Application Window Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	Compile After Delivery	DCSync	1 System Network Configuration Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	Indicator Removal from Tools	Proc Filesystem	34 System Information Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	8%	ReversingLabs
SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	4%	Virustotal		Browse

Source	Detection	Scanner	Label	Link
http://crl.mic	0%	URL Reputation	safe
https://download.tenorshh	0%	Avira URL Cloud	safe
https://analytics.afirstsoft.cn/collect	0%	Avira URL Cloud	safe
https://product-alert.afirstsoft.cn/api/exception/sendpid=%d&type=2&exception_code=Hash_Check_Fail_C	0%	Avira URL Cloud	safe
https://analytics-test.afirstsoft.cn/collector	0%	Avira URL Cloud	safe
https://update.tenorshare.cn/download/checkCross?cross_end_id=%s	0%	Avira URL Cloud	safe
https://product-alert.afirstsoft.cn/api/exception/send	0%	Avira URL Cloud	safe
https://analytics-test.afirstsoft.cn/collectorurl:mac	0%	Avira URL Cloud	safe
https://analytics-test.afirstsoft.cn/collector	0%	Virustotal		Browse
https://check.mobie.appcloudd$L	0%	Avira URL Cloud	safe
http://update.tenorshare.cn/download/checkCross?cross_end_id=%s	0%	Avira URL Cloud	safe
https://analytics.afirstsoft.cn/collect	0%	Virustotal		Browse
https://product-alert.afirstsoft.cn/api/exception/send	0%	Virustotal		Browse
https://check.mobie.app	0%	Avira URL Cloud	safe
https://analytics-test.afirstsoft.cn/collectorurl:mac	0%	Virustotal		Browse
https://update.tenorshare.cn/queryDownloader?LanguageId=%d&SoftWareID=%d&SiteID=%d%s	0%	Avira URL Cloud	safe
https://product-alert.afirstsoft.cn/api/exception/sendpid=%d&type=2&exception_code=Hash_Check_Fail_C	0%	Virustotal		Browse
https://update.tenorshare.cn/queryDownloader?LanguageId=%d&SoftWareID=%d&SiteID=%d%s	0%	Virustotal		Browse
https://update.tenorshare.cn/download/checkCross?cross_end_id=%s	0%	Virustotal		Browse
https://check.mobie.app	0%	Virustotal		Browse
http://update.tenorshare.cn/download/checkCross?cross_end_id=%s	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
ip-api.com	208.95.112.1	true	false	high
www.tenorshare.com	unknown	unknown	false	high
update.tenorshare.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://ip-api.com/csv	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://dl.tenorshare.net/AnyDataRecovery_any_x64.exe	SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	false		high
http://dl.tenorshare.net/AnyDataRecovery_net_x64.exe	SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	false		high
https://download.tenorshare.com/downloads/extra/4ddigdllfixer_4ddig.exe;	SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000003.2316041826.0000000005CD2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4486454657.0000000005CD2000.00000004.00000020.00020000.00000000.sdmp	false		high
http://download.wondershare.com/cbs_down/drfone_recover_full3366.exe	SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	false		high
https://analytics.afirstsoft.cn/collect	SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://download.tenorshare.com/downloads/extra/4ddigdllfixer_4ddig.exey	SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000003.2022813160.0000000000A4F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000003.2022904676.0000000000A79000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000003.2315512780.0000000000A8C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4485286343.0000000000AAB000.00000004.00000020.00020000.00000000.sdmp	false		high
https://integrated.tenorshare.com/api/v1/ticket/feedback	SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp	false		high
http://curl.haxx.se/docs/http-cookies.html#	SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	false		high
http://crl.mic	SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000003.2316041826.0000000005D55000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4486545605.0000000005D55000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://download.tenorshh	SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4485204905.0000000000A0E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://download.any-data-recovery.com/downloads/extra/AnyDataRecovery_any_x64.exe	SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	false		high
https://download.tenorshare.com/downad	SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4485204905.0000000000A0E000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.tenorshare.com/downloads/service/softwarelog.txt	SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4485724599.0000000004C6D000.00000004.00000020.00020000.00000000.sdmp	false		high
https://download.tenorshare.com/down	SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4485204905.0000000000A0E000.00000004.00000020.00020000.00000000.sdmp	false		high
https://product-alert.afirstsoft.cn/api/exception/sendpid=%d&type=2&exception_code=Hash_Check_Fail_C	SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://download.tenorshare.com/downloads/extra/4ddigdllfixer_4ddig.exexD	SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4485724599.0000000004C01000.00000004.00000020.00020000.00000000.sdmp	false		high
https://update.tenorshare.cn/download/checkCross?cross_end_id=%s	SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.openssl.org/support/faq.html	SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp	false		high
http://curl.haxx.se/docs/http-cookies.html	SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp	false		high
https://download.tenorshare.com/downloads/extra/4ddigdllfixer_4ddig.exe	SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4485724599.0000000004C9B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4486454657.0000000005CD2000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.tenorshare.com/downloads/service/softwarelog.txtnQ	SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4485724599.0000000004C6D000.00000004.00000020.00020000.00000000.sdmp	false		high
https://integrated.tenorshare.com/api/v1/ticket/feedback&subject=&version=&log_id=&content=&useremai	SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp	false		high
https://www.tenorshare.com/	SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4485724599.0000000004C6D000.00000004.00000020.00020000.00000000.sdmp	false		high
https://download.tenorshare.net/downloads/extra/AnyDataRecovery_net_x64.exe	SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	false		high
https://update.tenorshare.com/queryDownloader?LanguageId=1033&SoftWareID=%d&SiteID=1%s	SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp	false		high
https://update.tenorshare.com/download/checkCross?cross_end_id=%s	SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp	false		high
https://update.tenorshare.com/queryDownloader?LanguageId=%d&SoftWareID=%d&SiteID=%d%s	SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp	false		high
https://analytics-test.afirstsoft.cn/collector	SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://product-alert.afirstsoft.cn/api/exception/send	SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.tenorshare.com/downloads/service/softwarelog.txt	SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4485257293.0000000000A49000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.tenorshare.com/downloads/service/softwarelog.txthttp://ip-api.com/csvsuccess/QueryTools?L	SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp	false		high
http://update.tenorshare.com/queryDownloader?LanguageId=%d&SoftWareID=%d&SiteID=%d%s&package_type=2h	SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp	false		high
https://analytics-test.afirstsoft.cn/collectorurl:mac	SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://check.mobie.appcloudd$L	SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4485204905.0000000000A0E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://download.tenorshare.com/downloads/extra/AnyDataRecovery_ts_x64.exe	SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	false		high
http://update.tenorshare.cn/download/checkCross?cross_end_id=%s	SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://check.mobie.app	SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://dl.tenorshare.net/AnyDataRecovery_ts_x64.exe	SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe	false		high
http://update.tenorshare.com/queryDownloader?LanguageId=%d&SoftWareID=%d&SiteID=%d%s	SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp	false		high
https://update.tenorshare.cn/queryDownloader?LanguageId=%d&SoftWareID=%d&SiteID=%d%s	SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe, 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
208.95.112.1	ip-api.com	United States		53334	TUT-ASUS	false

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1430716
Start date and time:	2024-04-24 04:27:07 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 8m 0s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	4
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe
Detection:	SUS
Classification:	sus36.winEXE@1/1@3/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded IPs from analysis (whitelisted): 104.17.192.141, 104.17.207.155, 104.18.24.249, 104.18.25.249, 142.251.2.100, 142.251.2.139, 142.251.2.102, 142.251.2.138, 142.251.2.113, 142.251.2.101
Excluded domains from analysis (whitelisted): ocsp.digicert.com, update.tenorshare.com.cdn.cloudflare.net, slscr.update.microsoft.com, www.tenorshare.com.cdn.cloudflare.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, www.google-analytics.com
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
04:28:42	API Interceptor	13211944x Sleep call for process: SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
208.95.112.1	explorer.exe	Get hash	malicious	RedLine, XWorm	Browse	ip-api.com/line/?fields=hosting
	X1.exe	Get hash	malicious	XWorm	Browse	ip-api.com/line/?fields=hosting
	Output.exe	Get hash	malicious	RedLine, XWorm	Browse	ip-api.com/line/?fields=hosting
	X2.exe	Get hash	malicious	XWorm	Browse	ip-api.com/line/?fields=hosting
	55HUe105hhh123333.exe	Get hash	malicious	AgentTesla	Browse	ip-api.com/line/?fields=hosting
	PI88009454 007865EQ.exe	Get hash	malicious	AgentTesla	Browse	ip-api.com/line/?fields=hosting
	Request for Quotation.exe	Get hash	malicious	AgentTesla	Browse	ip-api.com/line/?fields=hosting
	Factura E24000319v00. SL.exe	Get hash	malicious	AgentTesla, PureLog Stealer, RedLine	Browse	ip-api.com/line/?fields=hosting
	QUOTATION_APRQTRA031244#U00faPDF.scr.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	ip-api.com/line/?fields=hosting
	Wire Transfer Payment Receipt#2024-22-04.exe	Get hash	malicious	AgentTesla	Browse	ip-api.com/line/?fields=hosting

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
ip-api.com	explorer.exe	Get hash	malicious	RedLine, XWorm	Browse	208.95.112.1
	X1.exe	Get hash	malicious	XWorm	Browse	208.95.112.1
	Output.exe	Get hash	malicious	RedLine, XWorm	Browse	208.95.112.1
	X2.exe	Get hash	malicious	XWorm	Browse	208.95.112.1
	55HUe105hhh123333.exe	Get hash	malicious	AgentTesla	Browse	208.95.112.1
	PI88009454 007865EQ.exe	Get hash	malicious	AgentTesla	Browse	208.95.112.1
	file.exe	Get hash	malicious	GuLoader, PXRECVOWEIWOEI Stealer	Browse	208.95.112.1
	Request for Quotation.exe	Get hash	malicious	AgentTesla	Browse	208.95.112.1
	Factura E24000319v00. SL.exe	Get hash	malicious	AgentTesla, PureLog Stealer, RedLine	Browse	208.95.112.1
	QUOTATION_APRQTRA031244#U00faPDF.scr.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	208.95.112.1

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
TUT-ASUS	explorer.exe	Get hash	malicious	RedLine, XWorm	Browse	208.95.112.1
	X1.exe	Get hash	malicious	XWorm	Browse	208.95.112.1
	Output.exe	Get hash	malicious	RedLine, XWorm	Browse	208.95.112.1
	X2.exe	Get hash	malicious	XWorm	Browse	208.95.112.1
	55HUe105hhh123333.exe	Get hash	malicious	AgentTesla	Browse	208.95.112.1
	PI88009454 007865EQ.exe	Get hash	malicious	AgentTesla	Browse	208.95.112.1
	file.exe	Get hash	malicious	GuLoader, PXRECVOWEIWOEI Stealer	Browse	208.95.112.1
	Request for Quotation.exe	Get hash	malicious	AgentTesla	Browse	208.95.112.1
	Factura E24000319v00. SL.exe	Get hash	malicious	AgentTesla, PureLog Stealer, RedLine	Browse	208.95.112.1
	QUOTATION_APRQTRA031244#U00faPDF.scr.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	208.95.112.1

Process:	C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	546
Entropy (8bit):	5.181924274021568
Encrypted:	false
SSDEEP:	12:hVAykSh2KnVAy00GGfVAypy7YhLskkNZWr5TkNZWr5xqkN9rK37TrKxi:7wKVAGtH+3WdQ3WdxZTGrTGxi
MD5:	64E8CA1280736A6F04FC5B393FA53C77
SHA1:	DC26E81CCAF9E8B9FBDA68E07BA211910D2EFE5B
SHA-256:	19BE1A1E087AF046836CE6C28315E6187C3479477341FB347DDA73CAEEAF0514
SHA-512:	7DF0E2FC5EFD638BDDBE4DD3F90DAF301E8609C9FEE85371AD945091A50CD8094264C754EDF955F6E91A314242DB155815B5765FE35A53445BE21CA3543EFF40
Malicious:	false
Reputation:	low
Preview:	2024-04-24 05:47:55,837--[Thread](3060) Downloader version: 2.7.11.0, 64Bit: True..2024-04-24 05:47:55,837--[Thread](3060) Screen: 1280*1024, 1..2024-04-24 05:47:55,837--[Thread](3060) Request For Product Config -- [Downloader Id]: 437 [Site Id]: 66 [Language Id]: 1033..2024-04-24 05:47:56,852--[Thread](5684) Verify CEI step1..2024-04-24 05:47:56,852--[Thread](5684) Verify CEI step4: 0..2024-04-24 05:47:56,852--[Thread](3436) GetDownloaderInfo(Async).....2024-04-24 05:47:58,493--[Thread](3436) GetDownloaderInfo(Async, com) return 0..

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy (8bit):	7.832162940503418
TrID:	Win32 Executable (generic) a (10002005/4) 99.66% UPX compressed Win32 Executable (30571/9) 0.30% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe
File size:	2'009'360 bytes
MD5:	a96ef52e95bb72ff1cfb04a8fe9fd14c
SHA1:	6f52dcd60eb5f373345791d6e2f745793f692315
SHA256:	b47316ca08d8a0d5b9f7c1479612c74dbd2922251adca3552e9c5cdf2e785731
SHA512:	495c84e2920396ad2004eb60bf1b9dde95b69c21cc390eb5c1ef8a27fbf429740b510cb9e34799b614be033f70c8964c8e101449e73e7becc0f3624a006822b6
SSDEEP:	49152:F1Ohg9sIP9Kz+p9lnoSjbjlmTnFRMsK+j+lMFgWtjCu:F1arIg+zFoSjbj8LjMH+j+lghtjCu
TLSH:	B795E0C2686342F9C5A30FF6A83C5EA457551DCE19DC02316D537A1E9CF3AAA4B8F603
File Content Preview:	MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$.......K.SJ.l=..l=..l=......l=......l=......l=......l=.42>..l=..28..l=..l=..l=......m=...9..l=...8.-l=......l=.428.ql=.429.(l=......l=

File Icon


Icon Hash:	6187133b3b1f8671

Static PE Info

General

Entrypoint:	0x7c57e0
Entrypoint Section:	UPX1
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x65A10D0D [Fri Jan 12 09:57:33 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	fe5fb373dbec3ba73ffb51335d1fc086

Authenticode Signature

Signature Valid:	true
Signature Issuer:	CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
Signature Validation Error:	The operation completed successfully
Error Number:	0
Not Before, Not After	07/07/2021 02:00:00 12/07/2024 01:59:59
Subject Chain	CN="Tenorshare Co., Ltd.", O="Tenorshare Co., Ltd.", L=Wan Chai, C=HK
Version:	3
Thumbprint MD5:	17F44DC1840AD7EC6484C284A5B3D3CE
Thumbprint SHA-1:	59FECDA87C479A14A82E3EF696F9E6A9002A3752
Thumbprint SHA-256:	EF4D9D322077E97381CFFEC61C1F7A70CDC7B16A87F85FCBCDCD2682737CFF2D
Serial:	0170C5D8E62ABAC7DB20918F8C95B7E8

Entrypoint Preview

Instruction
pushad
mov esi, 00603000h
lea edi, dword ptr [esi-00202000h]
mov dword ptr [edi+002CD47Ch], 929B7F38h
push edi
jmp 00007FB050712B43h
nop
nop
nop
nop
nop
nop
nop
mov al, byte ptr [esi]
inc esi
mov byte ptr [edi], al
inc edi
add ebx, ebx
jne 00007FB050712B39h
mov ebx, dword ptr [esi]
sub esi, FFFFFFFCh
adc ebx, ebx
jc 00007FB050712B1Fh
mov eax, 00000001h
add ebx, ebx
jne 00007FB050712B39h
mov ebx, dword ptr [esi]
sub esi, FFFFFFFCh
adc ebx, ebx
adc eax, eax
add ebx, ebx
jnc 00007FB050712B3Dh
jne 00007FB050712B5Ah
mov ebx, dword ptr [esi]
sub esi, FFFFFFFCh
adc ebx, ebx
jc 00007FB050712B51h
dec eax
add ebx, ebx
jne 00007FB050712B39h
mov ebx, dword ptr [esi]
sub esi, FFFFFFFCh
adc ebx, ebx
adc eax, eax
jmp 00007FB050712B06h
add ebx, ebx
jne 00007FB050712B39h
mov ebx, dword ptr [esi]
sub esi, FFFFFFFCh
adc ebx, ebx
adc ecx, ecx
jmp 00007FB050712B84h
xor ecx, ecx
sub eax, 03h
jc 00007FB050712B43h
shl eax, 08h
mov al, byte ptr [esi]
inc esi
xor eax, FFFFFFFFh
je 00007FB050712BA7h
sar eax, 1
mov ebp, eax
jmp 00007FB050712B3Dh
add ebx, ebx
jne 00007FB050712B39h
mov ebx, dword ptr [esi]
sub esi, FFFFFFFCh
adc ebx, ebx
jc 00007FB050712AFEh
inc ecx
add ebx, ebx
jne 00007FB050712B39h
mov ebx, dword ptr [esi]
sub esi, FFFFFFFCh
adc ebx, ebx
jc 00007FB050712AF0h
add ebx, ebx
jne 00007FB050712B39h
mov ebx, dword ptr [esi]
sub esi, FFFFFFFCh
adc ebx, ebx
adc ecx, ecx
add ebx, ebx
jnc 00007FB050712B21h
jne 00007FB050712B3Bh
mov ebx, dword ptr [esi]
sub esi, FFFFFFFCh
adc ebx, ebx
jnc 00007FB050712B16h
add ecx, 02h
cmp ebp, 00000000h

Rich Headers

Programming Language:

[ C ] VS2013 UPD5 build 40629
[C++] VS2008 SP1 build 30729
[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x2ba640	0xfec	UPX1
IMAGE_DIRECTORY_ENTRY_IMPORT	0x3e8204	0x46c	.rsrc
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x3c6000	0x22204	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x1e5800	0x5110	UPX0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x3e8670	0x24	.rsrc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x3c59d4	0x18	UPX1
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x3c59f4	0x5c	UPX1
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
UPX0	0x1000	0x202000	0x0	d41d8cd98f00b204e9800998ecf8427e	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
UPX1	0x203000	0x1c3000	0x1c2c00	c351f9596f7e59432d1872d73f6507b2	False	0.9839828584303938	data	7.903737396672126	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x3c6000	0x23000	0x22800	73864620870d94f9e582433995f9465e	False	0.1427833446557971	data	5.0042794144950005	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
ZIPRES	0x2d3280	0xa5a6a	data	Chinese	China	0.9738911667693433
RT_ICON	0x3c627c	0x10828	Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 8504 x 8504 px/m	Chinese	China	0.1044451673961907
RT_ICON	0x3d6aa8	0x94a8	Device independent bitmap graphic, 96 x 192 x 32, image size 36864, resolution 8504 x 8504 px/m	Chinese	China	0.12528904771915073
RT_ICON	0x3dff54	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 8504 x 8504 px/m	Chinese	China	0.17442135096835143
RT_ICON	0x3e4180	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 8504 x 8504 px/m	Chinese	China	0.2287344398340249
RT_ICON	0x3e672c	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 8504 x 8504 px/m	Chinese	China	0.3271575984990619
RT_ICON	0x3e77d8	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 8504 x 8504 px/m	Chinese	China	0.5824468085106383
RT_GROUP_ICON	0x3e7c44	0x5a	data	Chinese	China	0.7777777777777778
RT_VERSION	0x3e7ca4	0x2d0	data	Chinese	China	0.5166666666666667
RT_MANIFEST	0x3e7f78	0x28b	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5529953917050692

Imports

DLL	Import
ADVAPI32.dll	RegCloseKey
COMCTL32.dll
GDI32.dll	SaveDC
gdiplus.dll	GdipFree
IMM32.dll	ImmGetContext
IPHLPAPI.DLL	GetAdaptersInfo
KERNEL32.DLL	LoadLibraryA, ExitProcess, GetProcAddress, VirtualProtect
ole32.dll	CoCreateGuid
OLEAUT32.dll	VariantClear
SensApi.dll	IsNetworkAlive
SHELL32.dll	ShellExecuteW
SHLWAPI.dll	PathFileExistsW
USER32.dll	GetDC
VERSION.dll	VerQueryValueW
WINHTTP.dll	WinHttpGetIEProxyConfigForCurrentUser
WININET.dll	InternetOpenA
WINMM.dll	timeGetTime
WINTRUST.dll	WinVerifyTrust
WLDAP32.dll
WS2_32.dll	WSACleanup

Possible Origin

Language of compilation system	Country where language is spoken	Map
Chinese	China
English	United States

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
04/24/24-04:28:01.933308	TCP	2043421	ET MALWARE Tensorshare Google Analytics Checkin	49710	80	192.168.2.5	142.251.2.100

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 24, 2024 04:27:59.615612984 CEST	49708	80	192.168.2.5	208.95.112.1
Apr 24, 2024 04:27:59.775105953 CEST	80	49708	208.95.112.1	192.168.2.5
Apr 24, 2024 04:27:59.775183916 CEST	49708	80	192.168.2.5	208.95.112.1
Apr 24, 2024 04:27:59.775427103 CEST	49708	80	192.168.2.5	208.95.112.1
Apr 24, 2024 04:27:59.935609102 CEST	80	49708	208.95.112.1	192.168.2.5
Apr 24, 2024 04:27:59.935703993 CEST	49708	80	192.168.2.5	208.95.112.1
Apr 24, 2024 04:28:34.684195042 CEST	80	49708	208.95.112.1	192.168.2.5
Apr 24, 2024 04:28:34.684369087 CEST	49708	80	192.168.2.5	208.95.112.1
Apr 24, 2024 04:28:48.658759117 CEST	80	49708	208.95.112.1	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 24, 2024 04:27:57.799346924 CEST	55970	53	192.168.2.5	1.1.1.1
Apr 24, 2024 04:27:58.686635971 CEST	55149	53	192.168.2.5	1.1.1.1
Apr 24, 2024 04:27:59.460575104 CEST	50947	53	192.168.2.5	1.1.1.1
Apr 24, 2024 04:27:59.614844084 CEST	53	50947	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 24, 2024 04:27:57.799346924 CEST	192.168.2.5	1.1.1.1	0x95b9	Standard query (0)	www.tenorshare.com	A (IP address)	IN (0x0001)	false
Apr 24, 2024 04:27:58.686635971 CEST	192.168.2.5	1.1.1.1	0x1819	Standard query (0)	update.tenorshare.com	A (IP address)	IN (0x0001)	false
Apr 24, 2024 04:27:59.460575104 CEST	192.168.2.5	1.1.1.1	0xa294	Standard query (0)	ip-api.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 24, 2024 04:27:58.213491917 CEST	1.1.1.1	192.168.2.5	0x95b9	No error (0)	www.tenorshare.com	www.tenorshare.com.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 04:27:58.904994011 CEST	1.1.1.1	192.168.2.5	0x1819	No error (0)	update.tenorshare.com	update.tenorshare.com.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 04:27:59.614844084 CEST	1.1.1.1	192.168.2.5	0xa294	No error (0)	ip-api.com		208.95.112.1	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

ip-api.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49708	208.95.112.1	80	3572	C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe

Timestamp	Bytes transferred	Direction	Data
Apr 24, 2024 04:27:59.775427103 CEST	223	OUT	GET /csv HTTP/1.1 Accept: / Accept-Language: zh-cn Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; MyIE2; .NET CLR 1.1.4322) Host: ip-api.com Cache-Control: no-cache
Apr 24, 2024 04:27:59.935609102 CEST	309	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 02:27:59 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 138 Access-Control-Allow-Origin: * X-Ttl: 60 X-Rl: 44 Data Raw: 73 75 63 63 65 73 73 2c 55 6e 69 74 65 64 20 53 74 61 74 65 73 2c 55 53 2c 4e 56 2c 4e 65 76 61 64 61 2c 4c 61 73 20 56 65 67 61 73 2c 38 39 31 30 31 2c 33 36 2e 31 36 38 35 2c 2d 31 31 35 2e 31 31 36 34 2c 41 6d 65 72 69 63 61 2f 4c 6f 73 5f 41 6e 67 65 6c 65 73 2c 41 53 31 37 34 2c 2c 41 53 31 37 34 20 43 6f 67 65 6e 74 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 73 2c 31 35 34 2e 31 36 2e 31 30 35 2e 33 36 0a Data Ascii: success,United States,US,NV,Nevada,Las Vegas,89101,36.1685,-115.1164,America/Los_Angeles,AS174,,AS174 Cogent Communications,154.16.105.36

Target ID:	0
Start time:	04:27:55
Start date:	24/04/2024
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe"
Imagebase:	0x400000
File size:	2'009'360 bytes
MD5 hash:	A96EF52E95BB72FF1CFB04A8FE9FD14C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	7.3%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	3.4%
Total number of Nodes:	2000
Total number of Limit Nodes:	103

Executed Functions

Function 004D61F0 Relevance: 49.2, APIs: 6, Strings: 22, Instructions: 238
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 004D9930: RegOpenKeyExW.KERNEL32(80000002,SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion,00000000,000F003F,?), ref: 004D995B
Part of subcall function 004D9930: RegOpenKeyExW.ADVAPI32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,000F003F,?), ref: 004D9988

LoadLibraryW.KERNEL32(ntdll.dll,006764EF,A1986743), ref: 004D626E
GetProcAddress.KERNEL32(?,RtlGetNtVersionNumbers), ref: 004D6286

Strings

Microsoft Windows Me, xrefs: 004D6417
Windows 10, xrefs: 004D6310
Windows Server 2008, xrefs: 004D650E
Windows NT 4.0, xrefs: 004D63E1
ntdll.dll, xrefs: 004D6269
Windows XP Professional x64 Edition, xrefs: 004D6485
Windows 11, xrefs: 004D6231
Windows XP, xrefs: 004D6461
Windows 2000, xrefs: 004D6452
Windows Server 2012, xrefs: 004D655C
Windows Server 2003 R2, xrefs: 004D64BB
Windows 7, xrefs: 004D6526
Z, xrefs: 004D63CD
Windows Server 2008 R2, xrefs: 004D6535
Windows 98, xrefs: 004D6408
Windows Vista, xrefs: 004D64FF
Windows 8.1, xrefs: 004D62BF
Windows Server 2003, xrefs: 004D64A0
Windows 8, xrefs: 004D654D
Error, xrefs: 004D656B
RtlGetNtVersionNumbers, xrefs: 004D627A
Windows 95, xrefs: 004D63F9

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Open$AddressLibraryLoadProc
String ID: Error$Microsoft Windows Me$RtlGetNtVersionNumbers$Windows 10$Windows 11$Windows 2000$Windows 7$Windows 8$Windows 8.1$Windows 95$Windows 98$Windows NT 4.0$Windows Server 2003$Windows Server 2003 R2$Windows Server 2008$Windows Server 2008 R2$Windows Server 2012$Windows Vista$Windows XP$Windows XP Professional x64 Edition$Z$ntdll.dll
API String ID: 2503747728-1872465536
Opcode ID: becc9781918e92d7f115eed92cd509b8d2da87f21d69ab52c7fe74ba2f881f28
Instruction ID: f06371bf6099798f274b5ab154f557b8ac638fff51b5e169f619ea19dc396ace
Opcode Fuzzy Hash: becc9781918e92d7f115eed92cd509b8d2da87f21d69ab52c7fe74ba2f881f28
Instruction Fuzzy Hash: 97A17B70D00218DACF24DB90DC65AEEB7B5FB15315F15419FE00A62390DB385AC6CFA9

Uniqueness

Uniqueness Score: -1.00%

Function 005097B0 Relevance: 33.1, Strings: 26, Instructions: 563COMMON

Download Yara Rule

Strings

bad filter method, xrefs: 00509DF6
DNEI, xrefs: 0050984E
first not IHDR, xrefs: 00509F85
no PLTE, xrefs: 00509F65
SNRt, xrefs: 00509872
bad ctype, xrefs: 00509E0A
tRNS before PLTE, xrefs: 00509DAE
bad comp method, xrefs: 00509E00
tRNS with alpha, xrefs: 00509DC4
outofdata, xrefs: 00509F73
IBgC, xrefs: 00509836
ETLP, xrefs: 00509866
no IDAT, xrefs: 00509E4F
outofmem, xrefs: 00509F6C
too large, xrefs: 00509CC1
TADI, xrefs: 00509842
bad tRNS len, xrefs: 00509DA4
8bit only, xrefs: 00509E14
multiple IHDR, xrefs: 00509E28
RDHI, xrefs: 0050985A
tRNS after IDAT, xrefs: 00509DCE
XXXX chunk not known, xrefs: 0050989E, 005098B7
bad IHDR len, xrefs: 00509E1E
0-pixel image, xrefs: 00509DE2
bad interlace method, xrefs: 00509DEC
invalid PLTE, xrefs: 00509DD8

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: 0-pixel image$8bit only$DNEI$ETLP$IBgC$RDHI$SNRt$TADI$XXXX chunk not known$bad IHDR len$bad comp method$bad ctype$bad filter method$bad interlace method$bad tRNS len$first not IHDR$invalid PLTE$multiple IHDR$no IDAT$no PLTE$outofdata$outofmem$tRNS after IDAT$tRNS before PLTE$tRNS with alpha$too large
API String ID: 0-864047180
Opcode ID: 8289b1a26b2d20ef618ad0cb25b28a637dcee7502c4837844ff5fec408f3d0c0
Instruction ID: 9767e0239f14a106e6730be9c063c2dcdb57c7274f7c8f39be483d5168c38fc8
Opcode Fuzzy Hash: 8289b1a26b2d20ef618ad0cb25b28a637dcee7502c4837844ff5fec408f3d0c0
Instruction Fuzzy Hash: 9522E1B1604716DFDB65CA24C8847EE7FE5BB85300F1888AAE18AD62CBD73499C4CF15

Uniqueness

Uniqueness Score: -1.00%

Function 004F5FB8 Relevance: 30.1, APIs: 16, Strings: 1, Instructions: 361
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3_GS.LIBCMT ref: 004F5FC2
CreateFileW.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000080,00000000,?,00000000,00000304,0047AEED,?,00000001,00000000,00000001), ref: 004F6029
GetFileSize.KERNEL32(00000000,00000000,?,0047AE4A,00000000,00000001), ref: 004F604B
ReadFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 004F6079
CloseHandle.KERNEL32(00000000), ref: 004F6080
FindResourceW.KERNEL32(00000000,?,00000000,00000304,0047AEED,?,00000001,00000000,00000001,?,0047AE4A,00000000,00000001), ref: 004F617F
LoadResource.KERNEL32(00000000,00000000,?,0047AE4A,00000000,00000001), ref: 004F6192
FreeResource.KERNEL32(00000000,?,0047AE4A,00000000,00000001), ref: 004F61A3
SizeofResource.KERNEL32(00000000,00000000,?,0047AE4A,00000000,00000001), ref: 004F61B1
LockResource.KERNEL32(?,00000000,?,0047AE4A,00000000,00000001), ref: 004F61CD
FreeResource.KERNEL32(00000000,?,?,?,?,0047AE4A,00000000,00000001), ref: 004F61DE
CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,?,0047AE4A,00000000,00000001), ref: 004F61FD
GetFileSize.KERNEL32(00000000,00000000,?,0047AE4A,00000000,00000001), ref: 004F6210
ReadFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 004F623C
CloseHandle.KERNEL32(00000000), ref: 004F6243
new.LIBCMT ref: 004F642D

Strings

(, xrefs: 004F62E0

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: FileResource$CloseCreateFreeHandleReadSize$FindH_prolog3_LoadLockSizeof
String ID: (
API String ID: 361061638-3887548279
Opcode ID: 610951263266de8816b5d626cb659065d0abb9b8a1d8daed8dc93987143e6573
Instruction ID: 382f83a696a174bf22ca73ed3d27293c027cdf52f7e95f6d02db857f2c52593c
Opcode Fuzzy Hash: 610951263266de8816b5d626cb659065d0abb9b8a1d8daed8dc93987143e6573
Instruction Fuzzy Hash: DBD12971800229AFCB259F658C49FBEBB79AF45300F0580EAF645A7252DA38CE41CF55

Uniqueness

Uniqueness Score: -1.00%

Function 00502C49 Relevance: 9.1, APIs: 6, Instructions: 70COMMON

Download Yara Rule

APIs

FindResourceW.KERNEL32(00000000,?,?,?,00000001,?,?,00502ECF,?,00000000,?,?,?,source,?,000001F3), ref: 00502C8E
LoadResource.KERNEL32(00000000,00000000,?,00502ECF,?,00000000,?,?,?,source,?,000001F3,count,?,000001F3), ref: 00502CA1
FreeResource.KERNEL32(00000000,?,00502ECF,?,00000000,?,?,?,source,?,000001F3,count,?,000001F3), ref: 00502CAF
SizeofResource.KERNEL32(00000000,00000000,00000000,?,00502ECF,?,00000000,?,?,?,source,?,000001F3,count,?,000001F3), ref: 00502CC9
LockResource.KERNEL32(?,00000000,?,00502ECF,?,00000000,?,?,?,source,?,000001F3,count,?,000001F3), ref: 00502CD3
FreeResource.KERNEL32(00000000,00000000,?,00502ECF,?,00000000,?,?,?,source,?,000001F3,count,?,000001F3), ref: 00502CE6

Part of subcall function 00504B45: _wcslen.LIBCMT ref: 00504B55

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Resource$Free$FindLoadLockSizeof_wcslen
String ID:
API String ID: 1988637492-0
Opcode ID: 0200976a957b6ef4be4a8a4633e104fa5e25a3bf906fa6d4640e6cf3fbb6ac13
Instruction ID: fd3b4967a2f7b2a9d1e81b70bcb6adbf8c833f912d72db2c13036d2025541203
Opcode Fuzzy Hash: 0200976a957b6ef4be4a8a4633e104fa5e25a3bf906fa6d4640e6cf3fbb6ac13
Instruction Fuzzy Hash: 16118BB1500206BBEF116F759D0EEAF3B6EBB98764F00841AFE0597290CB34DC009A71

Uniqueness

Uniqueness Score: -1.00%

Function 004FC7D0 Relevance: 7.0, Strings: 5, Instructions: 715COMMON

Download Yara Rule

Strings

invalid bit length repeat, xrefs: 004FCF3E
invalid block type, xrefs: 004FC88C
'aO, xrefs: 004FC8B0, 004FC8C6, 004FC8B3
invalid stored block lengths, xrefs: 004FCED6
too many length or distance symbols, xrefs: 004FCEF8

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: 'aO$invalid bit length repeat$invalid block type$invalid stored block lengths$too many length or distance symbols
API String ID: 0-958382215
Opcode ID: da16ad5820bc0ed7c219961912b1c58b861929065c36dccb3cb234af9e8f7fed
Instruction ID: ba773f50f74042e0f0a69f4b5b445f92f5952f6df33f8712a27599857c094b28
Opcode Fuzzy Hash: da16ad5820bc0ed7c219961912b1c58b861929065c36dccb3cb234af9e8f7fed
Instruction Fuzzy Hash: 5552E8B1A0060EAFDB04CF68C9D1AADBBB1FF48315F14812AE959DB741D734EA50CB94

Uniqueness

Uniqueness Score: -1.00%

Function 005094D4 Relevance: 2.8, Strings: 2, Instructions: 250COMMON

Download Yara Rule

Strings

bad dist, xrefs: 005097A1
bad huffman code, xrefs: 00509792

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: bad dist$bad huffman code
API String ID: 0-3023303583
Opcode ID: 086d7b62245a1104eb1975376d7ec73f45b1e1658b7f2db233af408fbb365647
Instruction ID: b77e2c56ce37ad33cf1c22690368a636656fbc9cb122a610e57ef5b0bb15f667
Opcode Fuzzy Hash: 086d7b62245a1104eb1975376d7ec73f45b1e1658b7f2db233af408fbb365647
Instruction Fuzzy Hash: D081D532710A024BD7298E29C8D49BE7BE2FFC5310B54CA3DE597876DADA34E485C750

Uniqueness

Uniqueness Score: -1.00%

Function 00502D09 Relevance: 134.0, APIs: 34, Strings: 42, Instructions: 960COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00502D13
new.LIBCMT ref: 00502F1E

Part of subcall function 005156F5: __EH_prolog3.LIBCMT ref: 005156FC
Part of subcall function 005156F5: new.LIBCMT ref: 0051576A
Part of subcall function 005156F5: new.LIBCMT ref: 00515795
Part of subcall function 005156F5: new.LIBCMT ref: 005157D7
Part of subcall function 005156F5: new.LIBCMT ref: 00515802
Part of subcall function 005156F5: new.LIBCMT ref: 00515844

_wcslen.LIBCMT ref: 00503071
new.LIBCMT ref: 005030D2
new.LIBCMT ref: 0050310F
new.LIBCMT ref: 00503150

Part of subcall function 005C97B8: Concurrency::cancel_current_task.LIBCPMT ref: 005C97D0

Strings

ListTextElement, xrefs: 00503780
Slider, xrefs: 00503426
Font, xrefs: 00502D83
ListLabelElement, xrefs: 0050373F
ScrollBar, xrefs: 00503136
ActiveX, xrefs: 0050332E
, xrefs: 005036E7
GifAnim, xrefs: 0050336B
Control, xrefs: 005032F1
TabLayout, xrefs: 005030F9
TreeNode, xrefs: 00502EEC, 00502F07, 0050390D
CheckBox, xrefs: 005031F1
VerticalLayout, xrefs: 005037C1
Combo, xrefs: 00503467
count, xrefs: 00502E08
Image, xrefs: 00502D6E
Flash, xrefs: 005034E1
HorizontalLayout, xrefs: 00503702
IContainer, xrefs: 0050393D
WebBrowser, xrefs: 00503657
Default, xrefs: 00502D98
DateTime, xrefs: 00503273
List, xrefs: 0050355F
Container, xrefs: 005030BC
ChildLayout, xrefs: 0050382D
TreeView, xrefs: 00503046, 005032B0
TileLayout, xrefs: 0050361A
Button, xrefs: 005033AC
source, xrefs: 00502E38
TreeNodeUI, xrefs: 00503028
ListHeaderItem, xrefs: 005037F7
Label, xrefs: 005034A4
Edit, xrefs: 00503522
ListHeader, xrefs: 005035DD
ListContainerElement, xrefs: 005036C1
Text, xrefs: 0050359C
ComboBox, xrefs: 00503236
;P, xrefs: 0050322B
Progress, xrefs: 00503177
Include, xrefs: 00502DAD
Option, xrefs: 005033E9
RichEdit, xrefs: 005031B4

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Concurrency::cancel_current_taskH_prolog3H_prolog3__wcslen
String ID: $ActiveX$Button$CheckBox$ChildLayout$Combo$ComboBox$Container$Control$DateTime$Default$Edit$Flash$Font$GifAnim$HorizontalLayout$IContainer$Image$Include$Label$List$ListContainerElement$ListHeader$ListHeaderItem$ListLabelElement$ListTextElement$Option$Progress$RichEdit$ScrollBar$Slider$TabLayout$Text$TileLayout$TreeNode$TreeNodeUI$TreeView$VerticalLayout$WebBrowser$count$source$;P
API String ID: 2476553467-2645509099
Opcode ID: 1f7f7fc7d84bd8317c49eae6c3ef0fdf62a6f939e238ad7df0d05a62f64995a5
Instruction ID: 9cf8b5252166bff5ac4213e2dc0c17ec4bbbcd29dcd0353771fc4b3b5903bddd
Opcode Fuzzy Hash: 1f7f7fc7d84bd8317c49eae6c3ef0fdf62a6f939e238ad7df0d05a62f64995a5
Instruction Fuzzy Hash: 1962E371A4520B9ADB24AB75DC5ABAE7BECBF85710F1040BDF505E62C2EF708B408B54

Uniqueness

Uniqueness Score: -1.00%

Function 00502062 Relevance: 74.5, APIs: 7, Strings: 35, Instructions: 963
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Window, xrefs: 00502505
shadowimage, xrefs: 00502B7B
shadowdarkness, xrefs: 005029F3
shadowposition, xrefs: 00502A1F
defaultfontcolor, xrefs: 0050287B
default, xrefs: 0050235D
Font, xrefs: 0050220E
roundcorner, xrefs: 005026E7
mininfo, xrefs: 00502738
name, xrefs: 0050214C, 0050228B, 0050245F
showshadow, xrefs: 00502B9D
underline, xrefs: 00502309
true, xrefs: 005022F0, 0050231A, 00502344, 0050236E, 00502810, 00502BAE, 00502BE6
italic, xrefs: 00502333
disabledfontcolor, xrefs: 00502833
bktrans, xrefs: 005027FF
shadowcolor, xrefs: 00502A77
Image, xrefs: 005020EE
linkhoverfontcolor, xrefs: 0050290B
shadowsharpness, xrefs: 005029C7
size, xrefs: 005022AB, 00502564
Default, xrefs: 0050240B
restype, xrefs: 005021A4
linkfontcolor, xrefs: 005028C3
selectedcolor, xrefs: 00502953
mask, xrefs: 005021C4
maxinfo, xrefs: 00502789
alpha, xrefs: 005027DA
bold, xrefs: 005022DF
gdiplustext, xrefs: 00502BD5
sizebox, xrefs: 005025B7
shadowcorner, xrefs: 00502AC6
value, xrefs: 00502483
shadowsize, xrefs: 0050299B
caption, xrefs: 0050264F

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: Default$Font$Image$Window$alpha$bktrans$bold$caption$default$defaultfontcolor$disabledfontcolor$gdiplustext$italic$linkfontcolor$linkhoverfontcolor$mask$maxinfo$mininfo$name$restype$roundcorner$selectedcolor$shadowcolor$shadowcorner$shadowdarkness$shadowimage$shadowposition$shadowsharpness$shadowsize$showshadow$size$sizebox$true$underline$value
API String ID: 0-2202879338
Opcode ID: c5d8dd58bc7dc8ce7c63a94e6550c7e11fce0255420e9c403d5706e466891098
Instruction ID: a5f28e3172a4e2ac50814bfd754fa4f194b416ee88e8d7d8fb3c154c2e5d24a4
Opcode Fuzzy Hash: c5d8dd58bc7dc8ce7c63a94e6550c7e11fce0255420e9c403d5706e466891098
Instruction Fuzzy Hash: 95621B71A0461A6EDB24AB20DC5AEFF77BABFD4714F0000AEF509E31C1EA354E948E55

Uniqueness

Uniqueness Score: -1.00%

Function 00486C10 Relevance: 63.4, APIs: 9, Strings: 27, Instructions: 388
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 004D7A40: GetModuleHandleW.KERNEL32(kernel32,IsWow64Process), ref: 004D7A57
Part of subcall function 004D7A40: GetProcAddress.KERNEL32(00000000), ref: 004D7A5E
Part of subcall function 004D7A40: GetCurrentProcess.KERNEL32(00000000), ref: 004D7A71

Part of subcall function 004DA5F0: GetModuleFileNameW.KERNEL32(00000000,?,00000100), ref: 004DA68D
Part of subcall function 004DA5F0: wsprintfW.USER32 ref: 004DA6E2
Part of subcall function 004DA5F0: GetFileAttributesW.KERNEL32(?), ref: 004DA6F2

_fwprintf.LIBCONCRTD ref: 00486CD3
_fwprintf.LIBCONCRTD ref: 00486D85
_fwprintf.LIBCONCRTD ref: 00486DE6
new.LIBCMT ref: 00486E07
GetTickCount.KERNEL32 ref: 00486EFF

Strings

GetDownloaderInfo(, xrefs: 00487023
&package_type=2, xrefs: 00486D3E
int __thiscall CConfigure::getDownloadInfoXml(bool), xrefs: 00486FD2
Async, xrefs: 00486E66
int __thiscall CConfigure::getDownloadInfoXml(bool), xrefs: 00486E80
Sync, xrefs: 00486FAC
)..., xrefs: 00486EB2
AsyncGetCbsTime, xrefs: 004870C5
com, xrefs: 00486F8E
<Downloader>, xrefs: 0048713C
6bg, xrefs: 00486DB5, 00486DBB
https://update.tenorshare.com/queryDownloader?LanguageId=%d&SoftWareID=%d&SiteID=%d%s, xrefs: 00486DDA
Sync, xrefs: 00486E5A
Async, xrefs: 00486FB8
..\..\..\..\src\CConfigure.cpp, xrefs: 00486FD9
&package_type=2, xrefs: 00486C8C
) return , xrefs: 0048700B
SyncGetCbsTime, xrefs: 004870B9
</Downloader>, xrefs: 00487169
ag, xrefs: 00486CA2, 00486CA8
http://update.tenorshare.com/queryDownloader?LanguageId=%d&SoftWareID=%d&SiteID=%d%s, xrefs: 00486CC7
Other, xrefs: 004870DF
..\..\..\..\src\CConfigure.cpp, xrefs: 00486E87
ag, xrefs: 00486D54, 00486D5A
GetDownloaderInfo(, xrefs: 00486EBE
https://update.tenorshare.cn/queryDownloader?LanguageId=%d&SoftWareID=%d&SiteID=%d%s, xrefs: 00486D79
&package_type=2, xrefs: 00486D9F

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: _fwprintf$FileModule$AddressAttributesCountCurrentHandleNameProcProcessTickwsprintf
String ID: GetDownloaderInfo($ GetDownloaderInfo($&package_type=2$&package_type=2$&package_type=2$) return $)...$..\..\..\..\src\CConfigure.cpp$..\..\..\..\src\CConfigure.cpp$6bg$</Downloader>$<Downloader>$Async$Async$AsyncGetCbsTime$Other$Sync$Sync$SyncGetCbsTime$com$http://update.tenorshare.com/queryDownloader?LanguageId=%d&SoftWareID=%d&SiteID=%d%s$https://update.tenorshare.cn/queryDownloader?LanguageId=%d&SoftWareID=%d&SiteID=%d%s$https://update.tenorshare.com/queryDownloader?LanguageId=%d&SoftWareID=%d&SiteID=%d%s$int __thiscall CConfigure::getDownloadInfoXml(bool)$int __thiscall CConfigure::getDownloadInfoXml(bool)$ag$ag
API String ID: 2873216699-3520792415
Opcode ID: 6d463d6b7e1d47c122f178fd58190eff4c1a12e4d62d134c7a3109ad422841dd
Instruction ID: b02296927ded7b9667763099b363d12c1688b26b96581dbeacecf99579ac3a63
Opcode Fuzzy Hash: 6d463d6b7e1d47c122f178fd58190eff4c1a12e4d62d134c7a3109ad422841dd
Instruction Fuzzy Hash: 64024970A003289FDB6AEF64CC55BAEB7B9AB44704F1445DDE0096B281DB74AF84CF94

Uniqueness

Uniqueness Score: -1.00%

Function 004F4F62 Relevance: 32.1, APIs: 6, Strings: 12, Instructions: 587
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3_GS.LIBCMT ref: 004F4F6C
CharNextW.USER32(?), ref: 004F5089
CharNextW.USER32(?), ref: 004F50A9
CharNextW.USER32(?), ref: 004F50F0
CharNextW.USER32(?), ref: 004F511A
CharNextW.USER32(?), ref: 004F5144

