Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
7zG.exe

Overview

General Information

Sample name:7zG.exe
Analysis ID:1431359
MD5:50f289df0c19484e970849aac4e6f977
SHA1:3dc77c8830836ab844975eb002149b66da2e10be
SHA256:b9b179b305c5268ad428b6ae59de10b4fe99cf0199bbc89b7017181905e97305
Infos:

Detection

Score:5
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

Contains functionality for read data from the clipboard
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to query CPU information (cpuid)
Detected potential crypto function
Found large amount of non-executed APIs
Program does not show much activity (idle)
Sample file is different than original file name gathered from version info
Uses code obfuscation techniques (call, push, ret)

Classification

Analysis Advice

Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior
Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--")

Process Tree

  • System is w10x64
  • 7zG.exe (PID: 6656 cmdline: "C:\Users\user\Desktop\7zG.exe" MD5: 50F289DF0C19484E970849AAC4E6F977)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: 7zG.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\7zG.exeCode function: 0_2_008F8A94 FindFirstFileW,FindFirstFileW,free,0_2_008F8A94
Source: C:\Users\user\Desktop\7zG.exeCode function: 0_2_008F9B98 free,free,GetLogicalDriveStringsW,GetLogicalDriveStringsW,free,free,free,0_2_008F9B98
Source: C:\Users\user\Desktop\7zG.exeCode function: 0_2_008F6FEC OpenClipboard,EmptyClipboard,GlobalLock,memmove,GlobalUnlock,SetClipboardData,0_2_008F6FEC
Source: C:\Users\user\Desktop\7zG.exeCode function: 0_2_008F6FEC OpenClipboard,EmptyClipboard,GlobalLock,memmove,GlobalUnlock,SetClipboardData,0_2_008F6FEC
Source: C:\Users\user\Desktop\7zG.exeCode function: 0_2_008FA454: DeviceIoControl,DeviceIoControl,DeviceIoControl,DeviceIoControl,0_2_008FA454
Source: C:\Users\user\Desktop\7zG.exeCode function: 0_2_009130980_2_00913098
Source: C:\Users\user\Desktop\7zG.exeCode function: 0_2_0092719C0_2_0092719C
Source: C:\Users\user\Desktop\7zG.exeCode function: 0_2_008F81080_2_008F8108
Source: C:\Users\user\Desktop\7zG.exeCode function: 0_2_009164500_2_00916450
Source: C:\Users\user\Desktop\7zG.exeCode function: 0_2_009604600_2_00960460
Source: C:\Users\user\Desktop\7zG.exeCode function: 0_2_008F85640_2_008F8564
Source: C:\Users\user\Desktop\7zG.exeCode function: 0_2_009106DC0_2_009106DC
Source: C:\Users\user\Desktop\7zG.exeCode function: 0_2_009237040_2_00923704
Source: C:\Users\user\Desktop\7zG.exeCode function: 0_2_0091C8B00_2_0091C8B0
Source: C:\Users\user\Desktop\7zG.exeCode function: 0_2_0092593C0_2_0092593C
Source: C:\Users\user\Desktop\7zG.exeCode function: 0_2_008FC9740_2_008FC974
Source: C:\Users\user\Desktop\7zG.exeCode function: 0_2_0090FA800_2_0090FA80
Source: C:\Users\user\Desktop\7zG.exeCode function: 0_2_0091FB100_2_0091FB10
Source: C:\Users\user\Desktop\7zG.exeCode function: 0_2_00914D100_2_00914D10
Source: C:\Users\user\Desktop\7zG.exeCode function: 0_2_0090FD4C0_2_0090FD4C
Source: C:\Users\user\Desktop\7zG.exeCode function: 0_2_0091EE240_2_0091EE24
Source: C:\Users\user\Desktop\7zG.exeCode function: 0_2_00904FDC0_2_00904FDC
Source: C:\Users\user\Desktop\7zG.exeCode function: 0_2_00906F480_2_00906F48
Source: 7zG.exeBinary or memory string: OriginalFilename vs 7zG.exe
Source: classification engineClassification label: clean5.winEXE@1/0@0/0
Source: C:\Users\user\Desktop\7zG.exeCode function: 0_2_008FC47C GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,0_2_008FC47C
Source: C:\Users\user\Desktop\7zG.exeCode function: 0_2_00908650 GetCurrentProcess,CloseHandle,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,GetLastError,CloseHandle,0_2_00908650
Source: C:\Users\user\Desktop\7zG.exeCode function: 0_2_008FC360 GetModuleHandleW,GetProcAddress,GetDiskFreeSpaceW,0_2_008FC360
Source: C:\Users\user\Desktop\7zG.exeCode function: 0_2_00949968 _CxxThrowException,_CxxThrowException,CoCreateInstance,0_2_00949968
Source: 7zG.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\7zG.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: 7zG.exeString found in binary or memory: -help
Source: 7zG.exeString found in binary or memory: Check charset encoding and -scs switch.bsobbbtbdba-helph?asut012sea0-SeLockMemoryPrivilegeSeCreateSymbolicLinkPrivilegeSeRestorePrivilege
Source: 7zG.exeString found in binary or memory: fm/plugins/7-zip/add.htm
Source: 7zG.exeString found in binary or memory: a : 7-Zip limit : RAMThe operation can require big amount of RAM (memory):The operation was blocked by 7-Zipfm/plugins/7-zip/add.htm
Source: 7zG.exeString found in binary or memory: fm/plugins/7-zip/add.htm#options
Source: 7zG.exeString found in binary or memory: c LinuxDOSUnixfm/plugins/7-zip/add.htm#options
Source: C:\Users\user\Desktop\7zG.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\7zG.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\7zG.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\7zG.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\7zG.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\7zG.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\7zG.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\7zG.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\7zG.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\7zG.exeSection loaded: wintypes.dllJump to behavior
Source: 7zG.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\7zG.exeCode function: 0_2_0095D44C #17,LoadLibraryW,GetProcAddress,memset,FreeLibrary,OleInitializeWOW,0_2_0095D44C
Source: C:\Users\user\Desktop\7zG.exeCode function: 0_2_00921242 push rcx; ret 0_2_00921243
Source: C:\Users\user\Desktop\7zG.exeAPI coverage: 1.0 %
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\7zG.exeCode function: 0_2_008F8A94 FindFirstFileW,FindFirstFileW,free,0_2_008F8A94
Source: C:\Users\user\Desktop\7zG.exeCode function: 0_2_008F9B98 free,free,GetLogicalDriveStringsW,GetLogicalDriveStringsW,free,free,free,0_2_008F9B98
Source: C:\Users\user\Desktop\7zG.exeCode function: 0_2_008FDA4C GetSystemInfo,0_2_008FDA4C
Source: C:\Users\user\Desktop\7zG.exeCode function: 0_2_0095D44C #17,LoadLibraryW,GetProcAddress,memset,FreeLibrary,OleInitializeWOW,0_2_0095D44C
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\7zG.exeCode function: 0_2_00962810 cpuid 0_2_00962810
Source: C:\Users\user\Desktop\7zG.exeCode function: 0_2_009619C0 GetVersion,GetModuleHandleW,GetProcAddress,0_2_009619C0

