Edit tour

Windows Analysis Report
Clangen.exe

Overview

General Information

Sample name:	Clangen.exe
Analysis ID:	1430907
MD5:	30712264600cb5dbac0cf9436afb8057
SHA1:	87d07b89f5f94a705f4c8c3017887fe204c8582e
SHA256:	4cca30c7f69113632bcbc829ffab14614599624752d021bc00d232bcea54c596
Tags:	exe
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to query CPU information (cpuid)

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Extensive use of GetProcAddress (often used to hide API calls)

Found evasive API chain checking for process token information

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

PE file contains sections with non-standard names

Program does not show much activity (idle)

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

Clangen.exe (PID: 7108 cmdline: "C:\Users\user\Desktop\Clangen.exe" MD5: 30712264600CB5DBAC0CF9436AFB8057)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: Clangen.exe

Virustotal: Detection: 11%

Perma Link

Source: Clangen.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\Clangen.exe	Code function: 0_2_00007FF67F396714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,	0_2_00007FF67F396714
Source: C:\Users\user\Desktop\Clangen.exe	Code function: 0_2_00007FF67F387820 FindFirstFileExW,FindClose,	0_2_00007FF67F387820
Source: C:\Users\user\Desktop\Clangen.exe	Code function: 0_2_00007FF67F396714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,	0_2_00007FF67F396714
Source: C:\Users\user\Desktop\Clangen.exe	Code function: 0_2_00007FF67F3A09B4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	0_2_00007FF67F3A09B4

Source: C:\Users\user\Desktop\Clangen.exe	Code function: 0_2_00007FF67F3A5D6C	0_2_00007FF67F3A5D6C
Source: C:\Users\user\Desktop\Clangen.exe	Code function: 0_2_00007FF67F39D098	0_2_00007FF67F39D098
Source: C:\Users\user\Desktop\Clangen.exe	Code function: 0_2_00007FF67F3880A0	0_2_00007FF67F3880A0
Source: C:\Users\user\Desktop\Clangen.exe	Code function: 0_2_00007FF67F3A509C	0_2_00007FF67F3A509C
Source: C:\Users\user\Desktop\Clangen.exe	Code function: 0_2_00007FF67F396714	0_2_00007FF67F396714
Source: C:\Users\user\Desktop\Clangen.exe	Code function: 0_2_00007FF67F386780	0_2_00007FF67F386780
Source: C:\Users\user\Desktop\Clangen.exe	Code function: 0_2_00007FF67F396F98	0_2_00007FF67F396F98
Source: C:\Users\user\Desktop\Clangen.exe	Code function: 0_2_00007FF67F390FB4	0_2_00007FF67F390FB4
Source: C:\Users\user\Desktop\Clangen.exe	Code function: 0_2_00007FF67F394F50	0_2_00007FF67F394F50
Source: C:\Users\user\Desktop\Clangen.exe	Code function: 0_2_00007FF67F392800	0_2_00007FF67F392800
Source: C:\Users\user\Desktop\Clangen.exe	Code function: 0_2_00007FF67F3A5820	0_2_00007FF67F3A5820
Source: C:\Users\user\Desktop\Clangen.exe	Code function: 0_2_00007FF67F391E70	0_2_00007FF67F391E70
Source: C:\Users\user\Desktop\Clangen.exe	Code function: 0_2_00007FF67F396714	0_2_00007FF67F396714
Source: C:\Users\user\Desktop\Clangen.exe	Code function: 0_2_00007FF67F39D718	0_2_00007FF67F39D718
Source: C:\Users\user\Desktop\Clangen.exe	Code function: 0_2_00007FF67F390DB0	0_2_00007FF67F390DB0
Source: C:\Users\user\Desktop\Clangen.exe	Code function: 0_2_00007FF67F396560	0_2_00007FF67F396560
Source: C:\Users\user\Desktop\Clangen.exe	Code function: 0_2_00007FF67F39FA08	0_2_00007FF67F39FA08
Source: C:\Users\user\Desktop\Clangen.exe	Code function: 0_2_00007FF67F3A4E20	0_2_00007FF67F3A4E20
Source: C:\Users\user\Desktop\Clangen.exe	Code function: 0_2_00007FF67F3A2D30	0_2_00007FF67F3A2D30
Source: C:\Users\user\Desktop\Clangen.exe	Code function: 0_2_00007FF67F381B90	0_2_00007FF67F381B90
Source: C:\Users\user\Desktop\Clangen.exe	Code function: 0_2_00007FF67F398BA0	0_2_00007FF67F398BA0
Source: C:\Users\user\Desktop\Clangen.exe	Code function: 0_2_00007FF67F390BA4	0_2_00007FF67F390BA4
Source: C:\Users\user\Desktop\Clangen.exe	Code function: 0_2_00007FF67F3A8B68	0_2_00007FF67F3A8B68
Source: C:\Users\user\Desktop\Clangen.exe	Code function: 0_2_00007FF67F392C04	0_2_00007FF67F392C04
Source: C:\Users\user\Desktop\Clangen.exe	Code function: 0_2_00007FF67F39CC04	0_2_00007FF67F39CC04
Source: C:\Users\user\Desktop\Clangen.exe	Code function: 0_2_00007FF67F3913C4	0_2_00007FF67F3913C4
Source: C:\Users\user\Desktop\Clangen.exe	Code function: 0_2_00007FF67F3909A0	0_2_00007FF67F3909A0
Source: C:\Users\user\Desktop\Clangen.exe	Code function: 0_2_00007FF67F3A09B4	0_2_00007FF67F3A09B4
Source: C:\Users\user\Desktop\Clangen.exe	Code function: 0_2_00007FF67F39FA08	0_2_00007FF67F39FA08
Source: C:\Users\user\Desktop\Clangen.exe	Code function: 0_2_00007FF67F3911C0	0_2_00007FF67F3911C0
Source: C:\Users\user\Desktop\Clangen.exe	Code function: 0_2_00007FF67F3A31CC	0_2_00007FF67F3A31CC

Source: C:\Users\user\Desktop\Clangen.exe

Code function: String function: 00007FF67F382770 appears 41 times

Source: classification engine

Classification label: mal48.winEXE@1/0@0/0

Source: C:\Users\user\Desktop\Clangen.exe

Code function: 0_2_00007FF67F3874B0 GetLastError,FormatMessageW,WideCharToMultiByte,

0_2_00007FF67F3874B0

Source: Clangen.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\Clangen.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: Clangen.exe

Virustotal: Detection: 11%

Source: C:\Users\user\Desktop\Clangen.exe

File read: C:\Users\user\Desktop\Clangen.exe

Jump to behavior

Source: C:\Users\user\Desktop\Clangen.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\Clangen.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Clangen.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Clangen.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\Clangen.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\Clangen.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\Clangen.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\Clangen.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Clangen.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Clangen.exe	Section loaded: wintypes.dll	Jump to behavior

Source: Clangen.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: Clangen.exe

Static file information: File size 5303823 > 1048576

Source: Clangen.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: Clangen.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: Clangen.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: Clangen.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Clangen.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: Clangen.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: Clangen.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source: Clangen.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source: Clangen.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: Clangen.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: Clangen.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: Clangen.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: Clangen.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: Clangen.exe

Static PE information: section name: _RDATA

Source: C:\Users\user\Desktop\Clangen.exe	Code function: 0_2_00007FF67F3D10CC push rbp; retn 0000h		0_2_00007FF67F3D10CD
Source: C:\Users\user\Desktop\Clangen.exe	Code function: 0_2_00007FF67F3D10E4 push rcx; retn 0000h		0_2_00007FF67F3D10ED

Source: C:\Users\user\Desktop\Clangen.exe

Code function: 0_2_00007FF67F3855D0 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_00007FF67F3855D0

Source: C:\Users\user\Desktop\Clangen.exe

Check user administrative privileges: GetTokenInformation,DecisionNodes

graph_0-17122

Source: C:\Users\user\Desktop\Clangen.exe

API coverage: 7.1 %

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\Clangen.exe	Code function: 0_2_00007FF67F396714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,	0_2_00007FF67F396714
Source: C:\Users\user\Desktop\Clangen.exe	Code function: 0_2_00007FF67F387820 FindFirstFileExW,FindClose,	0_2_00007FF67F387820
Source: C:\Users\user\Desktop\Clangen.exe	Code function: 0_2_00007FF67F396714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,	0_2_00007FF67F396714
Source: C:\Users\user\Desktop\Clangen.exe	Code function: 0_2_00007FF67F3A09B4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	0_2_00007FF67F3A09B4

Source: C:\Users\user\Desktop\Clangen.exe

Code function: 0_2_00007FF67F38B69C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00007FF67F38B69C

Source: C:\Users\user\Desktop\Clangen.exe

Code function: 0_2_00007FF67F3A25A0 GetProcessHeap,

0_2_00007FF67F3A25A0

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\Clangen.exe	Code function: 0_2_00007FF67F38B880 SetUnhandledExceptionFilter,	0_2_00007FF67F38B880
Source: C:\Users\user\Desktop\Clangen.exe	Code function: 0_2_00007FF67F38B69C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00007FF67F38B69C
Source: C:\Users\user\Desktop\Clangen.exe	Code function: 0_2_00007FF67F38AE00 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00007FF67F38AE00
Source: C:\Users\user\Desktop\Clangen.exe	Code function: 0_2_00007FF67F399AE4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00007FF67F399AE4

Source: C:\Users\user\Desktop\Clangen.exe

Code function: 0_2_00007FF67F3A89B0 cpuid

0_2_00007FF67F3A89B0

Source: C:\Users\user\Desktop\Clangen.exe

Code function: 0_2_00007FF67F38B580 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00007FF67F38B580

Source: C:\Users\user\Desktop\Clangen.exe

Code function: 0_2_00007FF67F3A509C _get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,

0_2_00007FF67F3A509C

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Native API	1 DLL Side-Loading	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 DLL Side-Loading	LSASS Memory	2 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	2 Obfuscated Files or Information	Security Account Manager	1 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	13 System Information Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
Clangen.exe	8%	ReversingLabs	Win64.Trojan.Malgent
Clangen.exe	11%	Virustotal		Browse

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1430907
Start date and time:	2024-04-24 10:57:08 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 11s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	1
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Clangen.exe
Detection:	MAL
Classification:	mal48.winEXE@1/0@0/0
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 98% Number of executed functions: 20 Number of non-executed functions: 79
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):	7.986906124417028
TrID:	Win64 Executable GUI (202006/5) 92.65% Win64 Executable (generic) (12005/4) 5.51% Generic Win/DOS Executable (2004/3) 0.92% DOS Executable Generic (2002/1) 0.92% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	Clangen.exe
File size:	5'303'823 bytes
MD5:	30712264600cb5dbac0cf9436afb8057
SHA1:	87d07b89f5f94a705f4c8c3017887fe204c8582e
SHA256:	4cca30c7f69113632bcbc829ffab14614599624752d021bc00d232bcea54c596
SHA512:	fcf890b818c5461b0cb244ac7436b98411617316de025cc5c8ed5857dc9c4e7477701ac09c47e4b3c77bb6b5a17e3a21d43ded982a21172648bc6b8bcfd6fd8c
SSDEEP:	98304:UxnKSckpvmV+8flteWX8HIf0/IznJQoZ7c904Tp0wl:UxKSVOf8HJ/aWoGl0w
TLSH:	943633AC935005B5ECEE923EC085D938E33271922B65D6CF07B4857B1F636D29C3BA61
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........6...W...W...W.../...W.../...W.../...W...+l..W...+...W...+...W...+...W.../...W...W..)W..e+...W..e+...W..Rich.W.................

File Icon


Icon Hash:	33c4cce8d8ece013

Static PE Info

General

Entrypoint:	0x14000b310
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x140000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Time Stamp:	0x66118D33 [Sat Apr 6 17:58:11 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	2
File Version Major:	5
File Version Minor:	2
Subsystem Version Major:	5
Subsystem Version Minor:	2
Import Hash:	0b5552dccd9d0a834cea55c0c8fc05be

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
call 00007EFCB8F7E77Ch
dec eax
add esp, 28h
jmp 00007EFCB8F7E38Fh
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
dec eax
sub esp, 28h
call 00007EFCB8F7ECF4h
test eax, eax
je 00007EFCB8F7E533h
dec eax
mov eax, dword ptr [00000030h]
dec eax
mov ecx, dword ptr [eax+08h]
jmp 00007EFCB8F7E517h
dec eax
cmp ecx, eax
je 00007EFCB8F7E526h
xor eax, eax
dec eax
cmpxchg dword ptr [0004121Ch], ecx
jne 00007EFCB8F7E500h
xor al, al
dec eax
add esp, 28h
ret
mov al, 01h
jmp 00007EFCB8F7E509h
int3
int3
int3
inc eax
push ebx
dec eax
sub esp, 20h
movzx eax, byte ptr [00041207h]
test ecx, ecx
mov ebx, 00000001h
cmove eax, ebx
mov byte ptr [000411F7h], al
call 00007EFCB8F7EAF3h
call 00007EFCB8F7FC22h
test al, al
jne 00007EFCB8F7E516h
xor al, al
jmp 00007EFCB8F7E526h
call 00007EFCB8F8C201h
test al, al
jne 00007EFCB8F7E51Bh
xor ecx, ecx
call 00007EFCB8F7FC32h
jmp 00007EFCB8F7E4FCh
mov al, bl
dec eax
add esp, 20h
pop ebx
ret
int3
int3
int3
inc eax
push ebx
dec eax
sub esp, 20h
cmp byte ptr [000411BCh], 00000000h
mov ebx, ecx
jne 00007EFCB8F7E579h
cmp ecx, 01h
jnbe 00007EFCB8F7E57Ch
call 00007EFCB8F7EC5Ah
test eax, eax
je 00007EFCB8F7E53Ah

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x3bd0c	0x78	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x52000	0x59f8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x4e000	0x20c4	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x58000	0x758	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x39480	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x39340	0x140	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2a000	0x418	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x28800	0x28800	443d51fb84559b563832949912f06b00	False	0.5583465952932098	data	6.488023200564254	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x2a000	0x12b16	0x12c00	e3c24e0b90ae51ee1c9200da80a54eb0	False	0.5154817708333334	data	5.824672921197667	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x3d000	0x103f8	0xe00	afabb66fdcd2825de5909f10c900fca7	False	0.13309151785714285	DOS executable (block device driver \377\3)	1.8096886543499544	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0x4e000	0x20c4	0x2200	7b210ceebebc00c96d1c55c2b456bbb4	False	0.47794117647058826	data	5.274096406482418	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
_RDATA	0x51000	0x15c	0x200	c059b775abce97446903f3597b027fae	False	0.384765625	data	2.808567494642619	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x52000	0x59f8	0x5a00	71001e43f8a7cd7ae6e0b529307b3a2f	False	0.9283420138888889	data	7.8770895859758925	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x58000	0x758	0x800	11aaafc72361ec8886a740c3e209ceb3	False	0.544921875	data	5.2576643703968475	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	ZLIB Complexity
RT_ICON	0x52208	0x307	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	1.0141935483870967
RT_ICON	0x52510	0x527	PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced	1.0083396512509477
RT_ICON	0x52a38	0x748	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	1.0059012875536482
RT_ICON	0x53180	0xba4	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced	1.0036912751677853
RT_ICON	0x53d24	0xeba	PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced	1.0029177718832891
RT_ICON	0x54be0	0x17eb	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced	1.0017965049812183
RT_ICON	0x563cc	0x1035	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	0.8949144372137865
RT_GROUP_ICON	0x57404	0x68	data	0.7403846153846154
RT_MANIFEST	0x5746c	0x58c	XML 1.0 document, ASCII text, with CRLF line terminators	0.4450704225352113

Imports

DLL	Import
USER32.dll	CreateWindowExW, MessageBoxW, MessageBoxA, SystemParametersInfoW, DestroyIcon, SetWindowLongPtrW, GetWindowLongPtrW, GetClientRect, InvalidateRect, ReleaseDC, GetDC, DrawTextW, GetDialogBaseUnits, EndDialog, DialogBoxIndirectParamW, MoveWindow, SendMessageW
COMCTL32.dll
KERNEL32.dll	GetStringTypeW, GetFileAttributesExW, HeapReAlloc, FlushFileBuffers, GetCurrentDirectoryW, IsValidCodePage, GetACP, GetModuleHandleW, MulDiv, GetLastError, SetDllDirectoryW, GetModuleFileNameW, GetProcAddress, GetCommandLineW, GetEnvironmentVariableW, GetOEMCP, ExpandEnvironmentStringsW, CreateDirectoryW, GetTempPathW, WaitForSingleObject, Sleep, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LoadLibraryExW, SetConsoleCtrlHandler, FindClose, FindFirstFileExW, CloseHandle, GetCurrentProcess, LocalFree, FormatMessageW, MultiByteToWideChar, WideCharToMultiByte, GetCPInfo, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, WriteConsoleW, SetEnvironmentVariableW, RtlUnwindEx, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, SetEndOfFile, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetCommandLineA, CreateFileW, GetDriveTypeW, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, GetFullPathNameW, RemoveDirectoryW, FindNextFileW, SetStdHandle, DeleteFileW, ReadFile, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, CompareStringW, LCMapStringW
ADVAPI32.dll	OpenProcessToken, GetTokenInformation, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSidToStringSidW
GDI32.dll	SelectObject, DeleteObject, CreateFontIndirectW

Target ID:	0
Start time:	10:58:01
Start date:	24/04/2024
Path:	C:\Users\user\Desktop\Clangen.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\Clangen.exe"
Imagebase:	0x7ff67f380000
File size:	5'303'823 bytes
MD5 hash:	30712264600CB5DBAC0CF9436AFB8057
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	6.5%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	12.9%
Total number of Nodes:	2000
Total number of Limit Nodes:	38