Strings

hole, xrefs: 004F5518
xtiled, xrefs: 004F5555
true, xrefs: 004F552C, 004F5569, 004F55AA
restype, xrefs: 004F51D5
fade, xrefs: 004F54DC
ytiled, xrefs: 004F5592
mask, xrefs: 004F5482
dest, xrefs: 004F528D
file, xrefs: 004F51A5, 004F566E
res, xrefs: 004F51BD
source, xrefs: 004F5350
corner, xrefs: 004F53E9

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CharNext$H_prolog3_
String ID: corner$dest$fade$file$hole$mask$res$restype$source$true$xtiled$ytiled
API String ID: 3311536633-1809293843
Opcode ID: 6d91a4f344e7ab147b022bd640da083176854359296116fe51b47c737248a908
Instruction ID: 044583fb601c4fb6a45041f26f58954f9fc3b7d0d8006f4dd5adabb16a589487
Opcode Fuzzy Hash: 6d91a4f344e7ab147b022bd640da083176854359296116fe51b47c737248a908
Instruction Fuzzy Hash: 8022903180052DAACF20EF65CD4ABEEB7B5EF45700F4401DAEB49A7242DA345E86CF95

Uniqueness

Uniqueness Score: -1.00%

Function 004DCCB0 Relevance: 24.7, APIs: 9, Strings: 5, Instructions: 175
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(000001F4,A1986743), ref: 004DCDB4
WaitForSingleObject.KERNEL32(0000049C,000000C8,A1986743), ref: 004DCDD8
ResetEvent.KERNEL32(0000049C), ref: 004DCDEC
SetEvent.KERNEL32(0000049C,00000000), ref: 004DCE20
std::_Container_base12::~_Container_base12.LIBCPMTD ref: 004DCEEA
std::_Container_base12::~_Container_base12.LIBCPMTD ref: 004DCEF3
std::_Container_base12::~_Container_base12.LIBCPMTD ref: 004DCEFF
std::_Container_base12::~_Container_base12.LIBCPMTD ref: 004DCF08
std::_Container_base12::~_Container_base12.LIBCPMTD ref: 004DCF13

Strings

launchDownloader001, xrefs: 004DCD6C
DownloaderInfo00, xrefs: 004DCD59
2.7.11.0, xrefs: 004DCF0E
UA-114767297-1, xrefs: 004DCF1E
Downloader, xrefs: 004DCF19

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Container_base12Container_base12::~_std::_$Event$ObjectResetSingleSleepWait
String ID: 2.7.11.0$Downloader$DownloaderInfo00$UA-114767297-1$launchDownloader001
API String ID: 2165190465-1652618504
Opcode ID: 908609d1b461168d3ea8246e6dbd2fe83809ba29de0b94accb71a3ba77ef9856
Instruction ID: 96d77cc679eb7087a43a10ab6931405bcc64c6e5585a74e228c1c6113c3db172
Opcode Fuzzy Hash: 908609d1b461168d3ea8246e6dbd2fe83809ba29de0b94accb71a3ba77ef9856
Instruction Fuzzy Hash: 95717F70900219DFDB14EBA4CCA5FEEBBB2AB45704F0481AFE409A7391DB345A84DF95

Uniqueness

Uniqueness Score: -1.00%

Function 004DC5B0 Relevance: 22.9, APIs: 4, Strings: 9, Instructions: 153
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameW.KERNEL32(00000000,?,00000104,?,?,A1986743), ref: 004DC60E

Part of subcall function 004D8B00: GetFileVersionInfoSizeW.KERNELBASE(004DC627,00000000), ref: 004D8B8E
Part of subcall function 004D8B00: GetFileVersionInfoW.KERNELBASE(004DC627,00000000,00000000,?), ref: 004D8BBB
Part of subcall function 004D8B00: 74D31560.VERSION(?,0069B5CC,00000000,?), ref: 004D8BF7

Part of subcall function 0048BD20: operator!=.LIBCPMTD ref: 0048BD7B
Part of subcall function 0048BD20: operator!=.LIBCPMTD ref: 0048BDAD

Part of subcall function 004D7A40: GetModuleHandleW.KERNEL32(kernel32,IsWow64Process), ref: 004D7A57
Part of subcall function 004D7A40: GetProcAddress.KERNEL32(00000000), ref: 004D7A5E
Part of subcall function 004D7A40: GetCurrentProcess.KERNEL32(00000000), ref: 004D7A71

CreateExportObj.SECURITEINFO.COM.PROGRAM.UNWANTED.5531.23089.22779(?,?,000000FE,FFFFFFFF,?,?,00000000,000000FF,006A0D50,00000000,A1986743,?,?,?,?), ref: 004DC7CB
CreateEventW.KERNEL32(00000000,00000001,00000001,UserLogMutex,?,?,000000FE,FFFFFFFF,?,?,00000000,000000FF,006A0D50,00000000,A1986743), ref: 004DC7E9
CreateThread.KERNEL32(00000000,00000000,Function_000DCCB0,?,00000000,00000000), ref: 004DC808

Strings

United Kingdom, xrefs: 004DC72B, 004DC7B6
UserLogMutex, xrefs: 004DC7DE
Unknown, xrefs: 004DC726
2.7.11.0, xrefs: 004DC637
Hj, xrefs: 004DC69E, 004DC6A4
64bit, xrefs: 004DC660
32bit, xrefs: 004DC66C
English, xrefs: 004DC73A, 004DC771
Unknown, xrefs: 004DC735

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CreateFile$InfoModuleVersionoperator!=$AddressCurrentD.5531.23089D31560EventExportHandleNameObj.ProcProcessSizeThread
String ID: 32bit$ 64bit$2.7.11.0$English$Hj$United Kingdom$Unknown$Unknown$UserLogMutex
API String ID: 4096864814-3680371938
Opcode ID: 0ffb09cf151f8583d54759b42e79bd454d7d02ab4ed18695ca4ede658163ebaa
Instruction ID: 6cd0b861d86779849d5dd939d6c1fb631f10423eece722d8823fa76ce715d40a
Opcode Fuzzy Hash: 0ffb09cf151f8583d54759b42e79bd454d7d02ab4ed18695ca4ede658163ebaa
Instruction Fuzzy Hash: 8E616D71910218AFDB24EF64CC99FEEB775EF44704F0046AEE109662A1DB742E84CF95

Uniqueness

Uniqueness Score: -1.00%

Function 004FB91F Relevance: 21.3, APIs: 7, Strings: 5, Instructions: 272
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_wcsstr.LIBVCRUNTIME ref: 004FBABE
_wcsstr.LIBVCRUNTIME ref: 004FBAD1
CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000010,00000000), ref: 004FBB15

Strings

..\, xrefs: 004FBACB
:, xrefs: 004FBA97
/, xrefs: 004FBA0D
../, xrefs: 004FBAB8
\, xrefs: 004FBA17

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: _wcsstr$CreateFile
String ID: ../$..\$/$:$\
API String ID: 2250854609-3971031215
Opcode ID: 324e99ae9314d0e9c87cad07eca938192918acae7559f9814705e974725b463f
Instruction ID: 794240b0731361844fbd25a3d5e67040e7d34b57b3d68fb28017675a739f2ade
Opcode Fuzzy Hash: 324e99ae9314d0e9c87cad07eca938192918acae7559f9814705e974725b463f
Instruction Fuzzy Hash: C2A1C4B190021D9BDB24AF65DC45AFBB7B8EB05314F10429BF71593291DB38AE80CBD9

Uniqueness

Uniqueness Score: -1.00%

Function 00504B93 Relevance: 21.2, APIs: 5, Strings: 7, Instructions: 172
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3_GS.LIBCMT ref: 00504B9D
CreateFileW.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000080,00000000,?,00000000,000002C4,00502C81,?,00000000,?,00000001,?), ref: 00504BFE
GetFileSize.KERNEL32(00000000,00000000,?,00502ECF,?,00000000,?,?,?,source,?,000001F3,count,?,000001F3), ref: 00504C1B
ReadFile.KERNEL32(?,00000000,00000000,00000000,00000000), ref: 00504C5E
CloseHandle.KERNEL32(?), ref: 00504C6A

Strings

Error opening file, xrefs: 00504C10
Error opening zip file, xrefs: 00504CE8
File is empty, xrefs: 00504D25
Could not read file, xrefs: 00504C88
File too large, xrefs: 00504D36
Could not find ziped file, xrefs: 00504D12
Could not unzip file, xrefs: 00504D85

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: File$CloseCreateH_prolog3_HandleReadSize
String ID: Could not find ziped file$Could not read file$Could not unzip file$Error opening file$Error opening zip file$File is empty$File too large
API String ID: 3380832384-2950584456
Opcode ID: dd0a38c51002d4e5ffcba9dae1a2808a48d3d5c5b11939dc9cefb41744723b3f
Instruction ID: 47a982466a575c1d216e5423e6868a3cea2ec75c94655ba7759a30092921a80e
Opcode Fuzzy Hash: dd0a38c51002d4e5ffcba9dae1a2808a48d3d5c5b11939dc9cefb41744723b3f
Instruction Fuzzy Hash: 5C51C5F2500219BAFB217B219C4AFBE6A2DBF81704F10809FF709661D2DE794D419E25

Uniqueness

Uniqueness Score: -1.00%

Function 004DD6A0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 112
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

std::_Container_base12::~_Container_base12.LIBCPMTD ref: 004DD734

Part of subcall function 0048B7E0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0048B809

std::_Container_base12::~_Container_base12.LIBCPMTD ref: 004DD73D
std::_Container_base12::~_Container_base12.LIBCPMTD ref: 004DD746
std::_Container_base12::~_Container_base12.LIBCPMTD ref: 004DD74F
std::_Container_base12::~_Container_base12.LIBCPMTD ref: 004DD758
std::_Container_base12::~_Container_base12.LIBCPMTD ref: 004DD763
_fwprintf.LIBCONCRTD ref: 004DD775

Part of subcall function 0047E710: _fread.LIBCMTD ref: 0047E72F

std::_Container_base12::~_Container_base12.LIBCPMTD ref: 004DD799

Strings

&tid=G-SLH4HH21YG&ep.ts_productname=Downloader&ep.ts_productversion=%s&ep.ts_category=%s&ep.ts_action=%s&ep.ts_label=%s&en=%s%s, xrefs: 004DD769
2.7.11.0, xrefs: 004DD75E

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Container_base12Container_base12::~_std::_$Base::Concurrency::details::ContextIdentityQueueWork_fread_fwprintf
String ID: &tid=G-SLH4HH21YG&ep.ts_productname=Downloader&ep.ts_productversion=%s&ep.ts_category=%s&ep.ts_action=%s&ep.ts_label=%s&en=%s%s$2.7.11.0
API String ID: 4055329430-729109691
Opcode ID: c90734b04104d3d0c2949891edc050b92061e62b571d7ab3326d3038ffb4ee69
Instruction ID: 954bcfd6baa22ea4b98bee5a450572d4ecef13da98265b593b975b2e4aa05084
Opcode Fuzzy Hash: c90734b04104d3d0c2949891edc050b92061e62b571d7ab3326d3038ffb4ee69
Instruction Fuzzy Hash: 24415A7080028CDFCB14EB65CC56BEEB775AF14308F04459EF459A32A1DBB86B88DB95

Uniqueness

Uniqueness Score: -1.00%

Function 004D9930 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 93
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExW.KERNEL32(80000002,SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion,00000000,000F003F,?), ref: 004D995B
RegOpenKeyExW.ADVAPI32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,000F003F,?), ref: 004D9988
RegQueryValueExW.KERNEL32(?,CurrentBuild,00000000,00000001,?,00000104), ref: 004D99FA
RegQueryValueExW.ADVAPI32(?,CurrentBuildNumber,00000000,00000001,?,00000104), ref: 004D9A32
RegCloseKey.ADVAPI32(?), ref: 004D9A4E
RegCloseKey.KERNEL32(?), ref: 004D9A5F

Strings

SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 004D997E
CurrentBuildNumber, xrefs: 004D9A26
SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion, xrefs: 004D9951
CurrentBuild, xrefs: 004D99EE

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CloseOpenQueryValue
String ID: CurrentBuild$CurrentBuildNumber$SOFTWARE\Microsoft\Windows NT\CurrentVersion$SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion
API String ID: 3677997916-114571279
Opcode ID: 99b58c2d815febb326445ad23a306b0ad8db09e0b76d33e8f46c96cfb884f661
Instruction ID: 81f59176c7d0edfca15b62531c5d8ecaf41b76f38c0195ab17fe810790702325
Opcode Fuzzy Hash: 99b58c2d815febb326445ad23a306b0ad8db09e0b76d33e8f46c96cfb884f661
Instruction Fuzzy Hash: 4041737194022CEBDB20DBA0DC5DBE9B7B9BF58300F0045DAA509A6281D7B45FC4CF65

Uniqueness

Uniqueness Score: -1.00%

Function 00484420 Relevance: 15.2, APIs: 10, Instructions: 231
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0048A5C0: allocator.LIBCONCRTD ref: 0048A615

Part of subcall function 0048A1E0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0048A209

shared_ptr.LIBCMTD ref: 00484505

Part of subcall function 0049B6B0: std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 0049B6BA

Part of subcall function 00484A50: std::_Container_base12::~_Container_base12.LIBCPMTD ref: 00484A5D

~.LIBCPMTD ref: 0048461A

Part of subcall function 00484A70: std::_Container_base12::~_Container_base12.LIBCPMTD ref: 00484A7D

std::_Container_base12::~_Container_base12.LIBCPMTD ref: 0048462C
shared_ptr.LIBCPMTD ref: 004845A7

Part of subcall function 0048A500: std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 0048A529
Part of subcall function 0048A500: _Reset.LIBCMTD ref: 0048A535

std::_Container_base12::~_Container_base12.LIBCPMTD ref: 0048458A

Part of subcall function 0048A4C0: _Ptr_base.LIBCMTD ref: 0048A4E9

Part of subcall function 0048A8F0: std::_Mutex_base::~_Mutex_base.LIBCONCRTD ref: 0048A95E

std::_Mutex_base::~_Mutex_base.LIBCONCRTD ref: 00484639
std::_Mutex_base::~_Mutex_base.LIBCONCRTD ref: 00484695
shared_ptr.LIBCPMTD ref: 004846A4
std::_Container_base12::~_Container_base12.LIBCPMTD ref: 00484729
std::_Mutex_base::~_Mutex_base.LIBCONCRTD ref: 00484731

Part of subcall function 00480BC0: new.LIBCMT ref: 00480BEA
Part of subcall function 00480BC0: std::_Container_base12::~_Container_base12.LIBCPMTD ref: 00480C05

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: std::_$Container_base12Container_base12::~_$Mutex_baseMutex_base::~_$shared_ptr$Iterator_baseIterator_base::_$Base::Concurrency::details::ContextIdentityPtr_baseQueueResetWorkallocator
String ID:
API String ID: 705095841-0
Opcode ID: d95871b3a1ec78b47cacc53372e4026977eae7401f3eca11a37f830f3e750c03
Instruction ID: 76981a2831dc3854b1460d268ba74c7170eea27d7ead5c1800d4ad5b071f5eaf
Opcode Fuzzy Hash: d95871b3a1ec78b47cacc53372e4026977eae7401f3eca11a37f830f3e750c03
Instruction Fuzzy Hash: D6B15BB5D00208DFDB14EFA4C991BDEB7B5BF48304F10869EE51AAB281EB346A44CF55

Uniqueness

Uniqueness Score: -1.00%

Function 00474E70 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 327
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetStockObject.GDI32(00000011), ref: 00475153
GetObjectW.GDI32(00000000), ref: 0047515A

Part of subcall function 004F08EE: _wcslen.LIBCMT ref: 004F08F0

CreateFontIndirectW.GDI32(00000000), ref: 0047518F
CreatePen.GDI32(00000000,00000001,000000DC), ref: 00475261
6F561CD0.COMCTL32(?,?,?,?,?,A1986743), ref: 0047526C
LoadLibraryW.KERNEL32(msimg32.dll,?,?,?,?,?,A1986743), ref: 00475277
new.LIBCMT ref: 0047527F

Strings

msimg32.dll, xrefs: 00475272

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CreateObject$F561FontIndirectLibraryLoadStock_wcslen
String ID: msimg32.dll
API String ID: 1202924353-3287713914
Opcode ID: 8a7881df05bd2ec10dbe2b610514d33db50323207b0f292ce3034ab42a285bd1
Instruction ID: 07215fd4175c2c514ad0ad43b3c2453f67ad57b023a2adbfc28f88f05881d64d
Opcode Fuzzy Hash: 8a7881df05bd2ec10dbe2b610514d33db50323207b0f292ce3034ab42a285bd1
Instruction Fuzzy Hash: B3F10770904258CFEB24DFA4C869BADBBB1BF44308F2482ADD5496B383C7B55946CF94

Uniqueness

Uniqueness Score: -1.00%

Function 005F8FB2 Relevance: 13.8, APIs: 9, Instructions: 272
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 005F8C68: CreateFileW.KERNEL32(00000000,00000000,?,005F905B,?,?,00000000,?,005F905B,00000000,0000000C), ref: 005F8C85

GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 005F90C6
__dosmaperr.LIBCMT ref: 005F90CD
GetFileType.KERNEL32(00000000), ref: 005F90D9
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 005F90E3
__dosmaperr.LIBCMT ref: 005F90EC
CloseHandle.KERNEL32(00000000), ref: 005F910C
CloseHandle.KERNEL32(?), ref: 005F9256
GetLastError.KERNEL32 ref: 005F9288
__dosmaperr.LIBCMT ref: 005F928F

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
String ID:
API String ID: 4237864984-0
Opcode ID: b7a3adb527572c0943bc54440b35b586f182f1b9c01cca725a60ec461b878778
Instruction ID: dc0b4dcfd72135f488dc1646879f2947eb4c95116a970dafb2ae00be36210cca
Opcode Fuzzy Hash: b7a3adb527572c0943bc54440b35b586f182f1b9c01cca725a60ec461b878778
Instruction Fuzzy Hash: 0FA14632A0014A9FDF199F68D899BBE7FB1BF46320F14015AF9019B2D1DB399D12CB51

Uniqueness

Uniqueness Score: -1.00%

Function 00483560 Relevance: 10.9, APIs: 7, Instructions: 420
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::_Scoped_lock.LIBCMTD ref: 004835AB

Part of subcall function 0048B400: std::_Mutex_base::~_Mutex_base.LIBCONCRTD ref: 0048B414

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 00483612
Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 00483B08
Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 00483B98
std::_Container_base12::~_Container_base12.LIBCPMTD ref: 00483BF2
SafeRWList.LIBCONCRTD ref: 00483C04

Part of subcall function 00483C30: std::_Cnd_initX.LIBCPMTD ref: 00483C63

Part of subcall function 0049AFE0: std::ios_base::good.LIBCPMTD ref: 0049AFEC
Part of subcall function 0049AFE0: make_pair.LIBCPMTD ref: 0049B015

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Affinity::operator!=Concurrency::details::Hardwarestd::_$Cnd_initConcurrency::details::_Container_base12Container_base12::~_CriticalListLock::_Mutex_baseMutex_base::~_ReentrantSafeScoped_lockScoped_lock::_make_pairstd::ios_base::good
String ID:
API String ID: 2127206107-0
Opcode ID: 3192a8158a8e26993e0b0684a32fd5c60a075bc46ec74da4a450b3a12729c487
Instruction ID: 84ab643ec5e0ba867b12873aec8d3cdf417f001d6ff2590c887f4278a9d1e2f6
Opcode Fuzzy Hash: 3192a8158a8e26993e0b0684a32fd5c60a075bc46ec74da4a450b3a12729c487
Instruction Fuzzy Hash: 08028E70A012289FCB28FB15CC51BEEB7B5AF45704F0085DEE48A67291CA746F85CF96

Uniqueness

Uniqueness Score: -1.00%

Function 004842C0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 106COMMON

Download Yara Rule

APIs

Part of subcall function 00483F60: std::_Container_base12::~_Container_base12.LIBCPMTD ref: 00483FD2
Part of subcall function 00483F60: std::_Container_base12::~_Container_base12.LIBCPMTD ref: 00484028
Part of subcall function 00483F60: std::_Container_base12::~_Container_base12.LIBCPMTD ref: 00484053

_Smanip.LIBCPMTD ref: 00484391
std::ios_base::good.LIBCPMTD ref: 0048439C
std::ios_base::good.LIBCPMTD ref: 004843AE

Part of subcall function 0049A570: char_traits.LIBCPMTD ref: 0049A701

Part of subcall function 0049A570: char_traits.LIBCPMTD ref: 0049A7E6
Part of subcall function 0049A570: std::ios_base::width.LIBCPMTD ref: 0049A816

Strings

Could not load empty file for logging, please re-check your configurations for level [, xrefs: 00484325
^;H, xrefs: 00484401

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Container_base12Container_base12::~_std::_$char_traitsstd::ios_base::good$Smanipstd::ios_base::width
String ID: Could not load empty file for logging, please re-check your configurations for level [$^;H
API String ID: 1894501260-2301501353
Opcode ID: 016d1e35beceab4e70810a6dfdff97dd2a83df31855ab940757d52022f44dd52
Instruction ID: 7dad86f657fa1365ef361476469a0f952a356828e94e9413155e409e1230d59c
Opcode Fuzzy Hash: 016d1e35beceab4e70810a6dfdff97dd2a83df31855ab940757d52022f44dd52
Instruction Fuzzy Hash: 5831C671D00118ABCB04FBD5DC51AEEB775EF54318F04492EF40267291EB389A08C7E9

Uniqueness

Uniqueness Score: -1.00%

Function 004DA5F0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 81COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(00000000,?,00000100), ref: 004DA68D
wsprintfW.USER32 ref: 004DA6E2
GetFileAttributesW.KERNEL32(?), ref: 004DA6F2

Strings

ulH, xrefs: 004DA703
%s%sts_downloader.cfg, xrefs: 004DA6D6

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: File$AttributesModuleNamewsprintf
String ID: %s%sts_downloader.cfg$ulH
API String ID: 602362170-2056451001
Opcode ID: 0c64d2cf708b981495b664d08ac67ce791b9e1eeb7ed8c506c26bac8835c7df5
Instruction ID: 74a83ce69e0d9a56a1fd7ff3576ed48ecb5f4d72673011148fa7c163ac3be726
Opcode Fuzzy Hash: 0c64d2cf708b981495b664d08ac67ce791b9e1eeb7ed8c506c26bac8835c7df5
Instruction Fuzzy Hash: 4321FBB1E4031866DB20DBA0DC4AFEA737DAF88700F0081D5F319961C1EAB55B548FA5

Uniqueness

Uniqueness Score: -1.00%

Function 004017F0 Relevance: 7.8, APIs: 5, Instructions: 270networkCOMMON

Download Yara Rule

APIs

select.WS2_32(?,00000000,00000000,00000000,-00000001), ref: 00401A2B
WSAGetLastError.WS2_32(?,?,00000000,00000001), ref: 00401A36

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLastselect
String ID:
API String ID: 215497628-0
Opcode ID: 0dc95c6ff5559ac5b91882904f9dc5f720a9e3f04980b930d937416c422641b6
Instruction ID: dd5d3641822d6375d7af9528d2ceb70ea70f15520d76f99a80f23671d9a5e660
Opcode Fuzzy Hash: 0dc95c6ff5559ac5b91882904f9dc5f720a9e3f04980b930d937416c422641b6
Instruction Fuzzy Hash: 08919471A043018BD735DF68D8946ABB3E5ABC4320F144A3FE499E72E0D7389A45C75A

Uniqueness

Uniqueness Score: -1.00%

Function 0048CA70 Relevance: 7.7, APIs: 5, Instructions: 242COMMON

Download Yara Rule

APIs

char_traits.LIBCPMTD ref: 0048CAAD
char_traits.LIBCPMTD ref: 0048CAC0

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: char_traits
String ID:
API String ID: 1158913984-0
Opcode ID: a3d8dbc9c524fda5157a371673c395e3e401367b92e297c6c5042c3d600ba4a5
Instruction ID: cc32c2ed09b35490bfe6dc60ba283daaf5c27be9fbd6b446bde943565d799f4e
Opcode Fuzzy Hash: a3d8dbc9c524fda5157a371673c395e3e401367b92e297c6c5042c3d600ba4a5
Instruction Fuzzy Hash: 14917571D0010C9FCB14FBA5D491AEEBBB4EF48314F14892FF4166B291EB389945CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 0054BB50 Relevance: 7.6, APIs: 6, Instructions: 148COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(0000FDE9,00000008,?,?,00000000,00000000,?,?,?,00000000,0054BA70,?,?,?,?,00465A56), ref: 0054BB9B
GetLastError.KERNEL32 ref: 0054BBAD
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,00000000,00000000), ref: 0054BBCC
GetLastError.KERNEL32 ref: 0054BBD8
MultiByteToWideChar.KERNEL32(0000FDE9,00000008,?,?,?,00000000), ref: 0054BC29
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,?,00000008,?,00000000), ref: 0054BC53

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ByteCharMultiWide$ErrorLast
String ID:
API String ID: 1717984340-0
Opcode ID: 8f81bfb4f7ebf55ed4304229770857ef98a73e51de2e7a7b4c4c86912b240456
Instruction ID: ca5a1ed6b669805c5af1c32d9ec4abf79b97d9c07eb1dd7154ab471316c9a80a
Opcode Fuzzy Hash: 8f81bfb4f7ebf55ed4304229770857ef98a73e51de2e7a7b4c4c86912b240456
Instruction Fuzzy Hash: FE41E732E0010AABDF209FA5DC86BFEBB79FF88314F14416AE905A7241DB319D05C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 005BEFF0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 275COMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 005BF2D4

Strings

\Logs, xrefs: 005BF3C7
https://check.mobie.app, xrefs: 005BF293
\Logs\SoftwareLog.log, xrefs: 005BF339

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CountTick
String ID: \Logs$\Logs\SoftwareLog.log$https://check.mobie.app
API String ID: 536389180-3326863518
Opcode ID: 6ffb0baefb2fb730a55fc9b4d0c5c33a34a9f17a23a2703b40642eaa0ea830a3
Instruction ID: 260d55d11f0154932b7b0a6d2d279dd043532689a66444d93be5545bf48ee094
Opcode Fuzzy Hash: 6ffb0baefb2fb730a55fc9b4d0c5c33a34a9f17a23a2703b40642eaa0ea830a3
Instruction Fuzzy Hash: B7D13874104344CFEB29CF18D848B96BBF5FF06304F4108E9D4568B2A2D7B5EA84CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 004D8B00 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 118COMMON

Download Yara Rule

APIs

GetFileVersionInfoSizeW.KERNELBASE(004DC627,00000000), ref: 004D8B8E
GetFileVersionInfoW.KERNELBASE(004DC627,00000000,00000000,?), ref: 004D8BBB
74D31560.VERSION(?,0069B5CC,00000000,?), ref: 004D8BF7

Part of subcall function 004DA790: __vsnprintf.LIBCMTD ref: 004DA7AD

Strings

%d.%d.%d.%d, xrefs: 004D8C6C

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: FileInfoVersion$D31560Size__vsnprintf
String ID: %d.%d.%d.%d
API String ID: 3226949298-3491811756
Opcode ID: 423b1b33dbb7ba9ef12cf2e4af08509d6b189356d8e5deda6c586016b7cfc7aa
Instruction ID: 4015f2716efecd209e94b606240e1aaf53e4ab627a051baae5292e1b1fc54f45
Opcode Fuzzy Hash: 423b1b33dbb7ba9ef12cf2e4af08509d6b189356d8e5deda6c586016b7cfc7aa
Instruction Fuzzy Hash: 14512CF19042199BDB24DF54D855BAEB7B5EF48300F1086AAE709B7280D7789A44CFA8

Uniqueness

Uniqueness Score: -1.00%

Function 00484D10 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 94COMMON

Download Yara Rule

APIs

Part of subcall function 00485060: _Smanip.LIBCPMTD ref: 004850AD

Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::_Scoped_lock.LIBCMTD ref: 00484D8D
new.LIBCMT ref: 00484DD8
SafeRWList.LIBCONCRTD ref: 00484E3E

Part of subcall function 00482F00: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::_Scoped_lock.LIBCMTD ref: 00482F39
Part of subcall function 00482F00: SafeRWList.LIBCONCRTD ref: 00482F7A

Part of subcall function 00484ED0: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::_Scoped_lock.LIBCMTD ref: 00484F0C
Part of subcall function 00484ED0: _Smanip.LIBCPMTD ref: 00484F2C
Part of subcall function 00484ED0: SafeRWList.LIBCONCRTD ref: 00484F6A

Strings

TH, xrefs: 00484D38, 00484D42, 00484D4A, 00484D7C, 00484D81, 00484D9D, 00484DC4, 00484DE7, 00484DF1, 00484E19, 00484E22, 00484E2A, 00484DB6, 00484D53, 00484D74, 00484DCA, 00484DFA

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Concurrency::details::_CriticalListLock::_ReentrantSafeScoped_lockScoped_lock::_$Smanip
String ID: TH
API String ID: 694646252-1122092398
Opcode ID: c624399a1959fe671149d99b38a5154e09b4b9c6f09c9b03348ff87df34bee02
Instruction ID: b7cc85aad9d31c4c1facc95356a71d10b786a6ae234509a3a6f21463f66ebbc2
Opcode Fuzzy Hash: c624399a1959fe671149d99b38a5154e09b4b9c6f09c9b03348ff87df34bee02
Instruction Fuzzy Hash: 35410BB0A0011A9FDB08EB94C851BFEB7B1FF48704F144A6DE4116B3D2CB796901CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 00485780 Relevance: 6.2, APIs: 4, Instructions: 152COMMON

Download Yara Rule

APIs

Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::_Scoped_lock.LIBCMTD ref: 004857F2
Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 0048589C
~.LIBCPMTD ref: 0048593A

Part of subcall function 00484A70: std::_Container_base12::~_Container_base12.LIBCPMTD ref: 00484A7D

SafeRWList.LIBCONCRTD ref: 0048594E

Part of subcall function 0048B3C0: std::_Mutex_base::~_Mutex_base.LIBCONCRTD ref: 0048B3EB

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: std::_$Affinity::operator!=Concurrency::details::Concurrency::details::_Container_base12Container_base12::~_CriticalHardwareListLock::_Mutex_baseMutex_base::~_ReentrantSafeScoped_lockScoped_lock::_
String ID:
API String ID: 938531343-0
Opcode ID: 9a035c127763f644893246f49e1bdb5f855a2b250f6c30de08251620589b6f05
Instruction ID: 74d0a0d36b05bcc81e7df56b7551568040f2c8ee459e7f5669a1b998710e9721
Opcode Fuzzy Hash: 9a035c127763f644893246f49e1bdb5f855a2b250f6c30de08251620589b6f05
Instruction Fuzzy Hash: C4511870D01508EFDB08EF95D8A1AAEB7B6EF84304F10856EF416AB291DB786D05CB94

Uniqueness

Uniqueness Score: -1.00%

Function 0054BA60 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 76COMMON

Download Yara Rule

APIs

Part of subcall function 0054BB50: MultiByteToWideChar.KERNEL32(0000FDE9,00000008,?,?,00000000,00000000,?,?,?,00000000,0054BA70,?,?,?,?,00465A56), ref: 0054BB9B
Part of subcall function 0054BB50: GetLastError.KERNEL32 ref: 0054BBAD
Part of subcall function 0054BB50: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,00000000,00000000), ref: 0054BBCC
Part of subcall function 0054BB50: GetLastError.KERNEL32 ref: 0054BBD8

GetLastError.KERNEL32(.\crypto\bio\bss_file.c,000000AF,?,?,?,?,?,?,?,?,?,?,?,?,?,00463E46), ref: 0054BA83

Strings

.\crypto\bio\bss_file.c, xrefs: 0054BA7E, 0054BAC0, 0054BAE0
',', xrefs: 0054BA99
fopen(', xrefs: 0054BAA2

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast$ByteCharMultiWide
String ID: ','$.\crypto\bio\bss_file.c$fopen('
API String ID: 3361762293-2085858615
Opcode ID: f138b89281029876cab3be6ed4811cf031461cb85de28c0fb30e7ade6866068f
Instruction ID: b9a6cd6f560897e3128d28932d816c50ee567045ecc09e7ceb3ab2f68120681e
Opcode Fuzzy Hash: f138b89281029876cab3be6ed4811cf031461cb85de28c0fb30e7ade6866068f
Instruction Fuzzy Hash: BE11A336BC432236E62072A57C0BFDB2D46AFC2B25F420065F7047A1C7EAD1594551E3

Uniqueness

Uniqueness Score: -1.00%

Function 0047BD60 Relevance: 6.1, APIs: 4, Instructions: 55COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 0047BD88
Concurrency::cancel_current_task.LIBCPMT ref: 0047BDB9
new.LIBCMT ref: 0047BDC2

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 93242f0d6adca48808052c40f83396e57094b48c59300d6a304eae4fce9f5e04
Instruction ID: 8c3312a65764f705eff9d7bd7a749ac697c70927f3230743044cbe60eaae5125
Opcode Fuzzy Hash: 93242f0d6adca48808052c40f83396e57094b48c59300d6a304eae4fce9f5e04
Instruction Fuzzy Hash: 9C113AB4D05508EBCF14DFA9C4847DDBBB1EF45300F20C6AAE8195B344D374AB418B89

Uniqueness

Uniqueness Score: -1.00%

Function 004F4E1E Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 133COMMON

Download Yara Rule

APIs

IntersectRect.USER32(?,?,?), ref: 004F4EFF
IntersectRect.USER32(?,?,?), ref: 004F4F10

Strings

3WO, xrefs: 004F4E3A

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: IntersectRect
String ID: 3WO
API String ID: 481094312-3405059401
Opcode ID: 95c788ddda1782da13844c940e150fece8703dc4db3138b27ba082668788260f
Instruction ID: 231f12d8ac491f35f5ca2246d633eb4c52e51a98cca9576ad9293612c49894e1
Opcode Fuzzy Hash: 95c788ddda1782da13844c940e150fece8703dc4db3138b27ba082668788260f
Instruction Fuzzy Hash: 4641087290020D9BCF15DF94C9409EFB7B6FF89304B10445AFA15A7250DB35AE16CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 005F4EE5 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100COMMON

Download Yara Rule

Strings

Q, xrefs: 005F4F1B, 005F4F23, 005F4FB8, 005F4FC2

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: Q
API String ID: 0-1716927825
Opcode ID: 1128e851a97bd1857a3c74302b67bf5017fe5b6b0a9309efcc7b571a52794cbc
Instruction ID: ae6e8984056d384ff48c18a40550a9848ba3170eb0d9b5677b463d66500f6b7a
Opcode Fuzzy Hash: 1128e851a97bd1857a3c74302b67bf5017fe5b6b0a9309efcc7b571a52794cbc
Instruction Fuzzy Hash: ED213933904259ABEF252A69DC06BEB3F65BF81730F210215FA686B2D2DB741941C9A1

Uniqueness

Uniqueness Score: -1.00%

Function 005FE192 Relevance: 4.7, APIs: 3, Instructions: 186COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6f825080f86fbadf98ab4aa79073ce14ffe2847a4c67c2873003cbed881cd2d
Instruction ID: cabd8736a17f89cd67d8602f3e920cfa2816871ecf3a18c9d4528e3139134ce7
Opcode Fuzzy Hash: f6f825080f86fbadf98ab4aa79073ce14ffe2847a4c67c2873003cbed881cd2d
Instruction Fuzzy Hash: E551C37190014EEBDF149FA5C84AEBF7FB9BF85310F140819E601A72A2D738AA01CB61

Uniqueness

Uniqueness Score: -1.00%

Function 00498BE0 Relevance: 4.6, APIs: 3, Instructions: 125COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00498D3B
char_traits.LIBCPMTD ref: 00498D4E
construct.LIBCPMTD ref: 00498D82

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Base::Concurrency::details::ContextIdentityQueueWorkchar_traitsconstruct
String ID:
API String ID: 4230972912-0
Opcode ID: 959d162d0fc281dd0934289c8728820a4d500deb3453000e8c2a4f283ea7a911
Instruction ID: b0f37c46a94355b5c5142f31cce2e3244c7636129abd12f7c87eb867026635af
Opcode Fuzzy Hash: 959d162d0fc281dd0934289c8728820a4d500deb3453000e8c2a4f283ea7a911
Instruction Fuzzy Hash: 51412171E101099FCF04EF69C952AAFBBB5EF45318F10452EE509B72D1DA386D00CB99

Uniqueness

Uniqueness Score: -1.00%

Function 004798A0 Relevance: 4.6, APIs: 3, Instructions: 119timeCOMMON

Download Yara Rule

APIs

SetTimer.USER32(?,?,00000000,00000000), ref: 00479928
SetTimer.USER32(?,?,00000000,00000000), ref: 00479999

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Timer
String ID:
API String ID: 2870079774-0
Opcode ID: 30226b6889341f53662d1c299c391ebf57c3a42dba5be72d799a3926b958fc27
Instruction ID: c3f84e09a8d1ecb35188677c8bbf1fda30780b11e87fafe75aa76c37b6d31c57
Opcode Fuzzy Hash: 30226b6889341f53662d1c299c391ebf57c3a42dba5be72d799a3926b958fc27
Instruction Fuzzy Hash: 0D511BB4A00109EFDB04CF98C590AEEB7F1FF49314F24819AE919AB341D735AE42DB95

Uniqueness

Uniqueness Score: -1.00%

Function 00480D50 Relevance: 4.6, APIs: 3, Instructions: 95COMMON

Download Yara Rule

APIs

std::_Container_base12::~_Container_base12.LIBCPMTD ref: 00480D93

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Container_base12Container_base12::~_std::_
String ID:
API String ID: 1531518832-0
Opcode ID: d3ec0264236d641efb075e87c05db1790f4218ce2970ba28cf870503aaded9c8
Instruction ID: d4b386145653257c4aaece3b65de1a2a9b2d6eaa82a6f327fd2e6cc55cfc3695
Opcode Fuzzy Hash: d3ec0264236d641efb075e87c05db1790f4218ce2970ba28cf870503aaded9c8
Instruction Fuzzy Hash: 17315C71914208AFCB04EFA4DC91BEEBBB5EB44724F140A2EF411672D1DB385905CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 004912D0 Relevance: 4.6, APIs: 3, Instructions: 63COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00491348
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00491354
char_traits.LIBCPMTD ref: 00491366

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Base::Concurrency::details::ContextIdentityQueueWork$char_traits
String ID:
API String ID: 1941806930-0
Opcode ID: f20fbdc5192f2aa7c8872c04752dce0666f8558da7dde739792e42f28a241fed
Instruction ID: c66c9efae4511f5111bbcf23e921032434fa44fafc4db1d3e323e0825c13dec1
Opcode Fuzzy Hash: f20fbdc5192f2aa7c8872c04752dce0666f8558da7dde739792e42f28a241fed
Instruction Fuzzy Hash: 2D21FC71A10108EFCB04FF99D992EAE77B5AF88304F10816EF9199B251DB34AE10DB94

Uniqueness

Uniqueness Score: -1.00%

Function 004794E0 Relevance: 4.6, APIs: 3, Instructions: 60windowCOMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(00000000,00000000,00000000,00000000), ref: 00479531

Part of subcall function 0047B8C0: GetParent.USER32 ref: 0047B8FA

TranslateMessage.USER32(?), ref: 00479552
DispatchMessageW.USER32(?), ref: 00479563

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Message$CallbackDispatchDispatcherParentTranslateUser
String ID:
API String ID: 801901134-0
Opcode ID: cd80dfb41f257e9b2f722e4403b5586d4d9a367a57f90683443c4830802ada87
Instruction ID: 12914b495780b431396403bbf60a815d99ec19909bdc8964fe614d5a01dd7522
Opcode Fuzzy Hash: cd80dfb41f257e9b2f722e4403b5586d4d9a367a57f90683443c4830802ada87
Instruction Fuzzy Hash: 301166B1D00218AFDB10CFA9DD45BEEBBF8FB08710F10862BE515E2280E7349504CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 005F848D Relevance: 4.6, APIs: 3, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

SetFilePointerEx.KERNEL32(00000000,004586FA,00000002,00000000,00000000,00000010,004586FA,006B99C8,006B99C8,?,005F85CB,00000000,004586FA,00000002,00000000), ref: 005F84C6
GetLastError.KERNEL32(?,005F85CB,00000000,004586FA,00000002,00000000,?,005FE24A,004586FA,00000000,00000000,00000002,004586FA,00000000,004586FA), ref: 005F84D0
__dosmaperr.LIBCMT ref: 005F84D7

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ErrorFileLastPointer__dosmaperr
String ID:
API String ID: 2336955059-0
Opcode ID: 70d1b03c05dc4568a25bfad2238d6b69c783bdca63990c9d4690591cfcad4326
Instruction ID: 755664c97ad1e6389d6081d1cfb93c51d428f69a3b9cf73990727ee56f458be8
Opcode Fuzzy Hash: 70d1b03c05dc4568a25bfad2238d6b69c783bdca63990c9d4690591cfcad4326
Instruction Fuzzy Hash: C101283361011ABBCF059F99DC098BE3F2AFB85320B280249F95197290FA759E5087A0

Uniqueness

Uniqueness Score: -1.00%

Function 0048C1A0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 79COMMON

Download Yara Rule

APIs

Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 0048C1EE

Strings

tJ, xrefs: 0048C226

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ProcessorVirtual$Concurrency::RootRoot::
String ID: tJ
API String ID: 3936482309-963346656
Opcode ID: 1b3db5a8b4121b8e5641c68144ef2ee65dc9ac516a638d14f4147cdb74c52a2f
Instruction ID: 71f5a1e950eed628e7e389df26101e47ab09f4fb6b95791c552ecc5327fbc705
Opcode Fuzzy Hash: 1b3db5a8b4121b8e5641c68144ef2ee65dc9ac516a638d14f4147cdb74c52a2f
Instruction Fuzzy Hash: FF31FAB4A0021ADFCB04DF98CD91BAEBBB5FF85704F108659E8256B391C775AD00CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 005F6461 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000008,005EB47E,00000000), ref: 005F64A2

Strings

+_, xrefs: 005F6467

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AllocateHeap
String ID: +_
API String ID: 1279760036-2050882381
Opcode ID: 5f103d4a83693a8cd25e9adfe2db3dba8ea3bccaa033b875599f0f1cfa27aaec
Instruction ID: 5d0d4fc51183f87adf4e2fc3316138a2523445b1c1a66d6ab8ffecdf9701058e
Opcode Fuzzy Hash: 5f103d4a83693a8cd25e9adfe2db3dba8ea3bccaa033b875599f0f1cfa27aaec
Instruction Fuzzy Hash: 29F0E93210012DBAAF217E32DD8DB7B3F5ABF817B0B198411AA14D7591DB38DC1096E1

Uniqueness

Uniqueness Score: -1.00%

Function 0048E2A0 Relevance: 3.1, APIs: 2, Instructions: 104COMMON

Download Yara Rule

APIs

char_traits.LIBCPMTD ref: 0048E312
char_traits.LIBCPMTD ref: 0048E382

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: char_traits
String ID:
API String ID: 1158913984-0
Opcode ID: a5aea31a37c6a8475ed6ad8d5a0f0102a5330ba039102c21c583727de7fcd9b3
Instruction ID: 865ef03af57135a76c5bc81df9084848c23358cd02104cb7cdd76669aa296625
Opcode Fuzzy Hash: a5aea31a37c6a8475ed6ad8d5a0f0102a5330ba039102c21c583727de7fcd9b3
Instruction Fuzzy Hash: DF41CB75D0020ADBCF04DF9AC991AAEBBB1FF48308F10895AE919A7341D734AE51CF95

Uniqueness

Uniqueness Score: -1.00%

Function 005FDDAD Relevance: 3.1, APIs: 2, Instructions: 77fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

WriteFile.KERNEL32(00000804,?,?,?,00000000,00000010,004586FA,8B0000D5,?,005FE2E9,?,004586FA,00000010,004586FA,004586FA,00000000), ref: 005FDE48
GetLastError.KERNEL32(?,005FE2E9,?,004586FA,00000010,004586FA,004586FA,00000000,004586FA,?,005E7DE8,004586FA,00000000,?,?,005E7E81), ref: 005FDE71

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID:
API String ID: 442123175-0
Opcode ID: 86546affec502e9cd7aa6721d307b2fd23a383fd72406f456cbb031e174b56a9
Instruction ID: c208a1d0286ddefc5278affc3cdf62a9e07e3b28d7b0736e21d1813360c6c391
Opcode Fuzzy Hash: 86546affec502e9cd7aa6721d307b2fd23a383fd72406f456cbb031e174b56a9
Instruction Fuzzy Hash: 2F21B175A002199FCB24CF69DC84BE9B7FAFF58301F1048AAEA46D7251D734AD81CB60

Uniqueness

Uniqueness Score: -1.00%

Function 00490960 Relevance: 3.1, APIs: 2, Instructions: 61COMMONLIBRARYCODE

Download Yara Rule

APIs

type_info::name.LIBCMTD ref: 004909AC
char_traits.LIBCPMTD ref: 004909D1

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: char_traitstype_info::name
String ID:
API String ID: 2341707091-0
Opcode ID: 4fedcb32afe5d6e552cc74d420164b3aed30b1270a0f9d3ada32ba0ac47f86b9
Instruction ID: 4dddc9de66ad44d1905a1fccdb6c796e7e5eda627a2a303005664e9eee388755
Opcode Fuzzy Hash: 4fedcb32afe5d6e552cc74d420164b3aed30b1270a0f9d3ada32ba0ac47f86b9
Instruction Fuzzy Hash: 881130B0E10108AFDF14FFB9D85299E77759F84308F10856EF40E6B252DA386E00DB59

Uniqueness

Uniqueness Score: -1.00%

Function 00480BC0 Relevance: 3.1, APIs: 2, Instructions: 52COMMON

Download Yara Rule

APIs

new.LIBCMT ref: 00480BEA
std::_Container_base12::~_Container_base12.LIBCPMTD ref: 00480C05

Part of subcall function 0048B7E0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0048B809

Part of subcall function 0048C1A0: Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 0048C1EE

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ProcessorVirtual$Base::Concurrency::Concurrency::details::Container_base12Container_base12::~_ContextIdentityQueueRootRoot::Workstd::_
String ID:
API String ID: 3848482472-0
Opcode ID: b286da6812fe40d11fd3cbebdab578d1abc1594e4022dce32e8d27c035783429
Instruction ID: 917bc504749f9c6b1716c5ebfe07a91257b3b170456fc3a8978e75a080882977
Opcode Fuzzy Hash: b286da6812fe40d11fd3cbebdab578d1abc1594e4022dce32e8d27c035783429
Instruction Fuzzy Hash: C61151B1D042099BDF14EF95DC82BBEB7B5FB44704F104A2EE516A73C1D73869008B99