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter		1
DLL Side-Loading		1
Access Token Manipulation		1
Access Token Manipulation		OS Credential Dumping2
File and Directory Discovery		Remote Services1
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
Native API		Boot or Logon Initialization Scripts1
DLL Side-Loading		1
DLL Side-Loading		LSASS Memory14
System Information Discovery		Remote Desktop Protocol2
Clipboard Data		Junk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Obfuscated Files or Information		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1431359 Sample: 7zG.exe Startdate: 24/04/2024 Architecture: WINDOWS Score: 5 4 7zG.exe 2->4         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
7zG.exe0%ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1431359
Start date and time:2024-04-24 23:08:47 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 2m 10s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run name:Potential for more IOCs and behavior
Number of analysed new started processes analysed:1
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:7zG.exe
Detection:CLEAN
Classification:clean5.winEXE@1/0@0/0
EGA Information:
  • Successful, ratio: 100%
HCA Information:
  • Successful, ratio: 100%
  • Number of executed functions: 10
  • Number of non-executed functions: 208
Cookbook Comments:
  • Found application associated with file extension: .exe
  • Stop behavior analysis, all processes terminated

Warnings

  • VT rate limit hit for: 7zG.exe

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General

File type:PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):6.147294919046972
TrID:
  • Win64 Executable GUI (202006/5) 92.65%
  • Win64 Executable (generic) (12005/4) 5.51%
  • Generic Win/DOS Executable (2004/3) 0.92%
  • DOS Executable Generic (2002/1) 0.92%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:7zG.exe
File size:700'416 bytes
MD5:50f289df0c19484e970849aac4e6f977
SHA1:3dc77c8830836ab844975eb002149b66da2e10be
SHA256:b9b179b305c5268ad428b6ae59de10b4fe99cf0199bbc89b7017181905e97305
SHA512:877d852ea1062b90e2fd2f3c4dc7d05d9697e9a9b2929c830a770b62741f6a11e06de73275eb871113f11143faf1cb40d99f7c247862ffb778d26833ed5d7e38
SSDEEP:12288:ffC6Aj+TN5uixZN+8rKhUdTC/wE1ZD0Ca5ZIXV:3LOS2opPIXV
TLSH:55E40965F5B48331D073C0BAC5D3AA9AEE7230425B308ACB1246D76C2E677E6D636731
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;.VS.y8..y8..y8...C.jy8..y9..y8...E.}y8...V..y8.i.<.~y8...U.ky8...;.~y8...D.~y8...@.~y8.Rich.y8.........PE..d....\.d.........."

File Icon

Icon Hash:b8868baba9aba2d8

Static PE Info

General

Entrypoint:0x4722e0
Entrypoint Section:.text
Digitally signed:false
Imagebase:0x400000
Subsystem:windows gui
Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:0x64915C80 [Tue Jun 20 08:00:00 2023 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:4
OS Version Minor:0
File Version Major:4
File Version Minor:0
Subsystem Version Major:4
Subsystem Version Minor:0
Import Hash:7ebaf00a83f50fa60b7701670f4a8b19

Entrypoint Preview

Instruction
dec eax
mov eax, esp
dec eax
sub esp, 000000C8h
dec eax
mov dword ptr [eax+18h], ebx
dec eax
mov dword ptr [eax+20h], edi
dec eax
lea ecx, dword ptr [eax-78h]
call dword ptr [00001F24h]
nop
cmp word ptr [FFF8DCFAh], 5A4Dh
je 00007F5770E89837h
xor ebx, ebx
mov dword ptr [esp+000000D0h], ebx
dec eax
lea edi, dword ptr [FFF8DCE8h]
jmp 00007F5770E898B3h
dec eax
arpl word ptr [FFF8DD18h], ax
dec eax
lea edi, dword ptr [FFF8DCD5h]
dec eax
add eax, edi
cmp dword ptr [eax], 00004550h
je 00007F5770E8982Dh
xor ebx, ebx
mov dword ptr [esp+000000D0h], ebx
jmp 00007F5770E8988Ch
movzx ecx, word ptr [eax+18h]
cmp ecx, 0000010Bh
je 00007F5770E8985Dh
cmp ecx, 0000020Bh
je 00007F5770E8982Dh
xor ebx, ebx
mov dword ptr [esp+000000D0h], ebx
jmp 00007F5770E8986Dh
cmp dword ptr [eax+00000084h], 0Eh
jnbe 00007F5770E8982Dh
xor ebx, ebx
mov dword ptr [esp+000000D0h], ebx
jmp 00007F5770E89859h
xor ebx, ebx
cmp dword ptr [eax+000000F8h], ebx
setne bl
mov dword ptr [esp+000000D0h], ebx
jmp 00007F5770E89845h
cmp dword ptr [eax+74h], 0Eh
jnbe 00007F5770E8982Dh
xor ebx, ebx
mov dword ptr [esp+000000D0h], ebx
jmp 00007F5770E89834h
xor ebx, ebx
cmp dword ptr [eax+000000E8h], ebx
setne bl
mov dword ptr [esp+000000D0h], ebx

Data Directories

NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IMPORT0x99e1c0xdc.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE0xaa0000x64a8.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION0xa00000x939c.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
IMAGE_DIRECTORY_ENTRY_BASERELOC0xb10000x884.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x00x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x740000x698.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

Sections

NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
.text0x10000x724340x72600574aa53d559316ee5f58ed07149f599bFalse0.4906079234972678data6.321860857565664IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata0x740000x273540x27400c3b3cacf079c8f4a489b7b3e7c2fd46cFalse0.3434763136942675data4.782986208863164IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data0x9c0000x33380x800acdb0aae94c0c7043e5d8c969d87f5cbFalse0.09619140625data0.96516863531376IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata0xa00000x939c0x940095b3a3e813b1ce7fea9a43129056d8ccFalse0.45001055743243246data5.916369733087741IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc0xaa0000x64a80x6600e4510be2b7715812a7818a9685f6c81fFalse0.28599877450980393data3.6490387495180485IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc0xb10000xfb40x10007e12342e9a629b39de17dd9d3551ff68False0.267578125data3.737871086925216IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