Executed Functions

Function 00007FF67F3874B0 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 52
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetLastError.KERNEL32(00000000,00007FF67F3826A0), ref: 00007FF67F3874D7
FormatMessageW.KERNELBASE(00000000,00007FF67F3826A0), ref: 00007FF67F387506
WideCharToMultiByte.KERNEL32 ref: 00007FF67F38755C

Part of subcall function 00007FF67F382620: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF67F387744,?,?,?,?,?,?,?,?,?,?,?,00007FF67F38101D), ref: 00007FF67F382654
Part of subcall function 00007FF67F382620: MessageBoxW.USER32 ref: 00007FF67F38272C

Strings

PyInstaller: FormatMessageW failed., xrefs: 00007FF67F387523
FormatMessageW, xrefs: 00007FF67F387517
PyInstaller: pyi_win32_utils_to_utf8 failed., xrefs: 00007FF67F387579
Failed to encode wchar_t as UTF-8., xrefs: 00007FF67F387566
WideCharToMultiByte, xrefs: 00007FF67F38756D
No error messages generated., xrefs: 00007FF67F387510

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: ErrorLastMessage$ByteCharFormatMultiWide
String ID: Failed to encode wchar_t as UTF-8.$FormatMessageW$No error messages generated.$PyInstaller: FormatMessageW failed.$PyInstaller: pyi_win32_utils_to_utf8 failed.$WideCharToMultiByte
API String ID: 2920928814-2573406579
Opcode ID: 684abde574661316fac8865b91606f208a8d8888a5608514f8e9f6b0269201cd
Instruction ID: 3361eae6260f05b744997fdfd60c8d65b2e6aa9781bb2f183f6d608ae1f00e9e
Opcode Fuzzy Hash: 684abde574661316fac8865b91606f208a8d8888a5608514f8e9f6b0269201cd
Instruction Fuzzy Hash: 50215033A3CA4282EB60DB21E850A7663A6FF483A5F840135E54DCA7A4EF7CE145C7D0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F3A5D6C Relevance: 13.8, APIs: 9, Instructions: 276
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF67F3A5AA0: _invalid_parameter_noinfo.LIBCMT ref: 00007FF67F3A5AE1
Part of subcall function 00007FF67F3A5AA0: _invalid_parameter_noinfo.LIBCMT ref: 00007FF67F3A5B5F
Part of subcall function 00007FF67F3A5AA0: _invalid_parameter_noinfo.LIBCMT ref: 00007FF67F3A5BB0

CreateFileW.KERNELBASE ref: 00007FF67F3A5E72
CreateFileW.KERNEL32 ref: 00007FF67F3A5EC2
GetLastError.KERNEL32 ref: 00007FF67F3A5EF2
GetFileType.KERNELBASE ref: 00007FF67F3A5F07
GetLastError.KERNEL32 ref: 00007FF67F3A5F11
CloseHandle.KERNEL32 ref: 00007FF67F3A5F44
CloseHandle.KERNEL32 ref: 00007FF67F3A60A7
CreateFileW.KERNEL32 ref: 00007FF67F3A60DC
GetLastError.KERNEL32 ref: 00007FF67F3A60EB

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
String ID:
API String ID: 1617910340-0
Opcode ID: f9714f3a8e10acd42ca2d2c5b2c2c8a966f4ca54d5d677232d284773bb45134f
Instruction ID: 6388f40977ffef298b60018f7a03875b02f0f23f4e55f3aa3737da1d09616b6e
Opcode Fuzzy Hash: f9714f3a8e10acd42ca2d2c5b2c2c8a966f4ca54d5d677232d284773bb45134f
Instruction Fuzzy Hash: ECC1B537B28A4285EF50CF65C490AAC37A1FB49BA8B015235EE2E9B795DF38D055C3C0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F3817B0 Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 144
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_fread_nolock.LIBCMT ref: 00007FF67F38185C
_fread_nolock.LIBCMT ref: 00007FF67F38190E

Part of subcall function 00007FF67F38F370: _invalid_parameter_noinfo.LIBCMT ref: 00007FF67F38F384

Part of subcall function 00007FF67F382770: MessageBoxW.USER32 ref: 00007FF67F382841

Strings

Could not allocate buffer for TOC!, xrefs: 00007FF67F3818E3
Cannot read Table of Contents., xrefs: 00007FF67F381995
fread, xrefs: 00007FF67F38186E
malloc, xrefs: 00007FF67F3818EA
MEI, xrefs: 00007FF67F3817EF
fseek, xrefs: 00007FF67F381836
Failed to read cookie!, xrefs: 00007FF67F381867
Error on file., xrefs: 00007FF67F38193D
Failed to seek to cookie position!, xrefs: 00007FF67F38182F
Could not read full TOC!, xrefs: 00007FF67F381919

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: _fread_nolock$Message_invalid_parameter_noinfo
String ID: Cannot read Table of Contents.$Could not allocate buffer for TOC!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$fread$fseek$malloc
API String ID: 2153230061-4158440160
Opcode ID: 3c065522737470c5bc3f7426856c5649201b393ecdf4055a802535b9189bd7de
Instruction ID: 894f987a763506432a7601afb4a2959512945c2b24fd44583a732d15a053c153
Opcode Fuzzy Hash: 3c065522737470c5bc3f7426856c5649201b393ecdf4055a802535b9189bd7de
Instruction Fuzzy Hash: E2516973A29A46C6EF54DF29D450A7833A0EB48B68B518135EA1DCB399DF3CE540CBD0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F381000 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 273
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF67F383BA0: GetModuleFileNameW.KERNEL32(?,00007FF67F383699), ref: 00007FF67F383BD1

SetDllDirectoryW.KERNEL32 ref: 00007FF67F3838A5

Part of subcall function 00007FF67F386990: GetEnvironmentVariableW.KERNEL32(00007FF67F3836E7), ref: 00007FF67F3869CA
Part of subcall function 00007FF67F386990: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF67F3869E7

Strings

Cannot side-load external archive %s (code %d)!, xrefs: 00007FF67F38382C
MEI, xrefs: 00007FF67F3837E7
_MEIPASS2, xrefs: 00007FF67F3836D3, 00007FF67F38373C, 00007FF67F3839EB, 00007FF67F3839FB
Failed to convert DLL search path!, xrefs: 00007FF67F38388D
Cannot open PyInstaller archive from executable (%s) or external archive (%s), xrefs: 00007FF67F38378E
_PYI_ONEDIR_MODE, xrefs: 00007FF67F3836FC, 00007FF67F383727

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: Environment$DirectoryExpandFileModuleNameStringsVariable
String ID: Cannot open PyInstaller archive from executable (%s) or external archive (%s)$Cannot side-load external archive %s (code %d)!$Failed to convert DLL search path!$MEI$_MEIPASS2$_PYI_ONEDIR_MODE
API String ID: 2344891160-3602715111
Opcode ID: 8112d3d585c797d6373512e27b0d923afc52f30f080197f56f8e373327622072
Instruction ID: fb3663acc3ef1c538b141231325ab53bcd9e9f6343e43e68d8665867dd9e14f2
Opcode Fuzzy Hash: 8112d3d585c797d6373512e27b0d923afc52f30f080197f56f8e373327622072
Instruction Fuzzy Hash: 0DB18023A3C68381EE64AB21D451AFD2390BF447A4F404132EA5DCF796EF2CE60597E0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F39AF2C Relevance: 10.8, APIs: 7, Instructions: 290
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF67F39B359

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 6f2067f9e2b798d7e4aa60285487f192dd8020c4dcad372bd04a148e1f9d7242
Instruction ID: aa83514fc6a2796506f5cf0731d3c6b61180b9dd79aad309a7bf73b6115ac101
Opcode Fuzzy Hash: 6f2067f9e2b798d7e4aa60285487f192dd8020c4dcad372bd04a148e1f9d7242
Instruction Fuzzy Hash: 61C1F423A2C78681EB60DB199440ABD7BA1FF80BA8F554135DA4D8B395CE7CE945C3C0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F382620 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetLastError.KERNEL32(00000000,00000000,00000000,00007FF67F387744,?,?,?,?,?,?,?,?,?,?,?,00007FF67F38101D), ref: 00007FF67F382654

Part of subcall function 00007FF67F3874B0: GetLastError.KERNEL32(00000000,00007FF67F3826A0), ref: 00007FF67F3874D7
Part of subcall function 00007FF67F3874B0: FormatMessageW.KERNELBASE(00000000,00007FF67F3826A0), ref: 00007FF67F387506

Part of subcall function 00007FF67F387A30: MultiByteToWideChar.KERNEL32 ref: 00007FF67F387A6A

MessageBoxW.USER32 ref: 00007FF67F38272C
MessageBoxA.USER32 ref: 00007FF67F382748

Strings

%s%s: %s, xrefs: 00007FF67F3826AD
Fatal error detected, xrefs: 00007FF67F382700, 00007FF67F38273A

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: Message$ErrorLast$ByteCharFormatMultiWide
String ID: %s%s: %s$Fatal error detected
API String ID: 2806210788-2410924014
Opcode ID: bd2085b38ade222d48c53e4b242a54a19eedc60d0d0276a39b8304b5fd6b5430
Instruction ID: bcbd85bf5cc785ea1f4d00e78bfde3725db9cc00b784dbeb98ccda7612359e7b
Opcode Fuzzy Hash: bd2085b38ade222d48c53e4b242a54a19eedc60d0d0276a39b8304b5fd6b5430
Instruction Fuzzy Hash: 6F315673638A8191EA30DB51E451BEA6395FB84794F404036EA8D8B699DF3CD345C7D0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F38B19C Relevance: 6.1, APIs: 4, Instructions: 94
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__scrt_initialize_crt.LIBCMT ref: 00007FF67F38B1AB

Part of subcall function 00007FF67F38B36C: __scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FF67F38B38E

__scrt_acquire_startup_lock.LIBCMT ref: 00007FF67F38B1C0
__scrt_release_startup_lock.LIBCMT ref: 00007FF67F38B22E
__scrt_get_show_window_mode.LIBCMT ref: 00007FF67F38B281

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_initialize_crt__scrt_release_startup_lock
String ID:
API String ID: 1452418845-0
Opcode ID: 90a7fcc3a81af5bf04ad81541e301d7d9fb9f11ea0fdd18d74326f9016f6428e
Instruction ID: 797904afc71d7930e8885d3d43ef003c64e3eef542334d0f1995a3aa783a09ee
Opcode Fuzzy Hash: 90a7fcc3a81af5bf04ad81541e301d7d9fb9f11ea0fdd18d74326f9016f6428e
Instruction Fuzzy Hash: 68313E63E3C14785FE64AB699412BFD2391AF953A8F844034E95DCF2D3DE2CA40983E1

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F398888 Relevance: 4.5, APIs: 3, Instructions: 14
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32(?,?,?,00007FF67F398884), ref: 00007FF67F398899
TerminateProcess.KERNEL32(?,?,?,00007FF67F398884), ref: 00007FF67F3988A4
ExitProcess.KERNEL32 ref: 00007FF67F3988B3

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: d426427e4f48dbbb9dc5f253e5f2c69f0b75b8518679dacd75070a6bbb583433
Instruction ID: 40bf9063dd1aec68eaff5c1874df043d9edd4f9efa3321ae6a9ec28986498572
Opcode Fuzzy Hash: d426427e4f48dbbb9dc5f253e5f2c69f0b75b8518679dacd75070a6bbb583433
Instruction Fuzzy Hash: 3DD05E53F3C70282FE147B315C4487813516F88764F401438D82BCE383CD2CA40842D0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F38F39C Relevance: 3.2, APIs: 2, Instructions: 177
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF67F38F3E0
_invalid_parameter_noinfo.LIBCMT ref: 00007FF67F38F4D7

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: bd665411d6c8cb657e02e9163d495b47fe1eb31481a6a537198dee777c004d3e
Instruction ID: 14d4d4a739aae5ec7e1b04170eede95194cd25c29bbf78b505b305f7f2e4972a
Opcode Fuzzy Hash: bd665411d6c8cb657e02e9163d495b47fe1eb31481a6a537198dee777c004d3e
Instruction Fuzzy Hash: 0951C463B2964286EA689E359400E7A6381BF54BB8F144635DE7DCF7C9CF3CE40186E0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F39A028 Relevance: 3.1, APIs: 2, Instructions: 59
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindCloseChangeNotification.KERNELBASE(?,?,?,00007FF67F399EA5,?,?,00000000,00007FF67F399F5A), ref: 00007FF67F39A096
GetLastError.KERNEL32(?,?,?,00007FF67F399EA5,?,?,00000000,00007FF67F399F5A), ref: 00007FF67F39A0A0

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: ChangeCloseErrorFindLastNotification
String ID:
API String ID: 1687624791-0
Opcode ID: 649148bb364a2e2bb6c01b4b98e8ba63ccdb9764b03dbbc10b4a89a301f042aa
Instruction ID: c01fb24a5a1e95a5f7b7d5ce3d62ecae616e54c1e33a5a93b1d1d539a71a1eaf
Opcode Fuzzy Hash: 649148bb364a2e2bb6c01b4b98e8ba63ccdb9764b03dbbc10b4a89a301f042aa
Instruction Fuzzy Hash: B0218E23F2868381FE90D725A594A791391AF847B8F184335DA7E8B7C5CE6CA44582C0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F39B604 Relevance: 3.0, APIs: 2, Instructions: 46
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetFilePointerEx.KERNELBASE(?,?,?,?,00000000,00007FF67F39B79D), ref: 00007FF67F39B650
GetLastError.KERNEL32(?,?,?,?,00000000,00007FF67F39B79D), ref: 00007FF67F39B65A

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: ErrorFileLastPointer
String ID:
API String ID: 2976181284-0
Opcode ID: ff2257711b1d275b862e663729d543ef4812b290fbf882e2e1232765a84f7875
Instruction ID: 80a1d87d7b2ba14fe19ea3700262d1f5c0807eec7af1087f71be9b87151823de
Opcode Fuzzy Hash: ff2257711b1d275b862e663729d543ef4812b290fbf882e2e1232765a84f7875
Instruction Fuzzy Hash: 6B11C163A28B8281DA10CB2AF404569A361BB44BF8F544331EE7D8B7E9CF3CE11187C0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F39B37C Relevance: 1.6, APIs: 1, Instructions: 112
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF67F39B3A4

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 7edcb5c19051daea02f21c4053ec30bf8603933813fd22e9cae156a3527bc5bd
Instruction ID: 23a8ae7e4a4ef9ecc6369747a4d5e04b9db9245dd3a3b4a45fb31ea284fcfb0a
Opcode Fuzzy Hash: 7edcb5c19051daea02f21c4053ec30bf8603933813fd22e9cae156a3527bc5bd
Instruction Fuzzy Hash: 5A41E13392864183FB34DB19E580A7973A4EB95BA8F100235DA8ECB6D1CF2CE502D7D1

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F387200 Relevance: 1.6, APIs: 1, Instructions: 85COMMON

Download Yara Rule

APIs

_fread_nolock.LIBCMT ref: 00007FF67F3872AA

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: _fread_nolock
String ID:
API String ID: 840049012-0
Opcode ID: e9032aa6d9b55eac528051dccc3408ce21bdab3594e0e76e6c36bec994bc223f
Instruction ID: a2e7c07cd46e65216304dd20fc4b80bf43153bf487f3d485ec15cfc46444cea5
Opcode Fuzzy Hash: e9032aa6d9b55eac528051dccc3408ce21bdab3594e0e76e6c36bec994bc223f
Instruction Fuzzy Hash: DE21A823B3929246FA119A226504BFAA752BF45BE5F885430EE4DCF786CE7CE141C3D0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F39AE0C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF67F39AE92

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 36b0fbc90b3b462680d3b6a13c035726274d9c74de2b43bcb58660ea55cb43b3
Instruction ID: a1812180bfccaf81cd094c299c43bd485365e9dd65e376b255379f46b598c53d
Opcode Fuzzy Hash: 36b0fbc90b3b462680d3b6a13c035726274d9c74de2b43bcb58660ea55cb43b3
Instruction Fuzzy Hash: 9F318923E3C65281FB61EB15D840A783790AB40BB9F414235EA6D8B3D6CF7CE84186D1

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F3987B9 Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF67F3987E7

Part of subcall function 00007FF67F3988E0: GetModuleHandleExW.KERNEL32 ref: 00007FF67F398905
Part of subcall function 00007FF67F3988E0: GetProcAddress.KERNEL32 ref: 00007FF67F39891B
Part of subcall function 00007FF67F3988E0: FreeLibrary.KERNEL32 ref: 00007FF67F398942

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: HandleModule$AddressFreeLibraryProc
String ID:
API String ID: 3947729631-0
Opcode ID: e9a7e304643df4a79f5f92f113a909c0855d61e5f1cd2648997e34e72053eb35
Instruction ID: bbce3f1591571c61f226b926749c7f17685cf0a7122d5482f72298fb472300ea
Opcode Fuzzy Hash: e9a7e304643df4a79f5f92f113a909c0855d61e5f1cd2648997e34e72053eb35
Instruction Fuzzy Hash: 98216B73E2860689EB24DF64D4406BC33A0FB8476CF94163AD62C8AAD5DF38D544C7D0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F3954C8 Relevance: 1.6, APIs: 1, Instructions: 55COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF67F39542D

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: be1079961907d1906d587a3e65c1e024338dd0a3e917ec7f85ba85c18500dcb2
Instruction ID: d888e8552ef00410ee71ae9b5cce6811c100f3f319d4a8bd1e917bd23f0f0828
Opcode Fuzzy Hash: be1079961907d1906d587a3e65c1e024338dd0a3e917ec7f85ba85c18500dcb2
Instruction Fuzzy Hash: E8114223A2D64241EAA0DF519501A79A3E0AF85BA8F444432EA8C9B796CF7DD48087C1

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F3A575C Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF67F3A577F