Uniqueness

Uniqueness Score: -1.00%

Function 005F6A53 Relevance: 3.0, APIs: 2, Instructions: 44memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 005F6A74

Part of subcall function 005F6A05: RtlAllocateHeap.NTDLL(00000000,?,?), ref: 005F6A37

RtlReAllocateHeap.NTDLL(00000000,?,?,00000004), ref: 005F6AB0

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AllocateHeap$_free
String ID:
API String ID: 1482568997-0
Opcode ID: 17b44eda08cba638c988d46613cea9210e42b263af7239424670d3820716ab66
Instruction ID: f9e58f7d25eac0916efaf617d17c2c929d6da1a05bca17dabf381c7587e577f9
Opcode Fuzzy Hash: 17b44eda08cba638c988d46613cea9210e42b263af7239424670d3820716ab66
Instruction Fuzzy Hash: 67F0C23210011EEA9B216A329D08A7B3F29BFC17B0B24C126FA94B7190EF3D8C00D1A1

Uniqueness

Uniqueness Score: -1.00%

Function 005F5B94 Relevance: 3.0, APIs: 2, Instructions: 40COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 005F5BCA

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: cb242f6b26e411fc9f35713bb39ba629a07f3f23c7c626355640dc662694bcca
Instruction ID: daac5aa607b9742c140dc3b8b76e073e344de6e5a5181e905a677458ff31671d
Opcode Fuzzy Hash: cb242f6b26e411fc9f35713bb39ba629a07f3f23c7c626355640dc662694bcca
Instruction Fuzzy Hash: 08F0963280950DBFDF11AA90DC0AABD7FA9BB44370F2041A5FF1566190FA7A4E106791

Uniqueness

Uniqueness Score: -1.00%

Function 00401000 Relevance: 3.0, APIs: 2, Instructions: 29networkCOMMON

Download Yara Rule

APIs

WSAStartup.WS2_32(00000202,A1986743), ref: 0040101D
WSACleanup.WS2_32 ref: 0040104C

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CleanupStartup
String ID:
API String ID: 915672949-0
Opcode ID: 7368f9fa28c44d5c28fa878fe33423f8d2b805c665c09c4ba4142022222176da
Instruction ID: 966e4a8b022e7c41efaa15c19981bd3d2fdcbf6e9317e0a248c0d2bc50bd77d7
Opcode Fuzzy Hash: 7368f9fa28c44d5c28fa878fe33423f8d2b805c665c09c4ba4142022222176da
Instruction Fuzzy Hash: AEF082707042448FE734AB24D86BBEB73D6BF8D300F81042EE49AC6291E6389406C657

Uniqueness

Uniqueness Score: -1.00%

Function 005000B5 Relevance: 3.0, APIs: 2, Instructions: 23COMMON

Download Yara Rule

APIs

IsWindow.USER32(?), ref: 005000BE
ShowWindow.USER32(?,00000000,?,?,0047C5B2,00000001,00000001,?,00000000,96C80000,00000000,00000000,00000000), ref: 005000E1

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$Show
String ID:
API String ID: 990937876-0
Opcode ID: 03c3e4cc42765580e56a10b2b43ece8c1f81a0b86cde15007df0b1925774d521
Instruction ID: 8bd7fb8f45edb0d62c64d5dfdf2de8917252da6f35da02ccffd20ecb454253ad
Opcode Fuzzy Hash: 03c3e4cc42765580e56a10b2b43ece8c1f81a0b86cde15007df0b1925774d521
Instruction Fuzzy Hash: 4EE08C32700294BFE7106B309C09BAA7FDEEB85762F08C836E55AC2061DA70DC549764

Uniqueness

Uniqueness Score: -1.00%

Function 00401490 Relevance: 3.0, APIs: 2, Instructions: 12sleepnetworkCOMMON

Download Yara Rule

APIs

WSASetLastError.WS2_32(00002726,00401838,?,00000000,00000001), ref: 0040149F
Sleep.KERNEL32(00000001,00401838,?,00000000,00000001), ref: 004014AA

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLastSleep
String ID:
API String ID: 1458359878-0
Opcode ID: a5f0ad39cb067449780979fd4e6a87ee4b9d47744dc3ed3e20de817305e03c51
Instruction ID: ff36521ca0a1ce66873f92c1d3ca0d47849772b5825a0b52ad1be80cabcb2504
Opcode Fuzzy Hash: a5f0ad39cb067449780979fd4e6a87ee4b9d47744dc3ed3e20de817305e03c51
Instruction Fuzzy Hash: E0C01234A00201AAEB000B348C4D84A32E96B81B7AB898A2AB024D10F0DB38C400A520

Uniqueness

Uniqueness Score: -1.00%

Function 004744C0 Relevance: 1.7, APIs: 1, Instructions: 152COMMON

Download Yara Rule

APIs

IntersectRect.USER32(?,?,?), ref: 00474502

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: IntersectRect
String ID:
API String ID: 481094312-0
Opcode ID: 224f07f4ea43d300ae7e66aa34b8b493bbada4fb48c347c26bf09035df996d13
Instruction ID: 36b92f43e4cda1d1e2311f52184b4f26efcc14c81e483c32111c719cf6c46a74
Opcode Fuzzy Hash: 224f07f4ea43d300ae7e66aa34b8b493bbada4fb48c347c26bf09035df996d13
Instruction Fuzzy Hash: 5C61B779A11518EFC708DF98D890EADB7B6FF8C304F148269F9199B395CB30A941CB84

Uniqueness

Uniqueness Score: -1.00%

Function 0051EC90 Relevance: 1.6, APIs: 1, Instructions: 102COMMON

Download Yara Rule

APIs

__fread_nolock.LIBCMT ref: 0051ED3C

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __fread_nolock
String ID:
API String ID: 2638373210-0
Opcode ID: 2da4068d6e3a99ced9436de1b3cf3a906a30dced7fb42ed36b5bfc81c62b1768
Instruction ID: 954ac5b07f1eecbef897362fc773bc8e3169805d9f0c6851a87bf95f256fe3a3
Opcode Fuzzy Hash: 2da4068d6e3a99ced9436de1b3cf3a906a30dced7fb42ed36b5bfc81c62b1768
Instruction Fuzzy Hash: B931D572A043095BD720AF689C87AABBBA8FFC4754F40492DFE5897241EB34DD4486D2

Uniqueness

Uniqueness Score: -1.00%

Function 0047AE70 Relevance: 1.6, APIs: 1, Instructions: 91COMMON

Download Yara Rule

APIs

DeleteObject.GDI32 ref: 0047AF41

Part of subcall function 004F5FB8: __EH_prolog3_GS.LIBCMT ref: 004F5FC2
Part of subcall function 004F5FB8: CreateFileW.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000080,00000000,?,00000000,00000304,0047AEED,?,00000001,00000000,00000001), ref: 004F6029
Part of subcall function 004F5FB8: CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,?,0047AE4A,00000000,00000001), ref: 004F61FD
Part of subcall function 004F5FB8: GetFileSize.KERNEL32(00000000,00000000,?,0047AE4A,00000000,00000001), ref: 004F6210
Part of subcall function 004F5FB8: ReadFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 004F623C
Part of subcall function 004F5FB8: CloseHandle.KERNEL32(00000000), ref: 004F6243

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: File$Create$CloseDeleteH_prolog3_HandleObjectReadSize
String ID:
API String ID: 4152095281-0
Opcode ID: cb0082a2ef9e4b905ebe2f35bb64bde43f07d52b31b22c616a5551bfd89229e5
Instruction ID: 9a9e2c93d7a3a0d26b2f0eaeeeec9a7dbf9a63947558cd43c9c907e304b2c0cc
Opcode Fuzzy Hash: cb0082a2ef9e4b905ebe2f35bb64bde43f07d52b31b22c616a5551bfd89229e5
Instruction Fuzzy Hash: 6E314FB0900209EBDB04DF95C845BEE77B5AF88304F14C45DF9099B381D7389A50DBA6

Uniqueness

Uniqueness Score: -1.00%

Function 00403800 Relevance: 1.6, APIs: 1, Instructions: 87COMMON

Download Yara Rule

APIs

libssh2_trace_sethandler.SECURITEINFO.COM.PROGRAM.UNWANTED.5531.23089.22779 ref: 00403833

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: D.5531.23089libssh2_trace_sethandler.
String ID:
API String ID: 3710141464-0
Opcode ID: a076f26760b1eb5f2a5ed3b49d544d442a3211afcc69e340120b64fa7710f374
Instruction ID: 41a575544883c3a9d67e4f2f4c6e2e1fe2f2a03125c5399c16fbcf300eb753b8
Opcode Fuzzy Hash: a076f26760b1eb5f2a5ed3b49d544d442a3211afcc69e340120b64fa7710f374
Instruction Fuzzy Hash: AA21B6F26007005BC720AF69AC845CBBBE9FB40317F14493FF59AD7240DB36A6588B66

Uniqueness

Uniqueness Score: -1.00%

Function 006023C1 Relevance: 1.6, APIs: 1, Instructions: 59COMMON

Download Yara Rule

APIs

__wsopen_s.LIBCMT ref: 0060236F

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __wsopen_s
String ID:
API String ID: 3347428461-0
Opcode ID: d09f834ed82bbd097906a3d3e4230e4176b7bc8c9d264992946a8669c862398c
Instruction ID: 7a4865a62b4151007a4e501e44d4de6596aaba68afbdcfae15846ec14bc3b3ec
Opcode Fuzzy Hash: d09f834ed82bbd097906a3d3e4230e4176b7bc8c9d264992946a8669c862398c
Instruction Fuzzy Hash: E411287590420AAFCB09DF59E945AAF7BF9EF48310F144059F808AB351D631E9218BA5

Uniqueness

Uniqueness Score: -1.00%

Function 004FFB71 Relevance: 1.5, APIs: 1, Instructions: 44COMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(00000000,00000000,?,?,0047C59B,?,00000000,96C80000,00000000,00000000,00000000,00000258), ref: 004FFBCE

Part of subcall function 004FFE13: GetClassInfoExW.USER32(00000000,00000000), ref: 004FFE42
Part of subcall function 004FFE13: GetClassInfoExW.USER32(00000000,00000000), ref: 004FFE5E

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ClassInfo$CreateWindow
String ID:
API String ID: 2792260-0
Opcode ID: 4d71906679a56f81c23fbc2ff7ed6b2c855f758c38b5f36e9388a049faf325c2
Instruction ID: 3b7ad63522d8989e81be071ae6630ea75e6db5fc516fe571e0f843b298114de9
Opcode Fuzzy Hash: 4d71906679a56f81c23fbc2ff7ed6b2c855f758c38b5f36e9388a049faf325c2
Instruction Fuzzy Hash: 40014B31200119AFDF115F55D814CFE3BAAEF48759704802AFA4997221CB3AD825DB99

Uniqueness

Uniqueness Score: -1.00%

Function 0048C2E0 Relevance: 1.5, APIs: 1, Instructions: 40COMMON

Download Yara Rule

APIs

char_traits.LIBCPMTD ref: 0048C318

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: char_traits
String ID:
API String ID: 1158913984-0
Opcode ID: 6ae3c11f05e9ee1be46de4858ae29972f4c739a93f0692d72ddcc1c645c3e59c
Instruction ID: 27b28cc173a8a4a0a916ba72d7cbb649b17b0e765e161639bdcbc18523c96088
Opcode Fuzzy Hash: 6ae3c11f05e9ee1be46de4858ae29972f4c739a93f0692d72ddcc1c645c3e59c
Instruction Fuzzy Hash: 2B014474D00209EBCB00EBE5C881AAEB7B4BF54308F10C69DD85557341E735AF06DB95

Uniqueness

Uniqueness Score: -1.00%

Function 004DC890 Relevance: 1.5, APIs: 1, Instructions: 38COMMON

Download Yara Rule

APIs

Part of subcall function 004DC5B0: GetModuleFileNameW.KERNEL32(00000000,?,00000104,?,?,A1986743), ref: 004DC60E
Part of subcall function 004DC5B0: CreateExportObj.SECURITEINFO.COM.PROGRAM.UNWANTED.5531.23089.22779(?,?,000000FE,FFFFFFFF,?,?,00000000,000000FF,006A0D50,00000000,A1986743,?,?,?,?), ref: 004DC7CB
Part of subcall function 004DC5B0: CreateEventW.KERNEL32(00000000,00000001,00000001,UserLogMutex,?,?,000000FE,FFFFFFFF,?,?,00000000,000000FF,006A0D50,00000000,A1986743), ref: 004DC7E9

Part of subcall function 005C9772: __onexit.LIBCMT ref: 005C9778

__Init_thread_footer.LIBCMT ref: 004DC908

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Create$D.5531.23089EventExportFileInit_thread_footerModuleNameObj.__onexit
String ID:
API String ID: 4078211277-0
Opcode ID: 41cc2272ee63f4bd8dfa64f1c133ab023aca949723f148f644490a7be63d511b
Instruction ID: 5b1d9fcde9cb605ce511a79a6111199c9964542384037bc387c61ffd7218bd53
Opcode Fuzzy Hash: 41cc2272ee63f4bd8dfa64f1c133ab023aca949723f148f644490a7be63d511b
Instruction Fuzzy Hash: 8101ADB1E00645EFD720DFA8E956F49B7A2E744720F14036BE82A877D0DB36A9048B45

Uniqueness

Uniqueness Score: -1.00%

Function 00484FC0 Relevance: 1.5, APIs: 1, Instructions: 38COMMONLIBRARYCODE

Download Yara Rule

APIs

std::_Mutex_base::~_Mutex_base.LIBCONCRTD ref: 00485022

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Mutex_baseMutex_base::~_std::_
String ID:
API String ID: 3966282785-0
Opcode ID: 5be42c88e17e274f0bdf68be2bedb37a9555656e37e37eb365fa7bd35494c405
Instruction ID: fe0db6c184ea28d0b41c3a7d1cdaef3d2a73b829d36626809f4c86bbe244db3c
Opcode Fuzzy Hash: 5be42c88e17e274f0bdf68be2bedb37a9555656e37e37eb365fa7bd35494c405
Instruction Fuzzy Hash: 33014B74500118EBDB08FF9AD450BBE77B5AF84309F04C85EF9064F282DA789A44CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 005F6A05 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,?,?), ref: 005F6A37

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 1556ebccda762211552424c3f0676c089f6f14adb6824895a33e9521163e651c
Instruction ID: 13d9b52c736fc0eaf9e13f7043789819ec54c950a693b8d5cddb2452803b2208
Opcode Fuzzy Hash: 1556ebccda762211552424c3f0676c089f6f14adb6824895a33e9521163e651c
Instruction Fuzzy Hash: E4E0E53110056DE7EB202A72DC05BBA7E48BB413A0F198121AE81B20A0EB68CD4081E1

Uniqueness

Uniqueness Score: -1.00%

Function 00480CF0 Relevance: 1.5, APIs: 1, Instructions: 32COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 00480D04

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 6fe3d6b4f8681c1d7f162f3ad785b22e079b992016a876272990ae3710226fdd
Instruction ID: bed8f2a3e1650d51e20489878f18218dce0aaacecc8e77323fdf45f0714339b9
Opcode Fuzzy Hash: 6fe3d6b4f8681c1d7f162f3ad785b22e079b992016a876272990ae3710226fdd
Instruction Fuzzy Hash: 20F0C23081838CBACF40AEE480063EE7FB05F02314F1489CAC8951B342C13D668ED766

Uniqueness

Uniqueness Score: -1.00%

Function 00485DE0 Relevance: 1.5, APIs: 1, Instructions: 26COMMON

Download Yara Rule

APIs

std::_Container_base12::~_Container_base12.LIBCPMTD ref: 00485E1D

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Container_base12Container_base12::~_std::_
String ID:
API String ID: 1531518832-0
Opcode ID: 17b75d11542d91bc2c38ae863b03e7a125a57113fe7491a0d549572e8b457f89
Instruction ID: 2fcfb0a3846ba8d8897089bb11c9ac59424c416c7a0331d2722570ca84ec4c42
Opcode Fuzzy Hash: 17b75d11542d91bc2c38ae863b03e7a125a57113fe7491a0d549572e8b457f89
Instruction Fuzzy Hash: 5BF01CB19445489FC705DF88DC41B6EB7B9FB09714F000A6EE82597791DB3468008B94

Uniqueness

Uniqueness Score: -1.00%

Function 005F8C68 Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

CreateFileW.KERNEL32(00000000,00000000,?,005F905B,?,?,00000000,?,005F905B,00000000,0000000C), ref: 005F8C85

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: a8bbcc3f1230af72d4c4df45d3c69fb2937f1dcecf6137a5baa913a7782102d3
Instruction ID: 4f80f0b61ca151775464ac5e18e766fc6a21bff578f16acda04fae712bcd8196
Opcode Fuzzy Hash: a8bbcc3f1230af72d4c4df45d3c69fb2937f1dcecf6137a5baa913a7782102d3
Instruction Fuzzy Hash: D2D06C3201020DFBDF028F84DC06EDA3BAAFB88714F018000BA1856060C732E861AB91

Uniqueness

Uniqueness Score: -1.00%

Function 004943F0 Relevance: 1.5, APIs: 1, Instructions: 13COMMONLIBRARYCODE

Download Yara Rule

APIs

allocator.LIBCONCRTD ref: 00494402

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: allocator
String ID:
API String ID: 3447690668-0
Opcode ID: ccc9ae1a8defbbecb6a565ded58261d1cd06e62517df60aff2bc8a0b2e2e2efb
Instruction ID: a427590887aaa820669bb3424a43fc0b15d3d09e24299976d2c1c4c2118a5cc5
Opcode Fuzzy Hash: ccc9ae1a8defbbecb6a565ded58261d1cd06e62517df60aff2bc8a0b2e2e2efb
Instruction Fuzzy Hash: 8CD0127150910CBB8B08EF89E841C9EB7ACEB48350B00829DF90C87300CA316E10D7E8

Uniqueness

Uniqueness Score: -1.00%

Function 00499DB0 Relevance: 1.5, APIs: 1, Instructions: 11COMMONLIBRARYCODE

Download Yara Rule

APIs

allocator.LIBCONCRTD ref: 00499DBE

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: allocator
String ID:
API String ID: 3447690668-0
Opcode ID: 5578b17b86c856432d62ff89abd7646d6efb01e9fd029672b81177d499ba6eb8
Instruction ID: 8609708458ca8b6a867439444537c43106268e488daa4eb58a8e3a8f867af94c
Opcode Fuzzy Hash: 5578b17b86c856432d62ff89abd7646d6efb01e9fd029672b81177d499ba6eb8
Instruction Fuzzy Hash: 81C04CB190910CBB8B14DF89E942C9EBBACDB59790F1042AEB90897311DA316E1097E9

Uniqueness

Uniqueness Score: -1.00%

Function 004FFCC5 Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

CallWindowProcW.USER32(?,00000113,00000000,?,?,?,004FF0D2,00000000,?,?,?,?,?,?,?), ref: 004FFCD7

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CallProcWindow
String ID:
API String ID: 2714655100-0
Opcode ID: 531e12c3c6e070625c1f243ede155a4dfdffbb75f4b587e18ea0f9abdd891456
Instruction ID: 1c831a259cb81284b296b1a407118616609fdc789813c5cfb6f73c5952884476
Opcode Fuzzy Hash: 531e12c3c6e070625c1f243ede155a4dfdffbb75f4b587e18ea0f9abdd891456
Instruction Fuzzy Hash: 90C0EA36000248FB8F025F81DD04C99BF2BEB19754B18C059FA1808021C7339572EB90

Uniqueness

Uniqueness Score: -1.00%

Function 004FFDFA Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 004FFE09

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: f46fbbc296d55991f335573475c0bf5f78e2523b8e72a64788cb255aa8d9773d
Instruction ID: 0aba1951633db036a3635fe593d83b8df1dc394372e2a70c944ed24051f236d0
Opcode Fuzzy Hash: f46fbbc296d55991f335573475c0bf5f78e2523b8e72a64788cb255aa8d9773d
Instruction Fuzzy Hash: 86C00236000108FB8F025F91DC05C997F2AFB19350B08C415FA1844021D7339531EB90

Uniqueness

Uniqueness Score: -1.00%

Function 00480570 Relevance: 1.3, APIs: 1, Instructions: 32COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000000,00000000,000000FF,?,?), ref: 004805A0

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ByteCharMultiWide
String ID:
API String ID: 626452242-0
Opcode ID: 213b788d8fd8f998d58ba15dc8c2f474ba16bbe16c1a3cfc71ce3abddba9fccc
Instruction ID: 233045a06da6f3fdbdb1e9f14ad54c8753ce3a8f9a1591a4066bfb9de121248a
Opcode Fuzzy Hash: 213b788d8fd8f998d58ba15dc8c2f474ba16bbe16c1a3cfc71ce3abddba9fccc
Instruction Fuzzy Hash: A3F01D75620208FFCB50DE64C954BAB37A4AB48360F108919FD1587390E778E944DFA5

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 004F145C Relevance: 28.4, APIs: 13, Strings: 3, Instructions: 363libraryloaderCOMMON

Download Yara Rule

APIs

SelectObject.GDI32(00000000,00000000), ref: 004F154C
CreateSolidBrush.GDI32(00000001), ref: 004F16EC
FillRect.USER32(?,?,?), ref: 004F177F
DeleteObject.GDI32(?), ref: 004F1786
SelectObject.GDI32(?,?), ref: 004F17EE
DeleteObject.GDI32(?), ref: 004F17F7
DeleteDC.GDI32(?), ref: 004F17FE
GetModuleHandleW.KERNEL32(msimg32.dll,AlphaBlend), ref: 004F1837
GetProcAddress.KERNEL32(00000000), ref: 004F183A
__Init_thread_footer.LIBCMT ref: 004F1846
GetModuleHandleW.KERNEL32(msimg32.dll,GradientFill), ref: 004F1873
GetProcAddress.KERNEL32(00000000), ref: 004F1876
__Init_thread_footer.LIBCMT ref: 004F1882

Strings

AlphaBlend, xrefs: 004F182D
GradientFill, xrefs: 004F1869
msimg32.dll, xrefs: 004F1832, 004F186E

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Object$Delete$AddressHandleInit_thread_footerModuleProcSelect$BrushCreateFillRectSolid
String ID: AlphaBlend$GradientFill$msimg32.dll
API String ID: 1652410773-216815851
Opcode ID: 556cd5a0a3b4ace9bdab49b8cefad732981f158b3de86dadbe2f7910badbd36d
Instruction ID: 585eb489df58c4a186922d390496827e305f6a977db958ee88e86f0a84bc5f5c
Opcode Fuzzy Hash: 556cd5a0a3b4ace9bdab49b8cefad732981f158b3de86dadbe2f7910badbd36d
Instruction Fuzzy Hash: B7D15671E102199FCB04DFA8D984AEDBBB6FF89311F14911AE915EB3A0D7349901CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 00432B50 Relevance: 17.9, APIs: 7, Strings: 3, Instructions: 394COMMON

Download Yara Rule

APIs

_fwprintf.LIBCONCRTD ref: 00432C17
_fwprintf.LIBCONCRTD ref: 00432CC2
_fwprintf.LIBCONCRTD ref: 00432CED
GetLastError.KERNEL32(?,?), ref: 00432D0C
SetLastError.KERNEL32(00000000,?,?), ref: 00432D12
GetLastError.KERNEL32(?,?,?,?,?), ref: 00432D2A
SetLastError.KERNEL32(00000000,?,?,?,?,?), ref: 00432D33

Strings

%02d:%02d, xrefs: 00432CE7
%31[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz], xrefs: 00432BE7
%02d:%02d:%02d, xrefs: 00432CBC

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast$_fwprintf
String ID: %02d:%02d$%02d:%02d:%02d$%31[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz]
API String ID: 3725225398-241090727
Opcode ID: 2858ed35d7ffc1908117ec9bc0ae7433e8ebcb3ee2bf390fe336c8e30b7bd96c
Instruction ID: 43ba8f56265377244c83e2e47573a60216b0463cb4f3814e8a72fb5bfa4717fa
Opcode Fuzzy Hash: 2858ed35d7ffc1908117ec9bc0ae7433e8ebcb3ee2bf390fe336c8e30b7bd96c
Instruction Fuzzy Hash: 25D19DB1A083058FC714DF29C94262FBBE1BBD8314F585A2FF49587341E7B9D9448B8A

Uniqueness

Uniqueness Score: -1.00%

Function 0050504E Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 268COMMON

Download Yara Rule

APIs

CharNextW.USER32(?,?,?,?,?,?,?,?,0050534B,}KP,00000000,?,?,?,?), ref: 00505294

Strings

KSP, xrefs: 005050F1
Unmatched closing tag, xrefs: 005052C8, 005052D1
Expected start tag, xrefs: 005052F5
Expected end-tag start, xrefs: 005052D9
Expected start-tag closing, xrefs: 005052E1
Error parsing element name, xrefs: 005052ED

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CharNext
String ID: Error parsing element name$Expected end-tag start$Expected start tag$Expected start-tag closing$KSP$Unmatched closing tag
API String ID: 3213498283-3766488285
Opcode ID: 74ba9bf930e2ddf3dbfb19f11acb7d470b28b3aee28e9cac1f7eadfba48c35d6
Instruction ID: 79537eb8bdd8b31b9e356f2c414d1c8ebeecd1f66864d7e6ba2bab0f79700862
Opcode Fuzzy Hash: 74ba9bf930e2ddf3dbfb19f11acb7d470b28b3aee28e9cac1f7eadfba48c35d6
Instruction Fuzzy Hash: C3818B34600A02AFDB24EF68C45697EBBE5FF59300B65886EE481DB2D1F6B19D81CF50

Uniqueness

Uniqueness Score: -1.00%

Function 005C8160 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 132timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?,?,?,?,?,00000150), ref: 005C82A2
_swprintf_s.LIBCONCRTD ref: 005C82E9

Part of subcall function 005C8090: GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,?,00000150), ref: 005C80D5

Strings

[%u/%u/%u-%u:%u:%u] , xrefs: 005C82D8
\Logs\, xrefs: 005C81B1
ab+, xrefs: 005C8249
.log, xrefs: 005C821A

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: FileLocalModuleNameTime_swprintf_s
String ID: .log$[%u/%u/%u-%u:%u:%u] $\Logs\$ab+
API String ID: 4137088289-4209270932
Opcode ID: 196e568ca821612d7124a295cf7c5f6d1825dc5a7e3ed12f7575e5da45d4ca92
Instruction ID: f9cb7342d559a9b42b82a08b7e39383b9005a6b1bae817ed163dab0ae4585d5e
Opcode Fuzzy Hash: 196e568ca821612d7124a295cf7c5f6d1825dc5a7e3ed12f7575e5da45d4ca92
Instruction Fuzzy Hash: A041C275900218AECB25DFA48C46FFABBB9FF59700F0440D9F949A7181DB749A84CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 00463870 Relevance: 10.5, Strings: 8, Instructions: 467COMMON

Download Yara Rule

Strings

Invalid signature for supplied public key, or bad username/public key combination, xrefs: 00463DC5
Unable to send userauth-hostbased request, xrefs: 00463CEB
Auth failed, xrefs: 00463D66
Failed allocating additional space for userauth-hostbased packet, xrefs: 00463BE3
hostbased, xrefs: 004639CE
ssh-connection, xrefs: 004639C1
Would block, xrefs: 00463CB8
Out of memory, xrefs: 00463987

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: Auth failed$Failed allocating additional space for userauth-hostbased packet$Invalid signature for supplied public key, or bad username/public key combination$Out of memory$Unable to send userauth-hostbased request$Would block$hostbased$ssh-connection
API String ID: 0-1276813617
Opcode ID: 171cfb6c9ccced8644f6e5956c4e59dc1f148269148816262243d6da46467260
Instruction ID: cb2fab538479dccdaf3081de98941f54419b77b758158a804de4b1f6e12f66e2
Opcode Fuzzy Hash: 171cfb6c9ccced8644f6e5956c4e59dc1f148269148816262243d6da46467260
Instruction Fuzzy Hash: C5F160B5604700AFD324DF65CC81DABBBE9AFC9314F408A1EF55B87241EA35B905CB92

Uniqueness

Uniqueness Score: -1.00%

Function 006090CD Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMONLIBRARYCODE

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 00609213

Strings

1#INF, xrefs: 0060A420
1#SNAN, xrefs: 0060A412
1#QNAN, xrefs: 0060A419
1#IND, xrefs: 0060A40B

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: 45b2327026ba04470238aa34192fd112c96a4467cc3970883805dffdea01f835
Instruction ID: 813a9bbc2ed5b8939c9384e8258c5d23df8abef6b428cce51b68a60a965d6f5f
Opcode Fuzzy Hash: 45b2327026ba04470238aa34192fd112c96a4467cc3970883805dffdea01f835
Instruction Fuzzy Hash: 4EC27C71E482288FDB29CF28DD447EAB7B6EB84344F1441EAD44DE7281E774AE818F51

Uniqueness

Uniqueness Score: -1.00%

Function 00607F75 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 86COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(FDE8FE81,2000000B,00000000,00000002,00000000,?,?,?,00608294,?,00000000), ref: 0060800E
GetLocaleInfoW.KERNEL32(FDE8FE81,20001004,00000000,00000002,00000000,?,?,?,00608294,?,00000000), ref: 00608037
GetACP.KERNEL32(?,?,00608294,?,00000000), ref: 0060804C

Strings

OCP, xrefs: 00607FC9
ACP, xrefs: 00607F93

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: InfoLocale
String ID: ACP$OCP
API String ID: 2299586839-711371036
Opcode ID: b007c47192e8d07d910b7b3e4c1c4c5461a29cfcfb4a2253de27f213588ec7ae
Instruction ID: 444f755346fd557d42cc2b2c48d4f4cefe139ac1843c58074a92ec9e3d8d4ce1
Opcode Fuzzy Hash: b007c47192e8d07d910b7b3e4c1c4c5461a29cfcfb4a2253de27f213588ec7ae
Instruction Fuzzy Hash: B4219032A84202AEDB38CF14D900AE773A7AF54B50B5A8464E94AD7380EF32ED41C360

Uniqueness

Uniqueness Score: -1.00%

Function 004F9E9E Relevance: 8.2, APIs: 5, Instructions: 728COMMON

Download Yara Rule

APIs

CreateRectRgn.GDI32(00000000,00000000,00000000,00000000), ref: 004F9EB2
GetWindowRgn.USER32(?,00000000), ref: 004F9EBF
PtInRegion.GDI32(?,00000000,00000000), ref: 004F9FCD
PtInRegion.GDI32(?,?,004FABEC), ref: 004FA00B

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Region$CreateRectWindow
String ID:
API String ID: 1620756862-0
Opcode ID: 6987a3ae87fc2540bc052c265ffcb7a5ffcd17e6e6e22c1068b23eb5154299ec
Instruction ID: 3776a44f446298831877833607c20e6d0e4f53c026b730dbeefb452909d94300
Opcode Fuzzy Hash: 6987a3ae87fc2540bc052c265ffcb7a5ffcd17e6e6e22c1068b23eb5154299ec
Instruction Fuzzy Hash: 765290B1A006599FCB08CF68C9945ADFBF1FF88314B14826EE959EB300D734A952CF94

Uniqueness

Uniqueness Score: -1.00%

Function 00608149 Relevance: 7.7, APIs: 5, Instructions: 188COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 005FED46: GetLastError.KERNEL32(?,004D41D4,005E66AE,004D41D4,?,?,005F2B48,004D41D4,?,00000000), ref: 005FED4A
Part of subcall function 005FED46: _free.LIBCMT ref: 005FED7D
Part of subcall function 005FED46: SetLastError.KERNEL32(00000000,004D41D4,?,00000000), ref: 005FEDBE
Part of subcall function 005FED46: _abort.LIBCMT ref: 005FEDC4

Part of subcall function 005FED46: _free.LIBCMT ref: 005FEDA5
Part of subcall function 005FED46: SetLastError.KERNEL32(00000000,004D41D4,?,00000000), ref: 005FEDB2

GetUserDefaultLCID.KERNEL32(?,?,?), ref: 00608255
IsValidCodePage.KERNEL32(00000000), ref: 006082B0
IsValidLocale.KERNEL32(?,00000001), ref: 006082BF
GetLocaleInfoW.KERNEL32(?,00001001,005FBDE8,00000040,?,005FBF08,00000055,00000000,?,?,00000055,00000000), ref: 00608307
GetLocaleInfoW.KERNEL32(?,00001002,005FBE68,00000040), ref: 00608326

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLastLocale$InfoValid_free$CodeDefaultPageUser_abort
String ID:
API String ID: 745075371-0
Opcode ID: 14a44c7d703de585eb53582d880c1ec4c07aae287fb905f3428dae26e51ede30
Instruction ID: 0663e078b37a82b565c67a2ac051c7d3050938e51b185a0d72395e26e4e2e515
Opcode Fuzzy Hash: 14a44c7d703de585eb53582d880c1ec4c07aae287fb905f3428dae26e51ede30
Instruction Fuzzy Hash: E8519271A40606AFEF18DFA4DC45AFF77BABF44700F144469E954E72D0EB709A4087A1

Uniqueness

Uniqueness Score: -1.00%

Function 004386C0 Relevance: 7.6, Strings: 6, Instructions: 130COMMON

Download Yara Rule

Strings

ntel, xrefs: 00438704
ineI, xrefs: 004386F9
enti, xrefs: 00438720
Genu, xrefs: 004386EE
Auth, xrefs: 00438715
cAMD, xrefs: 0043872B

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: Auth$Genu$cAMD$enti$ineI$ntel
API String ID: 0-1714976780
Opcode ID: 0267287f670431e7a6d0a9e082e982835e0205c0dfa79dfcdf529b1d0aab54d9
Instruction ID: ca8f27985a67c0e086f82fcf4527184e4a1fed2eb9f39bc972db8b7405460222
Opcode Fuzzy Hash: 0267287f670431e7a6d0a9e082e982835e0205c0dfa79dfcdf529b1d0aab54d9
Instruction Fuzzy Hash: F431227BA152160BFB7CA8688C8436DA1839399330F7AC73EF126C36C0EC6C8D814294

Uniqueness

Uniqueness Score: -1.00%

Function 00474DE0 Relevance: 7.5, APIs: 5, Instructions: 48keyboardCOMMON

Download Yara Rule

APIs

GetKeyState.USER32(00000011), ref: 00474DED
GetKeyState.USER32(00000002), ref: 00474E03
GetKeyState.USER32(00000001), ref: 00474E1B
GetKeyState.USER32(00000010), ref: 00474E33
GetKeyState.USER32(00000012), ref: 00474E49

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: State
String ID:
API String ID: 1649606143-0
Opcode ID: e4a3f74855548cd1dabc9721ca9f48d323d6609ac476364e5aa887da8fa0dace
Instruction ID: f72e7e2bdfe5cfc712674c62a591ceb4a5a0583ca76cf9781b000609727473d1
Opcode Fuzzy Hash: e4a3f74855548cd1dabc9721ca9f48d323d6609ac476364e5aa887da8fa0dace
Instruction Fuzzy Hash: 9B011E70901608EFEB04CF85DA566BDBBF2FB80705F24906ED545A7140D7749B019761

Uniqueness

Uniqueness Score: -1.00%

Function 00607811 Relevance: 6.2, APIs: 4, Instructions: 236COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 005FED46: GetLastError.KERNEL32(?,004D41D4,005E66AE,004D41D4,?,?,005F2B48,004D41D4,?,00000000), ref: 005FED4A
Part of subcall function 005FED46: _free.LIBCMT ref: 005FED7D
Part of subcall function 005FED46: SetLastError.KERNEL32(00000000,004D41D4,?,00000000), ref: 005FEDBE
Part of subcall function 005FED46: _abort.LIBCMT ref: 005FEDC4

IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,005FBDEF,?,?,?,?,005FB846,?,00000002), ref: 006078F3
_wcschr.LIBVCRUNTIME ref: 00607983
_wcschr.LIBVCRUNTIME ref: 00607991
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,005FBDEF,00000000,005FBF0F), ref: 00607A34

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast_wcschr$CodeInfoLocalePageValid_abort_free
String ID:
API String ID: 4212172061-0
Opcode ID: d9eb711be8ecd8d2185fdeca6f185ab6ccadbdbc046540c52f5ba3d61f5c41d6
Instruction ID: ba13ce869c0469c9f389367ece27e1b2c019603cd30b84e3eed4d70105aa8ee7
Opcode Fuzzy Hash: d9eb711be8ecd8d2185fdeca6f185ab6ccadbdbc046540c52f5ba3d61f5c41d6
Instruction Fuzzy Hash: 2C610B31E84206AAEB2CAB75CC46ABB7799FF44310F144429F949DB6C1E674F941C760

Uniqueness

Uniqueness Score: -1.00%

Function 005E7470 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 005E7568
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 005E7572
UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 005E757F

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: db2df3ff9e2d468f686488b5b8b0bdb64196d93fb5ae9ab377a1eb8f8d1a5472
Instruction ID: 98c862767940ed8a5f0cdc11a462d0d48eea5c0120fb07e58be01e880e6921df
Opcode Fuzzy Hash: db2df3ff9e2d468f686488b5b8b0bdb64196d93fb5ae9ab377a1eb8f8d1a5472
Instruction Fuzzy Hash: 6531C2B490122D9BCB21DF65D989B9DBBB8BF48310F5041DAE41CA7291E7709B818F54

Uniqueness

Uniqueness Score: -1.00%

Function 005F9427 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(005E77FD,?,005F93FD,005E77FD,006B9E68,0000000C,005F9554,005E77FD,00000002,00000000,?,005E77FD), ref: 005F9448
TerminateProcess.KERNEL32(00000000,?,005F93FD,005E77FD,006B9E68,0000000C,005F9554,005E77FD,00000002,00000000,?,005E77FD), ref: 005F944F
ExitProcess.KERNEL32 ref: 005F9461

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: cd0a51994e78161ab02755a6c52a8e6bcfae163888390c7c43d57a7779647c91
Instruction ID: 7c33882f88e50966f7871ea00988064c4f869bc812680c4debad5545a36c14c5
Opcode Fuzzy Hash: cd0a51994e78161ab02755a6c52a8e6bcfae163888390c7c43d57a7779647c91
Instruction Fuzzy Hash: 50E0463140050DABCF01AFA0CC1DAA83F2AFF90355B048014FA198A131CB3ADD82CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00466820 Relevance: 4.1, Strings: 3, Instructions: 376COMMON

Download Yara Rule

Strings

Invalid MAC received, xrefs: 004668A4
R, xrefs: 00466AE8
socket disconnect, xrefs: 004669A8

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: Invalid MAC received$R$socket disconnect
API String ID: 0-3460484782
Opcode ID: 1cf7f761361e1e2f84a642a9a3dd3aeca2f60b824cdfa81d16a8d6723714ecf7
Instruction ID: 1481e62d580885a18f8ece780d3b9249c7ead3b9b4a3f843cc8f8e41fd6d90cb
Opcode Fuzzy Hash: 1cf7f761361e1e2f84a642a9a3dd3aeca2f60b824cdfa81d16a8d6723714ecf7
Instruction Fuzzy Hash: A8C15AB19042445FD720DF69DC41EAFB7D8AF89318F41462FF8598B281E639DA08C7A7

Uniqueness

Uniqueness Score: -1.00%

Function 005FF730 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(00000000,00000002,00000000,?,20001004,?,20001004,?,00000002,?,?,005FB846,?,00000002), ref: 005FF783

Strings

GetLocaleInfoEx, xrefs: 005FF74B

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: InfoLocale
String ID: GetLocaleInfoEx
API String ID: 2299586839-2904428671
Opcode ID: 585b6ab857b44c449c6ba4d6208e72ff54a03a88b1387d09c017719fe55e8875
Instruction ID: 2ac2219870b322f38f591f6d3ec5bf274d936d998d6bfae2da8d88280cd0708c
Opcode Fuzzy Hash: 585b6ab857b44c449c6ba4d6208e72ff54a03a88b1387d09c017719fe55e8875
Instruction Fuzzy Hash: BEF0903164120CBBCB11AF60EC4AEBE7F66FF44B11F154529F90566290CA72992097D5

Uniqueness

Uniqueness Score: -1.00%

Function 005F05F0 Relevance: 3.5, APIs: 2, Instructions: 464COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c1834cb24e82e80c15675cab6480fc5bde8c7bebbfe0283985fd6e71a0b9b8a
Instruction ID: 3ac846a11e232f1da126030f5dbed32f0edcf6e0b9789be8db7d286f13b99014
Opcode Fuzzy Hash: 4c1834cb24e82e80c15675cab6480fc5bde8c7bebbfe0283985fd6e71a0b9b8a
Instruction Fuzzy Hash: 3A023E71E012199FDF14CFA9C9806AEBBF1FF88314F294169D919E7382D735A941CB80

Uniqueness

Uniqueness Score: -1.00%

Function 0053C150 Relevance: 2.8, Strings: 2, Instructions: 297COMMON

Download Yara Rule

Strings

.%lu, xrefs: 0053C3CB
ooo, xrefs: 0053C3D0, 0053C3D6

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: .%lu$ooo
API String ID: 0-166504061
Opcode ID: 9132e974e22d01a3ebda6821a19a65789778118c8ff55a94f3ccca8eda857a9d
Instruction ID: b20d8d27ecebdb47a39994b14c069a35eec333efbd3a7ea846ed1632131b4695
Opcode Fuzzy Hash: 9132e974e22d01a3ebda6821a19a65789778118c8ff55a94f3ccca8eda857a9d
Instruction Fuzzy Hash: A1910772A083064BDB21DEA8989573BBFE4BF95704F44092DFCD6A3241EB71D909C792

Uniqueness

Uniqueness Score: -1.00%

Function 004FB3DA Relevance: 1.8, APIs: 1, Instructions: 286timeCOMMON

Download Yara Rule

APIs

Part of subcall function 004FDEBB: SetFilePointer.KERNEL32(?,00000000,00000000,004FEBFA,?,004FEBFA,00000000,00000000,00000002,004FB8A0,?,00000000,00000000), ref: 004FDEF4

DosDateTimeToFileTime.KERNEL32(?,?,?), ref: 004FB62E

Part of subcall function 004FDFAB: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,004FB77F,?,000000FF), ref: 004FE00B

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Time$File$DatePointerSystem
String ID:
API String ID: 273651166-0
Opcode ID: 73988a39395be454a7387baae839a18057312fc4280a5a9cd447d38b6e8cc61d
Instruction ID: 4a3f8219970423b4d56f17c272fdcd60c748294fdac18ba592f835adfbf7e060
Opcode Fuzzy Hash: 73988a39395be454a7387baae839a18057312fc4280a5a9cd447d38b6e8cc61d
Instruction Fuzzy Hash: E4C1807190461C9FCB24DF29C881AEABBF4EF0A304F10859EE699D7341D734AA91CF94

Uniqueness

Uniqueness Score: -1.00%

Function 005FCCF0 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE

Download Yara Rule

APIs

RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,005FCCEB,?,?,00000008,?,?,0060A9B8,00000000), ref: 005FCF1D

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: 0e9a2f6483fca1d0ab75d173ee69cd4ff44e00a79b9d3c2db0880de0a4d0ce37
Instruction ID: 0fcd22065c341bca323221aa267941893e14767e3f161bd5e09cded75d42df17
Opcode Fuzzy Hash: 0e9a2f6483fca1d0ab75d173ee69cd4ff44e00a79b9d3c2db0880de0a4d0ce37
Instruction Fuzzy Hash: 06B14C3161060D9FD719CF28C58AB657FE1FF45364F2586A8EA99CF2A1C339E981CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00607AD4 Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 005FED46: GetLastError.KERNEL32(?,004D41D4,005E66AE,004D41D4,?,?,005F2B48,004D41D4,?,00000000), ref: 005FED4A
Part of subcall function 005FED46: _free.LIBCMT ref: 005FED7D
Part of subcall function 005FED46: SetLastError.KERNEL32(00000000,004D41D4,?,00000000), ref: 005FEDBE
Part of subcall function 005FED46: _abort.LIBCMT ref: 005FEDC4

EnumSystemLocalesW.KERNEL32(00607BFC,00000001,00000000,?,005FBDE8,?,00608229,00000000,?,?,?), ref: 00607B46

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem_abort_free
String ID:
API String ID: 1084509184-0
Opcode ID: 067596d94b20b9743810fd5683e67ef7bc01ee8f8f221e87a51347d370231a60
Instruction ID: c61110a735b9d43b6f0a132efa0d8b0a256b9778f811ae180034c034c95e62da
Opcode Fuzzy Hash: 067596d94b20b9743810fd5683e67ef7bc01ee8f8f221e87a51347d370231a60
Instruction Fuzzy Hash: 0811E53A6047055FDB1CAF39C8A15BBBB92FF80768B19842DE94687B80E375B942C750

Uniqueness

Uniqueness Score: -1.00%

Function 0045B4B0 Relevance: 1.6, APIs: 1, Instructions: 53COMMON

Download Yara Rule

APIs

libssh2_session_last_errno.SECURITEINFO.COM.PROGRAM.UNWANTED.5531.23089.22779(?), ref: 0045B501

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: D.5531.23089libssh2_session_last_errno.
String ID:
API String ID: 1735628876-0
Opcode ID: 5bc85176ab98f3c9aed6027a2f35166c1cd0a68344293de5ee7ed4785f0ff88e
Instruction ID: cc30dab9ae53907cafdb50beea91a66cce9ff2e317c19e5da530ff2482f5ebea
Opcode Fuzzy Hash: 5bc85176ab98f3c9aed6027a2f35166c1cd0a68344293de5ee7ed4785f0ff88e
Instruction Fuzzy Hash: F301DE719043042BD610EA29AC41A6BB3E8EFC435AF040A2EFC8482302F325DD0C82F3

Uniqueness

Uniqueness Score: -1.00%

Function 00462620 Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

libssh2_session_last_errno.SECURITEINFO.COM.PROGRAM.UNWANTED.5531.23089.22779(?), ref: 0046265C

Part of subcall function 0045A7E0: libssh2_keepalive_send.SECURITEINFO.COM.PROGRAM.UNWANTED.5531.23089.22779(?,00000000,00000000), ref: 0045A7FD
Part of subcall function 0045A7E0: libssh2_session_block_directions.SECURITEINFO.COM.PROGRAM.UNWANTED.5531.23089.22779(?,00000000), ref: 0045A81A
Part of subcall function 0045A7E0: select.WS2_32(?,00000000,00000000,00000000,00000000), ref: 0045A90E

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: D.5531.23089$libssh2_keepalive_send.libssh2_session_block_directions.libssh2_session_last_errno.select
String ID:
API String ID: 836389444-0
Opcode ID: b593dc3a76d5cb88a38aecb53f2a80d9c8e3f95d56bd84f871506e5432d0fa3f
Instruction ID: f519f335b171b082bfdf2bc1228e6de0f04a11008ab8324e3ecd6a91e74c2aec
Opcode Fuzzy Hash: b593dc3a76d5cb88a38aecb53f2a80d9c8e3f95d56bd84f871506e5432d0fa3f
Instruction Fuzzy Hash: FFF0F4755007012BD6009A15ED01A2B7798EBC43AAF080A3AFD8492302F769ED1887B7