NameRVASizeTypeLanguageCountryZLIB Complexity
RT_ICON0xac6880x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640EnglishUnited States0.16532258064516128
RT_ICON0xac9700x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishUnited States0.32094594594594594
RT_ICON0xaca980xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2688EnglishUnited States0.18310234541577824
RT_DIALOG0xae9f00x7edataEnglishUnited States0.8095238095238095
RT_DIALOG0xae7c80x164dataEnglishUnited States0.6179775280898876
RT_DIALOG0xae3680x45cdataEnglishUnited States0.3942652329749104
RT_DIALOG0xae9300xbedataEnglishUnited States0.6684210526315789
RT_DIALOG0xaea700xc6dataEnglishUnited States0.6666666666666666
RT_DIALOG0xaa9d00x31adataEnglishUnited States0.517632241813602
RT_DIALOG0xadf480x2f4dataEnglishUnited States0.48148148148148145
RT_DIALOG0xae2400x126dataEnglishUnited States0.5850340136054422
RT_DIALOG0xaacf00x91adataEnglishUnited States0.38626609442060084
RT_DIALOG0xabac80x816dataEnglishUnited States0.3531400966183575
RT_DIALOG0xac2e00xfedataEnglishUnited States0.6850393700787402
RT_DIALOG0xab6100x4b6dataEnglishUnited States0.40049751243781095
RT_STRING0xafcc80x3eMatlab v4 mat-file (little endian) C, numeric, rows 0, columns 0EnglishUnited States0.6774193548387096
RT_STRING0xafc800x42dataEnglishUnited States0.7121212121212122
RT_STRING0xafd080x60dataEnglishUnited States0.5625
RT_STRING0xaf3f80x56dataEnglishUnited States0.7558139534883721
RT_STRING0xaf4500x118dataEnglishUnited States0.6142857142857143
RT_STRING0xaf5680xfedataEnglishUnited States0.6023622047244095
RT_STRING0xaf6680x144dataEnglishUnited States0.6111111111111112
RT_STRING0xaf7b00x12adataEnglishUnited States0.6040268456375839
RT_STRING0xaf8e00x1e0dataEnglishUnited States0.46041666666666664
RT_STRING0xafac00x150dataEnglishUnited States0.5714285714285714
RT_STRING0xafc100x32dataEnglishUnited States0.58
RT_STRING0xaf0780x22eMatlab v4 mat-file (little endian) h, numeric, rows 0, columns 0EnglishUnited States0.4175627240143369
RT_STRING0xafd680xe2Matlab v4 mat-file (little endian) C, numeric, rows 0, columns 0EnglishUnited States0.43805309734513276
RT_STRING0xaeef00x92dataEnglishUnited States0.6095890410958904
RT_STRING0xaefc00xb4Matlab v4 mat-file (little endian) d, numeric, rows 0, columns 0EnglishUnited States0.5722222222222222
RT_STRING0xafe500x6eMatlab v4 mat-file (little endian) , numeric, rows 0, columns 0EnglishUnited States0.6818181818181818
RT_STRING0xafec00x11adataEnglishUnited States0.5035460992907801
RT_STRING0xaffe00x6adataEnglishUnited States0.5471698113207547
RT_STRING0xafc480x32dataEnglishUnited States0.58
RT_STRING0xb00500x1eadataEnglishUnited States0.363265306122449
RT_STRING0xb02400x156Matlab v4 mat-file (little endian) U, numeric, rows 0, columns 0EnglishUnited States0.5175438596491229
RT_STRING0xb03980x56dataEnglishUnited States0.6162790697674418
RT_STRING0xb03f00xb6dataEnglishUnited States0.5164835164835165
RT_STRING0xaeb380x11edataEnglishUnited States0.5384615384615384
RT_STRING0xaef880x32dataEnglishUnited States0.66
RT_STRING0xaec580x104dataEnglishUnited States0.5692307692307692
RT_STRING0xaed600x5adataEnglishUnited States0.7111111111111111
RT_STRING0xaeec00x2adataEnglishUnited States0.6190476190476191
RT_STRING0xaedc00x100dataEnglishUnited States0.546875
RT_STRING0xaf2a80xe2dataEnglishUnited States0.4557522123893805
RT_STRING0xaf3900x66dataEnglishUnited States0.6568627450980392
RT_GROUP_ICON0xad9400x30dataEnglishUnited States0.9583333333333334
RT_VERSION0xac3e00x2a4dataEnglishUnited States0.5
RT_MANIFEST0xad9700x5d7XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.43478260869565216

Imports

DLLImport
COMCTL32.dll
comdlg32.dllCommDlgExtendedError, GetSaveFileNameW, GetOpenFileNameW
GDI32.dllDeleteObject, CreateFontIndirectW
OLEAUT32.dllSysAllocString, SysStringByteLen, VariantClear, SysAllocStringLen, SysStringLen, VariantCopy
ole32.dllCoTaskMemFree, CoCreateInstance, OleInitialize, CoUninitialize, CoInitialize
USER32.dllLoadStringW, SendMessageW, GetWindowTextLengthW, GetWindowTextW, GetParent, GetWindowRect, EmptyClipboard, MoveWindow, ShowWindow, SetWindowLongPtrW, GetWindowLongPtrW, GetDlgItem, MapDialogRect, SystemParametersInfoW, GetMonitorInfoA, MonitorFromWindow, DialogBoxParamW, SetClipboardData, CloseClipboard, OpenClipboard, CharUpperW, ScreenToClient, IsWindowEnabled, SetDlgItemTextA, GetFocus, EnableWindow, SetFocus, LoadIconW, LoadCursorW, SetCursor, SetDlgItemTextW, KillTimer, SetTimer, MessageBoxW, CheckDlgButton, PostMessageW, GetKeyState, EndDialog, SetWindowTextW, InvalidateRect, IsDlgButtonChecked
ADVAPI32.dllLookupPrivilegeValueW, RegOpenKeyExA, RegQueryValueExA, GetFileSecurityW, SetFileSecurityW, RegEnumKeyExW, RegOpenKeyExW, RegCreateKeyExW, RegQueryValueExW, RegSetValueExW, RegDeleteValueW, RegDeleteKeyW, RegCloseKey, OpenProcessToken, AdjustTokenPrivileges
SHELL32.dllSHBrowseForFolderW, SHGetFileInfoW, SHGetPathFromIDListW
msvcrt.dllstrcmp, wcscmp, wcsstr, malloc, free, memset, strlen, memcmp, _isatty, _iob, memmove, _beginthreadex, __C_specific_handler, ??1type_info@@UEAA@XZ, ?terminate@@YAXXZ, __dllonexit, _onexit, _c_exit, _exit, _cexit, exit, _acmdln, __CxxFrameHandler, _CxxThrowException, memcpy, _purecall, __getmainargs, _initterm, __set_app_type, _fmode, _commode, __setusermatherr, _XcptFilter
KERNEL32.dllWaitForSingleObject, GetVersion, VirtualFree, VirtualAlloc, GetCommandLineW, lstrcatW, WaitForMultipleObjects, SetPriorityClass, Sleep, GetSystemDefaultLangID, GetUserDefaultLangID, GetProcessTimes, QueryPerformanceFrequency, QueryPerformanceCounter, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, SetProcessAffinityMask, OpenEventW, UnmapViewOfFile, MapViewOfFile, OpenFileMappingW, GetStdHandle, SetEvent, FileTimeToDosDateTime, IsProcessorFeaturePresent, GlobalMemoryStatusEx, GetSystemInfo, ResumeThread, lstrlenW, FileTimeToLocalFileTime, FileTimeToSystemTime, CompareFileTime, GetCurrentProcess, GlobalFree, GlobalAlloc, GetDiskFreeSpaceW, GetDriveTypeW, SetEndOfFile, WriteFile, ReadFile, SetFilePointer, GetFileSize, DeviceIoControl, GetLogicalDriveStringsW, InitializeCriticalSection, LoadLibraryA, GetStartupInfoA, TerminateProcess, SetThreadAffinityMask, GetProcessAffinityMask, CreateEventW, UnhandledExceptionFilter, SetUnhandledExceptionFilter, RtlVirtualUnwind, RtlLookupFunctionEntry, GetSystemTimeAsFileTime, GetFileAttributesW, GetModuleHandleA, FindNextFileW, FindFirstFileW, FindClose, GetFileInformationByHandle, GetCurrentThreadId, GetTickCount, GetCurrentProcessId, SetLastError, GetTempPathW, GetCurrentDirectoryW, SetCurrentDirectoryW, DeleteFileW, CreateDirectoryW, GetModuleHandleW, GetProcAddress, MoveFileW, RemoveDirectoryW, SetFileAttributesW, CreateFileW, SetFileTime, CloseHandle, FormatMessageW, LocalFree, GetModuleFileNameW, LoadLibraryW, RtlCaptureContext, LoadLibraryExW, FreeLibrary, GlobalUnlock, GlobalLock, WideCharToMultiByte, MultiByteToWideChar, GetLastError