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: bc68aba4551d34184bb05bda2552568f64e358e9307c55527e30db01171bb599
Instruction ID: 9748ceff30393eeb4d949d130f90867224bc358e236f69319f5590baa237f391
Opcode Fuzzy Hash: bc68aba4551d34184bb05bda2552568f64e358e9307c55527e30db01171bb599
Instruction Fuzzy Hash: 08216533A2864187DBA18F19E440B7977A0FB84BA4F144235E65D8B6D9DF3DD4018BC0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F38F61C Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF67F38F670

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: f8ccbbb08b6b64fca274b3102351a157ba9f641dbe881e0fbefe782dfe020abd
Instruction ID: 60ceea89b809d004f5aab93e6064cd5ae66202a8a9bc7876b2a6e72041a001ed
Opcode Fuzzy Hash: f8ccbbb08b6b64fca274b3102351a157ba9f641dbe881e0fbefe782dfe020abd
Instruction Fuzzy Hash: A5016522A2874241E904DB629901969A795BB55FF4F488731DE6CDBBD6CE3CD40147D0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F39DD40 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(?,?,00000000,00007FF67F39A8B6,?,?,?,00007FF67F399A73,?,?,00000000,00007FF67F399D0E), ref: 00007FF67F39DD95

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 2e0f3e4b2c9ccc38d96cb592f5054ed38be707e8bf6a1ab6843b3be497aa41a7
Instruction ID: e57ea24f8e60e068a430adb2d4b020ba44b9ad7a9b31217fbb4e6e3e46766467
Opcode Fuzzy Hash: 2e0f3e4b2c9ccc38d96cb592f5054ed38be707e8bf6a1ab6843b3be497aa41a7
Instruction Fuzzy Hash: DBF06256B3960241FE94E767950ABB503905F85BA8F4CA430D94DCE2D2DD1CE44081E0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F3871B0 Relevance: 1.5, APIs: 1, Instructions: 20libraryCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF67F387A30: MultiByteToWideChar.KERNEL32 ref: 00007FF67F387A6A

LoadLibraryW.KERNELBASE(?,?,00000000,00007FF67F3830BE), ref: 00007FF67F3871D3

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: ByteCharLibraryLoadMultiWide
String ID:
API String ID: 2592636585-0
Opcode ID: 63080640ee8bd5a5197bc5957a639ee791a00d05320db4a40cef4a6e5ab977c0
Instruction ID: b1cd998302a6a9c2713875507983c4dc6ec720d4b3ef511c9070c1d6bc36cfe5
Opcode Fuzzy Hash: 63080640ee8bd5a5197bc5957a639ee791a00d05320db4a40cef4a6e5ab977c0
Instruction Fuzzy Hash: C5E08613B3814582EE5897A7E55586AA352AF88BD0B489035EE1D8B755DD2CD8904A80

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00007FF67F3855D0 Relevance: 166.5, APIs: 31, Strings: 64, Instructions: 287libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF67F3871B0: LoadLibraryW.KERNELBASE(?,?,00000000,00007FF67F3830BE), ref: 00007FF67F3871D3

GetProcAddress.KERNEL32 ref: 00007FF67F385F67
GetProcAddress.KERNEL32 ref: 00007FF67F385FA6
GetProcAddress.KERNEL32 ref: 00007FF67F385FCB
GetProcAddress.KERNEL32 ref: 00007FF67F385FF0
GetProcAddress.KERNEL32 ref: 00007FF67F386018
GetProcAddress.KERNEL32 ref: 00007FF67F386040
GetProcAddress.KERNEL32 ref: 00007FF67F386068
GetProcAddress.KERNEL32 ref: 00007FF67F386090
GetProcAddress.KERNEL32 ref: 00007FF67F3860B8

Strings

Failed to get address for Tcl_DeleteInterp, xrefs: 00007FF67F38607A
Tcl_DeleteInterp, xrefs: 00007FF67F38605E
Failed to get address for Tcl_ConditionWait, xrefs: 00007FF67F386192
Tcl_NewByteArrayObj, xrefs: 00007FF67F3862B6
Tcl_ConditionFinalize, xrefs: 00007FF67F386126
Failed to get address for Tcl_SetVar2Ex, xrefs: 00007FF67F3862FA
Tcl_CreateObjCommand, xrefs: 00007FF67F38623E
Tcl_GetObjResult, xrefs: 00007FF67F386306
Failed to get address for Tcl_EvalFile, xrefs: 00007FF67F38634A
Tk_GetNumMainWindows, xrefs: 00007FF67F38641E
Failed to get address for Tcl_CreateThread, xrefs: 00007FF67F3860A2
Failed to get address for Tcl_MutexUnlock, xrefs: 00007FF67F38611A
Failed to get address for Tcl_GetCurrentThread, xrefs: 00007FF67F3860CA
Tcl_GetVar2, xrefs: 00007FF67F3861EE
Tcl_GetString, xrefs: 00007FF67F386266
Tcl_ThreadQueueEvent, xrefs: 00007FF67F38619E
Failed to get address for Tcl_Free, xrefs: 00007FF67F3863EA
Tcl_MutexLock, xrefs: 00007FF67F3860D6
Failed to get address for Tcl_Init, xrefs: 00007FF67F385F79
Failed to get address for Tcl_NewStringObj, xrefs: 00007FF67F3862AA
Tcl_NewStringObj, xrefs: 00007FF67F38628E
Tcl_Free, xrefs: 00007FF67F3863CE
Failed to get address for Tcl_ThreadQueueEvent, xrefs: 00007FF67F3861BA
Failed to get address for Tcl_ConditionNotify, xrefs: 00007FF67F38616A
Failed to get address for Tcl_ConditionFinalize, xrefs: 00007FF67F386142
Failed to get address for Tcl_FinalizeThread, xrefs: 00007FF67F386052
Failed to get address for Tk_Init, xrefs: 00007FF67F386412
Failed to get address for Tcl_EvalObjv, xrefs: 00007FF67F38639A
Failed to get address for Tcl_GetString, xrefs: 00007FF67F386282
Tcl_Alloc, xrefs: 00007FF67F3863A6
Failed to get address for Tcl_FindExecutable, xrefs: 00007FF67F385FDD
Tcl_CreateInterp, xrefs: 00007FF67F385F9C
Tcl_SetVar2, xrefs: 00007FF67F386216
Tcl_Init, xrefs: 00007FF67F385F60
Tcl_CreateThread, xrefs: 00007FF67F386086
Failed to get address for Tcl_Finalize, xrefs: 00007FF67F38602A
Failed to get address for Tcl_Alloc, xrefs: 00007FF67F3863C2
Failed to get address for Tcl_GetVar2, xrefs: 00007FF67F38620A
Tcl_ConditionWait, xrefs: 00007FF67F386176
LOADER: Failed to load tcl/tk libraries, xrefs: 00007FF67F38561A
Tcl_DoOneEvent, xrefs: 00007FF67F385FE6
GetProcAddress, xrefs: 00007FF67F385F80
Tcl_EvalObjv, xrefs: 00007FF67F38637E
Tcl_GetCurrentThread, xrefs: 00007FF67F3860AE
Tcl_ConditionNotify, xrefs: 00007FF67F38614E
Tcl_FindExecutable, xrefs: 00007FF67F385FC1
Failed to get address for Tcl_CreateInterp, xrefs: 00007FF67F385FB8
Tcl_Finalize, xrefs: 00007FF67F38600E
Tcl_SetVar2Ex, xrefs: 00007FF67F3862DE
Tcl_MutexUnlock, xrefs: 00007FF67F3860FE
Failed to get address for Tk_GetNumMainWindows, xrefs: 00007FF67F38643A
Failed to get address for Tcl_CreateObjCommand, xrefs: 00007FF67F38625A
Failed to get address for Tcl_DoOneEvent, xrefs: 00007FF67F386002
Tk_Init, xrefs: 00007FF67F3863F6
Tcl_EvalFile, xrefs: 00007FF67F38632E
Failed to get address for Tcl_SetVar2, xrefs: 00007FF67F386232
Tcl_ThreadAlert, xrefs: 00007FF67F3861C6
Failed to get address for Tcl_MutexLock, xrefs: 00007FF67F3860F2
Tcl_FinalizeThread, xrefs: 00007FF67F386036
Tcl_EvalEx, xrefs: 00007FF67F386356
Failed to get address for Tcl_ThreadAlert, xrefs: 00007FF67F3861E2
Failed to get address for Tcl_NewByteArrayObj, xrefs: 00007FF67F3862D2
Failed to get address for Tcl_EvalEx, xrefs: 00007FF67F386372
Failed to get address for Tcl_GetObjResult, xrefs: 00007FF67F386322

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: AddressProc$LibraryLoad
String ID: Failed to get address for Tcl_Alloc$Failed to get address for Tcl_ConditionFinalize$Failed to get address for Tcl_ConditionNotify$Failed to get address for Tcl_ConditionWait$Failed to get address for Tcl_CreateInterp$Failed to get address for Tcl_CreateObjCommand$Failed to get address for Tcl_CreateThread$Failed to get address for Tcl_DeleteInterp$Failed to get address for Tcl_DoOneEvent$Failed to get address for Tcl_EvalEx$Failed to get address for Tcl_EvalFile$Failed to get address for Tcl_EvalObjv$Failed to get address for Tcl_Finalize$Failed to get address for Tcl_FinalizeThread$Failed to get address for Tcl_FindExecutable$Failed to get address for Tcl_Free$Failed to get address for Tcl_GetCurrentThread$Failed to get address for Tcl_GetObjResult$Failed to get address for Tcl_GetString$Failed to get address for Tcl_GetVar2$Failed to get address for Tcl_Init$Failed to get address for Tcl_MutexLock$Failed to get address for Tcl_MutexUnlock$Failed to get address for Tcl_NewByteArrayObj$Failed to get address for Tcl_NewStringObj$Failed to get address for Tcl_SetVar2$Failed to get address for Tcl_SetVar2Ex$Failed to get address for Tcl_ThreadAlert$Failed to get address for Tcl_ThreadQueueEvent$Failed to get address for Tk_GetNumMainWindows$Failed to get address for Tk_Init$GetProcAddress$LOADER: Failed to load tcl/tk libraries$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
API String ID: 2238633743-1453502826
Opcode ID: 4c3d84e7267adeddf6e2c1c525ba4fa7748455c51c362dfb67f89ee1dca86c34
Instruction ID: 13771af8098103ba00b5c49f2d696d5833c751844393cd8a49c661ae3f3596a1
Opcode Fuzzy Hash: 4c3d84e7267adeddf6e2c1c525ba4fa7748455c51c362dfb67f89ee1dca86c34
Instruction Fuzzy Hash: 78E19266A3DB03D0EE95CB16A85097423E5AF047B4B846535E81ECE3A8EF7CE558C3D0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F381B90 Relevance: 43.9, APIs: 20, Strings: 5, Instructions: 188windowCOMMON

Download Yara Rule

APIs

GetDialogBaseUnits.USER32 ref: 00007FF67F381BDE
MulDiv.KERNEL32 ref: 00007FF67F381BF2
MulDiv.KERNEL32 ref: 00007FF67F381C13
SystemParametersInfoW.USER32 ref: 00007FF67F381C5B
CreateFontIndirectW.GDI32 ref: 00007FF67F381C6F
#380.COMCTL32 ref: 00007FF67F381C93
CreateWindowExW.USER32 ref: 00007FF67F381CE6
CreateWindowExW.USER32 ref: 00007FF67F381D40
CreateWindowExW.USER32 ref: 00007FF67F381D9D
CreateWindowExW.USER32 ref: 00007FF67F381DFF
SendMessageW.USER32 ref: 00007FF67F381E1F
SendMessageW.USER32 ref: 00007FF67F381E39
SendMessageW.USER32 ref: 00007FF67F381E58
SendMessageW.USER32 ref: 00007FF67F381E77
SendMessageW.USER32 ref: 00007FF67F381E95
SendMessageW.USER32 ref: 00007FF67F381EB3
SendMessageW.USER32 ref: 00007FF67F381ED1
SendMessageW.USER32 ref: 00007FF67F381EE9
SendMessageW.USER32 ref: 00007FF67F381F01
GetClientRect.USER32 ref: 00007FF67F381F10

Part of subcall function 00007FF67F382030: GetDC.USER32 ref: 00007FF67F38205B
Part of subcall function 00007FF67F382030: SelectObject.GDI32 ref: 00007FF67F3820A2
Part of subcall function 00007FF67F382030: DrawTextW.USER32 ref: 00007FF67F3820C5
Part of subcall function 00007FF67F382030: SelectObject.GDI32 ref: 00007FF67F3820DB
Part of subcall function 00007FF67F382030: ReleaseDC.USER32 ref: 00007FF67F3820EB
Part of subcall function 00007FF67F382030: MoveWindow.USER32 ref: 00007FF67F38213B
Part of subcall function 00007FF67F382030: MoveWindow.USER32 ref: 00007FF67F38217B
Part of subcall function 00007FF67F382030: MoveWindow.USER32 ref: 00007FF67F3821CE

Strings

STATIC, xrefs: 00007FF67F381C9C, 00007FF67F381CF1
Failed to execute script '%ls' due to unhandled exception: %ls, xrefs: 00007FF67F381BBD
EDIT, xrefs: 00007FF67F381D4B
Close, xrefs: 00007FF67F381DA8
BUTTON, xrefs: 00007FF67F381DB6

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: MessageSend$Window$Create$Move$ObjectSelect$#380BaseClientDialogDrawFontIndirectInfoParametersRectReleaseSystemTextUnits
String ID: BUTTON$Close$EDIT$Failed to execute script '%ls' due to unhandled exception: %ls$STATIC
API String ID: 2446303242-1601438679
Opcode ID: 47b3578659853d453a5822a751c8e2f63cfdf798862dd1eeebf7592aa26dc86d
Instruction ID: c6e316c2a6b189013c9af32169c5093e4f1324f65593d1cc0012ae6c204fbd4a
Opcode Fuzzy Hash: 47b3578659853d453a5822a751c8e2f63cfdf798862dd1eeebf7592aa26dc86d
Instruction Fuzzy Hash: 2FA14C37228B81C6DB148F12E554BAAB3A0F748BA4F504125EB9D87B14DF7DE165CB80

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F3A31CC Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON

Download Yara Rule

APIs

fegetenv.LIBCMT ref: 00007FF67F3A321A
_invalid_parameter_noinfo.LIBCMT ref: 00007FF67F3A3886
_invalid_parameter_noinfo.LIBCMT ref: 00007FF67F3A39FC
_invalid_parameter_noinfo.LIBCMT ref: 00007FF67F3A3CBA
_invalid_parameter_noinfo.LIBCMT ref: 00007FF67F3A3EDA
_invalid_parameter_noinfo.LIBCMT ref: 00007FF67F3A4117
memcpy_s.LIBCPMT ref: 00007FF67F3A41F2
memcpy_s.LIBCPMT ref: 00007FF67F3A429D
memcpy_s.LIBCPMT ref: 00007FF67F3A436C

Strings

1#IND, xrefs: 00007FF67F3A3307
1#QNAN, xrefs: 00007FF67F3A3333
1#INF, xrefs: 00007FF67F3A3343
1#SNAN, xrefs: 00007FF67F3A332A

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 808467561-2761157908
Opcode ID: 46fb5d0366b8e1e712cdd684d815614daf2c7cda5b16cac76ba58e706ef79b66
Instruction ID: 93da4a0fba4111c89d3b528c5b45bc61dd4a2807ce1febdf7079c1162f9bab4c
Opcode Fuzzy Hash: 46fb5d0366b8e1e712cdd684d815614daf2c7cda5b16cac76ba58e706ef79b66
Instruction Fuzzy Hash: D9B2C673E282928BEB658E66D440BFD77E1FB54354F405135EA0D9BA88DF3DA9009BC0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F386780 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 139COMMON

Download Yara Rule

APIs

GetTempPathW.KERNEL32(?,00000000,?,00007FF67F38674D), ref: 00007FF67F38681A

Part of subcall function 00007FF67F386990: GetEnvironmentVariableW.KERNEL32(00007FF67F3836E7), ref: 00007FF67F3869CA
Part of subcall function 00007FF67F386990: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF67F3869E7

Part of subcall function 00007FF67F3966B4: _invalid_parameter_noinfo.LIBCMT ref: 00007FF67F3966CD

SetEnvironmentVariableW.KERNEL32(?,TokenIntegrityLevel), ref: 00007FF67F3868D1

Part of subcall function 00007FF67F382770: MessageBoxW.USER32 ref: 00007FF67F382841

Strings

TMP, xrefs: 00007FF67F3867DE
LOADER: Failed to set the TMP environment variable., xrefs: 00007FF67F3867F8
TMP, xrefs: 00007FF67F3867B8, 00007FF67F386879, 00007FF67F386907
_MEI%d, xrefs: 00007FF67F386828

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: Environment$Variable$ExpandMessagePathStringsTemp_invalid_parameter_noinfo
String ID: LOADER: Failed to set the TMP environment variable.$TMP$TMP$_MEI%d
API String ID: 3752271684-1116378104
Opcode ID: b4ad522e37175ac7074a900ecec4c645a4870e05ba81b0992846085732047fb7
Instruction ID: 84caf832925a8dc4327a28c06b9565923773a306fa1cb9d234706699ee3f9b5c
Opcode Fuzzy Hash: b4ad522e37175ac7074a900ecec4c645a4870e05ba81b0992846085732047fb7
Instruction Fuzzy Hash: C8516D13B3D64280FE54EB729965ABA53819F89BE0F444035ED0ECF796ED2CE90187D0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F38B69C Relevance: 10.6, APIs: 7, Instructions: 72COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32 ref: 00007FF67F38B6B8
RtlCaptureContext.KERNEL32 ref: 00007FF67F38B6E5
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF67F38B6FF
RtlVirtualUnwind.KERNEL32 ref: 00007FF67F38B740
IsDebuggerPresent.KERNEL32 ref: 00007FF67F38B794
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF67F38B7B5
UnhandledExceptionFilter.KERNEL32 ref: 00007FF67F38B7C0