Uniqueness

Uniqueness Score: -1.00%

Function 00607B6F Relevance: 1.5, APIs: 1, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 005FED46: GetLastError.KERNEL32(?,004D41D4,005E66AE,004D41D4,?,?,005F2B48,004D41D4,?,00000000), ref: 005FED4A
Part of subcall function 005FED46: _free.LIBCMT ref: 005FED7D
Part of subcall function 005FED46: SetLastError.KERNEL32(00000000,004D41D4,?,00000000), ref: 005FEDBE
Part of subcall function 005FED46: _abort.LIBCMT ref: 005FEDC4

EnumSystemLocalesW.KERNEL32(00607E4C,00000001,00000002,?,005FBDE8,?,006081ED,005FBDE8,?,?,?,?,?,005FBDE8,?,?), ref: 00607BBB

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem_abort_free
String ID:
API String ID: 1084509184-0
Opcode ID: 23e592aecd9e6d9391859c1c93aae8534ba243a691771437778832d1123d7dfa
Instruction ID: e1dc03d99921ea200ca9a356a37d3756482a6379986aacd31d5701865eba75d7
Opcode Fuzzy Hash: 23e592aecd9e6d9391859c1c93aae8534ba243a691771437778832d1123d7dfa
Instruction Fuzzy Hash: A6F028366043051FDB185F398CD2ABB7B92EF80328F05446CF9018B690D3B1BC418610

Uniqueness

Uniqueness Score: -1.00%

Function 005FF266 Relevance: 1.5, APIs: 1, Instructions: 34COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 005F61F6: RtlEnterCriticalSection.NTDLL(+_), ref: 005F6205

EnumSystemLocalesW.KERNEL32(005FF220,00000001,006BA0B0,0000000C), ref: 005FF29E

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CriticalEnterEnumLocalesSectionSystem
String ID:
API String ID: 1272433827-0
Opcode ID: 19f664eee6b0fc2904735f7d5775d434abfe14aae920b262dea4a680d2cd66bf
Instruction ID: 913d2064c68c3abb226b8bd5e28023ccd4e7987f0d85a7c337ca3b3ef4d13c7e
Opcode Fuzzy Hash: 19f664eee6b0fc2904735f7d5775d434abfe14aae920b262dea4a680d2cd66bf
Instruction Fuzzy Hash: 94F04475910209EFD710EF68D94AFAD3BB1BF44710F108119F510DB2A5C77589408B45

Uniqueness

Uniqueness Score: -1.00%

Function 00607A89 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 005FED46: GetLastError.KERNEL32(?,004D41D4,005E66AE,004D41D4,?,?,005F2B48,004D41D4,?,00000000), ref: 005FED4A
Part of subcall function 005FED46: _free.LIBCMT ref: 005FED7D
Part of subcall function 005FED46: SetLastError.KERNEL32(00000000,004D41D4,?,00000000), ref: 005FEDBE
Part of subcall function 005FED46: _abort.LIBCMT ref: 005FEDC4

EnumSystemLocalesW.KERNEL32(006079E0,00000001,00000002,?,?,0060824B,005FBDE8,?,?,?,?,?,005FBDE8,?,?,?), ref: 00607AC0

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem_abort_free
String ID:
API String ID: 1084509184-0
Opcode ID: 6ec4636f3fd8b7162530ec0730c3137f44b8bb4a77c09f3ded701a1fbf8ad911
Instruction ID: f200e6a6f619a535333fa28bd10d085f247a6e55a20307b258902cb2cb85c672
Opcode Fuzzy Hash: 6ec4636f3fd8b7162530ec0730c3137f44b8bb4a77c09f3ded701a1fbf8ad911
Instruction Fuzzy Hash: E0F05C3574020957CB089F35C8466AB7F55EFC1710F0A4058EE06CB290C271AD42C790

Uniqueness

Uniqueness Score: -1.00%

Function 00506AA3 Relevance: 1.5, Strings: 1, Instructions: 249COMMON

Download Yara Rule

Strings

bad codelengths, xrefs: 00506D3A

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: bad codelengths
API String ID: 0-697342978
Opcode ID: 0a065f0266bf2460c2ee9dfb3334f52a3ec933d99e4f8a7f42c0fc315038cef6
Instruction ID: dfa6a644803cf6f4d33048068163f0debadb251a838e4c0c0e5b545f0f486e57
Opcode Fuzzy Hash: 0a065f0266bf2460c2ee9dfb3334f52a3ec933d99e4f8a7f42c0fc315038cef6
Instruction Fuzzy Hash: C5913BB2E0091B5BDB14CA24DC55ABDBBE4FB84320F14827EE969D36C1E7749D918B80

Uniqueness

Uniqueness Score: -1.00%

Function 005E97DB Relevance: 1.5, Strings: 1, Instructions: 214COMMON

Download Yara Rule

Strings

Enter PEM pass phrase:, xrefs: 005E98E1

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: Enter PEM pass phrase:
API String ID: 0-3278253880
Opcode ID: 899ff3291911b3531298fc27b7fdcfd561e9d5b8dc50c02cbdbb183d889e8c43
Instruction ID: 74263bddbb78db124ae9e45b9ea1e6ffd9506ccd83c6c3fa46e556f8d201b942
Opcode Fuzzy Hash: 899ff3291911b3531298fc27b7fdcfd561e9d5b8dc50c02cbdbb183d889e8c43
Instruction Fuzzy Hash: 2C5137B16086C656DF3C897B449A7FE6F99BB53300F18091ED8C6C72A3D605EE46C392

Uniqueness

Uniqueness Score: -1.00%

Function 004FBDCB Relevance: .4, Instructions: 379COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 676e3206ce600a5edf9d8bb3786e24a454b1396b3000e72663707fec03abaca8
Instruction ID: 25f7348230bb7ccdbb1ddda474741fcfe53a5ec339ba61eb87705aa08f431ba9
Opcode Fuzzy Hash: 676e3206ce600a5edf9d8bb3786e24a454b1396b3000e72663707fec03abaca8
Instruction Fuzzy Hash: AD02C271A0026E8FDB24CF68C980BEDB7B5FB59310F1086EAD559E7340D670AE858F94

Uniqueness

Uniqueness Score: -1.00%

Function 00467920 Relevance: .3, Instructions: 329COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d3b65ee5710261f85becf6a62758e593bef362fae94597c2e6dce131c33b4fe
Instruction ID: 155f80053a4e91f070aacf4bbddeb9d000579d46889c9bc3cf7065d165a4b3b1
Opcode Fuzzy Hash: 2d3b65ee5710261f85becf6a62758e593bef362fae94597c2e6dce131c33b4fe
Instruction Fuzzy Hash: E7C1D6B16087019FD718DF78D885AAAF7E4BF84318F40471EEA1997341E774A904CBDA

Uniqueness

Uniqueness Score: -1.00%

Function 005E9C39 Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 481f6757af259fb5256cbe25341ecb27eed527ab54e0b8ee1268a0651247e6da
Instruction ID: 691c1568f234ce6cae7035daf979544893f550aca1bba4b7e9c605113929cc38
Opcode Fuzzy Hash: 481f6757af259fb5256cbe25341ecb27eed527ab54e0b8ee1268a0651247e6da
Instruction Fuzzy Hash: 88617B716007DA56DF3CAA2B8D957FE2FC9FF81300F64091AE9C7DB281D651ED428246

Uniqueness

Uniqueness Score: -1.00%

Function 005E9A0A Relevance: .2, Instructions: 214COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e851859beec7308c60b916243f25112e3850971195233f0acbb380cb58252c77
Instruction ID: 6cbef8713544954943bcc1111737b663c826aeb7cb86858f23f7f91787ff1797
Opcode Fuzzy Hash: e851859beec7308c60b916243f25112e3850971195233f0acbb380cb58252c77
Instruction Fuzzy Hash: 7E5158717046C557DF3C992B84997BE2FCEBF92300F28096AD8C6CB282D615EE45D352

Uniqueness

Uniqueness Score: -1.00%

Function 004FE025 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ed1d306d06e064824aa5d1ff865f126ad74beb04ac2ad809da37946773cf1bb
Instruction ID: b57765bffea3f1d01680f767cc164c57020f4cb8becc8da84f42a4bbbd49e729
Opcode Fuzzy Hash: 5ed1d306d06e064824aa5d1ff865f126ad74beb04ac2ad809da37946773cf1bb
Instruction Fuzzy Hash: E2216C315340B20AC74C8B3A9C61477BB91DB4720338F82AFEA97DA0D2C92DD525D7A0

Uniqueness

Uniqueness Score: -1.00%

Function 005E21E0 Relevance: .1, Instructions: 76COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: c2f1914ac61bdc8505f0c0436743c4c6fe75b0829c1db9c9c9760211a36a20bf
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: EB110BBF2040C243DA4C8A6FD8B46B6AF9DFBC5320F2C4369D2C24B65CD123E9459500

Uniqueness

Uniqueness Score: -1.00%

Function 004D65C0 Relevance: 89.7, APIs: 2, Strings: 49, Instructions: 454COMMON

Download Yara Rule

APIs

GetUserDefaultUILanguage.KERNEL32(006764F6,A1986743), ref: 004D660C
_fwprintf.LIBCONCRTD ref: 004D76E7

Part of subcall function 0047E710: _fread.LIBCMTD ref: 0047E72F

Part of subcall function 0048BD20: operator!=.LIBCPMTD ref: 0048BD7B
Part of subcall function 0048BD20: operator!=.LIBCPMTD ref: 0048BDAD

Strings

Spanish_Paraguay, xrefs: 004D7275
Spanish_Honduras, xrefs: 004D7221
English_Trinidad, xrefs: 004D6CA2
Chinese_Macao SAR, xrefs: 004D768F
Arabic_Algeria, xrefs: 004D746D
Spanish_Bolivia, xrefs: 004D7179
Spanish_Nicaragua, xrefs: 004D724B
French_Switzerland, xrefs: 004D6DB3
Chinese_Singapore, xrefs: 004D6B28
P, xrefs: 004D6AE9
Arabic_Jordan, xrefs: 004D74C1
English_Zimbabwe, xrefs: 004D6CE1
English_Caribbean, xrefs: 004D6C24
English_Ireland, xrefs: 004D6C39
Arabic_Libya, xrefs: 004D7500
Arabic_Syria, xrefs: 004D7569
Spanish_Guatemala, xrefs: 004D720C
English_Canada, xrefs: 004D6C0F
Spanish_Chile, xrefs: 004D718E
Arabic_U.A.E., xrefs: 004D7593
Arabic_Tunisia, xrefs: 004D757E
English_South Africa, xrefs: 004D6C8D
Spanish_Dominican Republic, xrefs: 004D71CD
Arabic_Yemen, xrefs: 004D75A8
Arabic_Iraq, xrefs: 004D74AC
English_Belize, xrefs: 004D6BFA
Spanish_El Salvador, xrefs: 004D71F7
Spanish_Panama, xrefs: 004D7260
English_Philippines, xrefs: 004D6C78
Arabic_Kuwait, xrefs: 004D74D6
German_Luxembourg, xrefs: 004D6E46
Spanish_Puerto Rico, xrefs: 004D729F
Spanish_Argentina, xrefs: 004D7164
Spanish_Colombia, xrefs: 004D71A3
Arabic_Qatar, xrefs: 004D753F
Neutral_Neutral, xrefs: 004D6AFE
Arabic_Lebanon, xrefs: 004D74EB
Arabic_Bahrain, xrefs: 004D7482
Spanish_Peru, xrefs: 004D728A
Arabic_Egypt, xrefs: 004D7497
English_Jamaica, xrefs: 004D6C4E
Arabic_Oman, xrefs: 004D752A
French_Monaco, xrefs: 004D6D9E
0x%.4x, xrefs: 004D76DB
Arabic_Morocco, xrefs: 004D7515
Spanish_Venezuela, xrefs: 004D72F3
Default_Default, xrefs: 004D6B13
Spanish_Ecuador, xrefs: 004D71E2
Spanish_Uruguay, xrefs: 004D72DE

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: operator!=$DefaultLanguageUser_fread_fwprintf
String ID: P$0x%.4x$Arabic_Algeria$Arabic_Bahrain$Arabic_Egypt$Arabic_Iraq$Arabic_Jordan$Arabic_Kuwait$Arabic_Lebanon$Arabic_Libya$Arabic_Morocco$Arabic_Oman$Arabic_Qatar$Arabic_Syria$Arabic_Tunisia$Arabic_U.A.E.$Arabic_Yemen$Chinese_Macao SAR$Chinese_Singapore$Default_Default$English_Belize$English_Canada$English_Caribbean$English_Ireland$English_Jamaica$English_Philippines$English_South Africa$English_Trinidad$English_Zimbabwe$French_Monaco$French_Switzerland$German_Luxembourg$Neutral_Neutral$Spanish_Argentina$Spanish_Bolivia$Spanish_Chile$Spanish_Colombia$Spanish_Dominican Republic$Spanish_Ecuador$Spanish_El Salvador$Spanish_Guatemala$Spanish_Honduras$Spanish_Nicaragua$Spanish_Panama$Spanish_Paraguay$Spanish_Peru$Spanish_Puerto Rico$Spanish_Uruguay$Spanish_Venezuela
API String ID: 2298643120-1910278641
Opcode ID: 9530802b503e7a59757103d0c53f9b91e12e2054789d8f3c3a9d966c5ba0fb2d
Instruction ID: 1d2a7aad3838b68819dc991044d284b169721c9a3390a009a0328ed60bd6936d
Opcode Fuzzy Hash: 9530802b503e7a59757103d0c53f9b91e12e2054789d8f3c3a9d966c5ba0fb2d
Instruction Fuzzy Hash: 74227230A4631ADADF79DB04CD65BBAB271AB12309F0040EF951921691FB7C1EC9DF4A

Uniqueness

Uniqueness Score: -1.00%

Function 00555500 Relevance: 82.7, APIs: 4, Strings: 43, Instructions: 428COMMON

Download Yara Rule

APIs

libssh2_trace_sethandler.SECURITEINFO.COM.PROGRAM.UNWANTED.5531.23089.22779(aes256,00008002,AES-256-CBC), ref: 00555A48
libssh2_trace_sethandler.SECURITEINFO.COM.PROGRAM.UNWANTED.5531.23089.22779(00000000,aes256,00008002,AES-256-CBC), ref: 00555A53
libssh2_trace_sethandler.SECURITEINFO.COM.PROGRAM.UNWANTED.5531.23089.22779(00000000,00000000,aes256,00008002,AES-256-CBC), ref: 00555A5E
libssh2_trace_sethandler.SECURITEINFO.COM.PROGRAM.UNWANTED.5531.23089.22779(00000000,00000000,00000000,aes256,00008002,AES-256-CBC), ref: 00555A69

Strings

SEED-CBC, xrefs: 005556E8, 005556FC
cast, xrefs: 00555832
DES-EDE3-CBC, xrefs: 005555ED, 00555601
AES-192-CBC, xrefs: 00555979, 00555990
AES-256-CBC, xrefs: 00555A1D, 00555A34
camellia256, xrefs: 00555BAE
des, xrefs: 005555CD
BF-CBC, xrefs: 005557A9, 005557BD, 005557D4
desx, xrefs: 00555597
camellia128, xrefs: 00555AD7
CAMELLIA-192-CBC, xrefs: 00555B23, 00555B37
des3, xrefs: 0055560B
camellia192, xrefs: 00555B41
DES-CBC, xrefs: 005555AF, 005555C3
SEED, xrefs: 005556F2
aes128, xrefs: 00555901
CAST-cbc, xrefs: 00555846
DESX, xrefs: 00555583
aes256, xrefs: 00555A3E
CAMELLIA256, xrefs: 00555B9A
AES-128-CBC, xrefs: 005558E0, 005558F7
DESX-CBC, xrefs: 00555579, 0055558D
blowfish, xrefs: 005557DE
DES3, xrefs: 005555F7
AES256, xrefs: 00555A27
IDEA-CBC, xrefs: 00555691, 005556A5
CAMELLIA-256-CBC, xrefs: 00555B90, 00555BA4
RC2-CBC, xrefs: 00555755, 00555769
idea, xrefs: 005556AF
IDEA, xrefs: 0055569B
CAMELLIA192, xrefs: 00555B2D
rc2, xrefs: 00555773
aes192, xrefs: 0055599A
CAMELLIA-128-CBC, xrefs: 00555AB6, 00555ACD
seed, xrefs: 00555706
cast-cbc, xrefs: 0055585D
CAST5-CBC, xrefs: 00555814, 00555828, 0055583C, 00555853
AES128, xrefs: 005558EA
CAST, xrefs: 0055581E
AES192, xrefs: 00555983
CAMELLIA128, xrefs: 00555AC0
RC2, xrefs: 0055575F
DES, xrefs: 005555B9

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: D.5531.23089libssh2_trace_sethandler.
String ID: AES-128-CBC$AES-192-CBC$AES-256-CBC$AES128$AES192$AES256$BF-CBC$CAMELLIA-128-CBC$CAMELLIA-192-CBC$CAMELLIA-256-CBC$CAMELLIA128$CAMELLIA192$CAMELLIA256$CAST$CAST-cbc$CAST5-CBC$DES$DES-CBC$DES-EDE3-CBC$DES3$DESX$DESX-CBC$IDEA$IDEA-CBC$RC2$RC2-CBC$SEED$SEED-CBC$aes128$aes192$aes256$blowfish$camellia128$camellia192$camellia256$cast$cast-cbc$des$des3$desx$idea$rc2$seed
API String ID: 3710141464-1028625545
Opcode ID: 5c79cc3fb8415c545592fbcfd4686b73f17bc0bf0741502e87df64dce99c9496
Instruction ID: 4f05ae288d963eb64723ccab32a6eb91a71de2dc1cb90277a760d4bcea3ec0f1
Opcode Fuzzy Hash: 5c79cc3fb8415c545592fbcfd4686b73f17bc0bf0741502e87df64dce99c9496
Instruction Fuzzy Hash: 7DB14CA598072771ED6173F02C7FF1E1E1D3DD1B0AF828842B945B62C39C68B54E85BA

Uniqueness

Uniqueness Score: -1.00%

Function 004D7D50 Relevance: 56.4, APIs: 1, Strings: 31, Instructions: 443COMMON

Download Yara Rule

Strings

_bing_, xrefs: 004D7E20
Tool, xrefs: 004D80F4
download4.cc, xrefs: 004D82FC
NXZCN, xrefs: 004D827D
_online., xrefs: 004D806F
ReiBoot, xrefs: 004D83BF
ReiBootNet, xrefs: 004D8447
NXZSoftware, xrefs: 004D8409
Adoreshare, xrefs: 004D8017
_yahoo., xrefs: 004D7E94
PDNob, xrefs: 004D833D
Yahoo, xrefs: 004D7EA6
Card, xrefs: 004D8132
_yahoo_, xrefs: 004D7E80
4ddignet-bing, xrefs: 004D8204
_4ddigbing., xrefs: 004D81F2
ZHCN, xrefs: 004D7FD9
_bing., xrefs: 004D7E34
HitPawOnline, xrefs: 004D8081
Bing, xrefs: 004D7E46
4ddignet, xrefs: 004D8239
HitPawNet, xrefs: 004D81AE
TSNET, xrefs: 004D7EDB
UltFone, xrefs: 004D7F19
PFNET, xrefs: 004D7F95
_online, xrefs: 004D805B
4uKey, xrefs: 004D837E
4ddig, xrefs: 004D8170
HitPaw, xrefs: 004D80B6
Z, xrefs: 004D82F6
UltFoneNet, xrefs: 004D82BE

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: 4ddig$4ddignet$4ddignet-bing$4uKey$Adoreshare$Bing$Card$HitPaw$HitPawNet$HitPawOnline$NXZCN$NXZSoftware$PDNob$PFNET$ReiBoot$ReiBootNet$TSNET$Tool$UltFone$UltFoneNet$Yahoo$Z$ZHCN$_4ddigbing.$_bing.$_bing_$_online$_online.$_yahoo.$_yahoo_$download4.cc
API String ID: 0-3957181515
Opcode ID: f39990026d4d20321a17c53e1c7cb22be3e940c028c8e394e091f22c91bf390f
Instruction ID: 77cf7d3dc0beaa972466f381803b9def5ba0cc013a6211b0bdd13347e8effb68
Opcode Fuzzy Hash: f39990026d4d20321a17c53e1c7cb22be3e940c028c8e394e091f22c91bf390f
Instruction Fuzzy Hash: 69120730A0020CDFDF24EF15CC61AAE77B1AF41364F11865EF5695A2E1DB38AA41DF89

Uniqueness

Uniqueness Score: -1.00%

Function 004D8DF0 Relevance: 54.6, APIs: 12, Strings: 19, Instructions: 325processCOMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNEL32(00000000,?,00000001,-00000002,A1986743), ref: 004D8E59
std::_Container_base12::~_Container_base12.LIBCPMTD ref: 004D8F6D
ShellExecuteW.SHELL32(00000000,open,explorer.exe,00000000,00000000,00000001), ref: 004D8F7F
GetLastError.KERNEL32 ref: 004D8F8B
_fwprintf.LIBCONCRTD ref: 004D9056

Part of subcall function 00485DE0: std::_Container_base12::~_Container_base12.LIBCPMTD ref: 00485E1D

Part of subcall function 004DC890: __Init_thread_footer.LIBCMT ref: 004DC908

std::_Container_base12::~_Container_base12.LIBCPMTD ref: 004D8E53

Part of subcall function 0047CA20: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0047CA49

std::_Container_base12::~_Container_base12.LIBCPMTD ref: 004D91AD
std::_Container_base12::~_Container_base12.LIBCPMTD ref: 004D91C3
CreateProcessW.KERNEL32(00000000,00000000,00000000,00000000,00000001,04000000,00000000,00000000,00000044,?,0000005C,FFFFFFFF,0069B82C,?,?,A1986743), ref: 004D91CB
GetLastError.KERNEL32(?,?,A1986743), ref: 004D91D9
wsprintfW.USER32 ref: 004D9218

Strings

..\..\..\..\src\FuntionImpl.cpp, xrefs: 004D922F
open, xrefs: 004D8F78
StartWindowError, xrefs: 004D9067
..\..\..\..\src\FuntionImpl.cpp, xrefs: 004D8FB2
Other, xrefs: 004D92D2
StartWindowError, xrefs: 004D8EFE
int __cdecl FuntionImpl::StartTargetMainExe(class std::basic_string<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> >,int), xrefs: 004D9225
StartWindowError, xrefs: 004D92CD
int __cdecl FuntionImpl::StartTargetMainExe(class std::basic_string<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> >,int), xrefs: 004D8E76
int __cdecl FuntionImpl::StartTargetMainExe(class std::basic_string<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> >,int), xrefs: 004D8FA8
CreateProcess failed2 (, xrefs: 004D8FE9
Other, xrefs: 004D906C
CreateProcess failed3 (%d), xrefs: 004D920C
CreateProcess failed1 (, xrefs: 004D8EB7
D, xrefs: 004D9114
Other, xrefs: 004D8F03
..\..\..\..\src\FuntionImpl.cpp, xrefs: 004D8E80
/e, , xrefs: 004D8F4B
explorer.exe, xrefs: 004D8F73

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Container_base12Container_base12::~_std::_$ErrorLast$AttributesBase::Concurrency::details::ContextCreateExecuteFileIdentityInit_thread_footerProcessQueueShellWork_fwprintfwsprintf
String ID: CreateProcess failed1 ($ CreateProcess failed2 ($..\..\..\..\src\FuntionImpl.cpp$..\..\..\..\src\FuntionImpl.cpp$..\..\..\..\src\FuntionImpl.cpp$/e, $CreateProcess failed3 (%d)$D$Other$Other$Other$StartWindowError$StartWindowError$StartWindowError$explorer.exe$int __cdecl FuntionImpl::StartTargetMainExe(class std::basic_string<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> >,int)$int __cdecl FuntionImpl::StartTargetMainExe(class std::basic_string<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> >,int)$int __cdecl FuntionImpl::StartTargetMainExe(class std::basic_string<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> >,int)$open
API String ID: 1479719766-2662774569
Opcode ID: eaca124a7bc8d108b2a0b5220c38a2ce3d2c1420f08a63fa9499efeb7ecef713
Instruction ID: 8ecbc7e37e8c4f886ca2f0aeed067f983f2c234e35a707709c6c4546130dfc4e
Opcode Fuzzy Hash: eaca124a7bc8d108b2a0b5220c38a2ce3d2c1420f08a63fa9499efeb7ecef713
Instruction Fuzzy Hash: 50D19070A00618AADB20EB60DD96BEE7775AB44705F0081DDF509AB2C2DBB45F84CF95

Uniqueness

Uniqueness Score: -1.00%

Function 0047DFE0 Relevance: 54.3, APIs: 36, Instructions: 284COMMON

Download Yara Rule

APIs

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0047E099
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0047E0A8
char_traits.LIBCPMTD ref: 0047E0B4
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0047E0D0
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0047E0E5
char_traits.LIBCPMTD ref: 0047E0F7
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0047E106
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0047E115
char_traits.LIBCPMTD ref: 0047E121
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0047E13D
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0047E14C
char_traits.LIBCPMTD ref: 0047E158
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0047E167
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0047E17C
char_traits.LIBCPMTD ref: 0047E18E

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Base::Concurrency::details::ContextIdentityQueueWork$char_traits
String ID:
API String ID: 1941806930-0
Opcode ID: 5b29f47169018024c5e12ef1c1d5820077d0104443f99be338b63d03dad04b15
Instruction ID: 282dfc716d0406dfdac478d98a5e24f2986a01d76df2c4f647446b765b76e618
Opcode Fuzzy Hash: 5b29f47169018024c5e12ef1c1d5820077d0104443f99be338b63d03dad04b15
Instruction Fuzzy Hash: 32C1E270A0000EEFCB14EF59C992CDE7776AF88348B11855DF9095B266DB34AE25CBD4

Uniqueness

Uniqueness Score: -1.00%

Function 00490CB0 Relevance: 54.2, APIs: 36, Instructions: 249COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00490D6C
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00490D78
char_traits.LIBCPMTD ref: 00490D81
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00490D9D
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00490DAC
char_traits.LIBCPMTD ref: 00490DB8
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00490DC7
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00490DD3
char_traits.LIBCPMTD ref: 00490DDC
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00490DF8
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00490E04
char_traits.LIBCPMTD ref: 00490E0D
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00490E1C
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00490E2B
char_traits.LIBCPMTD ref: 00490E37

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Base::Concurrency::details::ContextIdentityQueueWork$char_traits
String ID:
API String ID: 1941806930-0
Opcode ID: 79a62be72cdeef87cf15268bd0371060c79c4a4488ac3b5ee5e98fc4a685bcf5
Instruction ID: c9cc5097ed4b9b61c983e4f60bccca27dfff8cc458ac955081606859f07e1c1c
Opcode Fuzzy Hash: 79a62be72cdeef87cf15268bd0371060c79c4a4488ac3b5ee5e98fc4a685bcf5
Instruction Fuzzy Hash: 90A14AB6A00008EFCF04FF95D996DDE7BB5AF58348F108469F90997212DB34AE50DB98

Uniqueness

Uniqueness Score: -1.00%

Function 00462690 Relevance: 49.5, APIs: 7, Strings: 21, Instructions: 469COMMON

Download Yara Rule

APIs

_sprintf_s.LIBCMTD ref: 00462733
libssh2_session_last_errno.SECURITEINFO.COM.PROGRAM.UNWANTED.5531.23089.22779(?,?,?,00000000,?,?,?), ref: 004627BA
libssh2_channel_free.SECURITEINFO.COM.PROGRAM.UNWANTED.5531.23089.22779(?,?,?,?,?,?,?), ref: 00462C27

Strings

session, xrefs: 004627A1
Would block send core file data for SCP file, xrefs: 00462AF8
Unable to send core file data for SCP file, xrefs: 00462B15
failed to send file, xrefs: 00462BFF
Would block waiting for response from remote, xrefs: 004628BD
scp -%st , xrefs: 0046272C
Would block starting up channel, xrefs: 004627E9
Unexpected channel close, xrefs: 00462B80
Unable to allocate a command buffer for scp session, xrefs: 004626F7
T%ld 0 %ld 0, xrefs: 00462924
Would block waiting for response, xrefs: 00462A38
Invalid SCP ACK response, xrefs: 00462A75
C0%o %I64d %s, xrefs: 00462A9C
Unknown error while getting error string, xrefs: 00462868
SCP failure, xrefs: 004628D6, 00462A52
failed to get memory, xrefs: 00462BBE
Would block requesting SCP startup, xrefs: 0046283A
Invalid ACK response from remote, xrefs: 004628F5
Would block sending time data for SCP file, xrefs: 004629D5
exec, xrefs: 00462827
Unable to send time data for SCP file, xrefs: 004629F2

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: D.5531.23089$_sprintf_slibssh2_channel_free.libssh2_session_last_errno.
String ID: C0%o %I64d %s$Invalid ACK response from remote$Invalid SCP ACK response$SCP failure$T%ld 0 %ld 0$Unable to allocate a command buffer for scp session$Unable to send core file data for SCP file$Unable to send time data for SCP file$Unexpected channel close$Unknown error while getting error string$Would block requesting SCP startup$Would block send core file data for SCP file$Would block sending time data for SCP file$Would block starting up channel$Would block waiting for response$Would block waiting for response from remote$exec$failed to get memory$failed to send file$scp -%st $session
API String ID: 1696162823-3638574340
Opcode ID: 524f1c7a8819cab39b10a45962973038f7faf0b5b017a2b8fe022e4baa07c6bc
Instruction ID: 497a20ce0beac5adfff6c95d1226a7b135943be0f1d5e91364abd1302591556e
Opcode Fuzzy Hash: 524f1c7a8819cab39b10a45962973038f7faf0b5b017a2b8fe022e4baa07c6bc
Instruction Fuzzy Hash: 64F10571600B007FD2209AB58C81FAB73D5AF95314F10491FF99E93281FAB9A906C77B

Uniqueness

Uniqueness Score: -1.00%

Function 004DD060 Relevance: 37.1, APIs: 8, Strings: 13, Instructions: 318COMMON

Download Yara Rule

APIs

std::_Container_base12::~_Container_base12.LIBCPMTD ref: 004DD4FA
std::_Container_base12::~_Container_base12.LIBCPMTD ref: 004DD505
std::_Container_base12::~_Container_base12.LIBCPMTD ref: 004DD510
std::_Container_base12::~_Container_base12.LIBCPMTD ref: 004DD51B
std::_Container_base12::~_Container_base12.LIBCPMTD ref: 004DD527
std::_Container_base12::~_Container_base12.LIBCPMTD ref: 004DD533
std::_Container_base12::~_Container_base12.LIBCPMTD ref: 004DD53E
_fwprintf.LIBCONCRTD ref: 004DD550

Strings

&cd5=, xrefs: 004DD26A
&cd2=, xrefs: 004DD140
2.7.11.0, xrefs: 004DD111, 004DD539
&cd1=, xrefs: 004DD116
&cd3=, xrefs: 004DD1A4
&cd7=, xrefs: 004DD32E
United Kingdom, xrefs: 004DD29B, 004DD50B
&cd8=, xrefs: 004DD390
&cd6=, xrefs: 004DD2CC
&cd4=, xrefs: 004DD208
4DDiG DLL Fixer, xrefs: 004DD239, 004DD516
English, xrefs: 004DD2FD, 004DD500
&ep.cd1=%s&ep.cd2=%s&ep.cd3=%s&ep.cd4=%s&ep.cd5=%s&ep.cd6=%s&ep.cd7=%s&ep.cd8=%d, xrefs: 004DD544

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Container_base12Container_base12::~_std::_$_fwprintf
String ID: &cd1=$&cd2=$&cd3=$&cd4=$&cd5=$&cd6=$&cd7=$&cd8=$&ep.cd1=%s&ep.cd2=%s&ep.cd3=%s&ep.cd4=%s&ep.cd5=%s&ep.cd6=%s&ep.cd7=%s&ep.cd8=%d$2.7.11.0$4DDiG DLL Fixer$English$United Kingdom
API String ID: 3329881603-3232758530
Opcode ID: e89e9d920ef7a6aad7e3c16bf9a2ce58f3086ed1f42effe3e978ead1c29666a3
Instruction ID: 8715d62db26b67972237e36ae9f3b8382b56236956948220c0f0fbaa6c03d433
Opcode Fuzzy Hash: e89e9d920ef7a6aad7e3c16bf9a2ce58f3086ed1f42effe3e978ead1c29666a3
Instruction Fuzzy Hash: 96E18D75C0025CAECB29EB95CC51BDEBBB5AF18308F0481EEE509A3241DB745F849F95

Uniqueness

Uniqueness Score: -1.00%

Function 00415300 Relevance: 35.2, APIs: 11, Strings: 9, Instructions: 186COMMON

Download Yara Rule

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041534E
__allrem.LIBCMT ref: 00415381
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041538F
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041539F
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004153D3
__allrem.LIBCMT ref: 00415403
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00415411
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00415421
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00415454
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00415487
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004154AC

Strings

%2I64d.%0I64dG, xrefs: 00415428
%4I64dk, xrefs: 00415355
%4I64dG, xrefs: 0041545B
%5I64d, xrefs: 0041531E
%4I64dP, xrefs: 004154B3
%4I64dT, xrefs: 0041548E
%2I64d.%0I64dM, xrefs: 004153A6
%4I64dM, xrefs: 004153DA
tPHK, xrefs: 00415305

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$__allrem
String ID: %2I64d.%0I64dG$%2I64d.%0I64dM$%4I64dG$%4I64dM$%4I64dP$%4I64dT$%4I64dk$%5I64d$tPHK
API String ID: 632788072-3077278694
Opcode ID: f77901f49b08fad33ad3d600d09f2ba534cbfadb71bba4a8c2c15b2fee184490
Instruction ID: 25e6b799e4a67979d480f789995ca227d5baf79aecf33f23c3e19179a984b21f
Opcode Fuzzy Hash: f77901f49b08fad33ad3d600d09f2ba534cbfadb71bba4a8c2c15b2fee184490
Instruction Fuzzy Hash: 1941DDF1B81B04BAF431285A6C8BFEB481D9BD1F99F14442FBA05B60C3A5DD59E0407E

Uniqueness

Uniqueness Score: -1.00%

Function 00458750 Relevance: 28.3, APIs: 4, Strings: 12, Instructions: 292COMMON

Download Yara Rule

Strings

|1|%s|%s%s %s, xrefs: 00458904
|1|%s|%s%s %s %s, xrefs: 004588DB
ssh-dss, xrefs: 00458773
Unable to allocate memory for base64-encoded salt, xrefs: 00458843
Unable to allocate memory for base64-encoded host name, xrefs: 00458803
Unsupported type of known-host information store, xrefs: 00458787
ssh-rsa, xrefs: 0045876B
%s%s %s %s, xrefs: 004589B2
Known-host write buffer too small, xrefs: 0045891B, 00458A0D
%s%s %s, xrefs: 004589E1
0sf<sf, xrefs: 004587AD, 004589B0, 004589DF
<sf, xrefs: 0045898A, 00458A14

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: ssh-dss$ ssh-rsa$%s%s %s$%s%s %s %s$0sf<sf$<sf$Known-host write buffer too small$Unable to allocate memory for base64-encoded host name$Unable to allocate memory for base64-encoded salt$Unsupported type of known-host information store$|1|%s|%s%s %s$|1|%s|%s%s %s %s
API String ID: 0-3777664431
Opcode ID: 73683f43a7cf33adb19b3aecd9aa0e51af9db5aae1f84a66abd6a6d622adb680
Instruction ID: 84061c4c74cfd3d2fafd138472cdaa27acb4e56380a28c40e7cf29526ebca65c
Opcode Fuzzy Hash: 73683f43a7cf33adb19b3aecd9aa0e51af9db5aae1f84a66abd6a6d622adb680
Instruction Fuzzy Hash: 1691BE71608202AFC304DF69DC95C6BB7E9EFC9304F544A1EF894D7312EA35E9098B96

Uniqueness

Uniqueness Score: -1.00%

Function 00606DFF Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 114COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 00606E43

Part of subcall function 006061D7: _free.LIBCMT ref: 006061F4
Part of subcall function 006061D7: _free.LIBCMT ref: 00606206
Part of subcall function 006061D7: _free.LIBCMT ref: 00606218
Part of subcall function 006061D7: _free.LIBCMT ref: 0060622A
Part of subcall function 006061D7: _free.LIBCMT ref: 0060623C
Part of subcall function 006061D7: _free.LIBCMT ref: 0060624E
Part of subcall function 006061D7: _free.LIBCMT ref: 00606260
Part of subcall function 006061D7: _free.LIBCMT ref: 00606272
Part of subcall function 006061D7: _free.LIBCMT ref: 00606284
Part of subcall function 006061D7: _free.LIBCMT ref: 00606296
Part of subcall function 006061D7: _free.LIBCMT ref: 006062A8
Part of subcall function 006061D7: _free.LIBCMT ref: 006062BA
Part of subcall function 006061D7: _free.LIBCMT ref: 006062CC

_free.LIBCMT ref: 00606E38

Part of subcall function 005F64BE: RtlFreeHeap.NTDLL(00000000,00000000,?,00606944,005EB47E,00000000,005EB47E,00000000,?,00606BE8,005EB47E,00000007,005EB47E,?,00606F97,005EB47E), ref: 005F64D4
Part of subcall function 005F64BE: GetLastError.KERNEL32(005EB47E,?,00606944,005EB47E,00000000,005EB47E,00000000,?,00606BE8,005EB47E,00000007,005EB47E,?,00606F97,005EB47E,005EB47E), ref: 005F64E6

_free.LIBCMT ref: 00606E5A
_free.LIBCMT ref: 00606E6F
_free.LIBCMT ref: 00606E7A
_free.LIBCMT ref: 00606E9C
_free.LIBCMT ref: 00606EAF
_free.LIBCMT ref: 00606EBD
_free.LIBCMT ref: 00606EC8
_free.LIBCMT ref: 00606F00
_free.LIBCMT ref: 00606F07
_free.LIBCMT ref: 00606F24
_free.LIBCMT ref: 00606F3C

Strings

ql, xrefs: 00606E15
xsl, xrefs: 00606EEB

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID: ql$xsl
API String ID: 161543041-4224295949
Opcode ID: f2f6c7cc5662bf07c13d8889088cf8d3eb0ab3fe91f98b0577aba5714d8bd221
Instruction ID: 66978af8c4583bc045eb864ee0d2a412bcc9f331ddeb756bbfaf98127c8a68dc
Opcode Fuzzy Hash: f2f6c7cc5662bf07c13d8889088cf8d3eb0ab3fe91f98b0577aba5714d8bd221
Instruction Fuzzy Hash: 5131A03154470A9FEB24AA38D849BA777EBFF80350F104419F958C7691DF7AEC608B10

Uniqueness

Uniqueness Score: -1.00%

Function 00528970 Relevance: 26.4, APIs: 4, Strings: 11, Instructions: 113COMMON

Download Yara Rule

APIs

libssh2_trace_sethandler.SECURITEINFO.COM.PROGRAM.UNWANTED.5531.23089.22779(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,0041253A,004010C5,?,00401121,00000003), ref: 005289E9
libssh2_trace_sethandler.SECURITEINFO.COM.PROGRAM.UNWANTED.5531.23089.22779(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,0041253A,004010C5,?,00401121), ref: 005289F4
libssh2_trace_sethandler.SECURITEINFO.COM.PROGRAM.UNWANTED.5531.23089.22779(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,0041253A,004010C5), ref: 005289FF
libssh2_trace_sethandler.SECURITEINFO.COM.PROGRAM.UNWANTED.5531.23089.22779(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,0041253A,004010C5), ref: 00528A0A

Strings

dss1, xrefs: 00528B0B
ssl3-sha1, xrefs: 00528A81
RSA-SHA1, xrefs: 00528A8B
DSA-SHA1, xrefs: 00528AD9, 00528AED, 00528B01
SHA1, xrefs: 00528A77
DSA-SHA1-old, xrefs: 00528AE3
ssl3-md5, xrefs: 00528A62
RSA-SHA1-2, xrefs: 00528A95
MD5, xrefs: 00528A44, 00528A58
ssl2-md5, xrefs: 00528A4E
DSS1, xrefs: 00528AF7

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: D.5531.23089libssh2_trace_sethandler.
String ID: DSA-SHA1$DSA-SHA1-old$DSS1$MD5$RSA-SHA1$RSA-SHA1-2$SHA1$dss1$ssl2-md5$ssl3-md5$ssl3-sha1
API String ID: 3710141464-581511803
Opcode ID: 36e82ce71e4f09a62cc13263660b540bf50d73fe78bf687f72e9c9ffc9c8e459
Instruction ID: 399caa72e58be4efcc267bb83fc88011eca985fb6822a7d98cd1073be9249651
Opcode Fuzzy Hash: 36e82ce71e4f09a62cc13263660b540bf50d73fe78bf687f72e9c9ffc9c8e459
Instruction Fuzzy Hash: 6821AAB494072370ED2073F12CAFE4E1E1D3DD170EF424841B895B62C3DCA9B48985BA

Uniqueness

Uniqueness Score: -1.00%

Function 0045DF40 Relevance: 24.8, APIs: 1, Strings: 13, Instructions: 267COMMON

Download Yara Rule

APIs

libssh2_session_last_errno.SECURITEINFO.COM.PROGRAM.UNWANTED.5531.23089.22779(00000000,?,?,?,00000000,?,0045E2AA,?), ref: 0045DF98

Strings

session, xrefs: 0045DF7F
Unable to request SFTP subsystem, xrefs: 0045E029
Would block to request SFTP subsystem, xrefs: 0045E00E
Would block requesting handle extended data, xrefs: 0045E062
Would block starting up channel, xrefs: 0045DFA5
Unable to startup channel, xrefs: 0045DFBB
Invalid SSH_FXP_VERSION response, xrefs: 0045E189
subsystem, xrefs: 0045DFFB
Would block sending SSH_FXP_INIT, xrefs: 0045E120
Timeout waiting for response from SFTP subsystem, xrefs: 0045E17A
Unable to send SSH_FXP_INIT, xrefs: 0045E13B
sftp, xrefs: 0045DFF4
Unable to allocate a new SFTP structure, xrefs: 0045E093

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: D.5531.23089libssh2_session_last_errno.
String ID: Invalid SSH_FXP_VERSION response$Timeout waiting for response from SFTP subsystem$Unable to allocate a new SFTP structure$Unable to request SFTP subsystem$Unable to send SSH_FXP_INIT$Unable to startup channel$Would block requesting handle extended data$Would block sending SSH_FXP_INIT$Would block starting up channel$Would block to request SFTP subsystem$session$sftp$subsystem
API String ID: 1735628876-913057909
Opcode ID: efeae246fe29e2e497bc07aa4183c969af3ac7ff90db88ae96f7826fd7aca056
Instruction ID: c4a7106b3b0537b8d12d3e8729cf0eaacf4b5ebaebe76e197ea8315d80db1084
Opcode Fuzzy Hash: efeae246fe29e2e497bc07aa4183c969af3ac7ff90db88ae96f7826fd7aca056
Instruction Fuzzy Hash: 4A8105B29042456EEF309F25AC81EAF7399EB41319F100B3BFD0E9A2C2E77556488757

Uniqueness

Uniqueness Score: -1.00%

Function 004FFFDD Relevance: 19.6, APIs: 13, Instructions: 82windowCOMMON

Download Yara Rule

APIs

GetWindow.USER32(?,00000004), ref: 004FFFF1
ShowWindow.USER32(?,00000001,?,?,?,00000000,96C80000,00000000,00000000,00000000,00000258,00000190), ref: 004FFFFE
EnableWindow.USER32(00000000,00000000), ref: 00500007
IsWindow.USER32(?), ref: 0050001A
GetMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00500031
EnableWindow.USER32(00000000,00000001), ref: 00500052
SetFocus.USER32(00000000,?,?,?,00000000), ref: 00500059
TranslateMessage.USER32(00000000), ref: 0050006D
DispatchMessageW.USER32(00000000), ref: 00500077
IsWindow.USER32(?), ref: 00500086
EnableWindow.USER32(00000000,00000001), ref: 00500093
SetFocus.USER32(00000000,?,?,?,00000000,96C80000,00000000,00000000,00000000,00000258,00000190), ref: 0050009A
PostQuitMessage.USER32(00000000), ref: 005000A8

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$Message$Enable$Focus$DispatchPostQuitShowTranslate
String ID:
API String ID: 200552106-0
Opcode ID: f19d14e60d0717646f41a0208118f7bad46bf3efcf2d7fe063e83853d9427f5f
Instruction ID: 4db7fe169b3acfdf31f3de318890eea2863cc26908a7881b2e7e3cd8a1c41598
Opcode Fuzzy Hash: f19d14e60d0717646f41a0208118f7bad46bf3efcf2d7fe063e83853d9427f5f
Instruction Fuzzy Hash: A3215C31900208EBEF219BA4DD59BEEBBBAFF08301F089016F605E6191D77599418B71

Uniqueness

Uniqueness Score: -1.00%

Function 0045BCE0 Relevance: 19.5, APIs: 1, Strings: 10, Instructions: 274COMMON

Download Yara Rule

APIs

_fwprintf.LIBCONCRTD ref: 0045BE69

Part of subcall function 0047E710: _fread.LIBCMTD ref: 0047E72F

Strings

x11-req, xrefs: 0045BDD9
Would block sending X11-req packet, xrefs: 0045BECA
Unable to allocate memory for pty-request, xrefs: 0045BDB2
, xrefs: 0045BD30
Unable to complete request for channel x11-req, xrefs: 0045BFF3
<random>, xrefs: 0045BD6B
Unable to send x11-req packet, xrefs: 0045BF00
waiting for x11-req response packet, xrefs: 0045BFAE
MIT-MAGIC-COOKIE-1, xrefs: 0045BD76, 0045BD87, 0045BE09, 0045BE17
%02X, xrefs: 0045BE63

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: _fread_fwprintf
String ID: $%02X$<random>$MIT-MAGIC-COOKIE-1$Unable to allocate memory for pty-request$Unable to complete request for channel x11-req$Unable to send x11-req packet$Would block sending X11-req packet$waiting for x11-req response packet$x11-req
API String ID: 2879884958-2076190794
Opcode ID: d60f2b1c446e48ada82f08c565b6888f2a7db4fd066bbc78a817ab80929d6c45
Instruction ID: 50e5ca99aafa9ae0285bbfe36b55bf81160d6c3582fa585b43dccffebed74fea
Opcode Fuzzy Hash: d60f2b1c446e48ada82f08c565b6888f2a7db4fd066bbc78a817ab80929d6c45
Instruction Fuzzy Hash: DF91E5716087419FC314DF65C885AABB3E5FFC8304F44491EF99A87242E739E9088B96