Possible Origin

Language of compilation systemCountry where language is spokenMap
EnglishUnited States

Network Behavior

No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

System Behavior

General

Target ID:0
Start time:23:09:32
Start date:24/04/2024
Path:C:\Users\user\Desktop\7zG.exe
Wow64 process (32bit):false
Commandline:"C:\Users\user\Desktop\7zG.exe"
Imagebase:0x8f0000
File size:700'416 bytes
MD5 hash:50F289DF0C19484E970849AAC4E6F977
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:moderate
Has exited:true

Disassembly

Reset < >

    Execution Graph

    Execution Coverage:0.7%
    Dynamic/Decrypted Code Coverage:0%
    Signature Coverage:4.5%
    Total number of Nodes:287
    Total number of Limit Nodes:3
    execution_graph 24779 9622e0 GetStartupInfoA 24782 962308 __set_app_type 24779->24782 24781 9623ef 24783 962405 _initterm __getmainargs _initterm 24781->24783 24784 9623f8 __setusermatherr 24781->24784 24782->24781 24785 962478 24783->24785 24784->24783 24791 95d44c #17 LoadLibraryW 24785->24791 24788 962503 _cexit 24790 962527 24788->24790 24789 9624fb exit 24789->24788 24792 95d484 GetProcAddress 24791->24792 24793 95d4d7 OleInitializeWOW 24791->24793 24794 95d49c memset 24792->24794 24795 95d4ce FreeLibrary 24792->24795 24803 945ec8 EnterCriticalSection 24793->24803 24798 95d4bb 24794->24798 24795->24793 24798->24795 24804 945ef6 LeaveCriticalSection 24803->24804 24805 945f01 24803->24805 24806 945f17 24804->24806 25088 945da0 24805->25088 24809 9619c0 GetVersion 24806->24809 24810 9619d0 GetModuleHandleW GetProcAddress 24809->24810 24811 95d4fd 24809->24811 24810->24811 24812 9619f2 24810->24812 24813 95bce0 GetCommandLineW 24811->24813 24812->24811 25177 8f38a4 24813->25177 24815 95bd21 25181 8f11b8 24815->25181 24817 95bd34 free 24818 95bd50 24817->24818 24819 95bd92 24817->24819 24820 95bd76 memmove 24818->24820 24821 95bd5d free free 24818->24821 24822 95bd96 MessageBoxW 24819->24822 24823 95bdf3 24819->24823 24820->24819 24821->24820 24824 95bdc0 24822->24824 24825 95d07a free 24822->24825 25196 95b9b0 malloc 24823->25196 24829 95bdd9 free free 24824->24829 24832 95bdee 24824->24832 24827 95d195 24825->24827 24827->24788 24827->24789 24828 95be00 25197 8f10d4 malloc 24828->25197 24829->24824 24831 95be0e 25198 8f3838 24831->25198 24832->24825 24836 95be37 25202 906f48 343 API calls 24836->25202 24838 95be4c 24839 8f4698 malloc 24838->24839 24840 95be56 24839->24840 24843 95be6b 24840->24843 25203 95b354 malloc 24840->25203 25204 92b650 231 API calls 24843->25204 24845 95bf50 24846 95bf54 _CxxThrowException 24845->24846 24847 95bf70 24845->24847 24846->24847 25205 923fd0 31 API calls 24847->25205 24849 95bf78 24850 8f3838 malloc 24849->24850 24851 95bf94 24850->24851 25206 929d40 12 API calls 24851->25206 24853 95bfa5 24854 95bfcc free 24853->24854 24855 95bfae MessageBoxW 24853->24855 24858 95bfe6 24854->24858 24855->24854 24856 95c080 25209 9349bc 24 API calls 24856->25209 24858->24856 24859 95c05c _CxxThrowException 24858->24859 25207 8f38ec malloc 24858->25207 24859->24856 24860 95c0a2 24862 95c0aa 24860->24862 24873 95c16d 24860->24873 25210 95a678 9 API calls 24862->25210 24863 95c020 25208 8f3c98 memmove free _CxxThrowException memmove malloc 24863->25208 24865 95c209 24884 95cae8 24865->24884 25218 8ffddc 24 API calls 24865->25218 24867 95c0b4 24871 95c0de free 24867->24871 24876 95c0c5 free 24867->24876 24870 95c032 24875 8f3994 malloc 24870->24875 24872 95c0f1 24871->24872 25211 95ad38 6 API calls 24872->25211 24873->24865 24877 95c20e 24873->24877 25213 92a668 11 API calls 24873->25213 25214 95b0b8 _CxxThrowException memmove free malloc memmove 24873->25214 24874 95c328 24878 95c32c _CxxThrowException 24874->24878 24879 95c348 24874->24879 24880 95c047 _CxxThrowException 24875->24880 24876->24871 24876->24876 25215 95a678 9 API calls 24877->25215 24878->24879 24882 95c3a4 24879->24882 25219 951594 85 API calls 24879->25219 24880->24859 24882->24884 24889 95c3ad 24882->24889 24905 95cafd 24884->24905 24906 95cf5f 24884->24906 24885 95c0ff free 25212 8f186c free free free free free 24885->25212 24888 95c218 free free 24893 95c241 24888->24893 24894 95c25e free 24888->24894 24895 8f4698 malloc 24889->24895 24891 95c1ec free 24891->24865 24891->24873 24892 95c380 24897 95d0a7 free 24892->24897 24898 95c388 _CxxThrowException 24892->24898 24899 95c245 free 24893->24899 24901 95c271 24894->24901 24900 95c3e3 24895->24900 24902 95d0c1 24897->24902 24903 95d0de free 24897->24903 24898->24882 24899->24894 24899->24899 24920 95c3f8 24900->24920 25220 95a73c malloc 24900->25220 25216 95ad38 6 API calls 24901->25216 24908 95d0c5 free 24902->24908 24909 95d0f1 24903->24909 25233 95aab4 malloc 24905->25233 24910 95d171 _CxxThrowException 24906->24910 24911 95cf6d 24906->24911 24908->24903 24908->24908 25247 95ad38 6 API calls 24909->25247 24910->24827 25244 95e718 39 API calls 24911->25244 24913 95c27f free 25217 8f186c free free free free free 24913->25217 25221 8f3a84 free memmove malloc 24920->25221 24921 95d0ff free 25248 8f186c free free free free free 24921->25248 24922 95c438 25222 942c14 13 API calls 24922->25222 24923 95cf99 24923->24897 24930 95d08b _CxxThrowException 24923->24930 24934 95cfb9 free 24923->24934 24926 95cb24 25234 8f3a84 free memmove malloc 24926->25234 24930->24897 24933 95c440 25223 95a564 malloc 24933->25223 24939 95cff0 free 24934->24939 24940 95cfd3 24934->24940 24941 95d003 24939->24941 24945 95cfd7 free 24940->24945 25245 95ad38 6 API calls 24941->25245 24942 95cba7 25235 95eea0 18 API calls 24942->25235 24944 95c44d 25224 95a6d0 free memmove malloc 24944->25224 