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
String ID:
API String ID: 3140674995-0
Opcode ID: 24fff5600ca101af0e2334446d678d156eb325a0e0e0c0538aba544f51e330ab
Instruction ID: 86e559cf28b1ce4561a0e1871e11dc96856e97772c89554012149fe00327042b
Opcode Fuzzy Hash: 24fff5600ca101af0e2334446d678d156eb325a0e0e0c0538aba544f51e330ab
Instruction Fuzzy Hash: 9C314F73618B8285EB608F65E8807ED73A0FB44754F44443ADA4D8BB98DF3CD548C790

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F3A4E20 Relevance: 9.3, APIs: 6, Instructions: 334timeCOMMON

Download Yara Rule

APIs

_get_daylight.LIBCMT ref: 00007FF67F3A4E65

Part of subcall function 00007FF67F3A47B8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF67F3A47CC

Part of subcall function 00007FF67F399E18: HeapFree.KERNEL32(?,?,?,00007FF67F3A1E42,?,?,?,00007FF67F3A1E7F,?,?,00000000,00007FF67F3A2345,?,?,?,00007FF67F3A2277), ref: 00007FF67F399E2E
Part of subcall function 00007FF67F399E18: GetLastError.KERNEL32(?,?,?,00007FF67F3A1E42,?,?,?,00007FF67F3A1E7F,?,?,00000000,00007FF67F3A2345,?,?,?,00007FF67F3A2277), ref: 00007FF67F399E38

Part of subcall function 00007FF67F399DD0: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF67F399DAF,?,?,?,?,?,00007FF67F3921EC), ref: 00007FF67F399DD9
Part of subcall function 00007FF67F399DD0: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF67F399DAF,?,?,?,?,?,00007FF67F3921EC), ref: 00007FF67F399DFE

_get_daylight.LIBCMT ref: 00007FF67F3A4E54

Part of subcall function 00007FF67F3A4818: _invalid_parameter_noinfo.LIBCMT ref: 00007FF67F3A482C

_get_daylight.LIBCMT ref: 00007FF67F3A50CA
_get_daylight.LIBCMT ref: 00007FF67F3A50DB
_get_daylight.LIBCMT ref: 00007FF67F3A50EC
GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF67F3A532C), ref: 00007FF67F3A5113

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
String ID:
API String ID: 4070488512-0
Opcode ID: a9f1dad40c5644c1829df854b35cf2cff202b4769108a1d535aac39d904cb9be
Instruction ID: c3cf9051fbfd4e6f96edd07123c0e02c9588aa180c27863ea0c562d4fc0e58d3
Opcode Fuzzy Hash: a9f1dad40c5644c1829df854b35cf2cff202b4769108a1d535aac39d904cb9be
Instruction Fuzzy Hash: EAD19F27A2825286EB60DF26D8919B963A1FF847A4F444136FA1DCBB95DF3CE441C7C0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F399AE4 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 00007FF67F399B5D
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF67F399B75
RtlVirtualUnwind.KERNEL32 ref: 00007FF67F399BB0
IsDebuggerPresent.KERNEL32 ref: 00007FF67F399BE9
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF67F399BF3
UnhandledExceptionFilter.KERNEL32 ref: 00007FF67F399BFE

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
String ID:
API String ID: 1239891234-0
Opcode ID: 4204087c2144b4154cc610f07160e172692864cccd6c23e577d201b1c5d7dbdf
Instruction ID: fe4ccb3287b8256262d6cef625112d69b37f0bd68de1d5cd9eedd4da49eedc2e
Opcode Fuzzy Hash: 4204087c2144b4154cc610f07160e172692864cccd6c23e577d201b1c5d7dbdf
Instruction Fuzzy Hash: DE315233628B8195EB60CF25E8406AE73A4FB84764F500135EA9D87B95DF3CD555CBC0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F3A09B4 Relevance: 7.8, APIs: 5, Instructions: 282COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF67F3A0A00
FindFirstFileExW.KERNEL32 ref: 00007FF67F3A0B0A

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: FileFindFirst_invalid_parameter_noinfo
String ID:
API String ID: 2227656907-0
Opcode ID: 0bdd7a8416f1e28eb8c09c6b5c037a8b7871395a979be626bc7410ef92a9cb5d
Instruction ID: 4524e34ce5885e7204125089a743e3c7f24f2b19f3e429be699e23488c63c7eb
Opcode Fuzzy Hash: 0bdd7a8416f1e28eb8c09c6b5c037a8b7871395a979be626bc7410ef92a9cb5d
Instruction Fuzzy Hash: D5B190A3B2969681EE60DB369540ABA6390EB44BB4F444131FE5E8FB85DE3CE44183C0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F3A509C Relevance: 6.1, APIs: 4, Instructions: 143timeCOMMON

Download Yara Rule

APIs

_get_daylight.LIBCMT ref: 00007FF67F3A50CA

Part of subcall function 00007FF67F3A4818: _invalid_parameter_noinfo.LIBCMT ref: 00007FF67F3A482C

_get_daylight.LIBCMT ref: 00007FF67F3A50DB

Part of subcall function 00007FF67F3A47B8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF67F3A47CC

_get_daylight.LIBCMT ref: 00007FF67F3A50EC

Part of subcall function 00007FF67F3A47E8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF67F3A47FC

Part of subcall function 00007FF67F399E18: HeapFree.KERNEL32(?,?,?,00007FF67F3A1E42,?,?,?,00007FF67F3A1E7F,?,?,00000000,00007FF67F3A2345,?,?,?,00007FF67F3A2277), ref: 00007FF67F399E2E
Part of subcall function 00007FF67F399E18: GetLastError.KERNEL32(?,?,?,00007FF67F3A1E42,?,?,?,00007FF67F3A1E7F,?,?,00000000,00007FF67F3A2345,?,?,?,00007FF67F3A2277), ref: 00007FF67F399E38

GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF67F3A532C), ref: 00007FF67F3A5113

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
String ID:
API String ID: 3458911817-0
Opcode ID: 8dda7e1bb43cce3069c61b2343a9d469707a009ccb87a98b23344d3931a91aef
Instruction ID: a1c72c2c219c6b2b2fc33f7d2d30cb4a4900269e55a33a8ac60565872e1f7919
Opcode Fuzzy Hash: 8dda7e1bb43cce3069c61b2343a9d469707a009ccb87a98b23344d3931a91aef
Instruction Fuzzy Hash: 9D516333A2865286EB50DF22E9919B967A0FB487A4F444136FA5DCBB95DF3CE401C7C0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F3A2D30 Relevance: 4.8, APIs: 3, Instructions: 340COMMON

Download Yara Rule

APIs

memcpy_s.LIBCPMT ref: 00007FF67F3A2D96
memcpy_s.LIBCPMT ref: 00007FF67F3A2DC1

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: memcpy_s
String ID:
API String ID: 1502251526-0
Opcode ID: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
Instruction ID: 882346453d7c41ac0ba0d9d611ead3fe94e0e0411a13bd9a67082327091ee92a
Opcode Fuzzy Hash: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
Instruction Fuzzy Hash: 45C1D373B2868687EB25CF16A044E6AB7D1F784B94F448134EB4A9B744DE3DE841CBC0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F3A8B68 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE

Download Yara Rule

APIs

_clrfp.LIBCMT ref: 00007FF67F3A8DB7
RaiseException.KERNEL32 ref: 00007FF67F3A8DC8

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: ExceptionRaise_clrfp
String ID:
API String ID: 15204871-0
Opcode ID: 34bf4ba4d1f77b159a602f4f3a79dc58b46c4397abc6f90fe1b78d3c276b8e03
Instruction ID: 22b0ebba10423e1aaf03b774009215b18c016f3b749da50dfc195653d7b418ce
Opcode Fuzzy Hash: 34bf4ba4d1f77b159a602f4f3a79dc58b46c4397abc6f90fe1b78d3c276b8e03
Instruction Fuzzy Hash: 89B17C73610B89CBEB19CF2AC8467687BE0F744B58F148921EA6D877A4CF39D451C780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F387820 Relevance: 3.0, APIs: 2, Instructions: 29COMMON

Download Yara Rule

APIs

FindFirstFileExW.KERNEL32 ref: 00007FF67F387851
FindClose.KERNEL32 ref: 00007FF67F387860

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID:
API String ID: 2295610775-0
Opcode ID: b154a429360a9d8fc422caeeb97d2d39407f5ca637504bf6a4efef03296319f0
Instruction ID: 95fb42ea49781a108fbbe388f5f21cc1c1c88f4e621878c5efc27a9152c1d8aa
Opcode Fuzzy Hash: b154a429360a9d8fc422caeeb97d2d39407f5ca637504bf6a4efef03296319f0
Instruction Fuzzy Hash: 5FF0A433A3878186EBA08F60E455BA67391FB44774F000735E66D8A6D4DF3CD049CAD0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F392C04 Relevance: 2.8, Strings: 2, Instructions: 350COMMON

Download Yara Rule

Strings

, xrefs: 00007FF67F392D72
, xrefs: 00007FF67F392FB4

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID:
String ID: $
API String ID: 0-227171996
Opcode ID: 2d8c388a4af4e59f7aa018185c24a80b808f927c20487c79df8fa8b9671cd73b
Instruction ID: 0b76cbd08ff438e87bdf938d7b24d17ac86e3a28c19c773bcc6086f8da60b540
Opcode Fuzzy Hash: 2d8c388a4af4e59f7aa018185c24a80b808f927c20487c79df8fa8b9671cd73b
Instruction Fuzzy Hash: 2EE1C173A28A4286EB68CA258150D7933A0FF45B6CF161235DE5E8B794DF3DE842C7D0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F39D098 Relevance: 2.6, Strings: 2, Instructions: 144COMMON

Download Yara Rule

Strings

gfff, xrefs: 00007FF67F39D222
e+000, xrefs: 00007FF67F39D1A5

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID:
String ID: e+000$gfff
API String ID: 0-3030954782
Opcode ID: e8ad3313ac50deca76865dcff50c63e8317fb702a62c77948e89599ff08dba86
Instruction ID: 953e9bf0f60d02628e00bc46c9c9bfb27e29132f584310f674024d40c39e1053
Opcode Fuzzy Hash: e8ad3313ac50deca76865dcff50c63e8317fb702a62c77948e89599ff08dba86
Instruction Fuzzy Hash: 55515823B282C646E765CE359845B697B91F744BA8F489231CBD8CFAD5CE3DD440C780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F39FA08 Relevance: 2.0, APIs: 1, Instructions: 461COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: CurrentFeaturePresentProcessProcessor
String ID:
API String ID: 1010374628-0
Opcode ID: 9dfe81cf2fe2aeaa94458c05073b55d9d909155f94b1b315d38edc8d3fe764ba
Instruction ID: 92b68f32301717354e493051c4f98d761d9650e2c0c7164c92dd013f09f44518
Opcode Fuzzy Hash: 9dfe81cf2fe2aeaa94458c05073b55d9d909155f94b1b315d38edc8d3fe764ba
Instruction Fuzzy Hash: A9029D23E3E64681FF65EB22A410A796784AF41BB8F444635ED6DCE3D2DE3CA41183D0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F39CC04 Relevance: 1.5, Strings: 1, Instructions: 254COMMON

Download Yara Rule

Strings

gfffffff, xrefs: 00007FF67F39CF46

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID:
String ID: gfffffff
API String ID: 0-1523873471
Opcode ID: 24567b7b7ad9cc25883cfe86a0af8cdb31fb8148e1153fa934f37376d4be2ae6
Instruction ID: 55b1bafe1b9a002f0c2f9129aca73bd085f2f63661194050fae2cfa0e1dc4503
Opcode Fuzzy Hash: 24567b7b7ad9cc25883cfe86a0af8cdb31fb8148e1153fa934f37376d4be2ae6
Instruction Fuzzy Hash: A9A15A63B287C646EB21CB299410BB97B90EB55BE8F059032DE4E8B795DE3DD501CBC0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F396F98 Relevance: 1.4, Strings: 1, Instructions: 177COMMON

Download Yara Rule

Strings

TMP, xrefs: 00007FF67F396FB7

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: TMP
API String ID: 3215553584-3125297090
Opcode ID: 00c9b183540a5d61f6ae08d2a164c54d0dbd9f8471d374810534ff2672e287f6
Instruction ID: e184692785fce8d7d147f9c5bf09357f344c7dbad7755b2796c329b21a82f5d1
Opcode Fuzzy Hash: 00c9b183540a5d61f6ae08d2a164c54d0dbd9f8471d374810534ff2672e287f6
Instruction Fuzzy Hash: C3516D13F3964242FA68EB3659119BA5391AF84BE9F484435DE0DCF7D6EE3DE44282C0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F3A25A0 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00007FF67F3A25A4

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: 6aaf01db4fcd6d8e5e92a2165bcca8bef3bc9097c29bcaeff3790f5a52787e5b
Instruction ID: 4f88ad06c277032a95244e1d0b35e9a38f3083c3b4a3eabfe32518bec8de3422
Opcode Fuzzy Hash: 6aaf01db4fcd6d8e5e92a2165bcca8bef3bc9097c29bcaeff3790f5a52787e5b
Instruction Fuzzy Hash: E5B09222E27A02D2EE092B22AC82A2423B4BF48720F990138D01C84320DF2C20AA97C0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F392800 Relevance: .3, Instructions: 327COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 720b0f885fc535c3a242e303a59ba9c626026de2633fd245c18c7096fc28f432
Instruction ID: 1e65f9692908ec0d45564505f3a6d2609ab6c20c324e5770cd7c8b9e4814c641
Opcode Fuzzy Hash: 720b0f885fc535c3a242e303a59ba9c626026de2633fd245c18c7096fc28f432
Instruction Fuzzy Hash: B6D1DE63A28A4286EB68CF298450E7D27A0FF45B6CF164235CE4D8B695CF3DE855C3C0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F3880A0 Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25b4879d951165098d7d9ad8dfdbe188c5f26750c92d05a39af3c572e9b4c9ce
Instruction ID: 1ef9788692094442db88e936adea9716861df07be675b5b2c24292a51011bef4
Opcode Fuzzy Hash: 25b4879d951165098d7d9ad8dfdbe188c5f26750c92d05a39af3c572e9b4c9ce
Instruction Fuzzy Hash: 94C184731141E04BE2C9EB29E56987E7791F78930DB94403BEB8787B89CB3CA514D790

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F391E70 Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3511ad376341763adbf03eaa1481790c1cd7a3e825f7d6c297581565e8b6740f
Instruction ID: efb1ff9b9f8f47098dc77e3c879cae731cbd721fcd8850ad3e3b3c1b64feb433
Opcode Fuzzy Hash: 3511ad376341763adbf03eaa1481790c1cd7a3e825f7d6c297581565e8b6740f
Instruction Fuzzy Hash: 31B15B77A28A858AE765CF29C450A3C3BA4E749B6CF254236CB4E8B395CF39D451C7C0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F39D718 Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b482d32cf4439f597672c93949c919f143e2d798b80af63496daf47fa9f459cc
Instruction ID: f3d5d3b9119dc17cf86c7a5b8e33b2730637ce4772e042b5c47bdd2b8018b985
Opcode Fuzzy Hash: b482d32cf4439f597672c93949c919f143e2d798b80af63496daf47fa9f459cc
Instruction Fuzzy Hash: B281E473A2C78185EB74DF19944AB79A790FB457A8F504235DADE8BB89CF3CD4008B80