Uniqueness

Uniqueness Score: -1.00%

Function 005156F5 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 199COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 005156FC
new.LIBCMT ref: 0051576A
new.LIBCMT ref: 00515795
new.LIBCMT ref: 005157D7
new.LIBCMT ref: 00515802
new.LIBCMT ref: 00515844

Strings

TreeNodeUI, xrefs: 00515902
ZQ, xrefs: 0051570D
align, xrefs: 005158BD
left, xrefs: 005158B8
;P, xrefs: 005157BE, 0051582B

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: H_prolog3
String ID: TreeNodeUI$align$left$;P$ZQ
API String ID: 431132790-655633490
Opcode ID: 654b2f0fa490bb9d8852b33d8e8410a48b3b0f23c060c7d8245fb4dd52d672c5
Instruction ID: 844edd35a3bf39e8fe7050e2c606f4e56c0fddfa973b4c69046222ce7ef323ff
Opcode Fuzzy Hash: 654b2f0fa490bb9d8852b33d8e8410a48b3b0f23c060c7d8245fb4dd52d672c5
Instruction Fuzzy Hash: 7781AD70701A02EFD708DF74C889BAAFBA5BF49345F14016DE4199B392DB706A54CF91

Uniqueness

Uniqueness Score: -1.00%

Function 00485310 Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 170COMMON

Download Yara Rule

APIs

Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::_Scoped_lock.LIBCMTD ref: 0048534F

Part of subcall function 0048B400: std::_Mutex_base::~_Mutex_base.LIBCONCRTD ref: 0048B414

SafeRWList.LIBCONCRTD ref: 00485542

Part of subcall function 00484E60: Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 00484E8C

SafeRWList.LIBCONCRTD ref: 004854AE

Part of subcall function 0048CF20: Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 0048CF6E

new.LIBCMT ref: 004854C0
shared_ptr.LIBCMTD ref: 00485518

Strings

Invalid logger ID [, xrefs: 004853E2
] WITH MESSAGE ", xrefs: 0048542F
ASSERTION FAILURE FROM EASYLOGGING++ (LINE: , xrefs: 0048543E
`Wi, xrefs: 00485555
]. Not registering this logger., xrefs: 004853D9
) [validId, xrefs: 00485434

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ListProcessorSafeVirtual$Affinity::operator!=Concurrency::Concurrency::details::Concurrency::details::_CriticalHardwareLock::_Mutex_baseMutex_base::~_ReentrantRootRoot::Scoped_lockScoped_lock::_shared_ptrstd::_
String ID: ) [validId$ASSERTION FAILURE FROM EASYLOGGING++ (LINE: $Invalid logger ID [$] WITH MESSAGE "$]. Not registering this logger.$`Wi
API String ID: 3292200182-2204589995
Opcode ID: a19931a72df6ae67d7e0cdf8b25a1a3e9738ae7590cd6fcf92a3c2c828c46471
Instruction ID: 638f03df9ec7a954789332cdb27b8a0a68a56a2d28cb7d74c763ea708197105b
Opcode Fuzzy Hash: a19931a72df6ae67d7e0cdf8b25a1a3e9738ae7590cd6fcf92a3c2c828c46471
Instruction Fuzzy Hash: 0F6150B0E01248ABCF04EBA5DC51FDEBBB5AF55304F10456DF406A7382DB785A44CB99

Uniqueness

Uniqueness Score: -1.00%

Function 004DC960 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 166COMMON

Download Yara Rule

APIs

std::_Container_base12::~_Container_base12.LIBCPMTD ref: 004DCAD9
std::_Container_base12::~_Container_base12.LIBCPMTD ref: 004DCAE2
std::_Container_base12::~_Container_base12.LIBCPMTD ref: 004DCAEB
std::_Container_base12::~_Container_base12.LIBCPMTD ref: 004DCAF4
std::_Container_base12::~_Container_base12.LIBCPMTD ref: 004DCAFF

Strings

UA-114767297-1, xrefs: 004DCB0A
2.7.11.0, xrefs: 004DCAFA
Downloader, xrefs: 004DCB05

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Container_base12Container_base12::~_std::_
String ID: 2.7.11.0$Downloader$UA-114767297-1
API String ID: 1531518832-4050625499
Opcode ID: 3c55b18b4cb09f81401cc9bb7ff1cbb9bcba53dce4b5d01a31979e73524e95e4
Instruction ID: c3115b799efd68fef06c0fb91d4ab157699afc28a72d64fabcead2d0e2c47963
Opcode Fuzzy Hash: 3c55b18b4cb09f81401cc9bb7ff1cbb9bcba53dce4b5d01a31979e73524e95e4
Instruction Fuzzy Hash: 46713971900219DFDB14EF64CCA6BEEB7B5AB45714F00829FE409A7291DB386A84CF94

Uniqueness

Uniqueness Score: -1.00%

Function 0053A310 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 91registryfilewindowCOMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(000000F4,00000065,0053A466,%s(%d): OpenSSL internal error, assertion failed: %s,?,?,?,0053A06E,.\crypto\cryptlib.c,0000024D,pointer != NULL,00000169), ref: 0053A32B
GetFileType.KERNEL32(00000000), ref: 0053A338
vswprintf.LIBCMT ref: 0053A35B
WriteFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 0053A37B
vswprintf.LIBCMT ref: 0053A3B0
RegisterEventSourceA.ADVAPI32(00000000,OpenSSL), ref: 0053A3D0
ReportEventA.ADVAPI32(00000000,00000001,00000000,00000000,00000000,00000001,00000000,?,00000000), ref: 0053A3F8
DeregisterEventSource.ADVAPI32(00000000), ref: 0053A3FF
MessageBoxA.USER32(00000000,?,OpenSSL: FATAL,00000010), ref: 0053A429

Strings

OpenSSL, xrefs: 0053A3C9
OpenSSL: FATAL, xrefs: 0053A41D

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Event$FileSourcevswprintf$DeregisterHandleMessageRegisterReportTypeWrite
String ID: OpenSSL$OpenSSL: FATAL
API String ID: 422145335-4224901669
Opcode ID: a6496ea7783a24fa701676a57d809d54c129b223b11c27a21968625d3bc6638b
Instruction ID: a69eea3e8911c38402938e843db242cd896c2f55f80e1016a03fe5436c3c0cd8
Opcode Fuzzy Hash: a6496ea7783a24fa701676a57d809d54c129b223b11c27a21968625d3bc6638b
Instruction Fuzzy Hash: B531B471608301ABE721EB60DC4AFEB77D9FF88B00F44481EBA89D61C0EBB4D5448663

Uniqueness

Uniqueness Score: -1.00%

Function 00476560 Relevance: 18.0, APIs: 9, Strings: 1, Instructions: 486COMMON

Download Yara Rule

Strings

tooltips_class32, xrefs: 0047794E

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: tooltips_class32
API String ID: 0-1918224756
Opcode ID: 63def8b3380ed5587c51c8f400f69ceeb26d42d9ea445bb22b600de0b98ade53
Instruction ID: d938cc9b20cfe9b09a54c5d3a9cf229743ec62e7f05940b9c86799c2e8392834
Opcode Fuzzy Hash: 63def8b3380ed5587c51c8f400f69ceeb26d42d9ea445bb22b600de0b98ade53
Instruction Fuzzy Hash: 5632D674A002298FDB64DF15CCA4BE9B7B1AF49308F1481EAD60DAB391CB746E81CF55

Uniqueness

Uniqueness Score: -1.00%

Function 004634E0 Relevance: 17.7, APIs: 3, Strings: 7, Instructions: 233COMMON

Download Yara Rule

APIs

__fread_nolock.LIBCMT ref: 0046353A

Strings

Unable to allocate memory for public key data, xrefs: 004635B1
Unable to open public key file, xrefs: 00463506
Unable to read public key from file, xrefs: 004635E6
Missing public key data, xrefs: 00463634
Invalid data in public key file, xrefs: 00463583
Invalid key data, not base64 encoded, xrefs: 004636BB
Invalid public key data, xrefs: 00463665

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __fread_nolock
String ID: Invalid data in public key file$Invalid key data, not base64 encoded$Invalid public key data$Missing public key data$Unable to allocate memory for public key data$Unable to open public key file$Unable to read public key from file
API String ID: 2638373210-3150497671
Opcode ID: 6af847295f17f0c69c811a99d4e25c8e9eb554a2ab821faf6673dfeea2c999c0
Instruction ID: 47fc91056ea7aed7e4c6e960fa0891ba510ab13c7084e20f1aa5e92e74b6ce1a
Opcode Fuzzy Hash: 6af847295f17f0c69c811a99d4e25c8e9eb554a2ab821faf6673dfeea2c999c0
Instruction Fuzzy Hash: 0A516D77A4425537C610A929AC46EBB374CEEC6725F450126FD0996383F52EEB0882BB

Uniqueness

Uniqueness Score: -1.00%

Function 004CD240 Relevance: 17.7, APIs: 4, Strings: 6, Instructions: 199COMMON

Download Yara Rule

APIs

new.LIBCMT ref: 004CD29F
Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 004CD2CA

Part of subcall function 004CD6E0: Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 004CD6EA

new.LIBCMT ref: 004CD305

Part of subcall function 005C97B8: Concurrency::cancel_current_task.LIBCPMT ref: 005C97D0

Part of subcall function 004CCF30: Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 004CCF59
Part of subcall function 004CCF30: shared_ptr.LIBCPMTD ref: 004CCF78

new.LIBCMT ref: 004CD365

Part of subcall function 005C97B8: Concurrency::cancel_current_task.LIBCPMT ref: 005C97D7

Part of subcall function 004CF6B0: _DebugHeapAllocator.LIBCPMTD ref: 004CF6C0

Part of subcall function 00485310: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::_Scoped_lock.LIBCMTD ref: 0048534F

Part of subcall function 00485310: SafeRWList.LIBCONCRTD ref: 004854AE

Strings

%datetime %level %msg, xrefs: 004CD4BC
H, xrefs: 004CD297
DefaultPerformanceTrackingCallback, xrefs: 004CD55F
`Wi, xrefs: 004CD427
hWi, xrefs: 004CD46E
DefaultLogDispatchCallback, xrefs: 004CD51E

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ProcessorVirtual$Concurrency::RootRoot::$Concurrency::cancel_current_task$AllocatorConcurrency::details::_CriticalDebugHeapListLock::_ReentrantSafeScoped_lockScoped_lock::_shared_ptr
String ID: %datetime %level %msg$DefaultLogDispatchCallback$DefaultPerformanceTrackingCallback$`Wi$hWi$H
API String ID: 2653056977-3458785396
Opcode ID: 6dfb38415c3b3204ccbd68ca550a32a51c76371566a6d8292681115e7f86cd50
Instruction ID: a053babf7796eb382f0ccb3e6b718333ab4e6f7e91ebb7667ac24f3971f66cc3
Opcode Fuzzy Hash: 6dfb38415c3b3204ccbd68ca550a32a51c76371566a6d8292681115e7f86cd50
Instruction Fuzzy Hash: 76A12670A00258DFEB54EB64CC51B9DBBB1BF45308F1080EEE549AB292DB741E85CF65

Uniqueness

Uniqueness Score: -1.00%

Function 005FC4F5 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 266COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 005FED46: GetLastError.KERNEL32(?,004D41D4,005E66AE,004D41D4,?,?,005F2B48,004D41D4,?,00000000), ref: 005FED4A
Part of subcall function 005FED46: _free.LIBCMT ref: 005FED7D
Part of subcall function 005FED46: SetLastError.KERNEL32(00000000,004D41D4,?,00000000), ref: 005FEDBE
Part of subcall function 005FED46: _abort.LIBCMT ref: 005FEDC4

_memcmp.LIBVCRUNTIME ref: 005FC79F
libssh2_trace_sethandler.SECURITEINFO.COM.PROGRAM.UNWANTED.5531.23089.22779(?,?,?,?,?,?,?,?,00000000), ref: 005FC7F3
_free.LIBCMT ref: 005FC810
_free.LIBCMT ref: 005FC829
_free.LIBCMT ref: 005FC85B
_free.LIBCMT ref: 005FC864
_free.LIBCMT ref: 005FC870

Strings

xsl, xrefs: 005FC83E
C, xrefs: 005FC65D

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: _free$ErrorLast$D.5531.23089_abort_memcmplibssh2_trace_sethandler.
String ID: C$xsl
API String ID: 1461188172-3973436227
Opcode ID: 18a47e47242f4edf2d9e21c8ef0bece9a85d94eec94cca60fae9c214f7d71a9f
Instruction ID: 7045384dc75fb725b5e4b892d5bf260554d69a5dba831d4420317754b2a969f8
Opcode Fuzzy Hash: 18a47e47242f4edf2d9e21c8ef0bece9a85d94eec94cca60fae9c214f7d71a9f
Instruction Fuzzy Hash: F7B13B7590121E9FDB24DF28C988AADBBB5FF48304F1045AEE949A7350D735AE90CF40

Uniqueness

Uniqueness Score: -1.00%

Function 00457A10 Relevance: 16.0, APIs: 2, Strings: 7, Instructions: 241COMMON

Download Yara Rule

Strings

Unable to allocate memory for known host entry, xrefs: 00457A63
Unknown host name type, xrefs: 00457AAD
Unable to allocate memory for comment, xrefs: 00457C09
Unable to allocate memory for key, xrefs: 00457B9A
Unable to allocate memory for host name, xrefs: 00457B42
Unable to allocate memory for base64-encoded key, xrefs: 00457BDA
No key type set, xrefs: 00457A38

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: No key type set$Unable to allocate memory for base64-encoded key$Unable to allocate memory for comment$Unable to allocate memory for host name$Unable to allocate memory for key$Unable to allocate memory for known host entry$Unknown host name type
API String ID: 0-843222791
Opcode ID: 16f70d8c6fb3614a5e196aaf329797643349f209e388d57078d16fd2d76ae284
Instruction ID: 65a2dbd55a48c67af68fcf6fb8e32288032d67445c70997aa8443a3427fc8847
Opcode Fuzzy Hash: 16f70d8c6fb3614a5e196aaf329797643349f209e388d57078d16fd2d76ae284
Instruction Fuzzy Hash: E371C7B1608302AFC710DF58EC81D6777E9AF88319F14463AFD8497342E739E9098BA5

Uniqueness

Uniqueness Score: -1.00%

Function 004151C0 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 134COMMON

Download Yara Rule

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00415200
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00415230
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041528F
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004152C1

Strings

%3I64dd %02I64dh, xrefs: 004152CE
%2I64d:%02I64d:%02I64d, xrefs: 00415271
%7I64dd, xrefs: 004152E9
--:--:--, xrefs: 004151D4
tPHK, xrefs: 004151C5, 004151FE, 004151FF, 0041522E, 0041522F, 0041526B, 0041526C, 0041528D, 0041528E, 004152BF, 004152C0

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
String ID: %2I64d:%02I64d:%02I64d$%3I64dd %02I64dh$%7I64dd$--:--:--$tPHK
API String ID: 885266447-4223435289
Opcode ID: d1970390181e076deaed5989c60d45484da1068c75f31610fafe8b43e978767f
Instruction ID: 43e2f40044d5b1313d1b818a12c48fbcbe85d71882774c6e5a18e1b24e2be1ab
Opcode Fuzzy Hash: d1970390181e076deaed5989c60d45484da1068c75f31610fafe8b43e978767f
Instruction Fuzzy Hash: 12317F737447047FF220AA69AC4AFBB7B9CEBC0B54F05451DF504AB282D5A9AC408275

Uniqueness

Uniqueness Score: -1.00%

Function 0053A1D0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 106libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(FFFFFFFF,?,00000000,?,0053A3C5), ref: 0053A1F7
GetProcAddress.KERNEL32(00000000,_OPENSSL_isservice), ref: 0053A207
GetProcessWindowStation.USER32(?,00000000,?,0053A3C5), ref: 0053A22B
GetUserObjectInformationW.USER32(00000000,00000002,00000000,00000000,?,?,00000000,?,0053A3C5), ref: 0053A246
GetLastError.KERNEL32(?,00000000,?,0053A3C5), ref: 0053A254
GetUserObjectInformationW.USER32(00000000,00000002,?,?,?,?,00000000,?,0053A3C5), ref: 0053A28F
_wcsstr.LIBVCRUNTIME ref: 0053A2B4

Strings

_OPENSSL_isservice, xrefs: 0053A201
Service-0x, xrefs: 0053A2AA

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: InformationObjectUser$AddressErrorHandleLastModuleProcProcessStationWindow_wcsstr
String ID: Service-0x$_OPENSSL_isservice
API String ID: 304827962-1672312481
Opcode ID: e8a8d3a9f2a44473585ff81ea622a1d84355f7c564e5385802041c50fcb2d20f
Instruction ID: 5bb30edec4e77db0b3dfa535c973197544f78c4b2ac94e9786a77da00758558a
Opcode Fuzzy Hash: e8a8d3a9f2a44473585ff81ea622a1d84355f7c564e5385802041c50fcb2d20f
Instruction Fuzzy Hash: B931B671E00109ABCB10DBB8EC49FEE7BA9FF84720F105269F866D71D1EB31990087A1

Uniqueness

Uniqueness Score: -1.00%

Function 0045A310 Relevance: 14.4, APIs: 7, Strings: 1, Instructions: 388COMMON

Download Yara Rule

APIs

select.WS2_32(?,?,?,00000000,?), ref: 0045A67E

Strings

Invalid descriptor passed to libssh2_poll(), xrefs: 0045A4D9

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: select
String ID: Invalid descriptor passed to libssh2_poll()
API String ID: 1274211008-496785266
Opcode ID: 4f9b851ad508543a6c6b03730d27e74fd6423a5c26dde893e570259ab0ede7c8
Instruction ID: ab9dca69dee64ebe3600af454a3d35ebdbf9b83743659adb0d5d1a0d623b916f
Opcode Fuzzy Hash: 4f9b851ad508543a6c6b03730d27e74fd6423a5c26dde893e570259ab0ede7c8
Instruction Fuzzy Hash: 36E104715043028BC724DE68D484B6BB7E1AF85315F144A2EED86C7342E779DC59CB4B

Uniqueness

Uniqueness Score: -1.00%

Function 004FAA78 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 190COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 004FAA9B
SelectObject.GDI32(00000000,?), ref: 004FAB47

Part of subcall function 004F9E9E: CreateRectRgn.GDI32(00000000,00000000,00000000,00000000), ref: 004F9EB2
Part of subcall function 004F9E9E: GetWindowRgn.USER32(?,00000000), ref: 004F9EBF

MoveWindow.USER32(?,?,00000007,?,?,00000000,?,?,?), ref: 004FAC4B
UpdateLayeredWindow.USER32(?,00000000,?,?,?,?,00000000,01FF0000,00000002), ref: 004FAC74
SelectObject.GDI32(?,?), ref: 004FAC81
DeleteObject.GDI32(?), ref: 004FAC8A
DeleteDC.GDI32(?), ref: 004FAC91

Strings

(, xrefs: 004FAAF8

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$Object$DeleteRectSelect$CreateLayeredMoveUpdate
String ID: (
API String ID: 3056610034-3887548279
Opcode ID: 7835c47adb68eafa8a610f722049ded022e7a240abc6b4078617c20cbcbe90f1
Instruction ID: 4252a8ca44d455ffe3594bddb80d99d634bc22ce7f9361bec838e9e9022f346d
Opcode Fuzzy Hash: 7835c47adb68eafa8a610f722049ded022e7a240abc6b4078617c20cbcbe90f1
Instruction Fuzzy Hash: A4715BB1D00258AFDF15CFA4CC45BEEBBB9EF48300F14406AEA09AB252D7309A04CB65

Uniqueness

Uniqueness Score: -1.00%

Function 00604D5C Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 154COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlDecodePointer.NTDLL(?), ref: 00604D7F

Strings

sqrt, xrefs: 00604F03
acos, xrefs: 00604EF7
asin, xrefs: 00604EEB
exp, xrefs: 00604E44, 00604EA6
log, xrefs: 00604E25, 00604E31
pow, xrefs: 00604E63, 00604F0F, 00604F22
log10, xrefs: 00604DC9, 00604E19

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: DecodePointer
String ID: acos$asin$exp$log$log10$pow$sqrt
API String ID: 3527080286-3064271455
Opcode ID: 7c5b40184d29e617f347c60636318af018b24df9773e7b89dc890cbae927a4c9
Instruction ID: 1d388a7cb271ee3232adff5b039f4dfb3e3c0086e9fddf54d3cab57ed3325524
Opcode Fuzzy Hash: 7c5b40184d29e617f347c60636318af018b24df9773e7b89dc890cbae927a4c9
Instruction Fuzzy Hash: 19513EB494050ACBCF28DF68EA485EEBBB6FF89304F144185E681A62D4DF718D25CB15

Uniqueness

Uniqueness Score: -1.00%

Function 004FFA19 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 132COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 004FFA41
GetParent.USER32(?), ref: 004FFA5C
GetWindow.USER32(?,00000004), ref: 004FFA67
MonitorFromWindow.USER32(00000000,00000002), ref: 004FFA8C
GetMonitorInfoW.USER32(00000000), ref: 004FFA93
GetWindowRect.USER32(00000000,00000000), ref: 004FFAB8
SetWindowPos.USER32(?,00000000,?,?,000000FF,000000FF,00000015), ref: 004FFB34

Strings

(, xrefs: 004FFA81

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$MonitorRect$FromInfoParent
String ID: (
API String ID: 568100639-3887548279
Opcode ID: f2889155812e1980bab027956419e53c00d0827f985b1a8f88a28050e491ec98
Instruction ID: ebb595a2176fc15886aeac771ff074b25f8aeed756a2803f0cf4079dc6b60e8a
Opcode Fuzzy Hash: f2889155812e1980bab027956419e53c00d0827f985b1a8f88a28050e491ec98
Instruction Fuzzy Hash: 34417E32A0051DAFDB01CFE8CD899EEBBB6EF48314F154129EA05FB294D670BD098B51

Uniqueness

Uniqueness Score: -1.00%

Function 005FD762 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc2bf1d07565cdc951f70b7111e21402946f785581395e5aac81403f498d0a7f
Instruction ID: 526c12ecd169828b5b92c05bd7b4343f933496c5492461dc67524d029254ad4e
Opcode Fuzzy Hash: dc2bf1d07565cdc951f70b7111e21402946f785581395e5aac81403f498d0a7f
Instruction Fuzzy Hash: DFC1E371A0424EAFDF11DFA9C845BBDBFB2BF49310F184089E684A7292C7789941CB74

Uniqueness

Uniqueness Score: -1.00%

Function 0047DE60 Relevance: 13.6, APIs: 9, Instructions: 136COMMON

Download Yara Rule

APIs

Part of subcall function 0047D550: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0047D561
Part of subcall function 0047D550: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0047D56E

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0047DE84

Part of subcall function 0047DFE0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0047E099
Part of subcall function 0047DFE0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0047E0A8
Part of subcall function 0047DFE0: char_traits.LIBCPMTD ref: 0047E0B4

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0047DF0A
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0047DF1F
char_traits.LIBCPMTD ref: 0047DF31
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0047DF7C
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0047DF91
char_traits.LIBCPMTD ref: 0047DFA3
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0047DFB6
char_traits.LIBCPMTD ref: 0047DFC2

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Base::Concurrency::details::ContextIdentityQueueWork$char_traits
String ID:
API String ID: 1941806930-0
Opcode ID: 76e34bd26d014b3f8890466920e92c86aa5559c4d754f9fc7d3041270c73c425
Instruction ID: 08961eb3f9116a8aef480e14eed21e0ab75881cb2698bd386b2c4ac5555a5a7f
Opcode Fuzzy Hash: 76e34bd26d014b3f8890466920e92c86aa5559c4d754f9fc7d3041270c73c425
Instruction Fuzzy Hash: 5651E471A10009EFCB04EFA9D991DEE73B6AF88304F10C15DF91AAB255DB34AE14CB94

Uniqueness

Uniqueness Score: -1.00%

Function 0049D1E0 Relevance: 13.6, APIs: 9, Instructions: 126COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00494460: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00494471
Part of subcall function 00494460: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0049447E

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0049D204

Part of subcall function 00490CB0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00490D6C
Part of subcall function 00490CB0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00490D78
Part of subcall function 00490CB0: char_traits.LIBCPMTD ref: 00490D81

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0049D288
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0049D297
char_traits.LIBCPMTD ref: 0049D2A3
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0049D2EE
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0049D2FD
char_traits.LIBCPMTD ref: 0049D309
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0049D31C
char_traits.LIBCPMTD ref: 0049D325

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Base::Concurrency::details::ContextIdentityQueueWork$char_traits
String ID:
API String ID: 1941806930-0
Opcode ID: ebb750e3335c9eed69a95a7a8117a06579095a18e146414cbd9fed16aae71f04
Instruction ID: 47c2456df66339e74c34430795c40efbdc4a283698df7331b12a373e7dd1fb47
Opcode Fuzzy Hash: ebb750e3335c9eed69a95a7a8117a06579095a18e146414cbd9fed16aae71f04
Instruction Fuzzy Hash: C6410075A00008EFCF04EFA9D992DDE77B5AF88304F108569F919AB251DB34EE40DB98

Uniqueness

Uniqueness Score: -1.00%

Function 004CAFB0 Relevance: 13.6, APIs: 9, Instructions: 110COMMON

Download Yara Rule

APIs

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004CB042
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004CB051
char_traits.LIBCPMTD ref: 004CB063
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004CB093
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004CB0A2
char_traits.LIBCPMTD ref: 004CB0AE
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004CB0BF
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004CB0CE
char_traits.LIBCPMTD ref: 004CB0DA

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Base::Concurrency::details::ContextIdentityQueueWork$char_traits
String ID:
API String ID: 1941806930-0
Opcode ID: 1e3deb1750fb71fb3b94b6d3fe07782f2a1ad79ec82cb5bac427ad2b4251e66d
Instruction ID: 88d9029bd5f0a8d4f5eef4a076a437dfa5552ebc6ab741cadee5d4d171942d4f
Opcode Fuzzy Hash: 1e3deb1750fb71fb3b94b6d3fe07782f2a1ad79ec82cb5bac427ad2b4251e66d
Instruction Fuzzy Hash: B541D374A0010DEFCB14EF99D992DAE7376EF84308F10815DF8196B265DB34AE24DB94

Uniqueness

Uniqueness Score: -1.00%

Function 00493DA0 Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 400COMMON

Download Yara Rule

APIs

std::ios_base::getloc.LIBCPMTD ref: 00493ED7
ctype.LIBCPMTD ref: 00493F43
std::ios_base::getloc.LIBCPMTD ref: 00493F52
_Mpunct.LIBCPMTD ref: 00493F95
std::ios_base::width.LIBCPMTD ref: 00494231

Part of subcall function 0048B820: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0048B82A

Strings

@, xrefs: 004940C6
PUj, xrefs: 00493E62, 00493E65

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: std::ios_base::getloc$Base::Concurrency::details::ContextIdentityMpunctQueueWorkctypestd::ios_base::width
String ID: @$PUj
API String ID: 3033173276-3080100058
Opcode ID: 2f647ba199ae9b660c0b69901949b76fa188d4838545b1c14682369e4f2c9e1e
Instruction ID: 3839d1f21284e0884d9275d48e6eb6e56520cd953c4539d2be662b86e39f02de
Opcode Fuzzy Hash: 2f647ba199ae9b660c0b69901949b76fa188d4838545b1c14682369e4f2c9e1e
Instruction Fuzzy Hash: 11025AB19001489FCF14DF98C991BEEBBB5FF89304F14816EE519AB291D738AE41CB94

Uniqueness

Uniqueness Score: -1.00%

Function 0040B200 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 270COMMON

Download Yara Rule

Strings

Operation timed out after %ld milliseconds with %I64d out of %I64d bytes received, xrefs: 0040B38F
Operation timed out after %ld milliseconds with %I64d bytes received, xrefs: 0040B3C2
Connection timed out after %ld milliseconds, xrefs: 0040B341
Resolving timed out after %ld milliseconds, xrefs: 0040B30B
In state %d with no easy_conn, bail out!, xrefs: 0040BF9E
Pipe broke: handle %p, url = %s, xrefs: 0040B24A

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: Connection timed out after %ld milliseconds$In state %d with no easy_conn, bail out!$Operation timed out after %ld milliseconds with %I64d bytes received$Operation timed out after %ld milliseconds with %I64d out of %I64d bytes received$Pipe broke: handle %p, url = %s$Resolving timed out after %ld milliseconds
API String ID: 0-3520306357
Opcode ID: aa08a9836d66306377a727d55b18a00f691b153fd579a0a182b4f6cea88988ef
Instruction ID: 98fd6dea56f141785c89279cb8ef8d78036364f7c6da4fea1b8591e8d03d5648
Opcode Fuzzy Hash: aa08a9836d66306377a727d55b18a00f691b153fd579a0a182b4f6cea88988ef
Instruction Fuzzy Hash: AD91C271600B009FD720DF29D885A6B73E5EB85318F50892EF85AD7382D739E845CB9E

Uniqueness

Uniqueness Score: -1.00%

Function 00483CF0 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 160COMMON

Download Yara Rule

APIs

std::_Cnd_initX.LIBCPMTD ref: 00483D2D
std::_Container_base12::~_Container_base12.LIBCPMTD ref: 00483ED9

Strings

) [valid, xrefs: 00483E52
~:H, xrefs: 00483D29, 00483D35, 00483ED6, 00483D4D, 00483D5F, 00483D6E, 00483D2C
] WITH MESSAGE ", xrefs: 00483E4D
ASSERTION FAILURE FROM EASYLOGGING++ (LINE: , xrefs: 00483E5C
Configuration value not a valid integer [, xrefs: 00483E00

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: std::_$Cnd_initContainer_base12Container_base12::~_
String ID: ) [valid$ASSERTION FAILURE FROM EASYLOGGING++ (LINE: $Configuration value not a valid integer [$] WITH MESSAGE "$~:H
API String ID: 3354761557-1881868659
Opcode ID: 0bf337b1f740cd0255489d0cddf410b460a12a5b649d4ba70e5ef5a34190654e
Instruction ID: d4f1d28d05ea559420ae1d021239d583bd25196902dffa707871bdbb4b32b560
Opcode Fuzzy Hash: 0bf337b1f740cd0255489d0cddf410b460a12a5b649d4ba70e5ef5a34190654e
Instruction Fuzzy Hash: 8551B571D00248ABCF04FFA5D852BEE7BB5AF14304F00056EF405A7281EB785A48CBD9

Uniqueness

Uniqueness Score: -1.00%

Function 0047C5C0 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 68sleepwindowCOMMON

Download Yara Rule

APIs

Part of subcall function 004D8DF0: std::_Container_base12::~_Container_base12.LIBCPMTD ref: 004D8E53
Part of subcall function 004D8DF0: GetFileAttributesW.KERNEL32(00000000,?,00000001,-00000002,A1986743), ref: 004D8E59

Sleep.KERNEL32(?), ref: 0047C61C
std::_Container_base12::~_Container_base12.LIBCPMTD ref: 0047C651
MessageBoxW.USER32(00000000,00000000,0067D04C,00000000), ref: 0047C659

Strings

message_page, xrefs: 0047C633
Close, xrefs: 0047C66E
CrashRate, xrefs: 0047C673
ClickShortcutToLaunchText, xrefs: 0047C62E

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Container_base12Container_base12::~_std::_$AttributesFileMessageSleep
String ID: ClickShortcutToLaunchText$Close$CrashRate$message_page
API String ID: 1623736491-3559896638
Opcode ID: 62b84f3a85c7dda6f9cfa33dd8cf315a70422fce13b11d6d58b0d71c698e9f37
Instruction ID: b6dc0b3f796104a8cb91371fc3ed7d85cf4534b7827ce1a2f2d112b521bd0384
Opcode Fuzzy Hash: 62b84f3a85c7dda6f9cfa33dd8cf315a70422fce13b11d6d58b0d71c698e9f37
Instruction Fuzzy Hash: 3521FA70E40208AFDB04EFA4DD96FED77B6AF48704F10946EF5097B282DA786905CB58

Uniqueness

Uniqueness Score: -1.00%

Function 0047F4B0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 62COMMON

Download Yara Rule

APIs

new.LIBCMT ref: 0047F4F4
std::locale::c_str.LIBCPMTD ref: 0047F509
std::_Locinfo::_Locinfo.LIBCPMTD ref: 0047F512

Part of subcall function 0047EC30: std::_Lockit::_Lockit.LIBCPMT ref: 0047EC5D
Part of subcall function 0047EC30: _Yarn.LIBCPMTD ref: 0047EC6F
Part of subcall function 0047EC30: _Yarn.LIBCPMTD ref: 0047EC7E
Part of subcall function 0047EC30: _Yarn.LIBCPMTD ref: 0047EC8D
Part of subcall function 0047EC30: _Yarn.LIBCPMTD ref: 0047EC9C
Part of subcall function 0047EC30: _Yarn.LIBCPMTD ref: 0047ECAB
Part of subcall function 0047EC30: _Yarn.LIBCPMTD ref: 0047ECBA
Part of subcall function 0047EC30: std::bad_exception::bad_exception.LIBCMTD ref: 0047ECD1
Part of subcall function 0047EC30: __CxxThrowException@8.LIBVCRUNTIME ref: 0047ECDF
Part of subcall function 0047EC30: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0047ECEC

ctype.LIBCPMTD ref: 0047F536

Part of subcall function 0047F440: std::bad_exception::bad_exception.LIBCMTD ref: 0047F46D
Part of subcall function 0047F440: ctype.LIBCPMTD ref: 0047F489

std::_Locinfo::~_Locinfo.LIBCPMTD ref: 0047F572

Part of subcall function 0047ED10: std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 0047ED3A
Part of subcall function 0047ED10: std::_Container_base12::~_Container_base12.LIBCPMTD ref: 0047ED48
Part of subcall function 0047ED10: std::_Container_base12::~_Container_base12.LIBCPMTD ref: 0047ED53
Part of subcall function 0047ED10: std::_Container_base12::~_Container_base12.LIBCPMTD ref: 0047ED5E
Part of subcall function 0047ED10: std::_Container_base12::~_Container_base12.LIBCPMTD ref: 0047ED69
Part of subcall function 0047ED10: std::_Container_base12::~_Container_base12.LIBCPMTD ref: 0047ED74
Part of subcall function 0047ED10: std::_Container_base12::~_Container_base12.LIBCPMTD ref: 0047ED7F
Part of subcall function 0047ED10: std::_Lockit::~_Lockit.LIBCPMT ref: 0047ED87

Strings

`, xrefs: 0047F4CC, 0047F57C
`, xrefs: 0047F506

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: std::_$Container_base12Container_base12::~_Yarn$Locinfo::_$LocinfoLockitctypestd::bad_exception::bad_exception$Exception@8Locinfo::~_Locinfo_ctorLocinfo_dtorLockit::_Lockit::~_Throwstd::locale::c_str
String ID: `$`
API String ID: 3679679744-388881292
Opcode ID: e07290412553affff2854cf3ba035e47cc4c421d4cdb3bfe7cd49bdffcf39e7c
Instruction ID: ddbe8b9edb6302aa7d0982549d5804e4b2e475bfa8dc312ef2984450ed3594f0
Opcode Fuzzy Hash: e07290412553affff2854cf3ba035e47cc4c421d4cdb3bfe7cd49bdffcf39e7c
Instruction Fuzzy Hash: 1B2138B1D00209EFDB04DF98D845BEEBBB4FB48314F10866AE419AB381D7796A04CB94

Uniqueness

Uniqueness Score: -1.00%

Function 0047A820 Relevance: 12.2, APIs: 8, Instructions: 164COMMON

Download Yara Rule

APIs

GetStockObject.GDI32(00000011), ref: 0047A86D
GetObjectW.GDI32(00000000), ref: 0047A874
CreateFontIndirectW.GDI32(00000000), ref: 0047A8CB
new.LIBCMT ref: 0047A8E6
SelectObject.GDI32(00000000,00000000), ref: 0047A9A6
GetTextMetricsW.GDI32(00000000,-00000090), ref: 0047A9C3
SelectObject.GDI32(00000000,A1986743), ref: 0047A9D7
DeleteObject.GDI32(00000000), ref: 0047A9FA

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Object$Select$CreateDeleteFontIndirectMetricsStockText
String ID:
API String ID: 1721824061-0
Opcode ID: 95000391be8048ae0e1ddd52b4c73c5f0070da05551f008d588fe7cf6ff2b8db
Instruction ID: 9fb0c9524307b776696a80a44a84ed58f98b117e3e86207b1092eba6894cb08c
Opcode Fuzzy Hash: 95000391be8048ae0e1ddd52b4c73c5f0070da05551f008d588fe7cf6ff2b8db
Instruction Fuzzy Hash: A5714AB4E04258DFDB14CFA4C855BEEBBB5BB88304F24826DE549AB382CB349945CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00460770 Relevance: 10.9, APIs: 1, Strings: 5, Instructions: 387COMMON

Download Yara Rule

Strings

SFTP READ error, xrefs: 00460C00
FXP_READ response too big, xrefs: 00460B9A
malloc fail for FXP_WRITE, xrefs: 00460AB6
SFTP Protocol badness: unrecognised read request response, xrefs: 00460B64
SFTP Protocol badness, xrefs: 00460B7F

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: FXP_READ response too big$SFTP Protocol badness$SFTP Protocol badness: unrecognised read request response$SFTP READ error$malloc fail for FXP_WRITE
API String ID: 0-390131679
Opcode ID: aeb880dbd00da3275adff19fd47e24c4e15a9b437bc3132fce9d4b24eec95367
Instruction ID: 45fdbadbb4651c37942c542b3637c0b2ddf4153472c73c5f2c8c6f6279129642
Opcode Fuzzy Hash: aeb880dbd00da3275adff19fd47e24c4e15a9b437bc3132fce9d4b24eec95367
Instruction Fuzzy Hash: 0ED1B2B1A003055BC704EF68D881BABB3E8FF84314F44465EE95987242F779F9188BE6

Uniqueness

Uniqueness Score: -1.00%

Function 00493850 Relevance: 10.9, APIs: 5, Strings: 1, Instructions: 352COMMON

Download Yara Rule

APIs

std::ios_base::getloc.LIBCPMTD ref: 0049390B
ctype.LIBCPMTD ref: 00493977
std::ios_base::getloc.LIBCPMTD ref: 00493986
_Mpunct.LIBCPMTD ref: 004939BD
std::ios_base::width.LIBCPMTD ref: 00493C23

Part of subcall function 0048B820: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0048B82A

Strings

@, xrefs: 00493AB8

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: std::ios_base::getloc$Base::Concurrency::details::ContextIdentityMpunctQueueWorkctypestd::ios_base::width
String ID: @
API String ID: 3033173276-2766056989
Opcode ID: 6051e2d99aeca0088fa58454392574ad9755f9313f799f31c26160973c10b75d
Instruction ID: 66aa201c43f35613644999c961e1a288990b2fe86d2517e8766c2f6cdf56cb9a
Opcode Fuzzy Hash: 6051e2d99aeca0088fa58454392574ad9755f9313f799f31c26160973c10b75d
Instruction Fuzzy Hash: 00E13AB19002489FCF04EF98C991AEEBBB5FF49305F14816EF519AB251D738AE41CB94

Uniqueness

Uniqueness Score: -1.00%

Function 0048D680 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 247COMMON

Download Yara Rule

APIs

char_traits.LIBCPMTD ref: 0048D6B2
char_traits.LIBCPMTD ref: 0048D6C5

Strings

, xrefs: 0048D7A3

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: char_traits
String ID:
API String ID: 1158913984-3916222277
Opcode ID: 7abb857a0262d76eb38d39dcd910b32c335a6e2e54fae93f916fd7f8e2de78e4
Instruction ID: d846084332df16539deb4998405c384860ff8c6eb41126d42a2b6fef94a9459e
Opcode Fuzzy Hash: 7abb857a0262d76eb38d39dcd910b32c335a6e2e54fae93f916fd7f8e2de78e4
Instruction Fuzzy Hash: 5AA10A75D01109EFCF04EB95C992DEEBBB5AF88304F2045AAE506A7391D734AF40DB58

Uniqueness

Uniqueness Score: -1.00%

Function 005FC077 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 187COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 005F6A05: RtlAllocateHeap.NTDLL(00000000,?,?), ref: 005F6A37

_free.LIBCMT ref: 005FC182
_free.LIBCMT ref: 005FC199
_free.LIBCMT ref: 005FC1B8
_free.LIBCMT ref: 005FC1D3
_free.LIBCMT ref: 005FC1EA

Strings

lf, xrefs: 005FC15C

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: _free$AllocateHeap
String ID: lf
API String ID: 3033488037-793022858
Opcode ID: 6d5316aaf718f3fa8159d1b56531d98bbc404f72dce699a1925e28bb3ff291b6
Instruction ID: ee5291d8c4dce337f34dbb28a3f76f46e00e3e02be61973a5fe1273a753aae12
Opcode Fuzzy Hash: 6d5316aaf718f3fa8159d1b56531d98bbc404f72dce699a1925e28bb3ff291b6
Instruction Fuzzy Hash: A751D331A0060DAFDB20DF69CE41A7A7FF5FF98720B144569EA09DB291E739D911CB80

Uniqueness

Uniqueness Score: -1.00%

Function 00474180 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 184COMMON

Download Yara Rule

APIs

CharNextW.USER32(?,A1986743), ref: 0047420F
CharNextW.USER32(?,A1986743), ref: 00474318

Strings

, xrefs: 004743F5
", xrefs: 004742BE
=, xrefs: 00474268
", xrefs: 00474371

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CharNext
String ID: $"$"$=
API String ID: 3213498283-3371490038
Opcode ID: 071af7e76d6381bf77ccd328e8481a3636514bfe9359327c50640f49a718d6c6
Instruction ID: ede065ea491afedfc1cd3805e8fad18fa99c6f6be5d182ad6188e98bd00017de
Opcode Fuzzy Hash: 071af7e76d6381bf77ccd328e8481a3636514bfe9359327c50640f49a718d6c6
Instruction Fuzzy Hash: CF91057090012CDBCB28DF55C891BEDB7B1AF85304F1081DAE95DAB291DB345E81DF99

Uniqueness

Uniqueness Score: -1.00%

Function 005FDB17 Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(00000010,004586FA,8B0000D5,?,?,?,?,?,?,005FE28C,?,004586FA,00000010,004586FA,004586FA,00000000), ref: 005FDB59
__fassign.LIBCMT ref: 005FDBD4
__fassign.LIBCMT ref: 005FDBEF
WideCharToMultiByte.KERNEL32(?,00000000,004586FA,00000001,00000010,00000005,00000000,00000000), ref: 005FDC15
WriteFile.KERNEL32(?,00000010,00000000,005FE28C,00000000,?,?,?,?,?,?,?,?,?,005FE28C,?), ref: 005FDC34
WriteFile.KERNEL32(?,?,00000001,005FE28C,00000000,?,?,?,?,?,?,?,?,?,005FE28C,?), ref: 005FDC6D

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: FileWrite__fassign$ByteCharConsoleMultiWide
String ID:
API String ID: 1324828854-0
Opcode ID: 9df48ac919b4bb5111d5ca8603b419b910d0144e7f2c13a218f3249bea396b4b
Instruction ID: 289013faa646a8cde145e8f752b97cea0facde71be1e83a878c55360fd07628d
Opcode Fuzzy Hash: 9df48ac919b4bb5111d5ca8603b419b910d0144e7f2c13a218f3249bea396b4b
Instruction Fuzzy Hash: 6F51A171A002499FDB10CFA8D885AFEBBFAFF19300F14452AEA51E7291D774E940CB60

Uniqueness

Uniqueness Score: -1.00%

Function 00465F30 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 146COMMON

Download Yara Rule

APIs

_sprintf_s.LIBCMTD ref: 00466032
_sprintf_s.LIBCMTD ref: 00466067

Strings

%c%c==, xrefs: 00466089
%c%c%c%c, xrefs: 0046602A
%c%c%c=, xrefs: 0046605F

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: _sprintf_s
String ID: %c%c%c%c$%c%c%c=$%c%c==
API String ID: 3771559115-3943651191
Opcode ID: e1e5344f1b600fca0e2ba35f700d21c43faec559920ff65624bd812c06a59e45
Instruction ID: 9fecbe006768f72baf71c9131a40238265ff663f865255309cf0ee47ffe9ba24
Opcode Fuzzy Hash: e1e5344f1b600fca0e2ba35f700d21c43faec559920ff65624bd812c06a59e45
Instruction Fuzzy Hash: FE41576110C7914FD306DA289CA4BFBBBE9CBD6315F18058EF8C58B343E16DC50A8B62

Uniqueness

Uniqueness Score: -1.00%

Function 004795C0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 126windowCOMMON

Download Yara Rule

APIs

GetFocus.USER32 ref: 004795C9
SetFocus.USER32(?), ref: 004795F0
GetTickCount.KERNEL32 ref: 00479640
GetTickCount.KERNEL32 ref: 00479727

Strings

killfocus, xrefs: 0047966F
setfocus, xrefs: 00479756

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CountFocusTick
String ID: killfocus$setfocus
API String ID: 3897604831-1991930995
Opcode ID: f8cd456ce094566b2a9e145f54b0f5715d6490485c8f341537f296ec59ee6ce8
Instruction ID: 421a6d2978ed21807ade9f31ad1fc4f2f9c624fe23317a2b79e3a6d60f86bae0
Opcode Fuzzy Hash: f8cd456ce094566b2a9e145f54b0f5715d6490485c8f341537f296ec59ee6ce8
Instruction Fuzzy Hash: 4E516474A00208EFDB54DF94C994BEDBBB1BF48710F2481AAE809AB351D774AE41DF94

Uniqueness

Uniqueness Score: -1.00%

Function 0047A6B0 Relevance: 10.6, APIs: 7, Instructions: 113COMMON

Download Yara Rule

APIs

GetStockObject.GDI32(00000011), ref: 0047A6E2
GetObjectW.GDI32(00000000), ref: 0047A6E9
CreateFontIndirectW.GDI32(00000000), ref: 0047A73C
DeleteObject.GDI32(?), ref: 0047A75A
SelectObject.GDI32(00000000,00000000), ref: 0047A7D8
GetTextMetricsW.GDI32(00000000,?), ref: 0047A7F2
SelectObject.GDI32(00000000,?), ref: 0047A803

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Object$Select$CreateDeleteFontIndirectMetricsStockText
String ID:
API String ID: 1721824061-0
Opcode ID: c5128e300de713a671127749e556d0cdcdd65ff71e0ea25e4b42dd623989df63
Instruction ID: 8ce19efea8ad20a708a8b163caec1e1b93bfdf52084db9c3e573d21cfc9076f1
Opcode Fuzzy Hash: c5128e300de713a671127749e556d0cdcdd65ff71e0ea25e4b42dd623989df63
Instruction Fuzzy Hash: 5F415F74A043489FDB04CFA4D898BEEBBF6BF49301F18815DE9499B381C7349944CB65