24945->24939 24945->24945 24951 95cbb4 25236 936ec4 7 API calls 24951->25236 24952 95c494 25225 905b3c 7 API calls 24952->25225 24953 95d011 free 25246 8f186c free free free free free 24953->25246 24957 95c4e5 25226 922c34 malloc 24957->25226 24959 95cbd1 24962 95ce80 24959->24962 25237 936fbc 14 API calls 24959->25237 25242 95a678 9 API calls 24962->25242 24963 95c4f9 24967 95c54b 24963->24967 25227 92435c 81 API calls 24963->25227 24973 8f3838 malloc 24967->24973 24968 95ce8a 25243 95ab80 8 API calls 24968->25243 24970 95cbf1 24970->24962 24974 95cbf9 24970->24974 24978 95c588 24973->24978 25238 960f38 288 API calls 24974->25238 24976 95c52b 24976->24967 24980 95c52f _CxxThrowException 24976->24980 25228 91de54 483 API calls 24978->25228 24979 95cc54 24985 95cd64 24979->24985 24989 95cd48 _CxxThrowException 24979->24989 24994 95cc74 24979->24994 24980->24967 24990 95cd71 24985->24990 24991 95ce6e 24985->24991 24988 95c5c2 free 24992 95c5d5 _CxxThrowException 24988->24992 24993 95c5f1 24988->24993 24989->24985 24995 95cd9a 24990->24995 24996 95cd7a _CxxThrowException 24990->24996 25241 95ab80 8 API calls 24991->25241 24992->24993 25229 95a0b4 63 API calls 24993->25229 25239 95ab80 8 API calls 24994->25239 25240 95ab80 8 API calls 24995->25240 24996->24995 25004 95c674 25005 95c852 25004->25005 25009 95c836 _CxxThrowException 25004->25009 25017 95c694 free free 25004->25017 25010 95c866 free free 25005->25010 25018 95ca08 free free 25005->25018 25009->25005 25231 9229a4 free free 25010->25231 25230 9229a4 free free 25017->25230 25232 9229a4 free free 25018->25232 25108 8f1eac 25088->25108 25090 945db9 25112 946c68 25090->25112 25093 945dd1 25120 945bd8 25093->25120 25094 945ddb 25096 945dd6 LeaveCriticalSection 25094->25096 25141 8f3994 25094->25141 25096->24806 25098 945e73 free 25098->25096 25099 945e03 25099->25098 25100 945e35 25099->25100 25144 8f3cdc memmove free _CxxThrowException malloc 25099->25144 25145 945568 8 API calls 25100->25145 25103 945e3f 25146 8f42d8 memmove free _CxxThrowException memmove malloc 25103->25146 25105 945e4f free 25147 8f2318 93 API calls 25105->25147 25107 945e72 25107->25098 25109 8f1efe free 25108->25109 25110 8f1ed1 25108->25110 25109->25090 25110->25109 25111 8f1ee9 free free 25110->25111 25111->25110 25113 946be0 25112->25113 25148 8fcf54 RegOpenKeyExW 25113->25148 25116 946c3d 25157 8fcc64 25116->25157 25161 945b48 25120->25161 25124 945c1a 25125 945c9d free 25124->25125 25126 8f3994 malloc 25124->25126 25130 8f3cdc memmove free _CxxThrowException malloc 25124->25130 25134 945c8c free 25124->25134 25135 945c9f 25124->25135 25169 8f2318 93 API calls 25124->25169 25128 945d33 free 25125->25128 25129 945d0b 25125->25129 25126->25124 25131 945d3b 25128->25131 25129->25128 25132 945d1e free free 25129->25132 25130->25124 25131->25096 25132->25129 25134->25124 25170 8f3b94 free malloc 25135->25170 25137 945caf free free 25138 945cf2 free 25137->25138 25139 945cca 25137->25139 25138->25131 25139->25138 25140 945cdd free free 25139->25140 25140->25139 25172 8f3524 25141->25172 25143 8f39a9 25143->25099 25144->25100 25145->25103 25146->25105 25147->25107 25149 8fcf94 25148->25149 25150 8fcf8c 25148->25150 25149->25116 25152 8fcdd4 RegQueryValueExW 25149->25152 25151 8fcc64 RegCloseKey 25150->25151 25151->25149 25153 8fce2c 25152->25153 25154 8fce9a 25153->25154 25155 8fce48 RegQueryValueExW 25153->25155 25160 8f34c4 _CxxThrowException free malloc 25153->25160 25154->25116 25155->25154 25158 8fcc77 RegCloseKey 25157->25158 25159 8fcc84 25157->25159 25158->25159 25159->25093 25159->25094 25160->25155 25162 945b64 25161->25162 25163 945b90 GetSystemDefaultLangID GetUserDefaultLangID 25161->25163 25162->25163 25166 945b7b free free 25162->25166 25164 945bb3 25163->25164 25165 945bcd 25163->25165 25171 9459cc 7 API calls 25164->25171 25168 945568 8 API calls 25165->25168 25166->25162 25168->25124 25169->25124 25170->25137 25171->25165 25175 8f4698 malloc 25172->25175 25174 8f3541 25174->25143 25176 8f46b3 25175->25176 25176->25174 25178 8f38b9 25177->25178 25179 8f3524 malloc 25178->25179 25180 8f38cf memmove 25179->25180 25180->24815 25182 8f3994 malloc 25181->25182 25183 8f11da 25182->25183 25249 8f3e44 25183->25249 25185 8f11ef 25187 8f1211 free free 25185->25187 25188 8f1226 25185->25188 25186 8f3838 malloc 25186->25188 25187->25185 25188->25186 25190 8f12d0 free free free 25188->25190 25194 8f4698 malloc 25188->25194 25195 8f3994 malloc 25188->25195 25253 8f1000 25188->25253 25259 8ff7bc malloc _CxxThrowException memmove free 25188->25259 25260 8f3a84 free memmove malloc 25188->25260 25190->24817 25193 8f12b5 free free 25193->25188 25194->25188 25195->25188 25196->24828 25197->24831 25199 8f4698 malloc 25198->25199 25200 8f3852 25199->25200 25201 905574 56 API calls 25200->25201 25201->24836 25202->24838 25203->24843 25204->24845 25205->24849 25206->24853 25207->24863 25208->24870 25209->24860 25210->24867 25211->24885 25213->24873 25214->24891 25215->24888 25216->24913 25218->24874 25219->24892 25220->24920 25221->24922 25222->24933 25223->24944 25224->24952 25225->24957 25226->24963 25227->24976 25228->24988 25229->25004 25233->24926 25234->24942 25235->24951 25236->24959 25237->24970 25238->24979 25242->24968 25244->24923 25245->24953 25247->24921 25250 8f3e54 25249->25250 25251 8f3e76 memmove 25250->25251 25252 8f3e91 25250->25252 25251->25252 25252->25185 25254 8f1097 25253->25254 25255 8f1039 25253->25255 25254->25188 25255->25254 25256 8f1099 25255->25256 25261 8f3554 _CxxThrowException 25255->25261 25262 8f3a1c free memmove malloc 25256->25262 25259->25188 25260->25193 25262->25254