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F3A5820 Relevance: .2, Instructions: 183COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 093da9d804f6d3f0dcf011766d3ac1044083a14a82be884a6ec622c588f21297
Instruction ID: 408e6176bd64da1ec06a8797e689082727e811605e637c699147c0f78c85cb2b
Opcode Fuzzy Hash: 093da9d804f6d3f0dcf011766d3ac1044083a14a82be884a6ec622c588f21297
Instruction Fuzzy Hash: 3261B723F2829286FFA5852A9450A7D67D1BF41370F14423AFA5ECE6D5EE7DE80087C0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F390FB4 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d861661aa08db629cc23cdca8c369b076586a2e450c00db1ba5d57a294e44a4f
Instruction ID: f4bf9f7e13cbf431d61eefcc79e1a6aad1ac7b55277d22f3cffc421b390f7f0c
Opcode Fuzzy Hash: d861661aa08db629cc23cdca8c369b076586a2e450c00db1ba5d57a294e44a4f
Instruction Fuzzy Hash: 25515377A386518AE764DB29C44462937A0EB45BBCF244131CA8DAB795CF7BE843C7C0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F390BA4 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c32b4ddfd43473a216dec7aa9a0be5b617892f75f4149cffacdc7470c95e978f
Instruction ID: 521e04f7df12be273d040f355444b0d2e38abc0bb2d59af9efa8f150e9d76381
Opcode Fuzzy Hash: c32b4ddfd43473a216dec7aa9a0be5b617892f75f4149cffacdc7470c95e978f
Instruction Fuzzy Hash: 565142B7A2865186E724CB39D044A2937A0EB55B7CF245131CE4D9F7A5CF3AE842CBC0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F3913C4 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 867914ff4df0b6b44d704adc42bbe88cde9096fdc707783f05752eff833c7ffe
Instruction ID: 84c189f2f2035093bf379bbf372100a40e06df7266dae5f3c59053ec161523dd
Opcode Fuzzy Hash: 867914ff4df0b6b44d704adc42bbe88cde9096fdc707783f05752eff833c7ffe
Instruction Fuzzy Hash: 61514777A286518AE764DB19D040A2937B0EB59B7CF254131CE4DAB7A4CF3AE842C7C0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F390DB0 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1de1d42fcd570761cca71ddda72003ed022ec41b6526507f8e47f89f031e3167
Instruction ID: 8a95203336d94516503f682c4fbb4d943755743ed42785b5997e8617031ec8a6
Opcode Fuzzy Hash: 1de1d42fcd570761cca71ddda72003ed022ec41b6526507f8e47f89f031e3167
Instruction Fuzzy Hash: A7517DB7A28A5186E764CB39C040A3937A1EB48B6CF245131DE4D9F795CF3AE952C7C0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F3909A0 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 876697f8e8f5cbbdb44752562e3cb115d809b93d1bac5633a342ac63b65505f1
Instruction ID: bbb9a6db845bf45a6c75c25df2475e36ddc00d9c791f88322cc4c1c1d913d342
Opcode Fuzzy Hash: 876697f8e8f5cbbdb44752562e3cb115d809b93d1bac5633a342ac63b65505f1
Instruction Fuzzy Hash: B1514DB7A2865586E764CB39C040A2927A1EB45B6CF284131CE4D9F7A5DF3AEC42C7C0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F3911C0 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b4a4146db3bd1fe649265067838c8b0d7c1a5e97031d62dd0eb31e0fdd0228e
Instruction ID: 799bf33c599f2b600157941c1539fa6df7f9a77887ea08449450f8e23e1e7cdb
Opcode Fuzzy Hash: 6b4a4146db3bd1fe649265067838c8b0d7c1a5e97031d62dd0eb31e0fdd0228e
Instruction Fuzzy Hash: E7514677A2465189E764DB29C04062C37A1EB45B7CF644135CE8DAB798CF3AE853C7C0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F394F50 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
Instruction ID: e01eaaf3840f1d6add87fe7565a770179066d0cf6b8e8de00e8414e65b494269
Opcode Fuzzy Hash: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
Instruction Fuzzy Hash: 7F41D353C2D74F48F9D5C9188500EB827C0AF22BB9E6892B1DC9B9B3D6CD1C25CAC2C0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F398BA0 Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: ErrorFreeHeapLast
String ID:
API String ID: 485612231-0
Opcode ID: 5ea786bf6f8cd91bfc05a08c0c92a1f9982b351c0a184c2e6e7479b7886dc32f
Instruction ID: 0563c67aa60141adcb3aca45f0d61f7ce208ff18de6ae5863fd6db137204dc08
Opcode Fuzzy Hash: 5ea786bf6f8cd91bfc05a08c0c92a1f9982b351c0a184c2e6e7479b7886dc32f
Instruction Fuzzy Hash: B5411973B28A5581EF58CF2AD954969B3A1B748FE4B449432EE0DCBB54DE3CC04683C0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F396560 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: acfb330f7f9e9d51a6719fb60a794d6094d3cb8e4174533331f0489c7a291eae
Instruction ID: bd834340f38ef25a586b08399ebedb397c480622e561d2b67d00678ed42b0fc3
Opcode Fuzzy Hash: acfb330f7f9e9d51a6719fb60a794d6094d3cb8e4174533331f0489c7a291eae
Instruction Fuzzy Hash: A7319433729B4282EB24DF25A44153E67D5AB84BB4F144238EA5D9BB99DF3CD0128784

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F3A89B0 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b98f8205f4dd5ad0f3b4c63852b6076f32f3a1b530b1ff8e23dc59df104b107b
Instruction ID: 3212676807d134663192748e4932cc12e23c13ee1f20f06a2da2454ca93e8db8
Opcode Fuzzy Hash: b98f8205f4dd5ad0f3b4c63852b6076f32f3a1b530b1ff8e23dc59df104b107b
Instruction Fuzzy Hash: 0AF068727282658ADB988F6DA802A2977D0F7483D0F409139E59DC7B44DE3C9051CF84

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F38B880 Relevance: .0, Instructions: 2COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03ec394501486fefa8e68c4fc5f22486c81951ca79d36a27091b1f9b4683aa64
Instruction ID: cea1d52ac2b87c180d0ba0a964987b61d62d60ca01ce9355733c2726065e6461
Opcode Fuzzy Hash: 03ec394501486fefa8e68c4fc5f22486c81951ca79d36a27091b1f9b4683aa64
Instruction Fuzzy Hash: E0A0022392CC47E0EE459B05E85083023B0FB50320F400131E41DC90B09F3CA440D3D0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F383DF0 Relevance: 291.0, APIs: 55, Strings: 111, Instructions: 457libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32(?,?,00000000,00007FF67F3830BE), ref: 00007FF67F383E06
GetProcAddress.KERNEL32(?,?,00000000,00007FF67F3830BE), ref: 00007FF67F383E45
GetProcAddress.KERNEL32(?,?,00000000,00007FF67F3830BE), ref: 00007FF67F383E6A
GetProcAddress.KERNEL32(?,?,00000000,00007FF67F3830BE), ref: 00007FF67F383E8F
GetProcAddress.KERNEL32(?,?,00000000,00007FF67F3830BE), ref: 00007FF67F383EB7
GetProcAddress.KERNEL32(?,?,00000000,00007FF67F3830BE), ref: 00007FF67F383EDF
GetProcAddress.KERNEL32(?,?,00000000,00007FF67F3830BE), ref: 00007FF67F383F07
GetProcAddress.KERNEL32(?,?,00000000,00007FF67F3830BE), ref: 00007FF67F383F2F
GetProcAddress.KERNEL32(?,?,00000000,00007FF67F3830BE), ref: 00007FF67F383F57

Strings

PyErr_Fetch, xrefs: 00007FF67F3841AD
PyErr_Occurred, xrefs: 00007FF67F38415D
Failed to get address for Py_FrozenFlag, xrefs: 00007FF67F383E7C
PyUnicode_DecodeFSDefault, xrefs: 00007FF67F38460D
PySys_GetObject, xrefs: 00007FF67F38447D
PyObject_CallFunctionObjArgs, xrefs: 00007FF67F384365
Failed to get address for Py_UTF8Mode, xrefs: 00007FF67F383F99
Failed to get address for PyModule_GetDict, xrefs: 00007FF67F384331
PyErr_Clear, xrefs: 00007FF67F384135
PyMem_RawFree, xrefs: 00007FF67F384595
Py_VerboseFlag, xrefs: 00007FF67F383F25
PyUnicode_Join, xrefs: 00007FF67F38465D
Py_IgnoreEnvironmentFlag, xrefs: 00007FF67F383E85
PySys_SetPath, xrefs: 00007FF67F3844CD
Failed to get address for PyErr_Print, xrefs: 00007FF67F3841A1
Failed to get address for PyDict_GetItemString, xrefs: 00007FF67F384129
Failed to get address for Py_SetProgramName, xrefs: 00007FF67F3840D9
Failed to get address for PyObject_CallFunction, xrefs: 00007FF67F384359
Py_NoSiteFlag, xrefs: 00007FF67F383EAD
PyMarshal_ReadObjectFromString, xrefs: 00007FF67F38451D
Py_DecodeLocale, xrefs: 00007FF67F38456D
PyObject_CallFunction, xrefs: 00007FF67F38433D
Failed to get address for Py_SetPath, xrefs: 00007FF67F384089
Failed to get address for PySys_GetObject, xrefs: 00007FF67F384499
Failed to get address for PyUnicode_Join, xrefs: 00007FF67F384679
Failed to get address for PyImport_ImportModule, xrefs: 00007FF67F384291
Failed to get address for PyErr_Clear, xrefs: 00007FF67F384151
Py_DontWriteBytecodeFlag, xrefs: 00007FF67F383DFF
Failed to get address for PyUnicode_Replace, xrefs: 00007FF67F3846A1
Failed to get address for PyRun_SimpleStringFlags, xrefs: 00007FF67F384421
Py_DecRef, xrefs: 00007FF67F383FCD
PyImport_ImportModule, xrefs: 00007FF67F384275
GetProcAddress, xrefs: 00007FF67F383E1F
Failed to get address for Py_IgnoreEnvironmentFlag, xrefs: 00007FF67F383EA1
Failed to get address for PyImport_ExecCodeModule, xrefs: 00007FF67F384269
Failed to get address for PyMem_RawFree, xrefs: 00007FF67F3845B1
Failed to get address for PyMarshal_ReadObjectFromString, xrefs: 00007FF67F384539
Py_Initialize, xrefs: 00007FF67F384045
PyErr_Print, xrefs: 00007FF67F384185
PyList_New, xrefs: 00007FF67F3842C5
PyObject_SetAttrString, xrefs: 00007FF67F38438D
Failed to get address for Py_IncRef, xrefs: 00007FF67F384039
Failed to get address for PySys_SetArgvEx, xrefs: 00007FF67F384471
PyEval_EvalCode, xrefs: 00007FF67F3844F5
Py_BuildValue, xrefs: 00007FF67F383FA5
Failed to get address for Py_NoSiteFlag, xrefs: 00007FF67F383EC9
PyObject_Str, xrefs: 00007FF67F3843DD
PyList_Append, xrefs: 00007FF67F38429D
PyUnicode_FromString, xrefs: 00007FF67F384545
Failed to get address for PyUnicode_DecodeFSDefault, xrefs: 00007FF67F384629
Failed to get address for PyLong_AsLong, xrefs: 00007FF67F384309
Py_UnbufferedStdioFlag, xrefs: 00007FF67F383F4D
Failed to get address for Py_NoUserSiteDirectory, xrefs: 00007FF67F383EF1
PyUnicode_FromFormat, xrefs: 00007FF67F3845BD
Failed to get address for Py_UnbufferedStdioFlag, xrefs: 00007FF67F383F69
Failed to get address for PySys_SetObject, xrefs: 00007FF67F3844C1
Failed to get address for PyObject_SetAttrString, xrefs: 00007FF67F3843A9
Failed to get address for Py_BuildValue, xrefs: 00007FF67F383FC1
Failed to get address for Py_DontWriteBytecodeFlag, xrefs: 00007FF67F383E18
Py_FrozenFlag, xrefs: 00007FF67F383E60
Failed to get address for PyEval_EvalCode, xrefs: 00007FF67F384511
Failed to get address for PyErr_NormalizeException, xrefs: 00007FF67F384219
Failed to get address for PySys_SetPath, xrefs: 00007FF67F3844E9
Py_IncRef, xrefs: 00007FF67F38401D
Failed to get address for Py_Finalize, xrefs: 00007FF67F384011
Failed to get address for PyErr_Occurred, xrefs: 00007FF67F384179
PyModule_GetDict, xrefs: 00007FF67F384315
PySys_SetArgvEx, xrefs: 00007FF67F384455
Failed to get address for PyUnicode_FromFormat, xrefs: 00007FF67F3845D9
PySys_SetObject, xrefs: 00007FF67F3844A5
PyErr_NormalizeException, xrefs: 00007FF67F3841FD
Failed to get address for PyList_New, xrefs: 00007FF67F3842E1
PyUnicode_AsUTF8, xrefs: 00007FF67F384635
PyUnicode_Replace, xrefs: 00007FF67F384685
PyRun_SimpleStringFlags, xrefs: 00007FF67F384405
Failed to get address for PyUnicode_AsUTF8, xrefs: 00007FF67F384651
PyDict_GetItemString, xrefs: 00007FF67F38410D
Failed to get address for PyImport_AddModule, xrefs: 00007FF67F384241
PyLong_AsLong, xrefs: 00007FF67F3842ED
PySys_AddWarnOption, xrefs: 00007FF67F38442D
Failed to get address for PyList_Append, xrefs: 00007FF67F3842B9
Py_FileSystemDefaultEncoding, xrefs: 00007FF67F383E3B
PyImport_ExecCodeModule, xrefs: 00007FF67F38424D
Py_SetPath, xrefs: 00007FF67F38406D
Py_NoUserSiteDirectory, xrefs: 00007FF67F383ED5
Failed to get address for Py_SetPythonHome, xrefs: 00007FF67F384101
Py_Finalize, xrefs: 00007FF67F383FF5
PyImport_AddModule, xrefs: 00007FF67F384225
Failed to get address for PySys_AddWarnOption, xrefs: 00007FF67F384449
Failed to get address for PyObject_Str, xrefs: 00007FF67F3843F9
Failed to get address for Py_GetPath, xrefs: 00007FF67F3840B1
Py_SetPythonHome, xrefs: 00007FF67F3840E5
Failed to get address for Py_OptimizeFlag, xrefs: 00007FF67F383F19
Failed to get address for Py_VerboseFlag, xrefs: 00007FF67F383F41
Failed to get address for Py_FileSystemDefaultEncoding, xrefs: 00007FF67F383E57
Py_GetPath, xrefs: 00007FF67F384095
Failed to get address for Py_DecRef, xrefs: 00007FF67F383FE9
Failed to get address for Py_DecodeLocale, xrefs: 00007FF67F384589
Failed to get address for PyUnicode_FromString, xrefs: 00007FF67F384561
Py_OptimizeFlag, xrefs: 00007FF67F383EFD
Failed to get address for PyObject_CallFunctionObjArgs, xrefs: 00007FF67F384381
PyObject_GetAttrString, xrefs: 00007FF67F3843B5
Py_UTF8Mode, xrefs: 00007FF67F383F7D
Py_SetProgramName, xrefs: 00007FF67F3840BD
PyUnicode_Decode, xrefs: 00007FF67F3845E5
Failed to get address for PyUnicode_Decode, xrefs: 00007FF67F384601
Failed to get address for PyErr_Restore, xrefs: 00007FF67F3841F1
Failed to get address for PyObject_GetAttrString, xrefs: 00007FF67F3843D1
PyErr_Restore, xrefs: 00007FF67F3841D5
Failed to get address for PyErr_Fetch, xrefs: 00007FF67F3841C9
Failed to get address for Py_Initialize, xrefs: 00007FF67F384061

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: AddressProc
String ID: Failed to get address for PyDict_GetItemString$Failed to get address for PyErr_Clear$Failed to get address for PyErr_Fetch$Failed to get address for PyErr_NormalizeException$Failed to get address for PyErr_Occurred$Failed to get address for PyErr_Print$Failed to get address for PyErr_Restore$Failed to get address for PyEval_EvalCode$Failed to get address for PyImport_AddModule$Failed to get address for PyImport_ExecCodeModule$Failed to get address for PyImport_ImportModule$Failed to get address for PyList_Append$Failed to get address for PyList_New$Failed to get address for PyLong_AsLong$Failed to get address for PyMarshal_ReadObjectFromString$Failed to get address for PyMem_RawFree$Failed to get address for PyModule_GetDict$Failed to get address for PyObject_CallFunction$Failed to get address for PyObject_CallFunctionObjArgs$Failed to get address for PyObject_GetAttrString$Failed to get address for PyObject_SetAttrString$Failed to get address for PyObject_Str$Failed to get address for PyRun_SimpleStringFlags$Failed to get address for PySys_AddWarnOption$Failed to get address for PySys_GetObject$Failed to get address for PySys_SetArgvEx$Failed to get address for PySys_SetObject$Failed to get address for PySys_SetPath$Failed to get address for PyUnicode_AsUTF8$Failed to get address for PyUnicode_Decode$Failed to get address for PyUnicode_DecodeFSDefault$Failed to get address for PyUnicode_FromFormat$Failed to get address for PyUnicode_FromString$Failed to get address for PyUnicode_Join$Failed to get address for PyUnicode_Replace$Failed to get address for Py_BuildValue$Failed to get address for Py_DecRef$Failed to get address for Py_DecodeLocale$Failed to get address for Py_DontWriteBytecodeFlag$Failed to get address for Py_FileSystemDefaultEncoding$Failed to get address for Py_Finalize$Failed to get address for Py_FrozenFlag$Failed to get address for Py_GetPath$Failed to get address for Py_IgnoreEnvironmentFlag$Failed to get address for Py_IncRef$Failed to get address for Py_Initialize$Failed to get address for Py_NoSiteFlag$Failed to get address for Py_NoUserSiteDirectory$Failed to get address for Py_OptimizeFlag$Failed to get address for Py_SetPath$Failed to get address for Py_SetProgramName$Failed to get address for Py_SetPythonHome$Failed to get address for Py_UTF8Mode$Failed to get address for Py_UnbufferedStdioFlag$Failed to get address for Py_VerboseFlag$GetProcAddress$PyDict_GetItemString$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyList_New$PyLong_AsLong$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyRun_SimpleStringFlags$PySys_AddWarnOption$PySys_GetObject$PySys_SetArgvEx$PySys_SetObject$PySys_SetPath$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_BuildValue$Py_DecRef$Py_DecodeLocale$Py_DontWriteBytecodeFlag$Py_FileSystemDefaultEncoding$Py_Finalize$Py_FrozenFlag$Py_GetPath$Py_IgnoreEnvironmentFlag$Py_IncRef$Py_Initialize$Py_NoSiteFlag$Py_NoUserSiteDirectory$Py_OptimizeFlag$Py_SetPath$Py_SetProgramName$Py_SetPythonHome$Py_UTF8Mode$Py_UnbufferedStdioFlag$Py_VerboseFlag
API String ID: 190572456-3109299426
Opcode ID: 9a46f94a5db316c904c1dd688f1073b3c37aa512f8c778aadf3faf8dd6919ce6
Instruction ID: 7107e4921eb8a292c0050465d21eef89b735e4c169e3e8183924ca1e15d29716
Opcode Fuzzy Hash: 9a46f94a5db316c904c1dd688f1073b3c37aa512f8c778aadf3faf8dd6919ce6
Instruction Fuzzy Hash: 3542CE67A2DB07D1FE59CB0AA85097823E1AF047B4B845535E80ECE364FF7CB56892D0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F381440 Relevance: 21.1, APIs: 1, Strings: 11, Instructions: 133COMMON

Download Yara Rule

Strings

Failed to extract %s: failed to open archive file!, xrefs: 00007FF67F3814CA
Failed to extract %s: failed to open target file!, xrefs: 00007FF67F38148A
fread, xrefs: 00007FF67F3815EC
malloc, xrefs: 00007FF67F381560
fwrite, xrefs: 00007FF67F3815DC
Failed to extract %s: failed to read data chunk!, xrefs: 00007FF67F3815E5
fseek, xrefs: 00007FF67F381500
Failed to extract %s: failed to seek to the entry's data!, xrefs: 00007FF67F3814F9
Failed to extract %s: failed to write data chunk!, xrefs: 00007FF67F3815D5
Failed to extract %s: failed to allocate temporary buffer!, xrefs: 00007FF67F381559
fopen, xrefs: 00007FF67F381491