Uniqueness

Uniqueness Score: -1.00%

Function 004FDD4A Relevance: 10.6, APIs: 7, Instructions: 104fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000080,00000000,?,00000000,00000000,?,004FB88E,00000000,00000001,00000001,00000001), ref: 004FDD9B
GetCurrentProcess.KERNEL32(00000001,00000000,00000000,00000002,?,00000000,00000000,?,004FB88E,00000000,00000001,00000001,00000001,004FB8F3,00000000,00000001), ref: 004FDDBF
GetCurrentProcess.KERNEL32(00000000,00000000,?,00000000,00000000,?,004FB88E,00000000,00000001,00000001,00000001,004FB8F3,00000000,00000001,?,?), ref: 004FDDC5
DuplicateHandle.KERNEL32(00000000,?,00000000,00000000,?,004FB88E,00000000,00000001,00000001,00000001,004FB8F3,00000000,00000001,?,?,?), ref: 004FDDC8
GetFileType.KERNEL32(00000001,?,00000000,00000000,?,004FB88E,00000000,00000001,00000001,00000001,004FB8F3,00000000,00000001,?,?,?), ref: 004FDDE3
new.LIBCMT ref: 004FDDF4
SetFilePointer.KERNEL32(00000001,00000000,00000000,00000001,?,00000000,00000000,?,004FB88E,00000000,00000001,00000001,00000001,004FB8F3,00000000,00000001), ref: 004FDE40

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: File$CurrentProcess$CreateDuplicateHandlePointerType
String ID:
API String ID: 3364526186-0
Opcode ID: fa6b4f1f8096f17f6585efa940e752093c64ae146609bf5ccb0d5eb12ade9ae1
Instruction ID: 01e8fa8882ffc64d6b4e6a29d7a0c8424ee21eb056bc7d016030f2a9a8c43754
Opcode Fuzzy Hash: fa6b4f1f8096f17f6585efa940e752093c64ae146609bf5ccb0d5eb12ade9ae1
Instruction Fuzzy Hash: 07319071A007099FDB25CF28DC45BAB7BEAEB15710F04491AF95AD7390D3749840CB65

Uniqueness

Uniqueness Score: -1.00%

Function 0049AFE0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 96COMMON

Download Yara Rule

APIs

std::ios_base::good.LIBCPMTD ref: 0049AFEC
make_pair.LIBCPMTD ref: 0049B015
Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 0049B058
std::_Mutex_base::~_Mutex_base.LIBCONCRTD ref: 0049B067
make_pair.LIBCPMTD ref: 0049B0B9

Strings

kGH, xrefs: 0049B091, 0049B094

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: make_pair$Affinity::operator!=Concurrency::details::HardwareMutex_baseMutex_base::~_std::_std::ios_base::good
String ID: kGH
API String ID: 3397314618-2096950707
Opcode ID: 95ef45913c9482e496a99763ada6e83237b61bf2cd592661e2e320553dddd464
Instruction ID: e4b0c63b3eb543ef9fdf27ea29f24d612d8516c26386ff134ed78a667fe0e388
Opcode Fuzzy Hash: 95ef45913c9482e496a99763ada6e83237b61bf2cd592661e2e320553dddd464
Instruction Fuzzy Hash: D5317E75900109ABCF09EF91D891DFF7B79AF48300F04846FF81697292DB38AA14CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 00499060 Relevance: 10.6, APIs: 7, Instructions: 96COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00499094
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004990CD
construct.LIBCPMTD ref: 004990D4

Part of subcall function 0047DC90: construct.LIBCPMTD ref: 0047DCAC

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004990FC
construct.LIBCPMTD ref: 00499103
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0049912B
construct.LIBCPMTD ref: 00499132

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Base::Concurrency::details::ContextIdentityQueueWorkconstruct
String ID:
API String ID: 3904939386-0
Opcode ID: 37251c7ef1f3b13c579ee37af745b82ea495886312a47f23cfbb3a42028c6958
Instruction ID: 019d126a2c5826fc6be332ef9025e21d4c4b55fec980c9439fd43de2da341707
Opcode Fuzzy Hash: 37251c7ef1f3b13c579ee37af745b82ea495886312a47f23cfbb3a42028c6958
Instruction Fuzzy Hash: 073167F1D001059BDF04EFA5D9529EFB7B8AF44318F10492EF505B7281DA39AE00C7A6

Uniqueness

Uniqueness Score: -1.00%

Function 00499480 Relevance: 10.6, APIs: 7, Instructions: 96COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004994B4
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004994ED
construct.LIBCPMTD ref: 004994F4

Part of subcall function 0047DC90: construct.LIBCPMTD ref: 0047DCAC

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0049951C
construct.LIBCPMTD ref: 00499523
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0049954B
construct.LIBCPMTD ref: 00499552

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Base::Concurrency::details::ContextIdentityQueueWorkconstruct
String ID:
API String ID: 3904939386-0
Opcode ID: 14fe26a4ec2e101bf65b08eea14b7bddb8a0723c79d9c758b6a58929ee59b90e
Instruction ID: 12cd92341bd178c3a1f16fe92039937f44450ff09c5c34e03e2946a4f19553da
Opcode Fuzzy Hash: 14fe26a4ec2e101bf65b08eea14b7bddb8a0723c79d9c758b6a58929ee59b90e
Instruction Fuzzy Hash: 0D3147F1D001099BDF05EFA5D9529EFB7B8AF44318F10492EF505B7281DA39AE00C7A6

Uniqueness

Uniqueness Score: -1.00%

Function 004995E0 Relevance: 10.6, APIs: 7, Instructions: 96COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00499614
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0049964D
construct.LIBCPMTD ref: 00499654

Part of subcall function 0047DC90: construct.LIBCPMTD ref: 0047DCAC

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0049967C
construct.LIBCPMTD ref: 00499683
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004996AB
construct.LIBCPMTD ref: 004996B2

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Base::Concurrency::details::ContextIdentityQueueWorkconstruct
String ID:
API String ID: 3904939386-0
Opcode ID: d93e8ccbcc47389b392bd112dade75e57a659464492201be39547ffc862e82dd
Instruction ID: 2f2035ff7e100b2a238059b7d1eaa376c2e52437ffdab20ccb7c18f8bdde122e
Opcode Fuzzy Hash: d93e8ccbcc47389b392bd112dade75e57a659464492201be39547ffc862e82dd
Instruction Fuzzy Hash: 823166F1D001099BDF04EFA5D952AEFB7B8AF44318F10492EF505B7281DA39AE00C7A6

Uniqueness

Uniqueness Score: -1.00%

Function 00499880 Relevance: 10.6, APIs: 7, Instructions: 96COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004998B4
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004998ED
construct.LIBCPMTD ref: 004998F4

Part of subcall function 0047DC90: construct.LIBCPMTD ref: 0047DCAC

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0049991C
construct.LIBCPMTD ref: 00499923
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0049994B
construct.LIBCPMTD ref: 00499952

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Base::Concurrency::details::ContextIdentityQueueWorkconstruct
String ID:
API String ID: 3904939386-0
Opcode ID: f06f04747a17c3e8f36b50c26e3668b102579c1bd926dacab889fef09aa8b728
Instruction ID: 4ffdfbfb72d90045c48eff3852e313b9c758813f16dcdb2dcbc5249952001064
Opcode Fuzzy Hash: f06f04747a17c3e8f36b50c26e3668b102579c1bd926dacab889fef09aa8b728
Instruction Fuzzy Hash: 423146F1D001059BDF05EFA5D9529EFB7B8AF44318F10492EF505B7281EA39AE00C7A6

Uniqueness

Uniqueness Score: -1.00%

Function 004D1960 Relevance: 10.6, APIs: 7, Instructions: 96COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004D1994
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004D19CD
construct.LIBCPMTD ref: 004D19D4

Part of subcall function 0047DC90: construct.LIBCPMTD ref: 0047DCAC

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004D19FC
construct.LIBCPMTD ref: 004D1A03
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004D1A2B
construct.LIBCPMTD ref: 004D1A32

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Base::Concurrency::details::ContextIdentityQueueWorkconstruct
String ID:
API String ID: 3904939386-0
Opcode ID: 6c1f8f74d575b9a904dbc66e177eb604cac2c832aa25c56711de5f715ab8905b
Instruction ID: 2a3d326d4fbab2cb20d0eec65441fa1003698f80b524df0d81634d74fb055e5c
Opcode Fuzzy Hash: 6c1f8f74d575b9a904dbc66e177eb604cac2c832aa25c56711de5f715ab8905b
Instruction Fuzzy Hash: 283144F1D001099BDF05EFA5D952AEFB7B8AF44318F10452EF505B7381EA39AA00C7A6

Uniqueness

Uniqueness Score: -1.00%

Function 004D1B40 Relevance: 10.6, APIs: 7, Instructions: 96COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004D1B74
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004D1BAD
construct.LIBCPMTD ref: 004D1BB4

Part of subcall function 0047DC90: construct.LIBCPMTD ref: 0047DCAC

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004D1BDC
construct.LIBCPMTD ref: 004D1BE3
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004D1C0B
construct.LIBCPMTD ref: 004D1C12

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Base::Concurrency::details::ContextIdentityQueueWorkconstruct
String ID:
API String ID: 3904939386-0
Opcode ID: 1e1b609651dfcbd2fa47fc762ad38d842d9f0087254e774e9240dd006f73647c
Instruction ID: b7eb218b55335a1357ca783c5a4ea1f2aa7c7ad4dd6d1e202c798328aecc11ef
Opcode Fuzzy Hash: 1e1b609651dfcbd2fa47fc762ad38d842d9f0087254e774e9240dd006f73647c
Instruction Fuzzy Hash: F83146F1D001099BDF05EFA5D952AEFB7B8AF44718F10452EF505B7341EA39AA00C7A6

Uniqueness

Uniqueness Score: -1.00%

Function 00499B20 Relevance: 10.6, APIs: 7, Instructions: 96COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00499B54
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00499B8D
construct.LIBCPMTD ref: 00499B94

Part of subcall function 0047DC90: construct.LIBCPMTD ref: 0047DCAC

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00499BBC
construct.LIBCPMTD ref: 00499BC3
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00499BEB
construct.LIBCPMTD ref: 00499BF2

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Base::Concurrency::details::ContextIdentityQueueWorkconstruct
String ID:
API String ID: 3904939386-0
Opcode ID: c7a6048cbb7768564faf6bd29dad847d7936837e859415caa0f46adddf354510
Instruction ID: 0268b6432b2e95dca39e87c46919a99582566b4f255d582afaa344407b5270d2
Opcode Fuzzy Hash: c7a6048cbb7768564faf6bd29dad847d7936837e859415caa0f46adddf354510
Instruction Fuzzy Hash: 503147F1D001099BDF05EFA5D9529EFB7B8AF44318F10492EF505B7281DA79AE00C7A6

Uniqueness

Uniqueness Score: -1.00%

Function 0047C800 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 95timeCOMMON

Download Yara Rule

APIs

std::_Container_base12::~_Container_base12.LIBCPMTD ref: 0047C928

Part of subcall function 0047CA20: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0047CA49

Part of subcall function 004F054A: _wcslen.LIBCMT ref: 004F0556

SetTimer.USER32(00000000,000003E8,00000032,00000000), ref: 0047C94C

Strings

version, xrefs: 0047C88E
minbtn, xrefs: 0047C850
closebtn, xrefs: 0047C831
foreImage, xrefs: 0047C86F

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Base::Concurrency::details::Container_base12Container_base12::~_ContextIdentityQueueTimerWork_wcslenstd::_
String ID: closebtn$foreImage$minbtn$version
API String ID: 325313034-2933508849
Opcode ID: 1e528a3156a3eb38cc51b705f71b5cc919a96dcc4e483a7b357232070818cebc
Instruction ID: 303075f1fdb1c01507cac73f9a07adac8a3349ecf6c294dcf4f3f0e884bf7fe8
Opcode Fuzzy Hash: 1e528a3156a3eb38cc51b705f71b5cc919a96dcc4e483a7b357232070818cebc
Instruction Fuzzy Hash: 09411C70A4021C9BDB18DB54CC96BE9B375EF49704F5482EEE6096B382DB346E42CF94

Uniqueness

Uniqueness Score: -1.00%

Function 004D2530 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 92COMMON

Download Yara Rule

APIs

Part of subcall function 0048A1E0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0048A209

Part of subcall function 0048A5C0: allocator.LIBCONCRTD ref: 0048A615

new.LIBCMT ref: 004D258C
Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 004D25B1

Part of subcall function 004D2C50: Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 004D2C5A

shared_ptr.LIBCMTD ref: 004D25D6

Part of subcall function 004D3350: std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 004D335A

~.LIBCPMTD ref: 004D2623

Part of subcall function 00484A70: std::_Container_base12::~_Container_base12.LIBCPMTD ref: 00484A7D

std::_Container_base12::~_Container_base12.LIBCPMTD ref: 004D2632

Part of subcall function 0048A4C0: _Ptr_base.LIBCMTD ref: 0048A4E9

Strings

`Wi, xrefs: 004D2648

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ProcessorVirtual$std::_$Concurrency::Container_base12Container_base12::~_RootRoot::$Base::Concurrency::details::ContextIdentityIterator_baseIterator_base::_Ptr_baseQueueWorkallocatorshared_ptr
String ID: `Wi
API String ID: 1988064043-1979842653
Opcode ID: 992ef3e38a055217a12e2527451a1df37117f6f1a8496ca03ba785ef1a35441a
Instruction ID: 24dbe42062e2407f9030b75ea384f2ab05149780813d785dab75d45da569a3fa
Opcode Fuzzy Hash: 992ef3e38a055217a12e2527451a1df37117f6f1a8496ca03ba785ef1a35441a
Instruction Fuzzy Hash: EF315AB1D00208EFCB04EFD4D955ADEBBB5BF48310F10862EF416AB281EB74AA05CB54

Uniqueness

Uniqueness Score: -1.00%

Function 004D2660 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 92COMMON

Download Yara Rule

APIs

Part of subcall function 0048A1E0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0048A209

Part of subcall function 0048A5C0: allocator.LIBCONCRTD ref: 0048A615

new.LIBCMT ref: 004D26BC
Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 004D26E1

Part of subcall function 004D2C70: Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 004D2C7A

shared_ptr.LIBCMTD ref: 004D2706

Part of subcall function 004D3380: std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 004D338A

~.LIBCPMTD ref: 004D2753

Part of subcall function 00484A70: std::_Container_base12::~_Container_base12.LIBCPMTD ref: 00484A7D

std::_Container_base12::~_Container_base12.LIBCPMTD ref: 004D2762

Part of subcall function 0048A4C0: _Ptr_base.LIBCMTD ref: 0048A4E9

Strings

`Wi, xrefs: 004D2778

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ProcessorVirtual$std::_$Concurrency::Container_base12Container_base12::~_RootRoot::$Base::Concurrency::details::ContextIdentityIterator_baseIterator_base::_Ptr_baseQueueWorkallocatorshared_ptr
String ID: `Wi
API String ID: 1988064043-1979842653
Opcode ID: 8a6ec80960b0788feb7820aa3e689780c4d6955f710c12b3923df8e80a3dfe93
Instruction ID: fe390d785f0d054efbe9a3f9e5308502f725722adbb11ee10589a3e68021064a
Opcode Fuzzy Hash: 8a6ec80960b0788feb7820aa3e689780c4d6955f710c12b3923df8e80a3dfe93
Instruction Fuzzy Hash: 79313AB1D00208EFCB14EFD5D951ADEBBB5BF48714F10862EF416AB281EB74AA04CB55

Uniqueness

Uniqueness Score: -1.00%

Function 004A4D40 Relevance: 10.6, APIs: 7, Instructions: 89COMMON

Download Yara Rule

APIs

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004A4D74

Part of subcall function 0048EC70: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0048EC7A

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004A4DB2
construct.LIBCPMTD ref: 004A4DB9

Part of subcall function 0047DC90: construct.LIBCPMTD ref: 0047DCAC

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004A4DE6
construct.LIBCPMTD ref: 004A4DED
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004A4E1A
construct.LIBCPMTD ref: 004A4E21

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Base::Concurrency::details::ContextIdentityQueueWork$construct
String ID:
API String ID: 1998173831-0
Opcode ID: d0dcf23a0ab7e5002774bd26e95992974f1b105c255c98a0db0efbbd414732ba
Instruction ID: e9be6469f4bc51c1e3cd084db7316258f417fa8feaefc6e235f86e28c7e10427
Opcode Fuzzy Hash: d0dcf23a0ab7e5002774bd26e95992974f1b105c255c98a0db0efbbd414732ba
Instruction Fuzzy Hash: 763175B1D001099FDB04FFA6D953AAFB7B9AF45318F10492EF509B3281DA396D0087A5

Uniqueness

Uniqueness Score: -1.00%

Function 004A0D30 Relevance: 10.6, APIs: 7, Instructions: 89COMMON

Download Yara Rule

APIs

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004A0D64

Part of subcall function 0048EC70: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0048EC7A

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004A0DA2
construct.LIBCPMTD ref: 004A0DA9

Part of subcall function 0047DC90: construct.LIBCPMTD ref: 0047DCAC

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004A0DD6
construct.LIBCPMTD ref: 004A0DDD
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004A0E0A
construct.LIBCPMTD ref: 004A0E11

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Base::Concurrency::details::ContextIdentityQueueWork$construct
String ID:
API String ID: 1998173831-0
Opcode ID: 8090542b036d7b7a3cb0fa2afa2cf1d534721e03fcb72b5d525cfcae6988a81f
Instruction ID: fe5071c5f2d81c80a0d2dabf334b8621bc84467f5442f495334fb202374d9c3d
Opcode Fuzzy Hash: 8090542b036d7b7a3cb0fa2afa2cf1d534721e03fcb72b5d525cfcae6988a81f
Instruction Fuzzy Hash: 143144B1D001099FDB04FFA6D953AAFB7B9AF45318F10492EE509B7281DA39AD0087A5

Uniqueness

Uniqueness Score: -1.00%

Function 004A4ED0 Relevance: 10.6, APIs: 7, Instructions: 89COMMON

Download Yara Rule

APIs

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004A4F04

Part of subcall function 0048EC70: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0048EC7A

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004A4F42
construct.LIBCPMTD ref: 004A4F49

Part of subcall function 0047DC90: construct.LIBCPMTD ref: 0047DCAC

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004A4F76
construct.LIBCPMTD ref: 004A4F7D
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004A4FAA
construct.LIBCPMTD ref: 004A4FB1

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Base::Concurrency::details::ContextIdentityQueueWork$construct
String ID:
API String ID: 1998173831-0
Opcode ID: eee379667b90648c772396c0152ec3b83dfcb262fbd703efe8620d7f3ece3a8b
Instruction ID: ccba8a23f895d462e8c25f0ddafbde96184f21bdc5f19cb5aaecc9fc86dccd37
Opcode Fuzzy Hash: eee379667b90648c772396c0152ec3b83dfcb262fbd703efe8620d7f3ece3a8b
Instruction Fuzzy Hash: 433175B1D001099FDB04FFA6D953AAFB7B9AF45318F10492EF505B3281DA396D00C7A5

Uniqueness

Uniqueness Score: -1.00%

Function 004A0F60 Relevance: 10.6, APIs: 7, Instructions: 89COMMON

Download Yara Rule

APIs

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004A0F94

Part of subcall function 0048EC70: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0048EC7A

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004A0FD2
construct.LIBCPMTD ref: 004A0FD9

Part of subcall function 0047DC90: construct.LIBCPMTD ref: 0047DCAC

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004A1006
construct.LIBCPMTD ref: 004A100D
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004A103A
construct.LIBCPMTD ref: 004A1041

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Base::Concurrency::details::ContextIdentityQueueWork$construct
String ID:
API String ID: 1998173831-0
Opcode ID: 0d514c9bcb91f7de79b519fff6629f1cadb278c5fd740ea424f9a0e80e2e9d54
Instruction ID: 4695428b70dc232b33bd5ec3f485de8243bdb3105b54ebdad9b7989f2a568c7c
Opcode Fuzzy Hash: 0d514c9bcb91f7de79b519fff6629f1cadb278c5fd740ea424f9a0e80e2e9d54
Instruction Fuzzy Hash: 393144B1D001099FDB04FFA6D953AAFB7B9AF45318F10492EE505B7281DA396D0087A5

Uniqueness

Uniqueness Score: -1.00%

Function 004A10F0 Relevance: 10.6, APIs: 7, Instructions: 89COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004A1124

Part of subcall function 0048EC70: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0048EC7A

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004A1162
construct.LIBCPMTD ref: 004A1169

Part of subcall function 0047DC90: construct.LIBCPMTD ref: 0047DCAC

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004A1196
construct.LIBCPMTD ref: 004A119D
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004A11CA
construct.LIBCPMTD ref: 004A11D1

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Base::Concurrency::details::ContextIdentityQueueWork$construct
String ID:
API String ID: 1998173831-0
Opcode ID: dce541010264ff46fe3740efa55872502262641272a66f709c5946acddcd962d
Instruction ID: d2915c5d5b2aad5b18b3a74b1a791a2c7d018688e75c4d31c49d904d52fc8296
Opcode Fuzzy Hash: dce541010264ff46fe3740efa55872502262641272a66f709c5946acddcd962d
Instruction Fuzzy Hash: 723173B1E001099FDF04FFA6DD53AAFB7B9AF45318F10492EE505B3281DA39AD0087A5

Uniqueness

Uniqueness Score: -1.00%

Function 004A1280 Relevance: 10.6, APIs: 7, Instructions: 89COMMON

Download Yara Rule

APIs

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004A12B4

Part of subcall function 0048EC70: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0048EC7A

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004A12F2
construct.LIBCPMTD ref: 004A12F9

Part of subcall function 0047DC90: construct.LIBCPMTD ref: 0047DCAC

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004A1326
construct.LIBCPMTD ref: 004A132D
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004A135A
construct.LIBCPMTD ref: 004A1361

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Base::Concurrency::details::ContextIdentityQueueWork$construct
String ID:
API String ID: 1998173831-0
Opcode ID: 00f627539973ec9452cd249dff44b97e51287d6e2595cb8d1a09c0a9b198eed8
Instruction ID: d65186b125475db22a8f53518c6a6b4e5b536815e1a955a8ed179579aca72d2f
Opcode Fuzzy Hash: 00f627539973ec9452cd249dff44b97e51287d6e2595cb8d1a09c0a9b198eed8
Instruction Fuzzy Hash: 523141B1E001099FDB04FFA6D953AEFB7B9AF45318F10492EE505B7281DA39AD0087A5

Uniqueness

Uniqueness Score: -1.00%

Function 004D3520 Relevance: 10.6, APIs: 7, Instructions: 89COMMON

Download Yara Rule

APIs

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004D3554

Part of subcall function 0048EC70: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0048EC7A

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004D3592
construct.LIBCPMTD ref: 004D3599

Part of subcall function 0047DC90: construct.LIBCPMTD ref: 0047DCAC

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004D35C6
construct.LIBCPMTD ref: 004D35CD
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004D35FA
construct.LIBCPMTD ref: 004D3601

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Base::Concurrency::details::ContextIdentityQueueWork$construct
String ID:
API String ID: 1998173831-0
Opcode ID: 993a7f074c61b8f19e0666a5bc10b12133057aa8041ce9829eb997fecb07e111
Instruction ID: 9efde2c24e05b631f93ee9c2e113059f1a2b11ca55f8392084a50c9b4612f541
Opcode Fuzzy Hash: 993a7f074c61b8f19e0666a5bc10b12133057aa8041ce9829eb997fecb07e111
Instruction Fuzzy Hash: 143144B1E001099FDB04FFB6D953AAFB7B9AF44319F10492EE505B7381DA39AD0087A5

Uniqueness

Uniqueness Score: -1.00%

Function 004F5C6B Relevance: 10.6, APIs: 7, Instructions: 87COMMON

Download Yara Rule

APIs

GetClipBox.GDI32(0047459D,?), ref: 004F5CB5
CreateRectRgnIndirect.GDI32(?), ref: 004F5CC5
CreateRectRgnIndirect.GDI32(?), ref: 004F5CD1
CreateRoundRectRgn.GDI32(?,?,?,?,?,?), ref: 004F5CEA
CombineRgn.GDI32(?,?,00000000,00000001), ref: 004F5CFB
ExtSelectClipRgn.GDI32(?,?,00000001), ref: 004F5D0A
DeleteObject.GDI32(00000000), ref: 004F5D1B

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CreateRect$ClipIndirect$CombineDeleteObjectRoundSelect
String ID:
API String ID: 2381484079-0
Opcode ID: 28435d9006258f83c1a937f868543689cdbc3721f7d202ab7cdc4282da5e0b22
Instruction ID: 8cbec3e932e2fd862db8323d81b726f1013f5dc6e327d9dab46d28b116458f3c
Opcode Fuzzy Hash: 28435d9006258f83c1a937f868543689cdbc3721f7d202ab7cdc4282da5e0b22
Instruction Fuzzy Hash: 1121F772900619AFDB01CFA4ED848EEBBBAFF49311B00411AFD05B7210C772AE55CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 006021BB Relevance: 10.6, APIs: 7, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c18dc6b8dc98fa29349277db9c99661f8311944f36ccae21a1854af25603f861
Instruction ID: c2202a608b570376a7ac5797b0e1fbcd799a5c8e081bfb7e35223cfbb1c0234f
Opcode Fuzzy Hash: c18dc6b8dc98fa29349277db9c99661f8311944f36ccae21a1854af25603f861
Instruction Fuzzy Hash: F311E47254811BBBDF292FB69C5D9AB3E5EFFC6B74B104215F851D62D1EA308A00D2B0

Uniqueness

Uniqueness Score: -1.00%

Function 00606BCF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00606916: _free.LIBCMT ref: 0060693F

_free.LIBCMT ref: 00606C1D

Part of subcall function 005F64BE: RtlFreeHeap.NTDLL(00000000,00000000,?,00606944,005EB47E,00000000,005EB47E,00000000,?,00606BE8,005EB47E,00000007,005EB47E,?,00606F97,005EB47E), ref: 005F64D4
Part of subcall function 005F64BE: GetLastError.KERNEL32(005EB47E,?,00606944,005EB47E,00000000,005EB47E,00000000,?,00606BE8,005EB47E,00000007,005EB47E,?,00606F97,005EB47E,005EB47E), ref: 005F64E6

_free.LIBCMT ref: 00606C28
_free.LIBCMT ref: 00606C33
_free.LIBCMT ref: 00606C87
_free.LIBCMT ref: 00606C92
_free.LIBCMT ref: 00606C9D
_free.LIBCMT ref: 00606CA8

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 6388663d78110585d66b1fe72a5de62daf3be6399b8835bd990cedbfdc7f55e4
Instruction ID: 81fcc46f994b28da6a408a0bf564f89513f7d63cf57fe93b880d9eeee2a3cf1f
Opcode Fuzzy Hash: 6388663d78110585d66b1fe72a5de62daf3be6399b8835bd990cedbfdc7f55e4
Instruction Fuzzy Hash: EA119631D80B0ABAD970BBB0CD4BFDB7B9F7F40740F404818B6996A492DA39B6244751

Uniqueness

Uniqueness Score: -1.00%

Function 00492A70 Relevance: 10.6, APIs: 7, Instructions: 50COMMON

Download Yara Rule

APIs

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00492A90
type_info::name.LIBCMTD ref: 00492A97
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00492AB5
type_info::name.LIBCMTD ref: 00492ABC
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00492ADA
type_info::name.LIBCMTD ref: 00492AE1
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00492AEF

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Base::Concurrency::details::ContextIdentityQueueWork$type_info::name
String ID:
API String ID: 4123023048-0
Opcode ID: 9297d25fee21f69c87bcee79cf592040d30d049b90cdb1988b1fa3a082f02e0c
Instruction ID: 9d328a10aab0fab2ac0c6db69df419868221ef5d3acbe440e565f9946f866a61
Opcode Fuzzy Hash: 9297d25fee21f69c87bcee79cf592040d30d049b90cdb1988b1fa3a082f02e0c
Instruction Fuzzy Hash: 46014CE5E00104ABDB04FFB2EC1389F37AD5F4532CB00483EB50EA7242E939AA009399

Uniqueness

Uniqueness Score: -1.00%

Function 00492D80 Relevance: 10.6, APIs: 7, Instructions: 50COMMON

Download Yara Rule

APIs

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00492DA0
type_info::name.LIBCMTD ref: 00492DA7
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00492DC5
type_info::name.LIBCMTD ref: 00492DCC
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00492DEA
type_info::name.LIBCMTD ref: 00492DF1
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00492DFF

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Base::Concurrency::details::ContextIdentityQueueWork$type_info::name
String ID:
API String ID: 4123023048-0
Opcode ID: e9db36e21c37acb6a01793b9e07193561a9b19051e8c71a29362e5a574d5622f
Instruction ID: 476ee3b9b38c64b9e4f6ddae59162d903986aa3da6dd18234950886e5725e70d
Opcode Fuzzy Hash: e9db36e21c37acb6a01793b9e07193561a9b19051e8c71a29362e5a574d5622f
Instruction Fuzzy Hash: 13014CE5E001046BDB04FFB2EC1389F37AD5F4432CB00483EB50EA7242E939AA009399

Uniqueness

Uniqueness Score: -1.00%

Function 004A0EC0 Relevance: 10.6, APIs: 7, Instructions: 50COMMON

Download Yara Rule

APIs

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004A0EE0
type_info::name.LIBCMTD ref: 004A0EE7
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004A0F05
type_info::name.LIBCMTD ref: 004A0F0C
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004A0F2A
type_info::name.LIBCMTD ref: 004A0F31
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004A0F3F

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Base::Concurrency::details::ContextIdentityQueueWork$type_info::name
String ID:
API String ID: 4123023048-0
Opcode ID: 7891067ecab0e6c755b3bc6a6d9c763a4119d5da14654336fcc8bb8d763ee630
Instruction ID: 159ab03c7311db5328eddd017b062b710b3fccc03895f687e056aaecfe8652ec
Opcode Fuzzy Hash: 7891067ecab0e6c755b3bc6a6d9c763a4119d5da14654336fcc8bb8d763ee630
Instruction Fuzzy Hash: 65010CE5E10104ABDB04FFB6ED5789F37AD5F4532CF00483EB50EA7242E939AA109799

Uniqueness

Uniqueness Score: -1.00%

Function 00492F00 Relevance: 10.6, APIs: 7, Instructions: 50COMMON

Download Yara Rule

APIs

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00492F20
type_info::name.LIBCMTD ref: 00492F27
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00492F45
type_info::name.LIBCMTD ref: 00492F4C
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00492F6A
type_info::name.LIBCMTD ref: 00492F71
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00492F7F

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Base::Concurrency::details::ContextIdentityQueueWork$type_info::name
String ID:
API String ID: 4123023048-0
Opcode ID: 55f80fdeb088f7b97a929a2cfdf869a22106e3d47b0fd442ae311e59986d8447
Instruction ID: 93a4b8612ff56938d9f12654c9880b9ac95ca21d18b54287b5badec0065a50d1
Opcode Fuzzy Hash: 55f80fdeb088f7b97a929a2cfdf869a22106e3d47b0fd442ae311e59986d8447
Instruction Fuzzy Hash: 37010CE5E101046BDB04FFB6EC5789F37AD5F4532CB00483EB50EA7242E939AA109799

Uniqueness

Uniqueness Score: -1.00%

Function 00493130 Relevance: 10.6, APIs: 7, Instructions: 50COMMON

Download Yara Rule

APIs

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00493150
type_info::name.LIBCMTD ref: 00493157
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00493175
type_info::name.LIBCMTD ref: 0049317C
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0049319A
type_info::name.LIBCMTD ref: 004931A1
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004931AF

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Base::Concurrency::details::ContextIdentityQueueWork$type_info::name
String ID:
API String ID: 4123023048-0
Opcode ID: 4ff9403fad525f140c08499b2824c470c9253e8e7cf38d972b8556e0fa1a53f0
Instruction ID: f444aef8ea4d1254199898d115f247b9f0388b255d626a29310b786c3ed5a60f
Opcode Fuzzy Hash: 4ff9403fad525f140c08499b2824c470c9253e8e7cf38d972b8556e0fa1a53f0
Instruction Fuzzy Hash: 97010CE5E101046BDB04FFB6EC5799F37AD5F4532CB00483EB50EA7242E939AA109799

Uniqueness

Uniqueness Score: -1.00%

Function 00493360 Relevance: 10.6, APIs: 7, Instructions: 50COMMON

Download Yara Rule

APIs

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00493380
type_info::name.LIBCMTD ref: 00493387
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004933A5
type_info::name.LIBCMTD ref: 004933AC
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004933CA
type_info::name.LIBCMTD ref: 004933D1
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004933DF

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Base::Concurrency::details::ContextIdentityQueueWork$type_info::name
String ID:
API String ID: 4123023048-0
Opcode ID: e9206eb3482b22dd7eaa0fc8cb1b79239aedb520b91aac7b2aaad8818aefad17
Instruction ID: 9465f2efa991864269a806eead8057f69e1447273ab59bdcd0587cd4e014b39d
Opcode Fuzzy Hash: e9206eb3482b22dd7eaa0fc8cb1b79239aedb520b91aac7b2aaad8818aefad17
Instruction Fuzzy Hash: 05010CE5E101046BDB04FFB6EC5799F37AD5F8532CB00483EB50EA7242ED39AA109799

Uniqueness

Uniqueness Score: -1.00%

Function 004F5897 Relevance: 10.5, APIs: 7, Instructions: 48COMMON

Download Yara Rule

APIs

CreatePen.GDI32(00000006,?,00000000), ref: 004F58C0
SelectObject.GDI32(?,00000000), ref: 004F58D3
GetStockObject.GDI32(00000005), ref: 004F58D9
SelectObject.GDI32(?,00000000), ref: 004F58E3
RoundRect.GDI32(?,?,?,?,?,?,?), ref: 004F58FC
SelectObject.GDI32(?,00000000), ref: 004F5906
DeleteObject.GDI32(?), ref: 004F590B

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Object$Select$CreateDeleteRectRoundStock
String ID:
API String ID: 1454345155-0
Opcode ID: db3828bfc3e648f9463bbc123cc1d853fdf39c304fba8f472783721363438a6c
Instruction ID: 3a1cbf36d983250d2074e9888af55b507d74767d152dbaed4f8cc149aa009a94
Opcode Fuzzy Hash: db3828bfc3e648f9463bbc123cc1d853fdf39c304fba8f472783721363438a6c
Instruction Fuzzy Hash: FB01DA75500119BFDF055FA1DC18DEA3F66EF89352B04801AFE19891A0C737D962EFA0

Uniqueness

Uniqueness Score: -1.00%

Function 004F581F Relevance: 10.5, APIs: 7, Instructions: 46COMMON

Download Yara Rule

APIs

CreatePen.GDI32(00000006,FF85E4FF,?), ref: 004F5848
SelectObject.GDI32(00000002,00000000), ref: 004F585B
GetStockObject.GDI32(00000005), ref: 004F5861
SelectObject.GDI32(00000002,00000000), ref: 004F586B
Rectangle.GDI32(00000002,?,?,FF85E4FF,00000002), ref: 004F587E
SelectObject.GDI32(00000002,00000000), ref: 004F5888
DeleteObject.GDI32(0046F783), ref: 004F588D

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Object$Select$CreateDeleteRectangleStock
String ID:
API String ID: 2689421921-0
Opcode ID: 05af5b8158db1050fb7839023be5c564cc23fede2abe7fd01a76b7e7ee79da00
Instruction ID: 0f6e94dd1754450de0cf6f84e5196a90cfda399e89e3b374dfaa1f24352919a5
Opcode Fuzzy Hash: 05af5b8158db1050fb7839023be5c564cc23fede2abe7fd01a76b7e7ee79da00
Instruction Fuzzy Hash: F201FF35100119BFDF059FA5DC18DEA7F6AEF89352B05801AFA09991B0C737D962EBB0

Uniqueness

Uniqueness Score: -1.00%

Function 005FEEEF Relevance: 9.2, APIs: 6, Instructions: 216COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,005EA105,005EA105,?,?,?,005FF140,00000001,00000001,8CE85006), ref: 005FEF49
MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,005FF140,00000001,00000001,8CE85006,?,?,?), ref: 005FEFCF
WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8CE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 005FF0C9
__freea.LIBCMT ref: 005FF0D6

Part of subcall function 005F6A05: RtlAllocateHeap.NTDLL(00000000,?,?), ref: 005F6A37

__freea.LIBCMT ref: 005FF0DF
__freea.LIBCMT ref: 005FF104

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ByteCharMultiWide__freea$AllocateHeap
String ID:
API String ID: 1414292761-0
Opcode ID: 092f767403cfb031cc1b7dc2b7267a84ac15fee4a03b063c6c0a5bd021343e9f
Instruction ID: 7f304e2034d0cd74368e1ade1f14947b1a3573421e1bcd55e0e58c739b7c4d45
Opcode Fuzzy Hash: 092f767403cfb031cc1b7dc2b7267a84ac15fee4a03b063c6c0a5bd021343e9f
Instruction Fuzzy Hash: 7F51BD7261020BAFDB258E60DC49EBF7BAAFF44754B144629FE06D6185EF38DC408760

Uniqueness

Uniqueness Score: -1.00%

Function 005F6267 Relevance: 9.2, APIs: 6, Instructions: 200COMMONLIBRARYCODE

Download Yara Rule

APIs

__cftoe.LIBCMT ref: 005F6293
__cftoe.LIBCMT ref: 005F62C5

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __cftoe
String ID:
API String ID: 4189289331-0
Opcode ID: fb8c553792888765021e237901f2b2103fa74f2698968fbb351de85aebf998ed
Instruction ID: 54a7927b0bec47daebc0d972670bec458fb57d97fc12af2a068b8234366e7ef6
Opcode Fuzzy Hash: fb8c553792888765021e237901f2b2103fa74f2698968fbb351de85aebf998ed
Instruction Fuzzy Hash: 8151EB3690420EABDF245B58CC49EBE7FA9BF89360F50461DFA15971C2DF39D9008764

Uniqueness

Uniqueness Score: -1.00%

Function 0049A0F0 Relevance: 9.1, APIs: 6, Instructions: 76COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 0049A11A
int.LIBCPMTD ref: 0049A133

Part of subcall function 0047EEF0: std::_Lockit::_Lockit.LIBCPMT ref: 0047EF06
Part of subcall function 0047EEF0: std::_Lockit::~_Lockit.LIBCPMT ref: 0047EF30

std::_Lockit::~_Lockit.LIBCPMT ref: 0049A1CB

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_
String ID:
API String ID: 593203224-0
Opcode ID: 064e31c7a38fa789bc3f9bc46c55188e396dcb64b76d6d1626e73786b115323d
Instruction ID: c0b5150abe24683868e968fa053cf82fef43de943e2f29a5e1bccb809cfd745c
Opcode Fuzzy Hash: 064e31c7a38fa789bc3f9bc46c55188e396dcb64b76d6d1626e73786b115323d
Instruction Fuzzy Hash: EE313EB5D04209DFCB04DF95D882AFFBBB5FB48314F10462AE415A7390D7386A44CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 0049C310 Relevance: 9.1, APIs: 6, Instructions: 76COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 0049C33A
int.LIBCPMTD ref: 0049C353

Part of subcall function 0047EEF0: std::_Lockit::_Lockit.LIBCPMT ref: 0047EF06
Part of subcall function 0047EEF0: std::_Lockit::~_Lockit.LIBCPMT ref: 0047EF30

std::_Lockit::~_Lockit.LIBCPMT ref: 0049C3EB

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_
String ID:
API String ID: 593203224-0
Opcode ID: 5e8aed3e1af7f73a1cbaf91d9c11bbd0aa4578bebca0acd092bbce730a37114a
Instruction ID: 2c6a3164f6265a42efdd62bb65889e1a79850f1ab3c679328abfc22d52d76587
Opcode Fuzzy Hash: 5e8aed3e1af7f73a1cbaf91d9c11bbd0aa4578bebca0acd092bbce730a37114a
Instruction Fuzzy Hash: E7314DB5D00209DFCF14DF95C881AFEBBB5FB48314F10862AE816A7390D738AA00CB95

Uniqueness

Uniqueness Score: -1.00%

Function 0049BEE0 Relevance: 9.1, APIs: 6, Instructions: 76COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 0049BF0A
int.LIBCPMTD ref: 0049BF23

Part of subcall function 0047EEF0: std::_Lockit::_Lockit.LIBCPMT ref: 0047EF06
Part of subcall function 0047EEF0: std::_Lockit::~_Lockit.LIBCPMT ref: 0047EF30

std::_Lockit::~_Lockit.LIBCPMT ref: 0049BFBB

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_
String ID:
API String ID: 593203224-0
Opcode ID: d60386ebc8905df8f16c10f7fa3c91e8a6c9b23f5f7661c57f6bfda2410f5871
Instruction ID: 6abd75c03e294ec24f6916fd32cb1cdea991cdc4f1b0dcaf644163c4600ad8c9
Opcode Fuzzy Hash: d60386ebc8905df8f16c10f7fa3c91e8a6c9b23f5f7661c57f6bfda2410f5871
Instruction Fuzzy Hash: BE314BB5D00209DFCB08DF95D981AFEBBB1FB48304F10462AE515A7395E738AA04CF95

Uniqueness

Uniqueness Score: -1.00%

Function 0049BFE0 Relevance: 9.1, APIs: 6, Instructions: 76COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 0049C00A
int.LIBCPMTD ref: 0049C023

Part of subcall function 0047EEF0: std::_Lockit::_Lockit.LIBCPMT ref: 0047EF06
Part of subcall function 0047EEF0: std::_Lockit::~_Lockit.LIBCPMT ref: 0047EF30

std::_Lockit::~_Lockit.LIBCPMT ref: 0049C0BB

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_
String ID:
API String ID: 593203224-0
Opcode ID: f592325ad8b42491b6ae7de95eca66ef226a24d3dbd3a0b52300bd22e2940766
Instruction ID: 2ecee544a695754b7a2c2ae081d6b0471dea7f4b9f6070cb2fdc7af8716b1b29
Opcode Fuzzy Hash: f592325ad8b42491b6ae7de95eca66ef226a24d3dbd3a0b52300bd22e2940766
Instruction Fuzzy Hash: 2E313AB5D00209DFCB08DF95D981AFFBBB5FB48314F10462AE416A7391D739AA00CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 0046B690 Relevance: 9.1, APIs: 6, Instructions: 73COMMON

Download Yara Rule

APIs

new.LIBCMT ref: 0046B6C1
new.LIBCMT ref: 0046B6D5

Part of subcall function 005C97B8: Concurrency::cancel_current_task.LIBCPMT ref: 005C97D0

Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 0046B6EE
shared_ptr.LIBCMTD ref: 0046B710

Part of subcall function 004D1FE0: std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 004D1FEA

Part of subcall function 004CD240: new.LIBCMT ref: 004CD29F
Part of subcall function 004CD240: Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 004CD2CA
Part of subcall function 004CD240: new.LIBCMT ref: 004CD305
Part of subcall function 004CD240: new.LIBCMT ref: 004CD365

shared_ptr.LIBCMTD ref: 0046B759

Part of subcall function 004D2010: std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 004D201A

std::_Container_base12::~_Container_base12.LIBCPMTD ref: 0046B774

Part of subcall function 0048A4C0: _Ptr_base.LIBCMTD ref: 0048A4E9

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ProcessorVirtual$std::_$Concurrency::Iterator_baseIterator_base::_RootRoot::shared_ptr$Concurrency::cancel_current_taskContainer_base12Container_base12::~_Ptr_base
String ID:
API String ID: 2736077689-0
Opcode ID: 359fe9f8fa6065c56478c5607a5d721b2fa912bd7d0e31d5bdc281070e7e66a8
Instruction ID: 08257124170dec88dee429e7789d1d0b033c047d09a0eb2b1f9c86a5b9e08de6
Opcode Fuzzy Hash: 359fe9f8fa6065c56478c5607a5d721b2fa912bd7d0e31d5bdc281070e7e66a8
Instruction Fuzzy Hash: 183108B1D04249EFCB04DFA9D945BEEBBB1FB48314F10826EE415A7381D7795A00CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 004F576E Relevance: 9.1, APIs: 6, Instructions: 63COMMON

Download Yara Rule

APIs

CreatePenIndirect.GDI32(?), ref: 004F57BD
SelectObject.GDI32(?,00000000), ref: 004F57C7
MoveToEx.GDI32(?,?,?,00000000), ref: 004F57E6
LineTo.GDI32(?,?,?), ref: 004F57F8
SelectObject.GDI32(?,00000000), ref: 004F5802
DeleteObject.GDI32(00000000), ref: 004F5809

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Object$Select$CreateDeleteIndirectLineMove
String ID:
API String ID: 191790629-0
Opcode ID: 9bb594d45d21f97a256ef2e00c3c6d6f6d52bd6894d87898208028ae911cef46
Instruction ID: 12b995d2d18d2a2cfe15bdb4ab3812666928e71276f6f0d04277b11cd312842b
Opcode Fuzzy Hash: 9bb594d45d21f97a256ef2e00c3c6d6f6d52bd6894d87898208028ae911cef46
Instruction Fuzzy Hash: 9F2108759001199FCB00CFA8DC999EEBBF9FB4C312F04815AF906E7260D7359A55DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 005FED46 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,004D41D4,005E66AE,004D41D4,?,?,005F2B48,004D41D4,?,00000000), ref: 005FED4A
_free.LIBCMT ref: 005FED7D
_free.LIBCMT ref: 005FEDA5
SetLastError.KERNEL32(00000000,004D41D4,?,00000000), ref: 005FEDB2
SetLastError.KERNEL32(00000000,004D41D4,?,00000000), ref: 005FEDBE
_abort.LIBCMT ref: 005FEDC4

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast$_free$_abort
String ID:
API String ID: 3160817290-0
Opcode ID: cea6590d333cc36fea673feb5defacf3f783965657c67cfc1b232d7a0fe0f050
Instruction ID: 6b80d747731fa94c179a4e19517dde38b3a9223681e45cbf39031ec5111d6dc0
Opcode Fuzzy Hash: cea6590d333cc36fea673feb5defacf3f783965657c67cfc1b232d7a0fe0f050
Instruction Fuzzy Hash: DAF0A43618460A36D71633346C4FEBA2D2BBFD1B61B254529FF15D25F1EF2D88014171

Uniqueness

Uniqueness Score: -1.00%

Function 00548340 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 251COMMON

Download Yara Rule

APIs

__aulldvrm.LIBCMT ref: 00548439

Strings

+, xrefs: 005483C5
0123456789ABCDEF, xrefs: 00548426
0123456789abcdef, xrefs: 00548414
, xrefs: 005483D2