    Executed Functions

    Function 0095D44C Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 49librarycomloaderCOMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 431 95d44c-95d482 #17 LoadLibraryW 432 95d484-95d49a GetProcAddress 431->432 433 95d4d7-95d554 OleInitializeWOW call 945ec8 call 9619c0 call 95bce0 431->433 434 95d49c-95d4bd memset 432->434 435 95d4ce-95d4d1 FreeLibrary 432->435 434->435 440 95d4bf-95d4cc 434->440 435->433 440->435
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: Library$AddressFreeInitializeLoadProcmemset
    • String ID: DllGetVersion$comctl32.dll
    • API String ID: 214772490-3857068685
    • Opcode ID: eb67c6aa124ced6a22453a05d5f1ab7ee8fb4b30136402f36dd92a1db07c9952
    • Instruction ID: d9981629252a362c563a00e5e64df5bb220aa83876ecee1a0e63e499dc368dd0
    • Opcode Fuzzy Hash: eb67c6aa124ced6a22453a05d5f1ab7ee8fb4b30136402f36dd92a1db07c9952
    • Instruction Fuzzy Hash: CE11E56220565082E730EF65F99436927A0F7857A5F444A35EA9E426F5EF3CC54DC310
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0095BCE0 Relevance: 191.9, APIs: 104, Strings: 5, Instructions: 1181windowCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$ExceptionThrow$Messagememmove$CommandLine
    • String ID: 7-Zip$7-Zip cannot find the code that works with archives.$7-Zip cannot load module: $Specify command$Unsupported command
    • API String ID: 18481009-3343111255
    • Opcode ID: f30f9877b21927565c29bd9e9fcb6a3bcad75456b8067544a0c1dbd2a1846325
    • Instruction ID: 3d7dd9213c1d694f55fe84f105c45d02b0b43e0c93da4dd65d5ddf4a077a344f
    • Opcode Fuzzy Hash: f30f9877b21927565c29bd9e9fcb6a3bcad75456b8067544a0c1dbd2a1846325
    • Instruction Fuzzy Hash: 22A29C72209AC486DA30EF26F4903AFA320F7D6785F445126DB8D97B29DF39C949CB01
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00945BD8 Relevance: 18.1, APIs: 10, Strings: 2, Instructions: 101COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 397 945bd8-945c0b call 945b48 399 945c10-945c22 call 945568 397->399 402 945c27-945c35 399->402 403 945c96-945c9b 402->403 404 945c37-945c3f 402->404 403->402 406 945c9d-945d09 free 403->406 404->403 405 945c41-945c8a call 8f3994 call 8f3cdc * 2 call 8f2318 404->405 422 945c8c-945c91 free 405->422 423 945c9f-945cc8 call 8f3b94 free * 2 405->423 410 945d33-945d36 free 406->410 411 945d0b 406->411 414 945d3b-945d43 410->414 413 945d0f-945d1c 411->413 416 945d1e-945d2a free * 2 413->416 417 945d2f-945d31 413->417 416->417 417->410 417->413 422->403 426 945cf2-945cfa free 423->426 427 945cca 423->427 426->414 428 945cce-945cdb 427->428 429 945cdd-945ce9 free * 2 428->429 430 945cee-945cf0 428->430 429->430 430->426 430->428
    APIs
      • Part of subcall function 00945B48: free.MSVCRT ref: 00945B7F
      • Part of subcall function 00945B48: free.MSVCRT ref: 00945B87
      • Part of subcall function 00945B48: GetSystemDefaultLangID.KERNELBASE ref: 00945B9F
      • Part of subcall function 00945B48: GetUserDefaultLangID.KERNELBASE ref: 00945BA8
      • Part of subcall function 00945568: free.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00945E3F), ref: 009455A5
    • free.MSVCRT(?,?,?,?,?,?,?,?,00000000,?,?,00000000,00945DD6), ref: 00945C91
    • free.MSVCRT(?,?,?,?,?,?,?,?,00000000,?,?,00000000,00945DD6), ref: 00945CB5
    • free.MSVCRT(?,?,?,?,?,?,?,?,00000000,?,?,00000000,00945DD6), ref: 00945CC0
    • free.MSVCRT(?,?,?,?,?,?,?,?,00000000,?,?,00000000,00945DD6), ref: 00945CE1
    • free.MSVCRT(?,?,?,?,?,?,?,?,00000000,?,?,00000000,00945DD6), ref: 00945CE9
    • free.MSVCRT(?,?,?,?,?,?,?,?,00000000,?,?,00000000,00945DD6), ref: 00945CF5
    • free.MSVCRT(?,?,?,?,?,?,?,?,00000000,?,?,00000000,00945DD6), ref: 00945D01
    • free.MSVCRT(?,?,?,?,?,?,?,?,00000000,?,?,00000000,00945DD6), ref: 00945D22
    • free.MSVCRT(?,?,?,?,?,?,?,?,00000000,?,?,00000000,00945DD6), ref: 00945D2A
    • free.MSVCRT(?,?,?,?,?,?,?,?,00000000,?,?,00000000,00945DD6), ref: 00945D36
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$DefaultLang$SystemUser
    • String ID: .txt$7-Zip
    • API String ID: 2242692897-548858160
    • Opcode ID: 489147ff6295a42501450d992f2677e482d16899b38c47e11ea799d7cae7aa11
    • Instruction ID: b43067e6381ddec0cd2abcd1e1d74de160abebdc6d4d576ad725804a2cd10c41
    • Opcode Fuzzy Hash: 489147ff6295a42501450d992f2677e482d16899b38c47e11ea799d7cae7aa11