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID:
String ID: Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
API String ID: 0-666925554
Opcode ID: 37c913440f915224949b5f530199302c5c5691bc55ee7d51d886240c9f5de79b
Instruction ID: 9f1e11d1bbd3731aca20a3e9ada59d443734d003dbd108df80f9fae3b42c6bcf
Opcode Fuzzy Hash: 37c913440f915224949b5f530199302c5c5691bc55ee7d51d886240c9f5de79b
Instruction Fuzzy Hash: B8518163B2864281EE10EB22E414EB963A0AF55BF4F444531EE5DCF796EE3CE54583E0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F3878A0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 91COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000000,00007FF67F38685A,?,00007FF67F38674D), ref: 00007FF67F3878E0
OpenProcessToken.ADVAPI32(?,00007FF67F38674D), ref: 00007FF67F3878F1
GetTokenInformation.ADVAPI32(?,00007FF67F38674D(TokenIntegrityLevel)), ref: 00007FF67F387913
GetLastError.KERNEL32(?,TokenIntegrityLevel), ref: 00007FF67F38791D
GetTokenInformation.ADVAPI32(?,TokenIntegrityLevel), ref: 00007FF67F38795A
ConvertSidToStringSidW.ADVAPI32 ref: 00007FF67F38796C
CloseHandle.KERNEL32(?,00007FF67F38674D), ref: 00007FF67F387984
LocalFree.KERNEL32(?,00007FF67F38674D), ref: 00007FF67F3879B6
ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32 ref: 00007FF67F3879DD
CreateDirectoryW.KERNEL32(?,00007FF67F38674D), ref: 00007FF67F3879EE

Strings

S-1-3-4, xrefs: 00007FF67F38798F
D:(A;;FA;;;%s), xrefs: 00007FF67F387999

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: Token$ConvertDescriptorInformationProcessSecurityString$CloseCreateCurrentDirectoryErrorFreeHandleLastLocalOpen
String ID: D:(A;;FA;;;%s)$S-1-3-4
API String ID: 4998090-2855260032
Opcode ID: 325d64cfb385d23493eb0389c0ea059c6d59262dbafda5a72abe8264351e6c2a
Instruction ID: 377c8cd43708b1f45d91e36a92d9b6aba6d73d9706d31b83ac9296006baf1b07
Opcode Fuzzy Hash: 325d64cfb385d23493eb0389c0ea059c6d59262dbafda5a72abe8264351e6c2a
Instruction Fuzzy Hash: CC413E3362C68382EA509F61E444AAA73A1FB847A5F440231EA6ECA6D5DF3CD448C7D0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F382030 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

GetDC.USER32 ref: 00007FF67F38205B
SelectObject.GDI32 ref: 00007FF67F3820A2
DrawTextW.USER32 ref: 00007FF67F3820C5
SelectObject.GDI32 ref: 00007FF67F3820DB
ReleaseDC.USER32 ref: 00007FF67F3820EB
MoveWindow.USER32 ref: 00007FF67F38213B
MoveWindow.USER32 ref: 00007FF67F38217B
MoveWindow.USER32 ref: 00007FF67F3821CE
MoveWindow.USER32 ref: 00007FF67F382216

Strings

P%, xrefs: 00007FF67F3820AF

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: MoveWindow$ObjectSelect$DrawReleaseText
String ID: P%
API String ID: 2147705588-2959514604
Opcode ID: 2abf96d7e756ec95747b6225775113f5ca3bbb9c1d9d148edce5ba3104c9dbe9
Instruction ID: bb0785aa15ecf59f3a4824dcaaa2810cd9d840267f02109ab78a6332e1c88c2d
Opcode Fuzzy Hash: 2abf96d7e756ec95747b6225775113f5ca3bbb9c1d9d148edce5ba3104c9dbe9
Instruction Fuzzy Hash: 8F511527618BA186DA349F22E4185BAB7A1FB98B61F004121EFDF83784DF3CD045DB50

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F390228 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF67F390268
_invalid_parameter_noinfo.LIBCMT ref: 00007FF67F390630
_invalid_parameter_noinfo.LIBCMT ref: 00007FF67F3908CF

Strings

p, xrefs: 00007FF67F39030D
f, xrefs: 00007FF67F39036A
p, xrefs: 00007FF67F390372
f, xrefs: 00007FF67F390300
f, xrefs: 00007FF67F3904B5

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: f$f$p$p$f
API String ID: 3215553584-1325933183
Opcode ID: 864902cbb2e935f55fbb0b0f358a3d1305b233c90ffe52d12db1516ed6b7c985
Instruction ID: 390d8ec1319a1ef512cde00b24fd35eb3d53927ff9fbc7bd5bc75ee2997a567d
Opcode Fuzzy Hash: 864902cbb2e935f55fbb0b0f358a3d1305b233c90ffe52d12db1516ed6b7c985
Instruction Fuzzy Hash: AB1283A3F2C15386FB24DA35E054ABA77A1FB80768F844035D6998E6D4DF7CE4848BD0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F3812B0 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 106COMMON

Download Yara Rule

Strings

Failed to extract %s: failed to open archive file!, xrefs: 00007FF67F3812E2
fread, xrefs: 00007FF67F3813E9
malloc, xrefs: 00007FF67F381353
Failed to extract %s: failed to read data chunk!, xrefs: 00007FF67F3813E2
fseek, xrefs: 00007FF67F381319
Failed to extract %s: failed to seek to the entry's data!, xrefs: 00007FF67F381312
Failed to extract %s: failed to allocate data buffer (%u bytes)!, xrefs: 00007FF67F38134C

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: Message
String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
API String ID: 2030045667-3659356012
Opcode ID: cde6a528f24137f5304f8cb319a168ab15695774dc73d278eb1ed96202088a3e
Instruction ID: b5cb2fad521e1b7572d1560dbae4c0d45b3d9f9856bb7667cc1605dd30278beb
Opcode Fuzzy Hash: cde6a528f24137f5304f8cb319a168ab15695774dc73d278eb1ed96202088a3e
Instruction Fuzzy Hash: FA417363B2864282EE24EB12E440ABA63A0FF547B4F544431DE5DCBB55EE7CE542C7D0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F386FD0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 90processsynchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF67F387A30: MultiByteToWideChar.KERNEL32 ref: 00007FF67F387A6A

SetConsoleCtrlHandler.KERNEL32(00000000,00007FF67F383A30), ref: 00007FF67F38701F
GetStartupInfoW.KERNEL32 ref: 00007FF67F38703E

Part of subcall function 00007FF67F399184: _invalid_parameter_noinfo.LIBCMT ref: 00007FF67F399198

Part of subcall function 00007FF67F396EF8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF67F396F5F

GetCommandLineW.KERNEL32 ref: 00007FF67F3870DE
CreateProcessW.KERNEL32 ref: 00007FF67F387120
WaitForSingleObject.KERNEL32 ref: 00007FF67F387134
GetExitCodeProcess.KERNEL32 ref: 00007FF67F387144

Strings

Error creating child process!, xrefs: 00007FF67F387150
CreateProcessW, xrefs: 00007FF67F387157

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlExitHandlerInfoLineMultiObjectSingleStartupWaitWide
String ID: CreateProcessW$Error creating child process!
API String ID: 2895956056-3524285272
Opcode ID: abaaef525a4316cf0ad8ae1602483ebc482a8e395ee8b6b4db4649471e4f68f4
Instruction ID: 2ff9a31d62b4135d4e460788a3f2ded42d0bf52d898c426bbfb7c5994ebca33a
Opcode Fuzzy Hash: abaaef525a4316cf0ad8ae1602483ebc482a8e395ee8b6b4db4649471e4f68f4
Instruction Fuzzy Hash: 11413033A1878282DE20DB65E5556AAB3A4FB94374F400735E6AD8BBD5DF7CD0448BC0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F38DC30 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON

Download Yara Rule

APIs

__FrameHandler3::GetHandlerSearchState.LIBVCRUNTIME ref: 00007FF67F38DC8D

Part of subcall function 00007FF67F38EBA0: __GetUnwindTryBlock.LIBCMT ref: 00007FF67F38EBE3
Part of subcall function 00007FF67F38EBA0: __SetUnwindTryBlock.LIBVCRUNTIME ref: 00007FF67F38EC08

Is_bad_exception_allowed.LIBVCRUNTIME ref: 00007FF67F38DD65
__FrameHandler3::ExecutionInCatch.LIBVCRUNTIME ref: 00007FF67F38DFBA
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF67F38E0C6

Strings

csm, xrefs: 00007FF67F38DD88
csm, xrefs: 00007FF67F38DD0E
csm, xrefs: 00007FF67F38DCA7

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
String ID: csm$csm$csm
API String ID: 849930591-393685449
Opcode ID: 64a04dea20eab758f09741b49381e36ae6aa3d4dbdf263ead872da10faeebcc4
Instruction ID: 944305cc4426b16efb3afad3f5d6541e6ca7e58e7240583d21baac7773e582d3
Opcode Fuzzy Hash: 64a04dea20eab758f09741b49381e36ae6aa3d4dbdf263ead872da10faeebcc4
Instruction Fuzzy Hash: 39E17D73A287418AEB209F659440AAD37A0FB447A8F100535EE8DDBB95CF3CE484C7E1

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F381050 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 156COMMON

Download Yara Rule

Strings

Failed to extract %s: inflateInit() failed with return code %d!, xrefs: 00007FF67F3810B4
1.2.13, xrefs: 00007FF67F38107E
malloc, xrefs: 00007FF67F3810F8, 00007FF67F381126
Failed to extract %s: failed to allocate temporary input buffer!, xrefs: 00007FF67F3810F1
Failed to extract %s: failed to allocate temporary output buffer!, xrefs: 00007FF67F38111F
Failed to extract %s: decompression resulted in return code %d!, xrefs: 00007FF67F381249

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: Message
String ID: 1.2.13$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
API String ID: 2030045667-1655038675
Opcode ID: 16cfe9308c4c9ecd15c27d970c4b813c3cdd434660d0b5ae915340d975fce95f
Instruction ID: bd6d8db29e4dfeece9785501978afca1a0c4b070ac268d42028c22edb354dc8e
Opcode Fuzzy Hash: 16cfe9308c4c9ecd15c27d970c4b813c3cdd434660d0b5ae915340d975fce95f
Instruction Fuzzy Hash: 3551BF63A2968285EA60EB52E440BFA6390FB84BB4F444131EE4DCB795EF3CE545C7D0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F39DDB8 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

FreeLibrary.KERNEL32(?,00000000,?,00007FF67F39E152,?,?,-00000018,00007FF67F39A223,?,?,?,00007FF67F39A11A,?,?,?,00007FF67F395472), ref: 00007FF67F39DF34
GetProcAddress.KERNEL32(?,00000000,?,00007FF67F39E152,?,?,-00000018,00007FF67F39A223,?,?,?,00007FF67F39A11A,?,?,?,00007FF67F395472), ref: 00007FF67F39DF40

Strings

api-ms-, xrefs: 00007FF67F39DE7E
ext-ms-, xrefs: 00007FF67F39DE91

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: AddressFreeLibraryProc
String ID: api-ms-$ext-ms-
API String ID: 3013587201-537541572
Opcode ID: 01869d8b0b1ae08ce046380e8c955ca032c286979885a37836ee5a28d8bde6d1
Instruction ID: 3176595ffd952db3f9116dffa27a57f2a9801132cd7bc93712240fa4d9f0cce6
Opcode Fuzzy Hash: 01869d8b0b1ae08ce046380e8c955ca032c286979885a37836ee5a28d8bde6d1
Instruction Fuzzy Hash: 0541EE73B3AA1281FA56CB169805D752392BF18BB4F094535DD5DCF788EE3CE80582C0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F387600 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 103COMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF67F38101D), ref: 00007FF67F38769F
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF67F38101D), ref: 00007FF67F3876EF

Strings

Out of memory., xrefs: 00007FF67F387721
win32_utils_to_utf8, xrefs: 00007FF67F387728
Failed to get UTF-8 buffer size., xrefs: 00007FF67F387731
Failed to encode wchar_t as UTF-8., xrefs: 00007FF67F387718
WideCharToMultiByte, xrefs: 00007FF67F387738

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: ByteCharMultiWide
String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
API String ID: 626452242-27947307
Opcode ID: 4abb123c1e290ab0bf431a9e29adde0d703b54356917db0efbe6b96a2176b62e
Instruction ID: 2206533c69a288767b6e6099aee1df80499cbc1e563471942133fd19b01cce66
Opcode Fuzzy Hash: 4abb123c1e290ab0bf431a9e29adde0d703b54356917db0efbe6b96a2176b62e
Instruction Fuzzy Hash: F0415D33A2CB8281EA20CF15A44097AA7A5FB847A5F584135EE8DCBB94DF3CD491C7D0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F387B40 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 63COMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32(?,00007FF67F383699), ref: 00007FF67F387B81

Part of subcall function 00007FF67F382620: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF67F387744,?,?,?,?,?,?,?,?,?,?,?,00007FF67F38101D), ref: 00007FF67F382654
Part of subcall function 00007FF67F382620: MessageBoxW.USER32 ref: 00007FF67F38272C

WideCharToMultiByte.KERNEL32(?,00007FF67F383699), ref: 00007FF67F387BF5

Strings

Out of memory., xrefs: 00007FF67F387BBB
win32_utils_to_utf8, xrefs: 00007FF67F387BC2
Failed to get UTF-8 buffer size., xrefs: 00007FF67F387B8E
Failed to encode wchar_t as UTF-8., xrefs: 00007FF67F387BFF
WideCharToMultiByte, xrefs: 00007FF67F387B95, 00007FF67F387C06

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: ByteCharMultiWide$ErrorLastMessage
String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
API String ID: 3723044601-27947307
Opcode ID: 31ebc9b81e4e3fd2a5d7efff630c0257bd489d4360170f7ed3ae77706e921571
Instruction ID: 55c2e880c788de2fff15b68d41f1a9f9d39629a94484a9b3c9d212375bf228bb
Opcode Fuzzy Hash: 31ebc9b81e4e3fd2a5d7efff630c0257bd489d4360170f7ed3ae77706e921571
Instruction Fuzzy Hash: 5C218032A28B4285EB10DF26E84087977A2EB94BE0F544535DA4DCB754EF7CE591C3D0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F399264 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 494COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF67F3992A7
_invalid_parameter_noinfo.LIBCMT ref: 00007FF67F399694
_invalid_parameter_noinfo.LIBCMT ref: 00007FF67F399930

Strings

p, xrefs: 00007FF67F399359
f, xrefs: 00007FF67F3993C9
p, xrefs: 00007FF67F3993D1

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: f$p$p
API String ID: 3215553584-1995029353
Opcode ID: 8b43f30c9b627f105c9440690760d813b6cbc2015482011a3dd154e3df4de9b0
Instruction ID: 07f394c39505fc019a87bad7b3485c3c4a9d953cec8b3dc1b5522c3203701a3b
Opcode Fuzzy Hash: 8b43f30c9b627f105c9440690760d813b6cbc2015482011a3dd154e3df4de9b0
Instruction Fuzzy Hash: 7F129163E2E14386FB24DB15E054AB97799EB80778F884035E6998E6C4DF3DE5808BD0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F387C30 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 98COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32 ref: 00007FF67F387CC5
MultiByteToWideChar.KERNEL32 ref: 00007FF67F387D07

Strings

Out of memory., xrefs: 00007FF67F387D36
win32_utils_from_utf8, xrefs: 00007FF67F387D3D
Failed to get wchar_t buffer size., xrefs: 00007FF67F387D46
Failed to decode wchar_t from UTF-8, xrefs: 00007FF67F387D2D
MultiByteToWideChar, xrefs: 00007FF67F387D4D

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: ByteCharMultiWide
String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
API String ID: 626452242-876015163
Opcode ID: aaebe4b278efda81e931b0d8d3375374a2de1692e4ac414a8128f5c0242ab0be
Instruction ID: bd17ee32731d3bd783f4c599e9babf7bc75d3398b8b5027035e16f61225636e2
Opcode Fuzzy Hash: aaebe4b278efda81e931b0d8d3375374a2de1692e4ac414a8128f5c0242ab0be
Instruction Fuzzy Hash: 5E419433A2CA4282EA20DF25E440979A7A6FB447A1F144135EA4ECBBA4EF3CD455C7D0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F38CEE8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,?,?,00007FF67F38D19A,?,?,?,00007FF67F38CE8C,?,?,00000001,00007FF67F38CAA9), ref: 00007FF67F38CF6D
GetLastError.KERNEL32(?,?,?,00007FF67F38D19A,?,?,?,00007FF67F38CE8C,?,?,00000001,00007FF67F38CAA9), ref: 00007FF67F38CF7B
LoadLibraryExW.KERNEL32(?,?,?,00007FF67F38D19A,?,?,?,00007FF67F38CE8C,?,?,00000001,00007FF67F38CAA9), ref: 00007FF67F38CFA5
FreeLibrary.KERNEL32(?,?,?,00007FF67F38D19A,?,?,?,00007FF67F38CE8C,?,?,00000001,00007FF67F38CAA9), ref: 00007FF67F38CFEB
GetProcAddress.KERNEL32(?,?,?,00007FF67F38D19A,?,?,?,00007FF67F38CE8C,?,?,00000001,00007FF67F38CAA9), ref: 00007FF67F38CFF7