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __aulldvrm
String ID: $+$0123456789ABCDEF$0123456789abcdef
API String ID: 1302938615-2293345791
Opcode ID: b6b3b7f602e4f8d64a0bc6345a9b8e02c5eee9621008ae64b18fc365f897f0ba
Instruction ID: 7129a4d74b8cb8579a6b583afd5b91dded8c8a4eafebc1afb6fc6b09cea8689e
Opcode Fuzzy Hash: b6b3b7f602e4f8d64a0bc6345a9b8e02c5eee9621008ae64b18fc365f897f0ba
Instruction Fuzzy Hash: DF817B72A087519FD710DE28C844AAFBFE5BFC8748F14091DF995A7212DB30ED058B92

Uniqueness

Uniqueness Score: -1.00%

Function 0049A290 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 228COMMON

Download Yara Rule

APIs

Part of subcall function 0048FCF0: std::ios_base::good.LIBCPMTD ref: 0048FD34
Part of subcall function 0048FCF0: std::ios_base::good.LIBCPMTD ref: 0048FD91

char_traits.LIBCPMTD ref: 0049A3DE
char_traits.LIBCPMTD ref: 0049A43C
char_traits.LIBCPMTD ref: 0049A4C8
std::ios_base::width.LIBCPMTD ref: 0049A524

Strings

fAH, xrefs: 0049A3D6, 0049A3D9

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: char_traits$std::ios_base::good$std::ios_base::width
String ID: fAH
API String ID: 2544722642-578738534
Opcode ID: 4e5770bd057780e37c69da03ad6f23b14d73b81d7340f0e53aa0d5d147517004
Instruction ID: 63557c0bef109dc826d4df2cf0c3a0079ce8c047ca21b630dd8b3556215a9510
Opcode Fuzzy Hash: 4e5770bd057780e37c69da03ad6f23b14d73b81d7340f0e53aa0d5d147517004
Instruction Fuzzy Hash: 03A10774900248DFDF14DFA5C895BAEBBB1FF48308F14812AE9066B355D738AA45CB85

Uniqueness

Uniqueness Score: -1.00%

Function 0046A5C0 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 209COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 0046A73F

Strings

The requested method(s) are not currently supported, xrefs: 0046A7D8
Invalid parameter specified for method_type, xrefs: 0046A815
Error allocated space for method preferences, xrefs: 0046A70C
nl, xrefs: 0046A5F8

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ___from_strstr_to_strchr
String ID: Error allocated space for method preferences$Invalid parameter specified for method_type$The requested method(s) are not currently supported$nl
API String ID: 601868998-832783182
Opcode ID: b3212edf2833e6b192bf99a01dd24a40634ca89c34565418b13898c275aed3ad
Instruction ID: 21c1be13a366304e520f71138d27aceb49ee6662cece8051a01aa92543703fa7
Opcode Fuzzy Hash: b3212edf2833e6b192bf99a01dd24a40634ca89c34565418b13898c275aed3ad
Instruction Fuzzy Hash: 3E7115705087479FC710DF24D8846ABBBE5EF85304F14882EE89967302F639DA598F97

Uniqueness

Uniqueness Score: -1.00%

Function 0045D9F0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 190COMMON

Download Yara Rule

APIs

libssh2_channel_window_read_ex.SECURITEINFO.COM.PROGRAM.UNWANTED.5531.23089.22779(?,00000000,00000000,?,?,?,00000002,?,0045DC77), ref: 0045DAD7

Strings

Unable to allocate SFTP packet, xrefs: 0045DAA7
Error waiting for SFTP packet, xrefs: 0045DB90
SFTP packet too large, xrefs: 0045DA7F
channel read, xrefs: 0045DA47

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: D.5531.23089libssh2_channel_window_read_ex.
String ID: Error waiting for SFTP packet$SFTP packet too large$Unable to allocate SFTP packet$channel read
API String ID: 2964706823-2237773506
Opcode ID: f00fd20ec42db885aabffae468961bd7b48ca7e10ad91c13a08dbfc67bd3eace
Instruction ID: d0b0611a012153b9f90eb3f0f82da8ae8e0ce95717f62a767ed6766df763acee
Opcode Fuzzy Hash: f00fd20ec42db885aabffae468961bd7b48ca7e10ad91c13a08dbfc67bd3eace
Instruction Fuzzy Hash: 1A51E8B2A017045BD220DA399C81A6BB3D5FF85326F54062FF94787B82E739B8048764

Uniqueness

Uniqueness Score: -1.00%

Function 005277C0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 119COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 005278E3

Strings

error:%08lX:%s:%s:%s, xrefs: 005278B2
func(%lu), xrefs: 00527854
lib(%lu), xrefs: 0052783C
reason(%lu), xrefs: 00527878

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ___from_strstr_to_strchr
String ID: error:%08lX:%s:%s:%s$func(%lu)$lib(%lu)$reason(%lu)
API String ID: 601868998-2416195885
Opcode ID: e0b8fc793cd4466e429397710a8eee7fb69ecb66dbb9a742118549c33011ea74
Instruction ID: 1fdc2c3c767bb7f6bda69fe795628f6d96fb47290b3924498e9ecc0b638bed93
Opcode Fuzzy Hash: e0b8fc793cd4466e429397710a8eee7fb69ecb66dbb9a742118549c33011ea74
Instruction Fuzzy Hash: A041E97160831A9BD724DA14EC49FAFBBD9FF95304F00082DF54593282E775E908CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0051EBC0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 85COMMON

Download Yara Rule

APIs

libssh2_trace_sethandler.SECURITEINFO.COM.PROGRAM.UNWANTED.5531.23089.22779(00000000,?,0041208B,?,00004000), ref: 0051EBC4
libssh2_trace_sethandler.SECURITEINFO.COM.PROGRAM.UNWANTED.5531.23089.22779(00000000,?,0041208B,?,00004000), ref: 0051EC18

Strings

.rnd, xrefs: 0051EC6E
RANDFILE, xrefs: 0051EBD1
HOME, xrefs: 0051EC21

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: D.5531.23089libssh2_trace_sethandler.
String ID: .rnd$HOME$RANDFILE
API String ID: 3710141464-2139794832
Opcode ID: 6ebc9fc9233a8021ea7dda56baa2144f366f0b4fd5b9a3dc8cb7ace7f5a6b112
Instruction ID: d2236b448cd099b1c5c6330fe37afe4b394a2345e48931d4fa1ceea1b1246065
Opcode Fuzzy Hash: 6ebc9fc9233a8021ea7dda56baa2144f366f0b4fd5b9a3dc8cb7ace7f5a6b112
Instruction Fuzzy Hash: 5E218E2360857216EB229A247C03AEBAFCA6FD2728F1D0559EC41A7203E2459CC387E1

Uniqueness

Uniqueness Score: -1.00%

Function 004FFE13 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62registryCOMMON

Download Yara Rule

APIs

GetClassInfoExW.USER32(00000000,00000000), ref: 004FFE42
GetClassInfoExW.USER32(00000000,00000000), ref: 004FFE5E
RegisterClassExW.USER32(00000030), ref: 004FFE8E
GetLastError.KERNEL32(?,?), ref: 004FFE99

Strings

0, xrefs: 004FFE2E

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Class$Info$ErrorLastRegister
String ID: 0
API String ID: 3973468783-4108050209
Opcode ID: 2571653fee970d08f3eed163d37a584266f273764e72e80d0c9ca3c394cde612
Instruction ID: ce15f854aa2a48abcea10c2b768af135169bfe327ab6d78b51cf8f86d5795675
Opcode Fuzzy Hash: 2571653fee970d08f3eed163d37a584266f273764e72e80d0c9ca3c394cde612
Instruction Fuzzy Hash: EC118274A10218AFDB109FB9D888AEFBBFDFF04755F04842AF505D3251D77498048B60

Uniqueness

Uniqueness Score: -1.00%

Function 005FF3C8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 52libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00000000,00000000,?,005FF36F,?,00000000,00000000,00000000,?,005FF69B,00000006,FlsSetValue), ref: 005FF3FA
GetLastError.KERNEL32(?,005FF36F,?,00000000,00000000,00000000,?,005FF69B,00000006,FlsSetValue,0066F6F0,0066F6F8,00000000,00000364,?,005FEE18), ref: 005FF406
LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,005FF36F,?,00000000,00000000,00000000,?,005FF69B,00000006,FlsSetValue,0066F6F0,0066F6F8,00000000), ref: 005FF414

Strings

+_, xrefs: 005FF3CD

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: LibraryLoad$ErrorLast
String ID: +_
API String ID: 3177248105-2050882381
Opcode ID: 6baa476818695d7d73e54c81a5c6c42ac3d2c6d9b5a6cf8ceeecfdb486429608
Instruction ID: a3e4e1fce970494cff861a1dc90d43e6068d8f94e2f74171df55a6b3eaaba657
Opcode Fuzzy Hash: 6baa476818695d7d73e54c81a5c6c42ac3d2c6d9b5a6cf8ceeecfdb486429608
Instruction Fuzzy Hash: 7D01F73261123BABCB214B69AC48AB73F99BF04B617145531FA06D3640D724D800C7F0

Uniqueness

Uniqueness Score: -1.00%

Function 005F5936 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 51COMMON

Download Yara Rule

APIs

_wcsrchr.LIBVCRUNTIME ref: 005F594B

Strings

.com, xrefs: 005F598B
.exe, xrefs: 005F5958
.bat, xrefs: 005F597A
.cmd, xrefs: 005F5969

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: _wcsrchr
String ID: .bat$.cmd$.com$.exe
API String ID: 1752292252-4019086052
Opcode ID: 7844cadf2f20e6531e3f062719155c769ac65ab8e353b44a0c0feeae0cf57b9c
Instruction ID: 834be78da437ad709e7da94de04bd08c7cb9cbc0db70c5dddb67d39a66fe5cfc
Opcode Fuzzy Hash: 7844cadf2f20e6531e3f062719155c769ac65ab8e353b44a0c0feeae0cf57b9c
Instruction Fuzzy Hash: EDF0FC33648F5B649B1C2112AE176BB1F89EF823B0B600016F748954C2FF89AC81C0B9

Uniqueness

Uniqueness Score: -1.00%

Function 0051E5B1 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 48COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0051E5BB

Part of subcall function 0051BF37: __EH_prolog3.LIBCMT ref: 0051BF3E

Strings

C!^, xrefs: 0051E5D3
{D27CDB6E-AE6D-11CF-96B8-444553540000}, xrefs: 0051E5F1
9Q, xrefs: 0051E613
C!^, xrefs: 0051E5E3

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: H_prolog3H_prolog3_
String ID: 9Q$C!^$C!^${D27CDB6E-AE6D-11CF-96B8-444553540000}
API String ID: 3355343447-516461409
Opcode ID: 76f1aca5a921b3d1a1dc1302888aa461a2ca98dc753dd64c34b65eb1ab9608f5
Instruction ID: 7c35cc67b15b37670ada990a59aad2fee0d3960c2c270097063bfc6c032caad2
Opcode Fuzzy Hash: 76f1aca5a921b3d1a1dc1302888aa461a2ca98dc753dd64c34b65eb1ab9608f5
Instruction Fuzzy Hash: E7117FB0800F658ADB20DF65DC09BDBBFF9AF91309F40458EA09DA7281DBB01688CF51

Uniqueness

Uniqueness Score: -1.00%

Function 005F94AC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,005F945D,005E77FD,?,005F93FD,005E77FD,006B9E68,0000000C,005F9554,005E77FD,00000002), ref: 005F94CC
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 005F94DF
FreeLibrary.KERNEL32(00000000,?,?,?,005F945D,005E77FD,?,005F93FD,005E77FD,006B9E68,0000000C,005F9554,005E77FD,00000002,00000000), ref: 005F9502

Strings

CorExitProcess, xrefs: 005F94D7
mscoree.dll, xrefs: 005F94C5

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 53960c1fa40676ed8622a3b3332dafe2cb35b34cf950c264d9e459f0ee2ce3f8
Instruction ID: 74b038589d65fc06ef091152b2d36b0e8c2530f3ef796a7b3a8faeed62e595d5
Opcode Fuzzy Hash: 53960c1fa40676ed8622a3b3332dafe2cb35b34cf950c264d9e459f0ee2ce3f8
Instruction Fuzzy Hash: D9F0AF30A0021DBBCB159F90DC1DBEEBFBAFF44715F044069F906A61A0CB358A41CAA0

Uniqueness

Uniqueness Score: -1.00%

Function 0051D958 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 37COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 0051D95F

Part of subcall function 0051BF37: __EH_prolog3.LIBCMT ref: 0051BF3E

Strings

7Q, xrefs: 0051D9A9
AQ, xrefs: 0051D9B3
-Q, xrefs: 0051D99F
C!^, xrefs: 0051D96E

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: H_prolog3
String ID: -Q$7Q$AQ$C!^
API String ID: 431132790-2858313133
Opcode ID: ee30c6ef1191556df7f1b6399f338f5b5eb4a693d7da3237195799e4502e9b19
Instruction ID: 4f31a28e20d5c4c2762eaf346ef1a631a1bdead20e424edf1e9fab812653d654
Opcode Fuzzy Hash: ee30c6ef1191556df7f1b6399f338f5b5eb4a693d7da3237195799e4502e9b19
Instruction Fuzzy Hash: 9B110CB0501F518EC760DF79984879BBFE2BF4530AF81092DA0AA9B241DBB52544CF81

Uniqueness

Uniqueness Score: -1.00%

Function 004D7A40 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 21libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32,IsWow64Process), ref: 004D7A57
GetProcAddress.KERNEL32(00000000), ref: 004D7A5E
GetCurrentProcess.KERNEL32(00000000), ref: 004D7A71

Strings

IsWow64Process, xrefs: 004D7A4D
kernel32, xrefs: 004D7A52

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AddressCurrentHandleModuleProcProcess
String ID: IsWow64Process$kernel32
API String ID: 4190356694-3789238822
Opcode ID: b3c1ba96f3fa86081933790941f95a7d4abbc5a7fa8df10d9da57cdc432f340a
Instruction ID: 967a5673d3dcc13e6480c75b8547b04bd00ebd722ce00bd37f97885cf4ff65ea
Opcode Fuzzy Hash: b3c1ba96f3fa86081933790941f95a7d4abbc5a7fa8df10d9da57cdc432f340a
Instruction Fuzzy Hash: D9E0E574800208FBCF00ABE4A91DA8DBBB9AB08701F149096A901A3250D7745A44DB61

Uniqueness

Uniqueness Score: -1.00%

Function 00602ED2 Relevance: 7.7, APIs: 5, Instructions: 222COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 925bb211ab69b30b80bab6a006187ae8d82e4e015e169a9913d2dd32551a569d
Instruction ID: df63c9af4360abc97a090b6aabacbc519763b1d516ded2e74466a4359e5f7c1a
Opcode Fuzzy Hash: 925bb211ab69b30b80bab6a006187ae8d82e4e015e169a9913d2dd32551a569d
Instruction Fuzzy Hash: CB71B03198126B9BDB298F55C848AFFBBBBEF45351F14466AE412573C0D7708E42C7A0

Uniqueness

Uniqueness Score: -1.00%

Function 00483F60 Relevance: 7.7, APIs: 5, Instructions: 215memoryCOMMON

Download Yara Rule

APIs

std::_Container_base12::~_Container_base12.LIBCPMTD ref: 00483FD2

Part of subcall function 0048B7E0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0048B809

std::_Container_base12::~_Container_base12.LIBCPMTD ref: 00484028
std::_Container_base12::~_Container_base12.LIBCPMTD ref: 00484053
_DebugHeapAllocator.LIBCPMTD ref: 00484209
std::_Container_base12::~_Container_base12.LIBCPMTD ref: 00484218

Part of subcall function 0048B820: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0048B82A

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Container_base12Container_base12::~_std::_$Base::Concurrency::details::ContextIdentityQueueWork$AllocatorDebugHeap
String ID:
API String ID: 4207642963-0
Opcode ID: ded7e784b08f3e36c8193d90e9a693750ca525e3867dee8e4a74794a75505efc
Instruction ID: 1afed85d0bf40bf1309dcc4793ab507b1c5eb8c894ed0e1f0288d772fa768332
Opcode Fuzzy Hash: ded7e784b08f3e36c8193d90e9a693750ca525e3867dee8e4a74794a75505efc
Instruction Fuzzy Hash: 9BA16A71900218DFCB14EB64CC91BEEB775EF55304F04459EE14AA7292DB382E89CF96

Uniqueness

Uniqueness Score: -1.00%

Function 00490400 Relevance: 7.7, APIs: 5, Instructions: 186COMMON

Download Yara Rule

APIs

std::ios_base::getloc.LIBCPMTD ref: 0049047C
_Mpunct.LIBCPMTD ref: 004904D0
std::_Container_base12::~_Container_base12.LIBCPMTD ref: 004905BD

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Container_base12Container_base12::~_Mpunctstd::_std::ios_base::getloc
String ID:
API String ID: 152818851-0
Opcode ID: 961a466f302cf0685dfe457c8fde5d4904a31abb31c34a81372b51d7614a9e4b
Instruction ID: 38f2c23e79c4f908b17bb3d45597cf5d692c9dbfa7404843ed648bf4660d41ea
Opcode Fuzzy Hash: 961a466f302cf0685dfe457c8fde5d4904a31abb31c34a81372b51d7614a9e4b
Instruction Fuzzy Hash: 657120B19002089FCF14EF99C891AEEBBB5BF48314F14852EF519A7291DB349D45CF94

Uniqueness

Uniqueness Score: -1.00%

Function 004949C0 Relevance: 7.7, APIs: 5, Instructions: 160COMMON

Download Yara Rule

APIs

std::ios_base::good.LIBCPMTD ref: 004949FC
std::ios_base::getloc.LIBCPMTD ref: 00494A6D
char_traits.LIBCPMTD ref: 00494B01
std::ios_base::good.LIBCPMTD ref: 00494B8D

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: std::ios_base::good$char_traitsstd::ios_base::getloc
String ID:
API String ID: 1920461149-0
Opcode ID: b221100308e9df102fb8d1ec373b8f0bdb732ddf12b918dbd1222d7f0b107002
Instruction ID: 043b28d2f44e35b6c2177d2085140c3536cfd767c07f37ba22f5cbd3ea754171
Opcode Fuzzy Hash: b221100308e9df102fb8d1ec373b8f0bdb732ddf12b918dbd1222d7f0b107002
Instruction Fuzzy Hash: CA516274E002099FCF04DF95C892EBEBBB1BF84318F14816EE515A7391DB39A941CB94

Uniqueness

Uniqueness Score: -1.00%

Function 005FB20F Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 005FB281
_free.LIBCMT ref: 005FB2A1

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: a36ddc3cd3e88d3f5107c8b49f0ed837ecb1fa881ce0eb45577d248e2aa1c6be
Instruction ID: 5d834ff3699117a75438aeb9bf28faecb5055d7a5e6681861c4686cf3c7da4b9
Opcode Fuzzy Hash: a36ddc3cd3e88d3f5107c8b49f0ed837ecb1fa881ce0eb45577d248e2aa1c6be
Instruction Fuzzy Hash: 3841C136A00208DFDB20DF78C885A6DBBB6FF89714B254569E615EB391DB35AD01CB80

Uniqueness

Uniqueness Score: -1.00%

Function 0048C920 Relevance: 7.6, APIs: 5, Instructions: 109COMMON

Download Yara Rule

APIs

char_traits.LIBCPMTD ref: 0048C960
char_traits.LIBCPMTD ref: 0048C995
char_traits.LIBCPMTD ref: 0048C9B0
char_traits.LIBCPMTD ref: 0048C9DB

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: char_traits
String ID:
API String ID: 1158913984-0
Opcode ID: ff12374529c5b45d71528623a7935018d0322c7bd07979183a048aa4d1cae143
Instruction ID: df9129c85a99687035451e739a2bccceacef9de770e2b4c51cfb44ea5c8edf4e
Opcode Fuzzy Hash: ff12374529c5b45d71528623a7935018d0322c7bd07979183a048aa4d1cae143
Instruction Fuzzy Hash: 3431ABB6D00109ABCF04FBA2D8919EE7B756F54308F0489BFE4065B242EB39DB45C7A5

Uniqueness

Uniqueness Score: -1.00%

Function 0049B360 Relevance: 7.6, APIs: 5, Instructions: 105COMMON

Download Yara Rule

APIs

std::ios_base::good.LIBCPMTD ref: 0049B36E
make_pair.LIBCPMTD ref: 0049B397
Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 0049B3DA
std::_Mutex_base::~_Mutex_base.LIBCONCRTD ref: 0049B3ED
make_pair.LIBCPMTD ref: 0049B442

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: make_pair$Affinity::operator!=Concurrency::details::HardwareMutex_baseMutex_base::~_std::_std::ios_base::good
String ID:
API String ID: 3397314618-0
Opcode ID: 5d48bb4556b975830baceb67be8ddc343921f8978adbd471fb300d7f5dfa0d5c
Instruction ID: 7b2768039d58be6350bee7eaf58ab728adfc6e1956569045a32e7cc00d840666
Opcode Fuzzy Hash: 5d48bb4556b975830baceb67be8ddc343921f8978adbd471fb300d7f5dfa0d5c
Instruction Fuzzy Hash: F63182B5910109ABDF04EF91D8418EF7779FF84300F04842FF81697292DB38AA14C7A5

Uniqueness

Uniqueness Score: -1.00%

Function 0049B480 Relevance: 7.6, APIs: 5, Instructions: 95COMMON

Download Yara Rule

APIs

std::ios_base::good.LIBCPMTD ref: 0049B48C
make_pair.LIBCPMTD ref: 0049B4B5
Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 0049B4F8
std::_Mutex_base::~_Mutex_base.LIBCONCRTD ref: 0049B507
make_pair.LIBCPMTD ref: 0049B555

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: make_pair$Affinity::operator!=Concurrency::details::HardwareMutex_baseMutex_base::~_std::_std::ios_base::good
String ID:
API String ID: 3397314618-0
Opcode ID: 1f114988d8ed62f61632ddc4c6f190269fbdbe4735b6740677cebcc6ecfe2c6d
Instruction ID: c6cc5ea8dd40e9d1ae22aaba4e383d91e5acb6a90e445f26faa519cb3c4656a4
Opcode Fuzzy Hash: 1f114988d8ed62f61632ddc4c6f190269fbdbe4735b6740677cebcc6ecfe2c6d
Instruction Fuzzy Hash: 71315075900109ABCB05EF91D891CEF7779FF84304F00856FF90657291EB38AA15CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 0049C6A0 Relevance: 7.6, APIs: 5, Instructions: 63COMMON

Download Yara Rule

APIs

new.LIBCMT ref: 0049C6E4
std::locale::c_str.LIBCPMTD ref: 0049C6F9
std::_Locinfo::_Locinfo.LIBCPMTD ref: 0049C702

Part of subcall function 0047EC30: std::_Lockit::_Lockit.LIBCPMT ref: 0047EC5D
Part of subcall function 0047EC30: _Yarn.LIBCPMTD ref: 0047EC6F
Part of subcall function 0047EC30: _Yarn.LIBCPMTD ref: 0047EC7E
Part of subcall function 0047EC30: _Yarn.LIBCPMTD ref: 0047EC8D
Part of subcall function 0047EC30: _Yarn.LIBCPMTD ref: 0047EC9C
Part of subcall function 0047EC30: _Yarn.LIBCPMTD ref: 0047ECAB
Part of subcall function 0047EC30: _Yarn.LIBCPMTD ref: 0047ECBA
Part of subcall function 0047EC30: std::bad_exception::bad_exception.LIBCMTD ref: 0047ECD1
Part of subcall function 0047EC30: __CxxThrowException@8.LIBVCRUNTIME ref: 0047ECDF
Part of subcall function 0047EC30: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0047ECEC

numpunct.LIBCPMTD ref: 0049C728

Part of subcall function 0049CF80: std::locale::facet::facet.LIBCPMTD ref: 0049CFAD
Part of subcall function 0049CF80: numpunct.LIBCPMTD ref: 0049CFCE

std::_Locinfo::~_Locinfo.LIBCPMTD ref: 0049C764

Part of subcall function 0047ED10: std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 0047ED3A
Part of subcall function 0047ED10: std::_Container_base12::~_Container_base12.LIBCPMTD ref: 0047ED48
Part of subcall function 0047ED10: std::_Container_base12::~_Container_base12.LIBCPMTD ref: 0047ED53
Part of subcall function 0047ED10: std::_Container_base12::~_Container_base12.LIBCPMTD ref: 0047ED5E
Part of subcall function 0047ED10: std::_Container_base12::~_Container_base12.LIBCPMTD ref: 0047ED69
Part of subcall function 0047ED10: std::_Container_base12::~_Container_base12.LIBCPMTD ref: 0047ED74
Part of subcall function 0047ED10: std::_Container_base12::~_Container_base12.LIBCPMTD ref: 0047ED7F
Part of subcall function 0047ED10: std::_Lockit::~_Lockit.LIBCPMT ref: 0047ED87

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: std::_$Container_base12Container_base12::~_Yarn$Locinfo::_$LocinfoLockitnumpunct$Exception@8Locinfo::~_Locinfo_ctorLocinfo_dtorLockit::_Lockit::~_Throwstd::bad_exception::bad_exceptionstd::locale::c_strstd::locale::facet::facet
String ID:
API String ID: 3907924921-0
Opcode ID: 2cdf7418fec38f6d1504aea68df733c6fd54b3b33b5cde1043e672facdb95378
Instruction ID: bbde198619586ed9e2aa452fc2027649cd28d36a900795a07d17364d96a5528a
Opcode Fuzzy Hash: 2cdf7418fec38f6d1504aea68df733c6fd54b3b33b5cde1043e672facdb95378
Instruction Fuzzy Hash: CD2125B1D0020ADFDF14DF98C981BEEBBB1FB48714F10866AE415AB380D7796A00CB95

Uniqueness

Uniqueness Score: -1.00%

Function 0049CB40 Relevance: 7.6, APIs: 5, Instructions: 62COMMON

Download Yara Rule

APIs

new.LIBCMT ref: 0049CB84
std::locale::c_str.LIBCPMTD ref: 0049CB99
std::_Locinfo::_Locinfo.LIBCPMTD ref: 0049CBA2

Part of subcall function 0047EC30: std::_Lockit::_Lockit.LIBCPMT ref: 0047EC5D
Part of subcall function 0047EC30: _Yarn.LIBCPMTD ref: 0047EC6F
Part of subcall function 0047EC30: _Yarn.LIBCPMTD ref: 0047EC7E
Part of subcall function 0047EC30: _Yarn.LIBCPMTD ref: 0047EC8D
Part of subcall function 0047EC30: _Yarn.LIBCPMTD ref: 0047EC9C
Part of subcall function 0047EC30: _Yarn.LIBCPMTD ref: 0047ECAB
Part of subcall function 0047EC30: _Yarn.LIBCPMTD ref: 0047ECBA
Part of subcall function 0047EC30: std::bad_exception::bad_exception.LIBCMTD ref: 0047ECD1
Part of subcall function 0047EC30: __CxxThrowException@8.LIBVCRUNTIME ref: 0047ECDF
Part of subcall function 0047EC30: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0047ECEC

ctype.LIBCPMTD ref: 0049CBC6

Part of subcall function 0049D0E0: std::bad_exception::bad_exception.LIBCMTD ref: 0049D10D

std::_Locinfo::~_Locinfo.LIBCPMTD ref: 0049CC02

Part of subcall function 0047ED10: std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 0047ED3A
Part of subcall function 0047ED10: std::_Container_base12::~_Container_base12.LIBCPMTD ref: 0047ED48
Part of subcall function 0047ED10: std::_Container_base12::~_Container_base12.LIBCPMTD ref: 0047ED53
Part of subcall function 0047ED10: std::_Container_base12::~_Container_base12.LIBCPMTD ref: 0047ED5E
Part of subcall function 0047ED10: std::_Container_base12::~_Container_base12.LIBCPMTD ref: 0047ED69
Part of subcall function 0047ED10: std::_Container_base12::~_Container_base12.LIBCPMTD ref: 0047ED74
Part of subcall function 0047ED10: std::_Container_base12::~_Container_base12.LIBCPMTD ref: 0047ED7F
Part of subcall function 0047ED10: std::_Lockit::~_Lockit.LIBCPMT ref: 0047ED87

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: std::_$Container_base12Container_base12::~_Yarn$Locinfo::_$LocinfoLockitstd::bad_exception::bad_exception$Exception@8Locinfo::~_Locinfo_ctorLocinfo_dtorLockit::_Lockit::~_Throwctypestd::locale::c_str
String ID:
API String ID: 69252773-0
Opcode ID: 162aca304105e37c74734de9fcc76a444507cfa8adc9ce5f79b310a82d24bd5c
Instruction ID: d26ce9c190d575c93df16c736260c6e2dd9ce4fe2a393393b5a194451f242ecd
Opcode Fuzzy Hash: 162aca304105e37c74734de9fcc76a444507cfa8adc9ce5f79b310a82d24bd5c
Instruction Fuzzy Hash: 3A21F5B1D00249DFDF04DF98C955BEEBBB1FB48314F10866AE419AB380D7796A04CB94

Uniqueness

Uniqueness Score: -1.00%

Function 0049CC20 Relevance: 7.6, APIs: 5, Instructions: 62COMMON

Download Yara Rule

APIs

new.LIBCMT ref: 0049CC64
std::locale::c_str.LIBCPMTD ref: 0049CC79
std::_Locinfo::_Locinfo.LIBCPMTD ref: 0049CC82

Part of subcall function 0047EC30: std::_Lockit::_Lockit.LIBCPMT ref: 0047EC5D
Part of subcall function 0047EC30: _Yarn.LIBCPMTD ref: 0047EC6F
Part of subcall function 0047EC30: _Yarn.LIBCPMTD ref: 0047EC7E
Part of subcall function 0047EC30: _Yarn.LIBCPMTD ref: 0047EC8D
Part of subcall function 0047EC30: _Yarn.LIBCPMTD ref: 0047EC9C
Part of subcall function 0047EC30: _Yarn.LIBCPMTD ref: 0047ECAB
Part of subcall function 0047EC30: _Yarn.LIBCPMTD ref: 0047ECBA
Part of subcall function 0047EC30: std::bad_exception::bad_exception.LIBCMTD ref: 0047ECD1
Part of subcall function 0047EC30: __CxxThrowException@8.LIBVCRUNTIME ref: 0047ECDF
Part of subcall function 0047EC30: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0047ECEC

ctype.LIBCPMTD ref: 0049CCA6

Part of subcall function 0049D150: std::locale::facet::facet.LIBCPMTD ref: 0049D17D

std::_Locinfo::~_Locinfo.LIBCPMTD ref: 0049CCE2

Part of subcall function 0047ED10: std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 0047ED3A
Part of subcall function 0047ED10: std::_Container_base12::~_Container_base12.LIBCPMTD ref: 0047ED48
Part of subcall function 0047ED10: std::_Container_base12::~_Container_base12.LIBCPMTD ref: 0047ED53
Part of subcall function 0047ED10: std::_Container_base12::~_Container_base12.LIBCPMTD ref: 0047ED5E
Part of subcall function 0047ED10: std::_Container_base12::~_Container_base12.LIBCPMTD ref: 0047ED69
Part of subcall function 0047ED10: std::_Container_base12::~_Container_base12.LIBCPMTD ref: 0047ED74
Part of subcall function 0047ED10: std::_Container_base12::~_Container_base12.LIBCPMTD ref: 0047ED7F
Part of subcall function 0047ED10: std::_Lockit::~_Lockit.LIBCPMT ref: 0047ED87

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: std::_$Container_base12Container_base12::~_Yarn$Locinfo::_$LocinfoLockit$Exception@8Locinfo::~_Locinfo_ctorLocinfo_dtorLockit::_Lockit::~_Throwctypestd::bad_exception::bad_exceptionstd::locale::c_strstd::locale::facet::facet
String ID:
API String ID: 3257443147-0
Opcode ID: 4b15576f291bf59706c1d6b03e5ebd3bce36a019c81bf01fc2eededb48fead9f
Instruction ID: a083e81034d5abc8fe639a1f53de98c20dabe09da6c1c0c665ba5a26f0ab7b44
Opcode Fuzzy Hash: 4b15576f291bf59706c1d6b03e5ebd3bce36a019c81bf01fc2eededb48fead9f
Instruction Fuzzy Hash: E52107B1D00249DFDF04DF98C955BEEBBB1FB49314F10866AE429AB380D7796A00CB94

Uniqueness

Uniqueness Score: -1.00%

Function 005FEDCA Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00000000,005EB47E,005F2B0D,00000000), ref: 005FEDCF
_free.LIBCMT ref: 005FEE04
_free.LIBCMT ref: 005FEE2B
SetLastError.KERNEL32(00000000,005EB47E,005F2B0D,00000000), ref: 005FEE38
SetLastError.KERNEL32(00000000,005EB47E,005F2B0D,00000000), ref: 005FEE41

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast$_free
String ID:
API String ID: 3170660625-0
Opcode ID: f701a49753f9bc50636b4b74843bc66c4afd41fa75171b063f72b39c5af59162
Instruction ID: 3f9230e4f14b6ed44a0b45cd2e34e10d4160b7277667a742ac296287317cba16
Opcode Fuzzy Hash: f701a49753f9bc50636b4b74843bc66c4afd41fa75171b063f72b39c5af59162
Instruction Fuzzy Hash: 3201AD3614060A2B871222647C8FD7B2E2EBBD17617280439FB11921A2EE2D880141A1

Uniqueness

Uniqueness Score: -1.00%

Function 00606691 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 006066A9

Part of subcall function 005F64BE: RtlFreeHeap.NTDLL(00000000,00000000,?,00606944,005EB47E,00000000,005EB47E,00000000,?,00606BE8,005EB47E,00000007,005EB47E,?,00606F97,005EB47E), ref: 005F64D4
Part of subcall function 005F64BE: GetLastError.KERNEL32(005EB47E,?,00606944,005EB47E,00000000,005EB47E,00000000,?,00606BE8,005EB47E,00000007,005EB47E,?,00606F97,005EB47E,005EB47E), ref: 005F64E6

_free.LIBCMT ref: 006066BB
_free.LIBCMT ref: 006066CD
_free.LIBCMT ref: 006066DF
_free.LIBCMT ref: 006066F1

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: eb8ae81559d61357638ceeef2fdda4ac340183b227e0e93b9d925fcacabb5456
Instruction ID: 843f06990c462fe4bf2dc698517c485ba8a58ea20824eb1dd7a8492b0ce2996d
Opcode Fuzzy Hash: eb8ae81559d61357638ceeef2fdda4ac340183b227e0e93b9d925fcacabb5456
Instruction Fuzzy Hash: 2BF0AF32554604AFCA28EB58F9CDC677BDBBA803503280804F458D3F40CA3AFCA08A15

Uniqueness

Uniqueness Score: -1.00%

Function 0049A570 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 253COMMON

Download Yara Rule

APIs

char_traits.LIBCPMTD ref: 0049A701
char_traits.LIBCPMTD ref: 0049A7E6
std::ios_base::width.LIBCPMTD ref: 0049A816

Strings

x`, xrefs: 0049A67E

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: char_traits$std::ios_base::width
String ID: x`
API String ID: 735177774-1397163517
Opcode ID: 69ca35f6f208d4323ac5030f4d918788183c34ace9be891a5470fd118143bcaa
Instruction ID: debb555ba1f6b727534f406455e7a42b43f89366b2860c36b09f5feecce7fcd4
Opcode Fuzzy Hash: 69ca35f6f208d4323ac5030f4d918788183c34ace9be891a5470fd118143bcaa
Instruction Fuzzy Hash: EBB1F774D00208DFCF14DF95C891AAEBBB1FF88308F24816EE906AB355D738A955CB95

Uniqueness

Uniqueness Score: -1.00%

Function 00489BB0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 221COMMON

Download Yara Rule

Strings

</Downloader>, xrefs: 00489C38
Download_url, xrefs: 00489DEB
<Downloader>, xrefs: 00489BEE

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: </Downloader>$<Downloader>$Download_url
API String ID: 0-2463169464
Opcode ID: 03d0e288cdb87d5f4f3b2e06c021997eef26e297b03684dea3073543fbe6ecf3
Instruction ID: 2c568fb7363732986dcf4cfaeec1b590c7c1ae31f72713f01359dbf15a8c4826
Opcode Fuzzy Hash: 03d0e288cdb87d5f4f3b2e06c021997eef26e297b03684dea3073543fbe6ecf3
Instruction Fuzzy Hash: AFA14970D0014CEFCB14EFA9C895AEDBBB0AF14318F24855EE0166B2D1DB786E45DB98

Uniqueness

Uniqueness Score: -1.00%

Function 004762E0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 184keyboardCOMMON

Download Yara Rule

APIs

_wcsstr.LIBVCRUNTIME ref: 00476404
GetKeyState.USER32(00000010), ref: 0047642E
GetTickCount.KERNEL32 ref: 0047652B

Strings

RichEditUI, xrefs: 004763E5

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CountStateTick_wcsstr
String ID: RichEditUI
API String ID: 1310091763-2796277332
Opcode ID: 589f81167c077b4f8552d6d470e758e68190ba2f1bebd89a2023a982dc78d43b
Instruction ID: 383bb49fdd603629bc2edabf0fb1144a8938149a9dcc23c40294af3245bce63c
Opcode Fuzzy Hash: 589f81167c077b4f8552d6d470e758e68190ba2f1bebd89a2023a982dc78d43b
Instruction Fuzzy Hash: BB814074A00609EFCB08CF99D494AEEF7B2BF88300F14C1AAD819AB351D7359A45CF95

Uniqueness

Uniqueness Score: -1.00%

Function 004585F0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 111COMMON

Download Yara Rule

APIs

libssh2_knownhost_readline.SECURITEINFO.COM.PROGRAM.UNWANTED.5531.23089.22779(?,?,?,00000001), ref: 00458699

Strings

Unsupported type of known-host information store, xrefs: 00458622
Failed to parse known hosts file, xrefs: 004586E2
Failed to open file, xrefs: 00458719

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: D.5531.23089libssh2_knownhost_readline.
String ID: Failed to open file$Failed to parse known hosts file$Unsupported type of known-host information store
API String ID: 3155965070-3548788175
Opcode ID: 25a7484a196988800fbc66c4278c9c17474c8a62858bf9b46e258c94bef46d48
Instruction ID: 7f3ffbbbbfeb88c8209f0a40c92d3f8a74aee6ba94e81f3d3cae2220dc33f3e6
Opcode Fuzzy Hash: 25a7484a196988800fbc66c4278c9c17474c8a62858bf9b46e258c94bef46d48
Instruction Fuzzy Hash: 193108B2B042015BC720AB64AC46FAB73D9BFC4314F54852EF9D992282FD39950CCBD6

Uniqueness

Uniqueness Score: -1.00%

Function 0050F645 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 106COMMON

Download Yara Rule

APIs

_wcsstr.LIBVCRUNTIME ref: 0050F6C6

Strings

ListHeader, xrefs: 0050F651
ListHeaderItemUI, xrefs: 0050F6BD
ListItem, xrefs: 0050F713

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: _wcsstr
String ID: ListHeader$ListHeaderItemUI$ListItem
API String ID: 1512112989-3885667446
Opcode ID: d5b1dc0f56e4fb299218b977c85dc92c72bbf45c9b981eb70a3848bbec924226
Instruction ID: d5954f94b25ec94dbd35f4042e35b02829a49c9a6f95626e407f06c0c707242e
Opcode Fuzzy Hash: d5b1dc0f56e4fb299218b977c85dc92c72bbf45c9b981eb70a3848bbec924226
Instruction Fuzzy Hash: 58316B753405019FD718DF28C8A8A29BBE5FF85328B18416DE656CBBA1CB31EC10CB96

Uniqueness

Uniqueness Score: -1.00%

Function 0053A0A0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 91COMMON

Download Yara Rule

APIs

_fwprintf.LIBCONCRTD ref: 0053A0F1
___from_strstr_to_strchr.LIBCMT ref: 0053A15E

Strings

%I64i, xrefs: 0053A0E8
OPENSSL_ia32cap, xrefs: 0053A0B9

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ___from_strstr_to_strchr_fwprintf
String ID: %I64i$OPENSSL_ia32cap
API String ID: 3950272715-1470193844
Opcode ID: ff20365c5aac2e057e9c7f478f2be4f054a325c247af75476b7040e6590913b2
Instruction ID: 8797d11de9f961fbe4de8cae6d9b8e868ec473531bb3d5febfcb514a1678ae05
Opcode Fuzzy Hash: ff20365c5aac2e057e9c7f478f2be4f054a325c247af75476b7040e6590913b2
Instruction Fuzzy Hash: 9B31A2B5D043426FF700DF619C42B2A7BE5BB94344F18843EF88896252E7B89948C7A3

Uniqueness

Uniqueness Score: -1.00%

Function 00484790 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 91COMMON

Download Yara Rule

APIs

std::_Container_base12::~_Container_base12.LIBCPMTD ref: 0048485C

Strings

fileStream, xrefs: 004847BB
maxLogFileSize, xrefs: 004847EB
filename, xrefs: 00484824

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Container_base12Container_base12::~_std::_
String ID: fileStream$filename$maxLogFileSize
API String ID: 1531518832-804276554
Opcode ID: d71ed8693786fa8c707c93d11b5ebe4ee16e3035a0aad5c893843f0877bdf932
Instruction ID: ef1f25900d38a3fd3aa19c88cb4bc652e9bec1214f2297723ebc44c21d9e98bb
Opcode Fuzzy Hash: d71ed8693786fa8c707c93d11b5ebe4ee16e3035a0aad5c893843f0877bdf932
Instruction Fuzzy Hash: 24315D7591014CAFCB04EFA4E891FEEBBB5BF45704F10462EF412A7281DB386940CB98

Uniqueness

Uniqueness Score: -1.00%

Function 00471AA0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 86COMMON

Download Yara Rule

APIs

LoadCursorW.USER32(00000000,00007F00), ref: 00471AB6
SetCursor.USER32(00000000,?,0046E0B5,?), ref: 00471ABD

Strings

timer, xrefs: 00471B1E
menu, xrefs: 00471B63

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Cursor$Load
String ID: menu$timer
API String ID: 1675784387-2593718399
Opcode ID: 9586126e51d8fd74038692dbe1d9cd0e92c09881f17b18584e729f2e7604b671
Instruction ID: b13e141726c9d3389c5a7fc0a9dbec4a72e71d0e2e1bedfdb0099beee508c0d8
Opcode Fuzzy Hash: 9586126e51d8fd74038692dbe1d9cd0e92c09881f17b18584e729f2e7604b671
Instruction Fuzzy Hash: 2531FD34600104EFCB08CF98C991EEE77B6BB89341F248199E5095B362D735AE82DB99

Uniqueness

Uniqueness Score: -1.00%

Function 0050F201 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 0050F208

Part of subcall function 0050F370: __EH_prolog3.LIBCMT ref: 0050F377

new.LIBCMT ref: 0050F272
new.LIBCMT ref: 0050F29E

Strings

C!^, xrefs: 0050F217

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: H_prolog3
String ID: C!^
API String ID: 431132790-2379318171
Opcode ID: 7a18d661e3699ae206992a8c0aabd06b249228f3bbfbd50ca81cfa5ce6fe19cc
Instruction ID: aceba834413b910088a7195f2e4d7146327eef4a69780141bbc8a3dcb6447a6f
Opcode Fuzzy Hash: 7a18d661e3699ae206992a8c0aabd06b249228f3bbfbd50ca81cfa5ce6fe19cc
Instruction Fuzzy Hash: C4315CB0905B868ED760DF7888497DEBEE4BB45300F104A6DE0AADB2C1DB7466418F55

Uniqueness

Uniqueness Score: -1.00%

Function 00528130 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 75COMMON

Download Yara Rule

Strings

unknown, xrefs: 005281ED
.\crypto\err\err.c, xrefs: 00528135, 00528154, 0052816B, 0052817E, 0052819D, 00528207
Operation not permitted, xrefs: 005281B7, 005281D9

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: .\crypto\err\err.c$Operation not permitted$unknown
API String ID: 0-3427296222
Opcode ID: 9a067eb78db6437a67ff3a5a44117b50d701d256dab74ee80604c5226c1b029d
Instruction ID: 0cd2582b67544e59c987f77fd837763518a03d18ef0d0541d907e06a71b4063a
Opcode Fuzzy Hash: 9a067eb78db6437a67ff3a5a44117b50d701d256dab74ee80604c5226c1b029d
Instruction Fuzzy Hash: 2E1193E1FC1B217AFB202A647C4BF762A42BF61B16F451568FA883D1C2F6F604918653

Uniqueness

Uniqueness Score: -1.00%

Function 00475E70 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 73libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(User32.dll), ref: 00475EBA
GetProcAddress.KERNEL32(00000000,SetLayeredWindowAttributes), ref: 00475ED2

Strings

SetLayeredWindowAttributes, xrefs: 00475EC9
User32.dll, xrefs: 00475EB5

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: SetLayeredWindowAttributes$User32.dll
API String ID: 1646373207-2510956139
Opcode ID: 02855a14f57d5d8283852ecc834017645464a585b78f3b6027d54bd68834100b
Instruction ID: 87cbe1104b86a74501c5a7b4a9a2ac1cd8d31514b143a96f964c86c41ac1f593
Opcode Fuzzy Hash: 02855a14f57d5d8283852ecc834017645464a585b78f3b6027d54bd68834100b
Instruction Fuzzy Hash: 6F31FD74900609EFDB10CFA4C994BEEBBB1FB44304F20C19AE415AB380C7B59B81DB95

Uniqueness

Uniqueness Score: -1.00%

Function 005C950E Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 005C9B68
___raise_securityfailure.LIBCMT ref: 005C9C4F

Strings

+_, xrefs: 005C9BDA
`l, xrefs: 005C9C4A

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: FeaturePresentProcessor___raise_securityfailure
String ID: +_$`l
API String ID: 3761405300-918106383
Opcode ID: a16a6dfe22102d29aa929fc4c26b3b5bf38f6466a3b7f9bb3a43efe9bf1a2c37
Instruction ID: a703c7f034b275b1b97dd2ea824f365f74ba0951052be5241b70d50ba00780f3
Opcode Fuzzy Hash: a16a6dfe22102d29aa929fc4c26b3b5bf38f6466a3b7f9bb3a43efe9bf1a2c37
Instruction Fuzzy Hash: 5E21E2B4505304DEE714CF15F946F207BBAFB48304F14662AE909CB7B0E7BA5A80CB06

Uniqueness

Uniqueness Score: -1.00%

Function 004D2880 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55COMMONLIBRARYCODE

Download Yara Rule

APIs

new.LIBCMT ref: 004D28B8
_Ref_count.LIBCMTD ref: 004D28D4

Part of subcall function 004D2DD0: std::_Ref_count_base::_Ref_count_base.LIBCMTD ref: 004D2DDA