    • Instruction Fuzzy Hash: FD310B62314E4586DB10EF39E88177E2330FB92794F551222FF5E976A6DF28C946C300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009622E0 Relevance: 12.1, APIs: 8, Instructions: 133COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 445 9622e0-962306 GetStartupInfoA 446 96231d-962334 445->446 447 962308-962318 445->447 449 962336-96233f 446->449 450 962341-96234b 446->450 448 9623ab-9623f6 __set_app_type call 962590 447->448 461 962405-962476 _initterm __getmainargs _initterm 448->461 462 9623f8-9623ff __setusermatherr 448->462 449->448 451 96234d-962353 450->451 452 962388-96238c 450->452 454 962355-96235e 451->454 455 962360-962367 451->455 456 96238e-962397 452->456 457 962399-9623a4 452->457 454->448 459 962374-962386 455->459 460 962369-962372 455->460 456->448 457->448 459->448 460->448 463 9624a6-9624aa 461->463 464 962478-96247c 461->464 462->461 466 9624b6-9624bc 463->466 467 9624ac-9624b4 463->467 465 962480-96248e 464->465 468 962496-96249a 465->468 469 962490-962492 465->469 470 9624be-9624c0 466->470 471 9624cc-9624d4 466->471 467->463 468->466 473 96249c-9624a4 468->473 469->468 472 962494 469->472 470->471 474 9624c2-9624ca 470->474 475 9624d6-9624df 471->475 476 9624e1 471->476 472->465 473->466 474->466 477 9624e7-9624f9 call 95d44c 475->477 476->477 480 962503-962547 _cexit 477->480 481 9624fb-9624fd exit 477->481 481->480
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: _initterm$InfoStartup__getmainargs__set_app_type__setusermatherr_cexitexit
    • String ID:
    • API String ID: 2570035507-0
    • Opcode ID: 497992453674bbe340fc2a5863ee30e5f4e0e8dfcfd2da74984f3808ae634742
    • Instruction ID: c439beb1c7bd9302f615db26d9ed85c0dba521b945496453244af4a55775163e
    • Opcode Fuzzy Hash: 497992453674bbe340fc2a5863ee30e5f4e0e8dfcfd2da74984f3808ae634742
    • Instruction Fuzzy Hash: 5B519F72608F82CAEB708FA4F8907697765F386B54F50423AD69A477A6DF3DC449CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00945DA0 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 51COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 484 945da0-945dcf call 8f1eac call 946c68 489 945dd1 call 945bd8 484->489 490 945ddb-945ddf 484->490 494 945dd6 489->494 492 945de1-945dec 490->492 493 945df2-945e10 call 8f3994 call 8f3e14 490->493 492->493 495 945e7d-945e81 492->495 500 945e12-945e22 call 8f3de0 493->500 501 945e73-945e78 free 493->501 494->495 504 945e24-945e30 call 8f3cdc 500->504 505 945e35-945e72 call 945568 call 8f42d8 free call 8f2318 500->505 501->495 504->505 505->501
    APIs
      • Part of subcall function 008F1EAC: free.MSVCRT ref: 008F1EED
      • Part of subcall function 008F1EAC: free.MSVCRT ref: 008F1EF5
      • Part of subcall function 008F1EAC: free.MSVCRT ref: 008F1F08
    • free.MSVCRT(?,?,?,?,?,?,?,?,?,?,00945F0D), ref: 00945E55
    • free.MSVCRT(?,?,?,?,?,?,?,?,?,?,00945F0D), ref: 00945E78
      • Part of subcall function 00945BD8: free.MSVCRT(?,?,?,?,?,?,?,?,00000000,?,?,00000000,00945DD6), ref: 00945C91
      • Part of subcall function 00945BD8: free.MSVCRT(?,?,?,?,?,?,?,?,00000000,?,?,00000000,00945DD6), ref: 00945D01
      • Part of subcall function 00945BD8: free.MSVCRT(?,?,?,?,?,?,?,?,00000000,?,?,00000000,00945DD6), ref: 00945D22
      • Part of subcall function 00945BD8: free.MSVCRT(?,?,?,?,?,?,?,?,00000000,?,?,00000000,00945DD6), ref: 00945D2A
      • Part of subcall function 00945BD8: free.MSVCRT(?,?,?,?,?,?,?,?,00000000,?,?,00000000,00945DD6), ref: 00945D36
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID: .txt$7-Zip
    • API String ID: 1294909896-548858160
    • Opcode ID: 3654c0de36cae567722fecd59b3fd45ef1fcd59d4fbfda5ce2022c6a35fd1e62
    • Instruction ID: 1d98b7fadb6bf741771575c8bad7a712cd119d54387f697e9de2c7449662edb1
    • Opcode Fuzzy Hash: 3654c0de36cae567722fecd59b3fd45ef1fcd59d4fbfda5ce2022c6a35fd1e62
    • Instruction Fuzzy Hash: D511906220490891DA20FF69E84176A6330FBD1794F815212F69EC3AB7EF38CB86C701
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00945B48 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 513 945b48-945b62 514 945b64 513->514 515 945b90-945bb1 GetSystemDefaultLangID GetUserDefaultLangID 513->515 516 945b68-945b79 514->516 517 945bb3-945bc8 call 9459cc 515->517 518 945bcd-945bd7 515->518 519 945b8c-945b8e 516->519 520 945b7b-945b87 free * 2 516->520 517->518 519->515 519->516 520->519
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: DefaultLangfree$SystemUser
    • String ID:
    • API String ID: 964141409-0
    • Opcode ID: 2df07327853793b661a79af21f20550381c0f3025bc0df8c6d0bc7aa3c254fc8
    • Instruction ID: ddb9908c6b7fe2874a75d976b25895d8fd214cde06fddcea483d1c43ee0acfab
    • Opcode Fuzzy Hash: 2df07327853793b661a79af21f20550381c0f3025bc0df8c6d0bc7aa3c254fc8
    • Instruction Fuzzy Hash: A101A2A3B10A948BE715AFA6E8547792214EB15BE5F4D4135EF584B281EB78C445C310
    Uniqueness