Strings

api-ms-, xrefs: 00007FF67F38CF8D

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: Library$Load$AddressErrorFreeLastProc
String ID: api-ms-
API String ID: 2559590344-2084034818
Opcode ID: 46f8882ba5516ded8d0f67aa9085a497a0d646e74245b223b6bb25c85e55adca
Instruction ID: 5f8d229787299c6fe9b657a7707c8b41ef8fc5c71c8cb1dd989bd0d222007556
Opcode Fuzzy Hash: 46f8882ba5516ded8d0f67aa9085a497a0d646e74245b223b6bb25c85e55adca
Instruction Fuzzy Hash: 89319E63A2AB4291FE529B02A40097563D4FF48BB0F594535ED1DCE380EF3CE44587E0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F386480 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 88COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF67F387A30: MultiByteToWideChar.KERNEL32 ref: 00007FF67F387A6A

ExpandEnvironmentStringsW.KERNEL32(00000000,00007FF67F3867CF,?,00000000,?,TokenIntegrityLevel), ref: 00007FF67F3864DF

Part of subcall function 00007FF67F382770: MessageBoxW.USER32 ref: 00007FF67F382841

Strings

LOADER: Failed to convert runtime-tmpdir to a wide string., xrefs: 00007FF67F3864B6
LOADER: Failed to expand environment variables in the runtime-tmpdir., xrefs: 00007FF67F3864F3
LOADER: Failed to obtain the absolute path of the runtime-tmpdir., xrefs: 00007FF67F38653A

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
String ID: LOADER: Failed to convert runtime-tmpdir to a wide string.$LOADER: Failed to expand environment variables in the runtime-tmpdir.$LOADER: Failed to obtain the absolute path of the runtime-tmpdir.
API String ID: 1662231829-3498232454
Opcode ID: 2dc19ef5ba30c1755b370eb24f27a07330b7d4ecbeaa7c6206d14ea3a4c7ebc1
Instruction ID: bc2af25063f0b3a82f772dd51b8f292091555e0c362ec60eb759d938f0014b52
Opcode Fuzzy Hash: 2dc19ef5ba30c1755b370eb24f27a07330b7d4ecbeaa7c6206d14ea3a4c7ebc1
Instruction Fuzzy Hash: 52317813B3C78281FE64D721E555BBA5391AF987E0F844432DA4ECE7DAEE2CE50486D0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F387A30 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 68COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32 ref: 00007FF67F387A6A

Part of subcall function 00007FF67F382620: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF67F387744,?,?,?,?,?,?,?,?,?,?,?,00007FF67F38101D), ref: 00007FF67F382654
Part of subcall function 00007FF67F382620: MessageBoxW.USER32 ref: 00007FF67F38272C

MultiByteToWideChar.KERNEL32 ref: 00007FF67F387AF0

Strings

Out of memory., xrefs: 00007FF67F387AB2
win32_utils_from_utf8, xrefs: 00007FF67F387AB9
Failed to get wchar_t buffer size., xrefs: 00007FF67F387A77
Failed to decode wchar_t from UTF-8, xrefs: 00007FF67F387AFA
MultiByteToWideChar, xrefs: 00007FF67F387A7E, 00007FF67F387B01

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: ByteCharMultiWide$ErrorLastMessage
String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
API String ID: 3723044601-876015163
Opcode ID: f722377c5addd92d766e9fa13234db446ce1d84bd25aa6405d278129d592b402
Instruction ID: 114983d58b149500e5a08581728195266bd4360c9d3ca270511733cd6a8425c5
Opcode Fuzzy Hash: f722377c5addd92d766e9fa13234db446ce1d84bd25aa6405d278129d592b402
Instruction Fuzzy Hash: D2217623B28A4281EF50CB26F400569A7A1FF847E4F584531EB5CDBB69EF6CD54187C0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F39A620 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00007FF67F3A2433,?,?,?,00007FF67F39CB8C,?,?,00000000,00007FF67F393A5F,?,?,?,00007FF67F399313), ref: 00007FF67F39A62F
FlsGetValue.KERNEL32(?,?,?,00007FF67F3A2433,?,?,?,00007FF67F39CB8C,?,?,00000000,00007FF67F393A5F,?,?,?,00007FF67F399313), ref: 00007FF67F39A644
FlsSetValue.KERNEL32(?,?,?,00007FF67F3A2433,?,?,?,00007FF67F39CB8C,?,?,00000000,00007FF67F393A5F,?,?,?,00007FF67F399313), ref: 00007FF67F39A665
FlsSetValue.KERNEL32(?,?,?,00007FF67F3A2433,?,?,?,00007FF67F39CB8C,?,?,00000000,00007FF67F393A5F,?,?,?,00007FF67F399313), ref: 00007FF67F39A692
FlsSetValue.KERNEL32(?,?,?,00007FF67F3A2433,?,?,?,00007FF67F39CB8C,?,?,00000000,00007FF67F393A5F,?,?,?,00007FF67F399313), ref: 00007FF67F39A6A3
FlsSetValue.KERNEL32(?,?,?,00007FF67F3A2433,?,?,?,00007FF67F39CB8C,?,?,00000000,00007FF67F393A5F,?,?,?,00007FF67F399313), ref: 00007FF67F39A6B4
SetLastError.KERNEL32(?,?,?,00007FF67F3A2433,?,?,?,00007FF67F39CB8C,?,?,00000000,00007FF67F393A5F,?,?,?,00007FF67F399313), ref: 00007FF67F39A6CF

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: 8ff2e8f234801333ca104f51e052509623115d46483bc0ab35df31335539f603
Instruction ID: ed5b7c1211305a894845e258278dab8cbeb816533830bfa69bffd51cca45292f
Opcode Fuzzy Hash: 8ff2e8f234801333ca104f51e052509623115d46483bc0ab35df31335539f603
Instruction Fuzzy Hash: AB215E23E2D60381FE68E721965593A63925F45BB8F140734E97E8F7D6DE2CB44082D1

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F3A706C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32 ref: 00007FF67F3A709D
GetLastError.KERNEL32 ref: 00007FF67F3A70A9
CloseHandle.KERNEL32 ref: 00007FF67F3A70C1
CreateFileW.KERNEL32 ref: 00007FF67F3A70EC
WriteConsoleW.KERNEL32 ref: 00007FF67F3A710B

Strings

CONOUT$, xrefs: 00007FF67F3A70CD

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
String ID: CONOUT$
API String ID: 3230265001-3130406586
Opcode ID: 1a41989b306c04176fbb8ce5d038fb17b2eb18ca34d01c5ff4cda60dd112554e
Instruction ID: 022f2fe3d7b54f8d96725ad8a37cfa7240d0d32d145b80978eaf77d5c2830d7c
Opcode Fuzzy Hash: 1a41989b306c04176fbb8ce5d038fb17b2eb18ca34d01c5ff4cda60dd112554e
Instruction Fuzzy Hash: 56117C23A28A4186EB908B56A854B2967E0FB88BF4F040234EA6DCB794CF3CD41487C0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F39A798 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00007FF67F39444D,?,?,?,?,00007FF67F39DDA7,?,?,00000000,00007FF67F39A8B6,?,?,?), ref: 00007FF67F39A7A7
FlsSetValue.KERNEL32(?,?,?,00007FF67F39444D,?,?,?,?,00007FF67F39DDA7,?,?,00000000,00007FF67F39A8B6,?,?,?), ref: 00007FF67F39A7DD
FlsSetValue.KERNEL32(?,?,?,00007FF67F39444D,?,?,?,?,00007FF67F39DDA7,?,?,00000000,00007FF67F39A8B6,?,?,?), ref: 00007FF67F39A80A
FlsSetValue.KERNEL32(?,?,?,00007FF67F39444D,?,?,?,?,00007FF67F39DDA7,?,?,00000000,00007FF67F39A8B6,?,?,?), ref: 00007FF67F39A81B
FlsSetValue.KERNEL32(?,?,?,00007FF67F39444D,?,?,?,?,00007FF67F39DDA7,?,?,00000000,00007FF67F39A8B6,?,?,?), ref: 00007FF67F39A82C
SetLastError.KERNEL32(?,?,?,00007FF67F39444D,?,?,?,?,00007FF67F39DDA7,?,?,00000000,00007FF67F39A8B6,?,?,?), ref: 00007FF67F39A847

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: 56467da9cbf0f7ea7726befb455c23c7da3468b21c05826552355134373c4563
Instruction ID: e708b46d6e96a653b2b5dac9de8781791cdb57a47acb87992431848db4360143
Opcode Fuzzy Hash: 56467da9cbf0f7ea7726befb455c23c7da3468b21c05826552355134373c4563
Instruction Fuzzy Hash: 26118123E2C64382FD58DB21965283E63915F447B8F144734D87E8F7D6DE2CA44283D1

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F38C8A8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF67F38C8D3
_IsNonwritableInCurrentImage.LIBCMT ref: 00007FF67F38C968
RtlUnwindEx.KERNEL32 ref: 00007FF67F38C9B7

Strings

csm, xrefs: 00007FF67F38C94E
f, xrefs: 00007FF67F38C8E6

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: CurrentImageNonwritableUnwind__except_validate_context_record
String ID: csm$f
API String ID: 2395640692-629598281
Opcode ID: 42fbbb83cedbe148bfcc1de87ea3e914151e174f0a46670c6939306692d2d31c
Instruction ID: 37a8418e9d6543c7477c3683033748b91d384d75d8c20c8ce98eae6f5b6a8d19
Opcode Fuzzy Hash: 42fbbb83cedbe148bfcc1de87ea3e914151e174f0a46670c6939306692d2d31c
Instruction Fuzzy Hash: A4517C33A297428AEB14CB25E444E6937A5FB45BE8F518131DA4ECB788DF3CE94187D0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F382240 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00007FF67F38242F), ref: 00007FF67F382278
DialogBoxIndirectParamW.USER32 ref: 00007FF67F38233C
DeleteObject.GDI32 ref: 00007FF67F38236F
DestroyIcon.USER32 ref: 00007FF67F382381

Strings

Unhandled exception in script, xrefs: 00007FF67F3822A8

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
String ID: Unhandled exception in script
API String ID: 3081866767-2699770090
Opcode ID: fcf731bf2ceca6e070dbdbaa780c49a73cf052ed135755c936a54f607c2ce467
Instruction ID: 904125e92c1e3eec90a94d9e5176c701625f90d05a1a1e790e1da057eb695bc5
Opcode Fuzzy Hash: fcf731bf2ceca6e070dbdbaa780c49a73cf052ed135755c936a54f607c2ce467
Instruction Fuzzy Hash: 41312F33A29A8289EB24DF61E8559E963A0FF887A4F440135EA4ECFB55DF3CD145C780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F3988E0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32 ref: 00007FF67F398905
GetProcAddress.KERNEL32 ref: 00007FF67F39891B
FreeLibrary.KERNEL32 ref: 00007FF67F398942

Strings

mscoree.dll, xrefs: 00007FF67F3988FC
CorExitProcess, xrefs: 00007FF67F398914

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 611779d08fafb8db9f6fab045cd04065641a8af0ffd245d6ff06f44facfa83ea
Instruction ID: 9af269ec05fcbc40f90a4d463343ca1c8ae6472cde39b1d071ab06f08866b5fb
Opcode Fuzzy Hash: 611779d08fafb8db9f6fab045cd04065641a8af0ffd245d6ff06f44facfa83ea
Instruction Fuzzy Hash: F5F06263A29A02C1EF109B25E455B396361FF857B5F940636D56D8D6F4CF2CD049C3C0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F3A87A4 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 00007FF67F3A87CC
_set_statfp.LIBCMT ref: 00007FF67F3A87E7
_set_statfp.LIBCMT ref: 00007FF67F3A8803
_set_statfp.LIBCMT ref: 00007FF67F3A883F

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: _set_statfp
String ID:
API String ID: 1156100317-0
Opcode ID: 69d38c35bd33e64192705e47d806ebaffe6519085bb8d16871af39b095092657
Instruction ID: be7d56e26af7aff0b6fe4a8abaae5346b77507ef7e767b6c9a6346ba98d96503
Opcode Fuzzy Hash: 69d38c35bd33e64192705e47d806ebaffe6519085bb8d16871af39b095092657
Instruction Fuzzy Hash: 6B118F73E78A0711FE982226E445B791AC5BF583B4F140674F97E8E6DADE2CAC4142C0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F39A860 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

FlsGetValue.KERNEL32(?,?,?,00007FF67F399A73,?,?,00000000,00007FF67F399D0E,?,?,?,?,?,00007FF67F3921EC), ref: 00007FF67F39A87F
FlsSetValue.KERNEL32(?,?,?,00007FF67F399A73,?,?,00000000,00007FF67F399D0E,?,?,?,?,?,00007FF67F3921EC), ref: 00007FF67F39A89E
FlsSetValue.KERNEL32(?,?,?,00007FF67F399A73,?,?,00000000,00007FF67F399D0E,?,?,?,?,?,00007FF67F3921EC), ref: 00007FF67F39A8C6
FlsSetValue.KERNEL32(?,?,?,00007FF67F399A73,?,?,00000000,00007FF67F399D0E,?,?,?,?,?,00007FF67F3921EC), ref: 00007FF67F39A8D7
FlsSetValue.KERNEL32(?,?,?,00007FF67F399A73,?,?,00000000,00007FF67F399D0E,?,?,?,?,?,00007FF67F3921EC), ref: 00007FF67F39A8E8

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 52e75b61ebb49defa444412e8fee66804bfa3f6c547067b9182500d2680da77e
Instruction ID: f4e534e7cb6cf268df38290683fc56c2ff0afc1d9e8b8b4e15054a1f860b645f
Opcode Fuzzy Hash: 52e75b61ebb49defa444412e8fee66804bfa3f6c547067b9182500d2680da77e
Instruction Fuzzy Hash: 7E11AC22F2C60781FE58D722995197A63416F817B8F044734E8BECE7C6DE2CA84282D1

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F39A6F4 Relevance: 7.6, APIs: 5, Instructions: 50COMMON

Download Yara Rule

APIs

FlsGetValue.KERNEL32(?,?,?,?,?,?,?,00007FF67F3A2433,?,?,?,00007FF67F39CB8C,?,?,00000000,00007FF67F393A5F), ref: 00007FF67F39A705
FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF67F3A2433,?,?,?,00007FF67F39CB8C,?,?,00000000,00007FF67F393A5F), ref: 00007FF67F39A724
FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF67F3A2433,?,?,?,00007FF67F39CB8C,?,?,00000000,00007FF67F393A5F), ref: 00007FF67F39A74C
FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF67F3A2433,?,?,?,00007FF67F39CB8C,?,?,00000000,00007FF67F393A5F), ref: 00007FF67F39A75D
FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF67F3A2433,?,?,?,00007FF67F39CB8C,?,?,00000000,00007FF67F393A5F), ref: 00007FF67F39A76E

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 8a1bb1fb30c776521f71cd7f268cc6825f5a57dec437cff5255c4fa0cbf0b49a
Instruction ID: 612cdf199785dd4583b6f4d78725a4948b3d43b442a51574aa7cdc991841d20d
Opcode Fuzzy Hash: 8a1bb1fb30c776521f71cd7f268cc6825f5a57dec437cff5255c4fa0cbf0b49a
Instruction Fuzzy Hash: 4C11F726E2D20741FDA8EA758862D7E13924F85778F181B34D87ECE2D2DD3CB84142E2

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F39F198 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF67F39F477

Part of subcall function 00007FF67F3A5474: _invalid_parameter_noinfo.LIBCMT ref: 00007FF67F3A5491

Strings

UTF-8, xrefs: 00007FF67F39F3F6
ccs, xrefs: 00007FF67F39F3B2
UTF-16LEUNICODE, xrefs: 00007FF67F39F415

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: UTF-16LEUNICODE$UTF-8$ccs
API String ID: 3215553584-1196891531
Opcode ID: e657aeb740c2ac826b77e83addb2cc82262a2e6e3b5be7210a8d66ad85871f1f
Instruction ID: 21483029892d568cf676d2eaf879f8d427df3cafda3d4cb2e952854e0642425f
Opcode Fuzzy Hash: e657aeb740c2ac826b77e83addb2cc82262a2e6e3b5be7210a8d66ad85871f1f
Instruction Fuzzy Hash: 2181A137E2C20285F7A5DE358191A7827A0AB11BACF558039CA6DDF685DF2DE90193C1

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F38E108 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON

Download Yara Rule

APIs

EncodePointer.KERNEL32 ref: 00007FF67F38E154
_CallSETranslator.LIBVCRUNTIME ref: 00007FF67F38E1A3

Strings

RCC, xrefs: 00007FF67F38E171
MOC, xrefs: 00007FF67F38E168

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: CallEncodePointerTranslator
String ID: MOC$RCC
API String ID: 3544855599-2084237596
Opcode ID: e66b2a899b3be21a272ca3efbe1e1fab7eec351de36f73ff2a6cc06a45c4f2b1
Instruction ID: fc55266deb9cdf911a2e1e0512de49980683dff24bcc24fc1fc5d41ff40344da
Opcode Fuzzy Hash: e66b2a899b3be21a272ca3efbe1e1fab7eec351de36f73ff2a6cc06a45c4f2b1
Instruction Fuzzy Hash: 9E618C33A18B458AE7109FA5D4807AD7BA0FB44B98F144225EE4D9BB98CF7CE085C791

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F38E464 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF67F38E48C
__FrameHandler3::FrameUnwindToEmptyState.LIBVCRUNTIME ref: 00007FF67F38E574

Strings

csm, xrefs: 00007FF67F38E5C6
csm, xrefs: 00007FF67F38E4AE

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
String ID: csm$csm
API String ID: 3896166516-3733052814
Opcode ID: 37bca86698e542f9df3f1c5971c843800452ce466371b2576d682bdca002ed1e
Instruction ID: fbd91111d9f4f497fd8e2a0efbeb44deae86df2cde8d3c47f3f5a2e21bb6d415
Opcode Fuzzy Hash: 37bca86698e542f9df3f1c5971c843800452ce466371b2576d682bdca002ed1e
Instruction Fuzzy Hash: 3C51B33392824286EB748F519544B6977A0FB54BA8F144235EA9CCBBD5CF3CE490CBD2