_Resetp0.LIBCMTD ref: 004D2900

Part of subcall function 0049F140: _Ptr_base.LIBCMTD ref: 0049F152

Strings

+ M, xrefs: 004D28D1

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Ptr_baseRef_countRef_count_baseRef_count_base::_Resetp0std::_
String ID: + M
API String ID: 3640632022-1454401948
Opcode ID: aa46b38d3d2da981634dc1134059f6b8d792ab0e651ffe838b9934d2f8ba0a10
Instruction ID: b479e80a6777e106f7878ac1f0026a9683ef652c1e222496273985930c49667d
Opcode Fuzzy Hash: aa46b38d3d2da981634dc1134059f6b8d792ab0e651ffe838b9934d2f8ba0a10
Instruction Fuzzy Hash: 9A113AB1E04208EFCB04DF99D951BEEBBF4FB48710F20826AE415A3380D7755A40CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 004EE3C5 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 37COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 004EE3CC
Concurrency::critical_section::critical_section.LIBCONCRT ref: 004EE401
Concurrency::details::stl_critical_section_vista::stl_critical_section_vista.LIBCPMT ref: 004EE433

Strings

MN, xrefs: 004EE3F8

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Concurrency::critical_section::critical_sectionConcurrency::details::stl_critical_section_vista::stl_critical_section_vistaH_prolog3
String ID: MN
API String ID: 1288270742-3864018884
Opcode ID: eefc4f0a40cd6eb848c0244c011d2f1a7f1064d56cef820aeaa2296de811318a
Instruction ID: 55af42cf1d4ca850c82061830b6d0f82d5044295be8b59d1b012385890ddd896
Opcode Fuzzy Hash: eefc4f0a40cd6eb848c0244c011d2f1a7f1064d56cef820aeaa2296de811318a
Instruction Fuzzy Hash: 63F031343012868BDB289F53E56AB7E3762EF44306B14506EE902CB792D738D841D75A

Uniqueness

Uniqueness Score: -1.00%

Function 0060104A Relevance: 6.3, APIs: 4, Instructions: 305COMMONLIBRARYCODE

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 006010D5
__alldvrm.LIBCMT ref: 006012D6
__alldvrm.LIBCMT ref: 006012F8

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __alldvrm$_strrchr
String ID:
API String ID: 1036877536-0
Opcode ID: 9f978e63e2ed2404ce51fdebf7a5a6fef1c7826b8877976665664424d9d1d3f8
Instruction ID: 42f697ca7322107ba05e0c67698239a8c6b1a85f5078c7ac40b9d0750d8da054
Opcode Fuzzy Hash: 9f978e63e2ed2404ce51fdebf7a5a6fef1c7826b8877976665664424d9d1d3f8
Instruction Fuzzy Hash: FAA13432A842869FEB2D8F58C8917EFBBE6EF52310F1441ADE5959F3C1C6348982C750

Uniqueness

Uniqueness Score: -1.00%

Function 004D2FE0 Relevance: 6.3, APIs: 4, Instructions: 263COMMON

Download Yara Rule

APIs

Part of subcall function 0048EC70: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0048EC7A

allocator.LIBCONCRTD ref: 004D3095
allocator.LIBCONCRTD ref: 004D30ED

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: allocator$Base::Concurrency::details::ContextIdentityQueueWork
String ID:
API String ID: 50617054-0
Opcode ID: ac2bd51a77ad33575bc978ea88b1dbac7d38fb5f02c54ea3877ee8c7a71c881f
Instruction ID: 4d3242f0545cfbd290266e5591f9ffef00dd2e390932c415df4d9b95c2e90da9
Opcode Fuzzy Hash: ac2bd51a77ad33575bc978ea88b1dbac7d38fb5f02c54ea3877ee8c7a71c881f
Instruction Fuzzy Hash: E3B14D71D041499FCB04EFE9C8A19EFBBB5AF48304F14411EF506A7341DB34AA45CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 0049F660 Relevance: 6.3, APIs: 4, Instructions: 263COMMON

Download Yara Rule

APIs

Part of subcall function 0048EC70: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0048EC7A

allocator.LIBCONCRTD ref: 0049F715
allocator.LIBCONCRTD ref: 0049F76D

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: allocator$Base::Concurrency::details::ContextIdentityQueueWork
String ID:
API String ID: 50617054-0
Opcode ID: 02b0beff676268d71fdd1b1515895567cd1e59076abb71ad197a7a306ee55044
Instruction ID: 4bb23ef8b68c1dcc40da8e456de2ebd1026f47fdaaec645fa2b226e1e520b913
Opcode Fuzzy Hash: 02b0beff676268d71fdd1b1515895567cd1e59076abb71ad197a7a306ee55044
Instruction Fuzzy Hash: 34B14CB1D04149AFCF04EFE9D891AEFBBB5AF89304F14402EF506A7251DB34A945CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 0049FEC0 Relevance: 6.3, APIs: 4, Instructions: 263COMMON

Download Yara Rule

APIs

Part of subcall function 0048EC70: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0048EC7A

allocator.LIBCONCRTD ref: 0049FF75
allocator.LIBCONCRTD ref: 0049FFCD

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: allocator$Base::Concurrency::details::ContextIdentityQueueWork
String ID:
API String ID: 50617054-0
Opcode ID: 03633247de61aefa434aee28a846e843ec2e584e987d3ba601203c01132c2d04
Instruction ID: b13771d7c2f57663ce23d484fa39c58b3afc1a439a0729d9ec48f007380361cd
Opcode Fuzzy Hash: 03633247de61aefa434aee28a846e843ec2e584e987d3ba601203c01132c2d04
Instruction Fuzzy Hash: F7B16DB1E041499FCF04EFE9D891AEFBBB5AF59304F14802EF506A7241DB34A945CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 0049AAA0 Relevance: 6.2, APIs: 4, Instructions: 229COMMON

Download Yara Rule

APIs

char_traits.LIBCPMTD ref: 0049ABF3
std::_Container_base12::~_Container_base12.LIBCPMTD ref: 0049AC34
char_traits.LIBCPMTD ref: 0049ACCB
std::ios_base::width.LIBCPMTD ref: 0049ACF8

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: char_traits$Container_base12Container_base12::~_std::_std::ios_base::width
String ID:
API String ID: 1883241956-0
Opcode ID: 617751d1cb763d52590f839dffce35639a399bc14f5c4b337e86917a93e57311
Instruction ID: 25a08ea4312d28cf6c6d20320251b7a79cc49201e1681473deaa93bc5bc2cf7f
Opcode Fuzzy Hash: 617751d1cb763d52590f839dffce35639a399bc14f5c4b337e86917a93e57311
Instruction Fuzzy Hash: 35A10B74900209DFCF04DF95C495AAEBBB2FF48308F24852EE506AB351D738AA41CBC5

Uniqueness

Uniqueness Score: -1.00%

Function 005F51F6 Relevance: 6.2, APIs: 4, Instructions: 163pipeCOMMON

Download Yara Rule

APIs

GetFileType.KERNEL32(00000000,00000000,00000000,0041209E), ref: 005F521B

Part of subcall function 005F58C9: __dosmaperr.LIBCMT ref: 005F590C

GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,005F4FA0,00000000,000000FF), ref: 005F532C
__dosmaperr.LIBCMT ref: 005F5333
PeekNamedPipe.KERNEL32(00000000,00000000,00000000,00000000,?,00000000), ref: 005F5370

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __dosmaperr$ErrorFileLastNamedPeekPipeType
String ID:
API String ID: 3955570002-0
Opcode ID: abb2662e5079a3fa44418b95ed1b0ea5c1d838736bbb94138b6ebb27754aa284
Instruction ID: d8ec7f42854718fcb4ced93fac24244c96da618cedc32d4296f3d60f05a81bf5
Opcode Fuzzy Hash: abb2662e5079a3fa44418b95ed1b0ea5c1d838736bbb94138b6ebb27754aa284
Instruction Fuzzy Hash: D051CC72900A0DAFDB149FB8DC459BEBBF9FF48354B14492AE652D32A0F77498058B60

Uniqueness

Uniqueness Score: -1.00%

Function 00604A25 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00604B54

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 01031f8639864e843e091878342ed267cd0dee627c37d7da8320e8325b450ef7
Instruction ID: cf7151c524125845c9dd5d51e1617cea93bced4a533e16cfab3d6028e5722f28
Opcode Fuzzy Hash: 01031f8639864e843e091878342ed267cd0dee627c37d7da8320e8325b450ef7
Instruction Fuzzy Hash: 254119B1680116ABDB3C6AB98C8ABBF3EA7FF81370F140115F624962D2DF34C8418661

Uniqueness

Uniqueness Score: -1.00%

Function 0048FE30 Relevance: 6.1, APIs: 4, Instructions: 144COMMON

Download Yara Rule

APIs

std::ios_base::clear.LIBCPMTD ref: 0048FF58
std::_Container_base12::~_Container_base12.LIBCPMTD ref: 0048FF96
_swprintf_s.LIBCONCRTD ref: 0048FF9C
std::_Container_base12::~_Container_base12.LIBCPMTD ref: 0048FFAE

Part of subcall function 00493DA0: std::ios_base::getloc.LIBCPMTD ref: 00493ED7
Part of subcall function 00493DA0: ctype.LIBCPMTD ref: 00493F43

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Container_base12Container_base12::~_std::_$_swprintf_sctypestd::ios_base::clearstd::ios_base::getloc
String ID:
API String ID: 1526239729-0
Opcode ID: 8515eacbd98bd4943f0069db3cab34435c8d369be01fa2c1ddd5a4e22a421255
Instruction ID: 329df0cfe4ec5d1439c98e00412fe59a312f0001622c46b77ad51ec00976a035
Opcode Fuzzy Hash: 8515eacbd98bd4943f0069db3cab34435c8d369be01fa2c1ddd5a4e22a421255
Instruction Fuzzy Hash: 75517AB1D1020C9FCB04EFA5DC91AEEBBB5BF48304F00852EF815A7291EB389949CB54

Uniqueness

Uniqueness Score: -1.00%

Function 00490010 Relevance: 6.1, APIs: 4, Instructions: 139COMMON

Download Yara Rule

APIs

std::ios_base::clear.LIBCPMTD ref: 00490127
std::_Container_base12::~_Container_base12.LIBCPMTD ref: 00490165
_swprintf_s.LIBCONCRTD ref: 0049016B
std::_Container_base12::~_Container_base12.LIBCPMTD ref: 0049017D

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Container_base12Container_base12::~_std::_$_swprintf_sstd::ios_base::clear
String ID:
API String ID: 142669532-0
Opcode ID: 5292096840fa7f79a6c9ede5456f9ad7573a20fd2ceae47335115d6822109f01
Instruction ID: 58a92e9128bd0cf7a1b9361ee984091abb25a35578e8b2256e48176557ca530f
Opcode Fuzzy Hash: 5292096840fa7f79a6c9ede5456f9ad7573a20fd2ceae47335115d6822109f01
Instruction Fuzzy Hash: 425149B1D1024C9FCF09EFA5E892BAEBBB5BF48704F00852EF415A7281DB389945CB54

Uniqueness

Uniqueness Score: -1.00%

Function 005F785C Relevance: 6.1, APIs: 4, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ee5b07c61d09d264f9efa2c514d4482e439b0fb44a2bb762089531548ab87e8
Instruction ID: 51e912ce95e9bc7d2d993eb381e24add09356593b2a0602246cf9b83607e03ff
Opcode Fuzzy Hash: 3ee5b07c61d09d264f9efa2c514d4482e439b0fb44a2bb762089531548ab87e8
Instruction Fuzzy Hash: 7041F87260474DBFE7249F78C849B6A7FA9FB88714F20852EF251DB281D2759901C780

Uniqueness

Uniqueness Score: -1.00%

Function 006034E8 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(004D41D4,00000000,?,00000008,00000000,00000000,?,?,?,004D41D4,00000001,00000008,?,00000001,?,00000000), ref: 00603535
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 006035BE
GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 006035D0
__freea.LIBCMT ref: 006035D9

Part of subcall function 005F6A05: RtlAllocateHeap.NTDLL(00000000,?,?), ref: 005F6A37

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ByteCharMultiWide$AllocateHeapStringType__freea
String ID:
API String ID: 2652629310-0
Opcode ID: da336b199e93fa9b9eb8921ef75842f4a89ce29486ed1a79bcc8d2916ad7a734
Instruction ID: bc974f756e26655ca71d4b5014284af46a28eda6ede78d6f7ced8e79e4d625d8
Opcode Fuzzy Hash: da336b199e93fa9b9eb8921ef75842f4a89ce29486ed1a79bcc8d2916ad7a734
Instruction Fuzzy Hash: 9E31C271A0021AABDB2A9F65DC45DEF7BAAEB40711F144129FC04D72A0EB35CE54C7A0

Uniqueness

Uniqueness Score: -1.00%

Function 0048C3D0 Relevance: 6.1, APIs: 4, Instructions: 89COMMON

Download Yara Rule

APIs

fpos.LIBCPMTD ref: 0048C3EA
fpos.LIBCPMTD ref: 0048C477
fpos.LIBCPMTD ref: 0048C488
fpos.LIBCPMTD ref: 0048C4B9

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: fpos
String ID:
API String ID: 1083263101-0
Opcode ID: dc43ca7aede05e8c7f9b49eba310e603c54447ba9ff9e3d6fba2355f5124d7c2
Instruction ID: 67fc2d9a28407c5b092e6baac2897865ff727a945e1b36abe0add84dee2e326d
Opcode Fuzzy Hash: dc43ca7aede05e8c7f9b49eba310e603c54447ba9ff9e3d6fba2355f5124d7c2
Instruction Fuzzy Hash: 23311B71A00109EFDB08EF99C991DEEB7B5BF88700F148599F9059B355E734AE40CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 004C8050 Relevance: 6.1, APIs: 4, Instructions: 84COMMON

Download Yara Rule

APIs

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004C80CB
char_traits.LIBCPMTD ref: 004C80EC
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004C8116

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Base::Concurrency::details::ContextIdentityQueueWork$char_traits
String ID:
API String ID: 1941806930-0
Opcode ID: 52a88e34d22d531078fdfeb2298424ab19981939e7008a250bfeb80beb6c6e22
Instruction ID: bfa30a18039625a13b25d8362a2838bf4241746f8a3b04488869508593465424
Opcode Fuzzy Hash: 52a88e34d22d531078fdfeb2298424ab19981939e7008a250bfeb80beb6c6e22
Instruction Fuzzy Hash: 5F313A34A00109EFCB14DFA5C991DAE77B2BF84344F60856EE4166B355DF38AE01DB88

Uniqueness

Uniqueness Score: -1.00%

Function 0048D590 Relevance: 6.1, APIs: 4, Instructions: 83COMMON

Download Yara Rule

APIs

char_traits.LIBCPMTD ref: 0048D5CD
char_traits.LIBCPMTD ref: 0048D602
char_traits.LIBCPMTD ref: 0048D63F
char_traits.LIBCPMTD ref: 0048D66A

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: char_traits
String ID:
API String ID: 1158913984-0
Opcode ID: ce06b6ff01f15d8564c4daded3151b3bda2f1d191a18ca130900d28e9890a72d
Instruction ID: 5dcf68b1d5911712c96d6aa72c23eb1fddf003c3a3eea638eaabb6ae6bd2550f
Opcode Fuzzy Hash: ce06b6ff01f15d8564c4daded3151b3bda2f1d191a18ca130900d28e9890a72d
Instruction Fuzzy Hash: 8421DDB6C0110966CF04FBA2DC528FF7B74AE54308F0486BFF40A5B282FA3897058795

Uniqueness

Uniqueness Score: -1.00%

Function 005F5550 Relevance: 6.1, APIs: 4, Instructions: 61timeCOMMON

Download Yara Rule

APIs

FileTimeToSystemTime.KERNEL32(00000000,005F4FA0,005F529E,005F4FA0,00000000,00000000,0041209E,?,?,00000000), ref: 005F557B
SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?), ref: 005F558F
GetLastError.KERNEL32 ref: 005F55D3
__dosmaperr.LIBCMT ref: 005F55DA

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Time$System$ErrorFileLastLocalSpecific__dosmaperr
String ID:
API String ID: 593088924-0
Opcode ID: 9b28d34d3c155d9272d15c94a88e4ce62eaee01dcb3d79d4f3c63fc371d6d90e
Instruction ID: 4ee4420f4a6d062a6fa169e3d2d712447943b2e1805cb85ca5d18b1c97529132
Opcode Fuzzy Hash: 9b28d34d3c155d9272d15c94a88e4ce62eaee01dcb3d79d4f3c63fc371d6d90e
Instruction Fuzzy Hash: 01111C7290410DABCF10DFE1D988AEF7BBDBF48320F505666F615D6090EB34EA448B61

Uniqueness

Uniqueness Score: -1.00%

Function 00466190 Relevance: 6.0, APIs: 4, Instructions: 37timeCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32(?,?,?,?), ref: 004661A3
__aulldiv.LIBCMT ref: 004661B7
__aullrem.LIBCMT ref: 004661C5
__aulldiv.LIBCMT ref: 004661E2

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Time__aulldiv$FileSystem__aullrem
String ID:
API String ID: 1233763301-0
Opcode ID: 97a4219393c559a0b9e5870ec59ef34cc0271fad6d8c1433b0bdc4ba969f858f
Instruction ID: b49f506b2f39d9b9e6b13d07ee21b7074d418fa0765be3ba6de4988847385663
Opcode Fuzzy Hash: 97a4219393c559a0b9e5870ec59ef34cc0271fad6d8c1433b0bdc4ba969f858f
Instruction Fuzzy Hash: CAF0E976A443057BD720AEA16C8AF977FACFFC5B25F054829F904B7241D274E0048676

Uniqueness

Uniqueness Score: -1.00%

Function 00457CF0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 263COMMON

Download Yara Rule

Strings

[%s]:%d, xrefs: 00457DB1
Unable to allocate memory for base64-encoded key, xrefs: 00457D89

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: Unable to allocate memory for base64-encoded key$[%s]:%d
API String ID: 0-1652693923
Opcode ID: dfb799c3cb6ac92a35e989766f2aa05f97b96026c6eda35c23d5358fa2695d57
Instruction ID: c67e9d23ca23835ea5d67f3bfd2d2f1bb9d2b603add1ec993bf4456fef4c3b84
Opcode Fuzzy Hash: dfb799c3cb6ac92a35e989766f2aa05f97b96026c6eda35c23d5358fa2695d57
Instruction Fuzzy Hash: 4691C57250C3414BC721CF24E891ABBB7E6AF95315F04496EEC9987342E73AD90CC79A

Uniqueness

Uniqueness Score: -1.00%

Function 00469D30 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 140COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 00469D5C

Strings

nl, xrefs: 00469D9B
nl, xrefs: 00469D3C

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ___from_strstr_to_strchr
String ID: nl$nl
API String ID: 601868998-2445265424
Opcode ID: 082b10cf058606ccb2d9c59c1218f615805107d3dcf5e26e2d81d4e2920f2996
Instruction ID: 559f585c838dc5cdcea0eb937d88c5e68b47df957e4c601e9e3c6f727fb81462
Opcode Fuzzy Hash: 082b10cf058606ccb2d9c59c1218f615805107d3dcf5e26e2d81d4e2920f2996
Instruction Fuzzy Hash: C341E4766042119FC720CE28D840A6B77D9EF897A4F08062AF94497391F7BAEC05C7D6

Uniqueness

Uniqueness Score: -1.00%

Function 0045AFB0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 119COMMON

Download Yara Rule

APIs

libssh2_session_last_errno.SECURITEINFO.COM.PROGRAM.UNWANTED.5531.23089.22779(?,?,?,?,?,0045B141,?,?), ref: 0045B0B7

Strings

direct-tcpip, xrefs: 0045B0A0
Unable to allocate memory for direct-tcpip connection, xrefs: 0045B02E

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: D.5531.23089libssh2_session_last_errno.
String ID: Unable to allocate memory for direct-tcpip connection$direct-tcpip
API String ID: 1735628876-1888759788
Opcode ID: b7206022bff0110bc414dc9142b9b592f89c23f8b97c253459692f7199da3250
Instruction ID: 27d4ca222e2feb83fee205d0c8eb604ea55cf48659281d67084687f6c3913500
Opcode Fuzzy Hash: b7206022bff0110bc414dc9142b9b592f89c23f8b97c253459692f7199da3250
Instruction Fuzzy Hash: 6231C4B22047006FE320DF35DC85D97B7E9EB85318F144A2EF95A83281EA75E90D8765

Uniqueness

Uniqueness Score: -1.00%

Function 00607670 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88COMMONLIBRARYCODE

Download Yara Rule

APIs

GetACP.KERNEL32(?,20001004,?,00000002,00000000,00000050,00000050,?,006078CB,?,00000050,?,?,?,?,?), ref: 0060774B

Strings

OCP, xrefs: 006076C4
ACP, xrefs: 0060768E

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: ACP$OCP
API String ID: 0-711371036
Opcode ID: c1720704bb97cad87ee379d7e5bfe7a786d4538d056da14a7bd9c22fb636d396
Instruction ID: 6e021013deee3c47e45795e157b4971e500d7e3916605ed357a8921cbc67c19f
Opcode Fuzzy Hash: c1720704bb97cad87ee379d7e5bfe7a786d4538d056da14a7bd9c22fb636d396
Instruction Fuzzy Hash: 7221C762E98505A6DB2C9B18C905BE7736BAF50B91F564464E90AD7380F733FD41C3A0

Uniqueness

Uniqueness Score: -1.00%

Function 004FE275 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 86COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 004FE29D
_strlen.LIBCMT ref: 004FE2C3

Strings

/, xrefs: 004FE2DB

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: _strlen_wcslen
String ID: /
API String ID: 2847511282-2043925204
Opcode ID: da8259aa5b4ff36794112ef57a629610e83436c6983049b8854be497f0b764fb
Instruction ID: 1622ba12ec8bce2217d05c5687b4f8899c51e4b9edd9912778b7ab46f7745abe
Opcode Fuzzy Hash: da8259aa5b4ff36794112ef57a629610e83436c6983049b8854be497f0b764fb
Instruction Fuzzy Hash: 4B21297150421DAEDB209F66CC49AFF73ACAB05311F1006AFFB45D3151E778E98487A9

Uniqueness

Uniqueness Score: -1.00%

Function 00479780 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 79windowCOMMON

Download Yara Rule

APIs

SetFocus.USER32 ref: 0047978F
GetTickCount.KERNEL32 ref: 004797D7

Strings

killfocus, xrefs: 00479806

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CountFocusTick
String ID: killfocus
API String ID: 3897604831-1616503811
Opcode ID: b9bcc8584894f9af1c9f4c988c397414cfd2f279b6102186ca76a7daecbb0f25
Instruction ID: 19416c4e04cea3ab6a134ff715c235fa972ae683503b94ba2d045479b7718dc6
Opcode Fuzzy Hash: b9bcc8584894f9af1c9f4c988c397414cfd2f279b6102186ca76a7daecbb0f25
Instruction Fuzzy Hash: 2C419374A00208EFDB44DF98C995BEDB7F1BB49304F2481A9E408AB351D7756E41DF94

Uniqueness

Uniqueness Score: -1.00%

Function 00513A36 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 79COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00513A3D

Part of subcall function 0050026D: __EH_prolog3.LIBCMT ref: 00500274

Part of subcall function 0050F370: __EH_prolog3.LIBCMT ref: 0050F377

Strings

C!^, xrefs: 00513A4C
?<Q, xrefs: 00513A68

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: H_prolog3
String ID: ?<Q$C!^
API String ID: 431132790-3897313672
Opcode ID: 2b9755cccb92f47a1d44fc7ffa0450f74c20bf5e15a5022f47f198a96f8ca704
Instruction ID: 11fd81006dc7c33085b96048880523d1ecc866dcd0a3319bc7f121b7cf045908
Opcode Fuzzy Hash: 2b9755cccb92f47a1d44fc7ffa0450f74c20bf5e15a5022f47f198a96f8ca704
Instruction Fuzzy Hash: 60415AB0A05B87AED308DFB9C489BE9FBA5BF44304F00435DE16857282DB742624CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 005FF32C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetProcAddress.KERNEL32(00000000,005EB47E), ref: 005FF38C
__crt_fast_encode_pointer.LIBVCRUNTIME ref: 005FF399

Strings

+_, xrefs: 005FF331

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AddressProc__crt_fast_encode_pointer
String ID: +_
API String ID: 2279764990-2050882381
Opcode ID: e859a6f37755bb60108f8c6c45bb6f6462f3c7fe651985e0ab84f56c37bff3d8
Instruction ID: d784c0260cc6fb472d4b0db603f687408b7e0264d3270cfd16e57e85196ebdbd
Opcode Fuzzy Hash: e859a6f37755bb60108f8c6c45bb6f6462f3c7fe651985e0ab84f56c37bff3d8
Instruction Fuzzy Hash: EC11E333A002299B9B219E29EC50DBE7B96BF847247264A35FE25EB6D4D634DC0087D0

Uniqueness

Uniqueness Score: -1.00%

Function 004A16B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64COMMON

Download Yara Rule

APIs

Part of subcall function 004A4ED0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004A4F04
Part of subcall function 004A4ED0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004A4F42
Part of subcall function 004A4ED0: construct.LIBCPMTD ref: 004A4F49
Part of subcall function 004A4ED0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004A4F76
Part of subcall function 004A4ED0: construct.LIBCPMTD ref: 004A4F7D
Part of subcall function 004A4ED0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004A4FAA
Part of subcall function 004A4ED0: construct.LIBCPMTD ref: 004A4FB1

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004A173B
construct.LIBCPMTD ref: 004A1742

Part of subcall function 004A5200: construct.LIBCPMTD ref: 004A521C

Strings

~I, xrefs: 004A171E, 004A1721

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Base::Concurrency::details::ContextIdentityQueueWorkconstruct
String ID: ~I
API String ID: 3904939386-2662688817
Opcode ID: 7417bccbced4f4fd2f30b5c7a98b04f35c73bf1b9667d633e01af9fdb22f3758
Instruction ID: cd42ec5aef2e543a8d8acbb6b3bb651986b41d6f6f3ce62e744bf35ed752b103
Opcode Fuzzy Hash: 7417bccbced4f4fd2f30b5c7a98b04f35c73bf1b9667d633e01af9fdb22f3758
Instruction Fuzzy Hash: 8411BBF5D002499FDB00EFA5D942BAFBBB8EB55314F10453EF415A7381D6396A00C7A6

Uniqueness

Uniqueness Score: -1.00%

Function 00483C30 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMON

Download Yara Rule

APIs

std::_Cnd_initX.LIBCPMTD ref: 00483C63

Strings

true, xrefs: 00483C83
TRUE, xrefs: 00483C6B

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Cnd_initstd::_
String ID: TRUE$true
API String ID: 1955959516-406173685
Opcode ID: 6252b2afdd1d280b46ea7ac87d355ba8358f457533abd058119118b2bb30c263
Instruction ID: 525eb5e2a36b9573d9f051185e6bb3958c968f99acdf97f0f66aca140e149aef
Opcode Fuzzy Hash: 6252b2afdd1d280b46ea7ac87d355ba8358f457533abd058119118b2bb30c263
Instruction Fuzzy Hash: 8B11E9B5C00209ABCF00EF50E841BEE7B78AB05704F50856EF80566381F778C7098BE5

Uniqueness

Uniqueness Score: -1.00%

Function 005F81DA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 56COMMON

Download Yara Rule

APIs

Part of subcall function 005FEDCA: GetLastError.KERNEL32(?,?,00000000,005EB47E,005F2B0D,00000000), ref: 005FEDCF
Part of subcall function 005FEDCA: _free.LIBCMT ref: 005FEE04
Part of subcall function 005FEDCA: SetLastError.KERNEL32(00000000,005EB47E,005F2B0D,00000000), ref: 005FEE38

_free.LIBCMT ref: 005F816D

Strings

Visual C++ CRT: Not enough memory to complete call to strerror., xrefs: 005F814B, 005F817C
Operation not permitted, xrefs: 005F8153

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast_free
String ID: Operation not permitted$Visual C++ CRT: Not enough memory to complete call to strerror.
API String ID: 2283115069-3972167996
Opcode ID: b67b56f021aa3843943ad5119177b5a9e7a04b9571a6eed62e4efa2e7ccd7926
Instruction ID: df6ce73f5e486df2d7d2dcf3f21620bf62b30db72ff4270e1af9f3f838ccb1bf
Opcode Fuzzy Hash: b67b56f021aa3843943ad5119177b5a9e7a04b9571a6eed62e4efa2e7ccd7926
Instruction Fuzzy Hash: 1101A222940B1D67D63126694C8AE377A6EBBC07A4F150624FB45AB641DF6ADC038190

Uniqueness

Uniqueness Score: -1.00%

Function 00484C20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51COMMON

Download Yara Rule

APIs

std::_Container_base12::~_Container_base12.LIBCPMTD ref: 00484C71

Part of subcall function 0048A4C0: _Ptr_base.LIBCMTD ref: 0048A4E9

Part of subcall function 00482DF0: Concurrency::details::ExternalContextBase::~ExternalContextBase.LIBCONCRTD ref: 00482E0E

Part of subcall function 00480AB0: std::bad_exception::~bad_exception.LIBCMTD ref: 00480AC8

boost::exception::~exception.LIBCPMTD ref: 00484CC4

Strings

H, xrefs: 00484C49

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ContextExternal$BaseBase::~Concurrency::details::Container_base12Container_base12::~_Ptr_baseboost::exception::~exceptionstd::_std::bad_exception::~bad_exception
String ID: H
API String ID: 2993533300-1725543860
Opcode ID: 6296953f71d06e6f71f66837b22cfb69ed1947ecf75e309640e00b892dd2266c
Instruction ID: 708898b07d3a574893efabf82126f69c14b37def987df99e74a0e87d5276fd17
Opcode Fuzzy Hash: 6296953f71d06e6f71f66837b22cfb69ed1947ecf75e309640e00b892dd2266c
Instruction Fuzzy Hash: FF111FB49041599FCB08EF99DCA1ABFB776FF44708F04091EE41267382CB786810CB99

Uniqueness

Uniqueness Score: -1.00%

Function 004F6944 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 004F694B

Part of subcall function 0050026D: __EH_prolog3.LIBCMT ref: 00500274

Strings

nkO, xrefs: 004F6976
C!^, xrefs: 004F695A

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: H_prolog3
String ID: C!^$nkO
API String ID: 431132790-2922325901
Opcode ID: 91a693c2a2726dd2cab8bad952e52c44a957099a60dc949ef450a238a4c464f8
Instruction ID: d3f099fdcdfd3e5ba85e115bb5c527bb9485d78835f63a2dc6e14759633d9bcc
Opcode Fuzzy Hash: 91a693c2a2726dd2cab8bad952e52c44a957099a60dc949ef450a238a4c464f8
Instruction Fuzzy Hash: 562107F0405B868EC320DFB5C1497DAFAE5BF54308F44085DD6EA57282DBB82648CB29

Uniqueness

Uniqueness Score: -1.00%

Function 00485180 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMON

Download Yara Rule

APIs

_Smanip.LIBCPMTD ref: 004851BF

Strings

TH, xrefs: 00485190
*NH, xrefs: 0048519F, 004851F9

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Smanip
String ID: *NH$TH
API String ID: 2140389272-2732294657
Opcode ID: 794c9f094d4f7ad4b11e067573b646fef031d6d6005246cb5dbf46b8518f7e2f
Instruction ID: 3903e69df19fe5f237a493b42fafaf7eb23c0db73c86d5e870490ac557a7e801
Opcode Fuzzy Hash: 794c9f094d4f7ad4b11e067573b646fef031d6d6005246cb5dbf46b8518f7e2f
Instruction Fuzzy Hash: 0A110CB2D14108ABCB09EF94E845FEEB7B8FF48714F10462EF426A7291DB346905CB94

Uniqueness

Uniqueness Score: -1.00%

Function 00605991 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 005FED46: GetLastError.KERNEL32(?,004D41D4,005E66AE,004D41D4,?,?,005F2B48,004D41D4,?,00000000), ref: 005FED4A
Part of subcall function 005FED46: _free.LIBCMT ref: 005FED7D
Part of subcall function 005FED46: SetLastError.KERNEL32(00000000,004D41D4,?,00000000), ref: 005FEDBE
Part of subcall function 005FED46: _abort.LIBCMT ref: 005FEDC4

_abort.LIBCMT ref: 006059C3
_free.LIBCMT ref: 006059F7

Strings

hwl, xrefs: 006059EE

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast_abort_free
String ID: hwl
API String ID: 289325740-2650767816
Opcode ID: 518762ed712fb3c7430ce5a195721e04e395476791b51a13d58c01c26c1dfff8
Instruction ID: 69662c19b0824f01d44a504c0c7f2bfbcc4aa8728a7a4d2647c0637fe7276f52
Opcode Fuzzy Hash: 518762ed712fb3c7430ce5a195721e04e395476791b51a13d58c01c26c1dfff8
Instruction Fuzzy Hash: 1601C031D81F26DBC728AF698941AAFBB62BF44B20B05420AF962673C1D7342D41CFD1

Uniqueness

Uniqueness Score: -1.00%

Function 004CCF30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 004CCF59
shared_ptr.LIBCPMTD ref: 004CCF78

Part of subcall function 0048A500: std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 0048A529
Part of subcall function 0048A500: _Reset.LIBCMTD ref: 0048A535

Part of subcall function 00482DB0: Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00482DBA

Part of subcall function 004CF6B0: _DebugHeapAllocator.LIBCPMTD ref: 004CF6C0

Strings

H, xrefs: 004CCF68

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ProcessorVirtual$Concurrency::RootRoot::$AllocatorDebugHeapIterator_baseIterator_base::_Resetshared_ptrstd::_
String ID: H
API String ID: 1622751682-1725543860
Opcode ID: 073a300e24fe4f4fe6ddc48e4ec649ee8ff22c018b4412c6b413948bc48d7427
Instruction ID: 0e79fb765fe90f3641a0178f868cae2ac1b85313b05689049c0077ea26b7ba2d
Opcode Fuzzy Hash: 073a300e24fe4f4fe6ddc48e4ec649ee8ff22c018b4412c6b413948bc48d7427
Instruction Fuzzy Hash: 091121B1904149EFCB04EF98CD51BAEBBB5FF05318F14466DE42267381CB795900CB69

Uniqueness

Uniqueness Score: -1.00%

Function 004F9E18 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42registryCOMMON

Download Yara Rule

APIs

LoadCursorW.USER32(00000000,00007F00), ref: 004F9E68
RegisterClassExW.USER32(00000030), ref: 004F9E8A

Strings

0, xrefs: 004F9E48

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ClassCursorLoadRegister
String ID: 0
API String ID: 1693014935-4108050209
Opcode ID: f91465869ead92eba969a60b62ab0d20169e431c6999676fbe4347981db18051
Instruction ID: 1a3d05505ca275a2c825900bab9704296a54ad82a1b92ff8d727177b58e29b96
Opcode Fuzzy Hash: f91465869ead92eba969a60b62ab0d20169e431c6999676fbe4347981db18051
Instruction Fuzzy Hash: 0F0129B0C01208ABDB01DFA9E945BEEFBF9BB85300F04515BE904A7350D7B51645CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 00600AA4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

Part of subcall function 005F2554: RtlEnterCriticalSection.NTDLL(004586FA), ref: 005F256F

FlushFileBuffers.KERNEL32(00000000,006BA130,0000000C,00600B60,?,?,?,?,?,00000000,?,00000000,?,00000000,?,00000000), ref: 00600AED
GetLastError.KERNEL32(?,00000000,?,00000000,?,00000000,?,?,?,?,?,?,?,tPHK,?,00000001), ref: 00600AFE

Strings

tPHK, xrefs: 00600AE5

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: BuffersCriticalEnterErrorFileFlushLastSection
String ID: tPHK
API String ID: 4109680722-798176179
Opcode ID: 7e65e390e42132323f528854272f808f80243bf771c99cd69d9837c31c0fa453
Instruction ID: 7cd79e889f0d1025b95fca233f01e297a80d25f5dec44b1a9ed9d2e3406d0c68
Opcode Fuzzy Hash: 7e65e390e42132323f528854272f808f80243bf771c99cd69d9837c31c0fa453
Instruction Fuzzy Hash: A501A771A102069FE714BFB8C94DA9E7FA6BF49724F14420AF4509B3E2D7749D41CB50

Uniqueness

Uniqueness Score: -1.00%

Function 004A2300 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON

Download Yara Rule

APIs

_Func_class.LIBCONCRTD ref: 004A2338

Strings

'I, xrefs: 004A2318, 004A231B
'I, xrefs: 004A2309, 004A2335

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Func_class
String ID: 'I$'I
API String ID: 1670654298-4175295586
Opcode ID: 7d0dca64477acb2c2bc90c76a08b1c5a3a0889bdc15a174b044a43607335d2c7
Instruction ID: ff947df20d8d73c7190fc943c0c1f0e85c8048f9278898020bd143fe406bb4e9
Opcode Fuzzy Hash: 7d0dca64477acb2c2bc90c76a08b1c5a3a0889bdc15a174b044a43607335d2c7
Instruction Fuzzy Hash: B7E0C075D0010CABCB04EF99D95199E77B99F88304F108169B909A7251DA34AE1197A5

Uniqueness

Uniqueness Score: -1.00%

Function 005159DB Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 005159E2

Part of subcall function 0050F201: __EH_prolog3.LIBCMT ref: 0050F208
Part of subcall function 0050F201: new.LIBCMT ref: 0050F272
Part of subcall function 0050F201: new.LIBCMT ref: 0050F29E

Strings

[Q, xrefs: 00515A03
C!^, xrefs: 005159F1

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: H_prolog3
String ID: [Q$C!^
API String ID: 431132790-132578463
Opcode ID: 21bb03051a0e9deba59f6feef969db58f7d11dbe5dc24409601e6caf12720fc8
Instruction ID: f6a7cf85280a29bb97a6a260a2e7c72381392c262ef6af286ab62cfd5bbc1f5b
Opcode Fuzzy Hash: 21bb03051a0e9deba59f6feef969db58f7d11dbe5dc24409601e6caf12720fc8
Instruction Fuzzy Hash: 20F03AB0641B13DED3649FB4C45869EBEE1BF84304F800A2DE05E9B242CBB01445CB85

Uniqueness

Uniqueness Score: -1.00%

Function 004CBF10 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17COMMONLIBRARYCODE

Download Yara Rule

APIs

GetEnvironmentVariableA.KERNEL32(004CBF56,user-PC,00000032,?,?,004CBF56), ref: 004CBF26

Strings

ALFONS-PC, xrefs: 004CBF1D, 004CBF30
2, xrefs: 004CBF14

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: EnvironmentVariable
String ID: 2$user-PC
API String ID: 1431749950-1756956206
Opcode ID: 593f878aebd0fe8258ef80dedbcc0d16b040f7146b3373932656e8f1535469ac
Instruction ID: 2fbc54687cd9fced6e3ca2eaaeaebe891d10233a06a84dc34ffe06f231f91dfc
Opcode Fuzzy Hash: 593f878aebd0fe8258ef80dedbcc0d16b040f7146b3373932656e8f1535469ac
Instruction Fuzzy Hash: 2AD05E306543086BCB988F699C0AF6636DDD705784F50C16D7908DB341D664C9008BA5

Uniqueness

Uniqueness Score: -1.00%

Function 004EE10A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMONLIBRARYCODE

Download Yara Rule

APIs

std::system_error::system_error.LIBCPMT ref: 004EE12B

Part of subcall function 004EE08F: __EH_prolog3_GS.LIBCMT ref: 004EE096
Part of subcall function 004EE08F: std::_System_error::_System_error.LIBCPMTD0 ref: 004EE0BC

__CxxThrowException@8.LIBVCRUNTIME ref: 004EE139

Part of subcall function 005E24F3: RaiseException.KERNEL32(?,?,?,004EDAA7,?,?,?,?,?,?,?,?,004EDAA7,?,006B5B28), ref: 005E2552

Strings

h\k, xrefs: 004EE130

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ExceptionException@8H_prolog3_RaiseSystem_errorSystem_error::_Throwstd::_std::system_error::system_error
String ID: h\k
API String ID: 2532468404-3138971037
Opcode ID: 8bf89e9d29a01ac6ae30ed43239d9b8a71f7312c50c2f21dc80b443939cddc9e
Instruction ID: 40f55365638ca99bac0d1555b74be4998aa7b3cbe8effcbf91253fb6477528cc
Opcode Fuzzy Hash: 8bf89e9d29a01ac6ae30ed43239d9b8a71f7312c50c2f21dc80b443939cddc9e
Instruction Fuzzy Hash: 44D05E744042AA6BCF04FBA6DC17CFF7B2EAF04305F850016B581730A6D664AA0587B6

Uniqueness

Uniqueness Score: -1.00%

Function 0048AC70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14COMMONLIBRARYCODE

Download Yara Rule

APIs

std::_Container_base12::~_Container_base12.LIBCPMTD ref: 0048AC86
boost::exception::~exception.LIBCPMTD ref: 0048AC8E

Strings

H, xrefs: 0048AC7A

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Container_base12Container_base12::~_boost::exception::~exceptionstd::_
String ID: H
API String ID: 527083134-1725543860
Opcode ID: f30c75d6b4d4a6fd43db3fe787472b1366001fb801f33e372626c41b3cfccd44
Instruction ID: 0b13b882c27badd6d930f5fdc5404cc3133a49abce84ff160497fc56b3915f2d
Opcode Fuzzy Hash: f30c75d6b4d4a6fd43db3fe787472b1366001fb801f33e372626c41b3cfccd44
Instruction Fuzzy Hash: 7AD05E3091410CEB8704EF89D91145EB7B59B01308B1000DEE8056B301CA302E109B99

Uniqueness

Uniqueness Score: -1.00%

Function 004EDAE5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13COMMONLIBRARYCODE

Download Yara Rule

APIs

std::invalid_argument::invalid_argument.LIBCONCRT ref: 004EDAF1

Part of subcall function 004EDA3D: std::exception::exception.LIBCONCRTD ref: 004EDA4A

__CxxThrowException@8.LIBVCRUNTIME ref: 004EDAFF

Part of subcall function 005E24F3: RaiseException.KERNEL32(?,?,?,004EDAA7,?,?,?,?,?,?,?,?,004EDAA7,?,006B5B28), ref: 005E2552

Strings

bad function call, xrefs: 004EDB05

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ExceptionException@8RaiseThrowstd::exception::exceptionstd::invalid_argument::invalid_argument
String ID: bad function call
API String ID: 1586462112-3612616537
Opcode ID: c3ca52efd5e35bd9afc52dba903e8bc22f16e1d014917f7d9be7116f46c9cb90
Instruction ID: f084329c6fdd49293d5518a6e45b21629d1fe51208a1633d82400d7c5b98d2c1
Opcode Fuzzy Hash: c3ca52efd5e35bd9afc52dba903e8bc22f16e1d014917f7d9be7116f46c9cb90
Instruction Fuzzy Hash: 61C0127CC0424C77CF04FBA5C866CCC7B2D6B40300F805465762096085D67496598691

Uniqueness

Uniqueness Score: -1.00%

Function 00504DD5 Relevance: 5.1, APIs: 4, Instructions: 140COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,00000000,00000000,00000000,?,?,?,?,00502CE1,00000000,?,00502ECF), ref: 00504E21
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,00000000,00000000,?,00502CE1,00000000,?,00502ECF,?,00000000,?,?,?), ref: 00504E45
MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,?,?,?,?,00502CE1,00000000,?,00502ECF), ref: 00504E66
MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,?,00502CE1,00000000,?,00502ECF,?,00000000,?,?,?), ref: 00504E86

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ByteCharMultiWide
String ID:
API String ID: 626452242-0
Opcode ID: d1a6aff42a6b9bf989533d7e85d486b847a90594336ad66fa701d75fe31af477
Instruction ID: f0c383216ca378d3205e1fe20b72bf6ba9ad8a68ce8d1a8efd549add47111afb
Opcode Fuzzy Hash: d1a6aff42a6b9bf989533d7e85d486b847a90594336ad66fa701d75fe31af477
Instruction Fuzzy Hash: 5B4123B150024ABFDF248F28CC05ABE7F6EFB85320F048256FA558B2C1D771AD518BA1

Uniqueness

Uniqueness Score: -1.00%

Function 00602C56 Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000009,00000000,00000000,00000000,00000000,00000000,00000000,00000000,000000FF,000000FF,00000000,00000000,00000000,00000000), ref: 00602CEC
GetLastError.KERNEL32(?,000000FF), ref: 00602CFA
MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,?,000000FF), ref: 00602D55

Memory Dump Source

Source File: 00000000.00000002.4484349242.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4484333741.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000006D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484349242.00000000007B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484960916.00000000007C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4484974869.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ByteCharMultiWide$ErrorLast
String ID:
API String ID: 1717984340-0
Opcode ID: 397d2b38c3cbe48904d3bce6dfeff9b30fef52467464b4bd125b8e483c203cdc
Instruction ID: 9895f51977fc2577cc7f6def2e47b928c31cb56fc3e1a019651e94d51bf80e59
Opcode Fuzzy Hash: 397d2b38c3cbe48904d3bce6dfeff9b30fef52467464b4bd125b8e483c203cdc
Instruction Fuzzy Hash: C341E631640257EFDF298F65C86CAEB7BABEF42750F144159E8589B2E1DB308D41C7A0

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Cryptography

Compliance

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Temp\4ddigdllfixer_4ddig\4ddigdllfixer_4ddig_20240424042756790.log

Static File Info

General

File Icon

Static PE Info

General

Authenticode Signature

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Snort IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

Windows Analysis Report
SecuriteInfo.com.Program.Unwanted.5531.23089.22779.exe

Function 004D61F0 Relevance: 49.2, APIs: 6, Strings: 22, Instructions: 238
libraryloaderCOMMON

Function 004F5FB8 Relevance: 30.1, APIs: 16, Strings: 1, Instructions: 361
fileCOMMON

Function 00502062 Relevance: 74.5, APIs: 7, Strings: 35, Instructions: 963
COMMON

Function 00486C10 Relevance: 63.4, APIs: 9, Strings: 27, Instructions: 388
COMMON

Function 004F4F62 Relevance: 32.1, APIs: 6, Strings: 12, Instructions: 587
COMMON

Function 004DCCB0 Relevance: 24.7, APIs: 9, Strings: 5, Instructions: 175
sleepsynchronizationCOMMON

Function 004DC5B0 Relevance: 22.9, APIs: 4, Strings: 9, Instructions: 153
threadCOMMON

Function 004FB91F Relevance: 21.3, APIs: 7, Strings: 5, Instructions: 272
fileCOMMON

Function 00504B93 Relevance: 21.2, APIs: 5, Strings: 7, Instructions: 172
fileCOMMON

Function 004DD6A0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 112
COMMON

Function 004D9930 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 93
registryCOMMON

Function 00484420 Relevance: 15.2, APIs: 10, Instructions: 231
COMMON

Function 00474E70 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 327
libraryCOMMON

Function 005F8FB2 Relevance: 13.8, APIs: 9, Instructions: 272
COMMONLIBRARYCODE

Function 00483560 Relevance: 10.9, APIs: 7, Instructions: 420
COMMON