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F3824D0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF67F387A30: MultiByteToWideChar.KERNEL32 ref: 00007FF67F387A6A

MessageBoxW.USER32 ref: 00007FF67F3825D7
MessageBoxA.USER32 ref: 00007FF67F3825F3

Strings

%s%s: %s, xrefs: 00007FF67F382558
Fatal error detected, xrefs: 00007FF67F3825AB, 00007FF67F3825E5

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: Message$ByteCharMultiWide
String ID: %s%s: %s$Fatal error detected
API String ID: 1878133881-2410924014
Opcode ID: 1ad8658de8dbd2e7b08889bff9c9537d6e44ae678795f4b96bc9f189f6c45e5f
Instruction ID: e9dd1259a6df2fa8da7b89108c0cae073410a2dbca79f5b5c86817d84e0ed75b
Opcode Fuzzy Hash: 1ad8658de8dbd2e7b08889bff9c9537d6e44ae678795f4b96bc9f189f6c45e5f
Instruction Fuzzy Hash: AD313273638A8191EA20EB51E451BEA63A5FB84794F404036EA8D8B699DF3CD345CBD0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F383BA0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(?,00007FF67F383699), ref: 00007FF67F383BD1

Part of subcall function 00007FF67F382620: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF67F387744,?,?,?,?,?,?,?,?,?,?,?,00007FF67F38101D), ref: 00007FF67F382654
Part of subcall function 00007FF67F382620: MessageBoxW.USER32 ref: 00007FF67F38272C

Strings

Failed to get executable path., xrefs: 00007FF67F383BDB
GetModuleFileNameW, xrefs: 00007FF67F383BE2
Failed to convert executable path to UTF-8., xrefs: 00007FF67F383C0A

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: ErrorFileLastMessageModuleName
String ID: Failed to convert executable path to UTF-8.$Failed to get executable path.$GetModuleFileNameW
API String ID: 2581892565-1977442011
Opcode ID: d351f04d36ba2f15026850856bdbd3af76e02992a2015f4e41e7df4c5f482f4b
Instruction ID: 28fb4f94d2a3d6b5780a4f9207a0b5fb90ed2dcd47034d4644b2a796dc718eea
Opcode Fuzzy Hash: d351f04d36ba2f15026850856bdbd3af76e02992a2015f4e41e7df4c5f482f4b
Instruction Fuzzy Hash: 4B018423B3C64291FE61AB21E815BB92391AF483A4F400431E85ECF792EE5CE14597E0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F39BA70 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32 ref: 00007FF67F39BAEF
WriteFile.KERNEL32 ref: 00007FF67F39BDB7
WriteFile.KERNEL32 ref: 00007FF67F39BDFD
GetLastError.KERNEL32 ref: 00007FF67F39BEB3

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: FileWrite$ConsoleErrorLastOutput
String ID:
API String ID: 2718003287-0
Opcode ID: f750311aff661a04a86bbbada4284786bf27b8065a17484a8f486471230e888d
Instruction ID: bdc25c1dd711cba22e241f07498cecd26045612a18d53894b456cd93c28b09ba
Opcode Fuzzy Hash: f750311aff661a04a86bbbada4284786bf27b8065a17484a8f486471230e888d
Instruction Fuzzy Hash: CAD1E173B29A8189E711CF79D4406AC37A5FB447A8B004235CE5E9BB99DE38D516C7C0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F39C430 Relevance: 6.2, APIs: 4, Instructions: 218COMMON

Download Yara Rule

APIs

GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF67F39C41B), ref: 00007FF67F39C54C
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF67F39C41B), ref: 00007FF67F39C5D7

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: ConsoleErrorLastMode
String ID:
API String ID: 953036326-0
Opcode ID: f410d9e07cb2d854853af875ff306a0e9c9ee922f70c4cde11a48ef332fbc2ec
Instruction ID: 6d48ad3388c92e1a3bde8b0e9282f5ec27cba98d24a29582eee2c21dded7d9c3
Opcode Fuzzy Hash: f410d9e07cb2d854853af875ff306a0e9c9ee922f70c4cde11a48ef332fbc2ec
Instruction Fuzzy Hash: 0191A263B2865285F751CF669440ABD2BA0BB44BECF585139DE0E9BA84DF38D442CBC0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F39E8DC Relevance: 6.2, APIs: 4, Instructions: 162COMMON

Download Yara Rule

APIs

_get_daylight.LIBCMT ref: 00007FF67F39E9CC
_get_daylight.LIBCMT ref: 00007FF67F39E9DD
_get_daylight.LIBCMT ref: 00007FF67F39E9EE
_isindst.LIBCMT ref: 00007FF67F39EAB9

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: _get_daylight$_isindst
String ID:
API String ID: 4170891091-0
Opcode ID: d5d13d1c94d14ccfec0c44e7243bbda22246c77cf8c41a11f0b86d98f8b3a05c
Instruction ID: 530f32edb8fb74ebb2f6e110045e02d4c904a3eeca92936b9f6bbedd852b1270
Opcode Fuzzy Hash: d5d13d1c94d14ccfec0c44e7243bbda22246c77cf8c41a11f0b86d98f8b3a05c
Instruction Fuzzy Hash: D751F773F286118AFB14DB68D951ABC27A1BB0037CF144235ED1E9AAE5DF3CA44287C1

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F3947D4 Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON

Download Yara Rule

APIs

GetFileType.KERNEL32 ref: 00007FF67F394807
GetFileInformationByHandle.KERNEL32 ref: 00007FF67F394869
GetLastError.KERNEL32 ref: 00007FF67F3948FA
PeekNamedPipe.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00007FF67F39470C), ref: 00007FF67F394946

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: File$ErrorHandleInformationLastNamedPeekPipeType
String ID:
API String ID: 2780335769-0
Opcode ID: 1c70a69b05d9cb3f6248f84cd75ebf1bef0caf7e7cf88daad42b4853df974b62
Instruction ID: f0251765bb1b878284a53d88cca2ed85555273ffd726f1bb7d1205641719bfed
Opcode Fuzzy Hash: 1c70a69b05d9cb3f6248f84cd75ebf1bef0caf7e7cf88daad42b4853df974b62
Instruction Fuzzy Hash: 7B515923E2C6428AFB10DFA5D4507BD33A1AB48BA8F208535DE4D9B689DF38D49187C0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F394680 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF67F3946AD
CreateFileW.KERNEL32 ref: 00007FF67F3946EC
CloseHandle.KERNEL32 ref: 00007FF67F394721

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: CloseCreateFileHandle_invalid_parameter_noinfo
String ID:
API String ID: 1279662727-0
Opcode ID: 8a464286a4aee93ad09e46d96520f5fa22b2a313ca22bba1db5411dbdbef7e96
Instruction ID: 3cc0d6fa34700b376ae5b75110f3d81e230c56b2b91506475adab3b4e4b44fe0
Opcode Fuzzy Hash: 8a464286a4aee93ad09e46d96520f5fa22b2a313ca22bba1db5411dbdbef7e96
Instruction Fuzzy Hash: 43416D63D2C78283F754DB21D51076963A0FB95778F109334EAA84BAD6DF7CA5A087C0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F381F70 Relevance: 6.1, APIs: 4, Instructions: 52COMMON

Download Yara Rule

APIs

EndDialog.USER32 ref: 00007FF67F381FA4
SetWindowLongPtrW.USER32 ref: 00007FF67F381FC6
GetWindowLongPtrW.USER32 ref: 00007FF67F381FF0
InvalidateRect.USER32 ref: 00007FF67F382010

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: LongWindow$DialogInvalidateRect
String ID:
API String ID: 1956198572-0
Opcode ID: 162ef6909b0da24e61350fefbcaa0130b5f771c4d53ef42d88aea1c24daf7f6c
Instruction ID: e51fd9f2d8e12b975ece3ca2d8567f73788975e7d50c6699baeb1dcbd329391d
Opcode Fuzzy Hash: 162ef6909b0da24e61350fefbcaa0130b5f771c4d53ef42d88aea1c24daf7f6c
Instruction Fuzzy Hash: 3911E923E3854282FE509B6AE544AB913D2EF89BB0F548130E949CEBCDCE2CD4C582D0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F3A4D3C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF67F3A08A0: _invalid_parameter_noinfo.LIBCMT ref: 00007FF67F3A08D3

_get_daylight.LIBCMT ref: 00007FF67F3A4E54
_get_daylight.LIBCMT ref: 00007FF67F3A4E65

Strings

?, xrefs: 00007FF67F3A4DE5

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: _get_daylight$_invalid_parameter_noinfo
String ID: ?
API String ID: 1286766494-1684325040
Opcode ID: 8b5d587ec6f6b7eed71ba39116b338de031c50ce5c8dd23bba2b14458f06a6e4
Instruction ID: 961b28df979eff43b3ad637893d33db0a0eade58e021e69a58c7e2d9ccf64ad8
Opcode Fuzzy Hash: 8b5d587ec6f6b7eed71ba39116b338de031c50ce5c8dd23bba2b14458f06a6e4
Instruction Fuzzy Hash: 0041E823A2C28245FF649B26D401B7A67D4EB807B4F144235FE5C8ABE6DE3CD45187C0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F397E6C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF67F397E9E

Part of subcall function 00007FF67F399E18: HeapFree.KERNEL32(?,?,?,00007FF67F3A1E42,?,?,?,00007FF67F3A1E7F,?,?,00000000,00007FF67F3A2345,?,?,?,00007FF67F3A2277), ref: 00007FF67F399E2E
Part of subcall function 00007FF67F399E18: GetLastError.KERNEL32(?,?,?,00007FF67F3A1E42,?,?,?,00007FF67F3A1E7F,?,?,00000000,00007FF67F3A2345,?,?,?,00007FF67F3A2277), ref: 00007FF67F399E38

GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF67F38B105), ref: 00007FF67F397EBC

Strings

C:\Users\user\Desktop\Clangen.exe, xrefs: 00007FF67F397EAA

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
String ID: C:\Users\user\Desktop\Clangen.exe
API String ID: 3580290477-787618453
Opcode ID: 7be78eb059dea3495cc358456d23a898a8a026444ba3d0a56d0d7994263981b4
Instruction ID: 287ec8434586aee0e45eeaf5b58c58376544c46985ead2f1ddc6523ef9763e47
Opcode Fuzzy Hash: 7be78eb059dea3495cc358456d23a898a8a026444ba3d0a56d0d7994263981b4
Instruction Fuzzy Hash: 3E414F33A28B5285EB15DF26D4808BD67A4EB44BE8B545035E94E9BB85DF3CE891C3C0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F39C108 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32 ref: 00007FF67F39C21F
GetLastError.KERNEL32 ref: 00007FF67F39C241

Strings

U, xrefs: 00007FF67F39C1CB

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: U
API String ID: 442123175-4171548499
Opcode ID: 4134df34369bde334de186fcdf44a7df93ab1702ff4cc21259579c47d67cfea1
Instruction ID: 3666c190833d4d32c1dd651c194c11182aabc497b94ebe2e326a2a3aa1be034f
Opcode Fuzzy Hash: 4134df34369bde334de186fcdf44a7df93ab1702ff4cc21259579c47d67cfea1
Instruction Fuzzy Hash: 70418123628A8296DB60CF65E4447A977A1FB887E4F804031EA8DCB798DF3CD445CBC0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F39E508 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON

Download Yara Rule

APIs

GetCurrentDirectoryW.KERNEL32 ref: 00007FF67F39E548
GetCurrentDirectoryW.KERNEL32 ref: 00007FF67F39E59A

Strings

:, xrefs: 00007FF67F39E55E

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: CurrentDirectory
String ID: :
API String ID: 1611563598-336475711
Opcode ID: 8d0047e3d49e2942e9dd2ecd46bdb5543a301835a32119f1e21a6d0f1ab18d67
Instruction ID: 2f318bc34deccafd706b9019ca1cc220d7d85e60599c10fac3f9d121b22140eb
Opcode Fuzzy Hash: 8d0047e3d49e2942e9dd2ecd46bdb5543a301835a32119f1e21a6d0f1ab18d67
Instruction Fuzzy Hash: 3521E463A2C68281FB20CB15D06467E73F1FB88B98F454135D68D8B284DF7CE98987E1

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F382880 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF67F387A30: MultiByteToWideChar.KERNEL32 ref: 00007FF67F387A6A

MessageBoxW.USER32 ref: 00007FF67F382951
MessageBoxA.USER32 ref: 00007FF67F38296D

Strings

Error detected, xrefs: 00007FF67F382925, 00007FF67F38295F

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: Message$ByteCharMultiWide
String ID: Error detected
API String ID: 1878133881-3513342764
Opcode ID: 412921116a21d042ea7cc01f3b6226aa372ad23cfa1aaecee88db1efd33321aa
Instruction ID: a4a3eb88231b58a7b6dac034337612179d480d20e0b11e5d030e77ca0ec332cb
Opcode Fuzzy Hash: 412921116a21d042ea7cc01f3b6226aa372ad23cfa1aaecee88db1efd33321aa
Instruction Fuzzy Hash: 1C21747363CA8291EB209B51F461BEA6354FB84798F804135EA9DCB695DF3CD205C7D0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F382770 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF67F387A30: MultiByteToWideChar.KERNEL32 ref: 00007FF67F387A6A

MessageBoxW.USER32 ref: 00007FF67F382841
MessageBoxA.USER32 ref: 00007FF67F38285D

Strings

Fatal error detected, xrefs: 00007FF67F382815, 00007FF67F38284F

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: Message$ByteCharMultiWide
String ID: Fatal error detected
API String ID: 1878133881-4025702859
Opcode ID: f7448773671dbda672e22a82cfe80c2e0aa70ed18289780b2b9e604a2b102c49
Instruction ID: 4266ca5ed2de11c5fb2713a49b84abf72ffdc08631d1b4d139d3c9a16479635a
Opcode Fuzzy Hash: f7448773671dbda672e22a82cfe80c2e0aa70ed18289780b2b9e604a2b102c49
Instruction Fuzzy Hash: 91215173638A8191EA209B51F451BEA6354FB84798F804135EA8D8B695DF3CD245C7D0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F38EFB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON

Download Yara Rule

APIs

RtlPcToFileHeader.KERNEL32 ref: 00007FF67F38EFF4
RaiseException.KERNEL32 ref: 00007FF67F38F03A

Strings

csm, xrefs: 00007FF67F38F027

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: ExceptionFileHeaderRaise
String ID: csm
API String ID: 2573137834-1018135373
Opcode ID: a9ac3328ea6075577af066dd04772514ea360050604432a87b0551bd96b2ca6b
Instruction ID: 5eb3e8efb19593e5c50115812f9979b832c0158b2e1761b0d0e68217a80a628a
Opcode Fuzzy Hash: a9ac3328ea6075577af066dd04772514ea360050604432a87b0551bd96b2ca6b
Instruction Fuzzy Hash: B4112B33618B8182EB618F25E44066977A4FB88BA4F184230EE9C4B768DF3DD5918780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67F39F00C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF67F39F03C
GetDriveTypeW.KERNEL32 ref: 00007FF67F39F07C

Strings

:, xrefs: 00007FF67F39F065

Memory Dump Source

Source File: 00000000.00000002.1727149537.00007FF67F381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67F380000, based on PE: true

Associated: 00000000.00000002.1727135874.00007FF67F380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727172923.00007FF67F3AA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3BD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727192333.00007FF67F3CC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1727235732.00007FF67F3CE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67f380000_Clangen.jbxd

Similarity

API ID: DriveType_invalid_parameter_noinfo
String ID: :
API String ID: 2595371189-336475711
Opcode ID: f8eec6a66f3a594e824ddea09938586a7cad5545a492e04bdbecb8d953b03adc
Instruction ID: b844bc404dd9a119956fc36028b7a2984983dad746949c12cb84bb3bf0ed5b25
Opcode Fuzzy Hash: f8eec6a66f3a594e824ddea09938586a7cad5545a492e04bdbecb8d953b03adc
Instruction Fuzzy Hash: DB018F63A3C60286FB31EF60A461A7E23A4EF4472CF441035E55DCA795EE3CE544DAD4

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Clangen.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Statistics

CPU Usage

Memory Usage

System Behavior

Analysis Process: Clangen.exePID: 7108, Parent PID: 2580

General

Chronological Activities

Disassembly

Analysis Process: Clangen.exePID: 7108, Parent PID: 2580COMMON

Execution Graph

Graph

Executed Functions

Function 00007FF67F3874B0 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 52windowCOMMON

Control-flow Graph

Function 00007FF67F3A5D6C Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON

Control-flow Graph

Function 00007FF67F3817B0 Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 144COMMON

Control-flow Graph

Windows Analysis Report
Clangen.exe

Function 00007FF67F3874B0 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 52
windowCOMMON

Function 00007FF67F3A5D6C Relevance: 13.8, APIs: 9, Instructions: 276
fileCOMMON

Function 00007FF67F3817B0 Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 144
COMMON

Function 00007FF67F381000 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 273
COMMON

Function 00007FF67F39AF2C Relevance: 10.8, APIs: 7, Instructions: 290
COMMONLIBRARYCODE

Function 00007FF67F382620 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67
windowCOMMON

Function 00007FF67F38B19C Relevance: 6.1, APIs: 4, Instructions: 94
COMMON

Function 00007FF67F398888 Relevance: 4.5, APIs: 3, Instructions: 14
COMMON

Function 00007FF67F38F39C Relevance: 3.2, APIs: 2, Instructions: 177
COMMONLIBRARYCODE

Function 00007FF67F39A028 Relevance: 3.1, APIs: 2, Instructions: 59
COMMON

Function 00007FF67F39B604 Relevance: 3.0, APIs: 2, Instructions: 46
COMMONLIBRARYCODE

Function 00007FF67F39B37C Relevance: 1.6, APIs: 1, Instructions: 112
COMMONLIBRARYCODE