    Uniqueness Score: -1.00%

    Function 008FCDD4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60registryCOMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 522 8fcdd4-8fce2a RegQueryValueExW 523 8fce2c-8fce31 522->523 524 8fce33-8fce3e 522->524 523->524 525 8fcea9-8fceb0 523->525 526 8fce48-8fce98 RegQueryValueExW 524->526 527 8fce40-8fce43 call 8f34c4 524->527 529 8fce9a-8fcea4 526->529 530 8fcea6 526->530 527->526 529->529 529->530 530->525
    APIs
    • RegQueryValueExW.KERNELBASE ref: 008FCE22
    • RegQueryValueExW.ADVAPI32 ref: 008FCE70
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: QueryValue
    • String ID: Lang
    • API String ID: 3660427363-2436574044
    • Opcode ID: c510857dc20271a1900880b357ee471e9b1aa46aae527a83bcaa839f8f410e17
    • Instruction ID: 0eed5d3bd80e7df7472b9d860a4f50746a010781348481d8ee2db504a04ea24c
    • Opcode Fuzzy Hash: c510857dc20271a1900880b357ee471e9b1aa46aae527a83bcaa839f8f410e17
    • Instruction Fuzzy Hash: 92215E73614644C7EB10CF25E55472EB7A0F798B84F60911AEB8947BA8DB3DC985CF40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00945EC8 Relevance: 3.8, APIs: 3, Instructions: 21COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 531 945ec8-945ef4 EnterCriticalSection 532 945ef6-945eff LeaveCriticalSection 531->532 533 945f01-945f08 call 945da0 531->533 534 945f17-945f1c 532->534 536 945f0d-945f11 LeaveCriticalSection 533->536 536->534
    APIs
    • EnterCriticalSection.KERNEL32 ref: 00945EE6
    • LeaveCriticalSection.KERNEL32 ref: 00945EF9
    • LeaveCriticalSection.KERNEL32 ref: 00945F11
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: CriticalSection$Leave$Enter
    • String ID:
    • API String ID: 2978645861-0
    • Opcode ID: 018276e9f1eed5fff6b88b46c5bfcbd3b3f0dde18eb877f13c652a0f9d57e604
    • Instruction ID: 8d76a244de3e4064fccc6b36a9a745f7fb3a56bc6a9ce8cc011b1ebf4734eefa
    • Opcode Fuzzy Hash: 018276e9f1eed5fff6b88b46c5bfcbd3b3f0dde18eb877f13c652a0f9d57e604
    • Instruction Fuzzy Hash: 7AE09A60118A8083E710AB60BC087256720B7A772AF8A0760C9BA023E3CF3D8488C320
    Uniqueness

    Uniqueness Score: -1.00%

    Function 008FCF54 Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 547 8fcf54-8fcf8a RegOpenKeyExW 548 8fcf9f-8fcfa7 547->548 549 8fcf8c-8fcf9c call 8fcc64 547->549 549->548
    APIs
    • RegOpenKeyExW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 008FCF7F
      • Part of subcall function 008FCC64: RegCloseKey.KERNELBASE ref: 008FCC77
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: CloseOpen
    • String ID:
    • API String ID: 47109696-0
    • Opcode ID: 3139dac37b57856ed43065435601270e85c0a37a3a0c6038f29599d89e376355
    • Instruction ID: 83c4c2e40b68bb9b7fb95a5c5b6443e14e749621cf5125bb0c5bc62d707b704a
    • Opcode Fuzzy Hash: 3139dac37b57856ed43065435601270e85c0a37a3a0c6038f29599d89e376355
    • Instruction Fuzzy Hash: A2E01A6133974886DB819B2AB85572A62A0F798FC5F446024BE8EC7704EB3CC5108B01
    Uniqueness

    Uniqueness Score: -1.00%

    Function 008FCC64 Relevance: 1.5, APIs: 1, Instructions: 12registryCOMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 552 8fcc64-8fcc75 553 8fcc77-8fcc7d RegCloseKey 552->553 554 8fcc84-8fcc89 552->554 553->554
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: Close
    • String ID:
    • API String ID: 3535843008-0
    • Opcode ID: 4a8819063a646f97479d8c38646f3287cc8d8a00a3c0c2c552954e90a4f2c1d1
    • Instruction ID: 0abc6c1b7b07eef2fa23566140e385fa3645001c4bf6948962e7fb91532121f1
    • Opcode Fuzzy Hash: 4a8819063a646f97479d8c38646f3287cc8d8a00a3c0c2c552954e90a4f2c1d1
    • Instruction Fuzzy Hash: 16C08CA6B12A0981EF1A8BF2F8603352260AB9CB05F190010CF0A8A341DF2CC0908301
    Uniqueness

    Uniqueness Score: -1.00%

    Non-executed Functions

    Function 00916450 Relevance: 251.6, APIs: 96, Strings: 46, Instructions: 3062COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$ClearCurrentFreeProcessVariantVirtualmemmove
    • String ID: $ $ $ | $ (Cmplx)$1T CPU Freq (MHz):$@$AES128$AES192$Avg:$Avr:$Benchmark threads: $CPU$CPU hardware threads:$CRC$Compressing$Decompressing$Dict$Dictionary reduced to: $E/U$Effec$KiB/s$LZMA$MB/s$MIPS$Method$R/U$Rating$Size$Speed$T CPU Freq (MHz):$THRD$Tot:$Usage$crc32$file$file size =$freq$freq=$hash$mts$size: $tic$time$timems$usage:
    • API String ID: 362377386-3040484101
    • Opcode ID: 29884d8cb1e278f6c587d80a8ab3a20e7de9411822c7a02499840868f4176e1f
    • Instruction ID: 954df77b22bc7e6fe0e4e456bad71a0ba88a42b3a9754cc78dca45001a574561
    • Opcode Fuzzy Hash: 29884d8cb1e278f6c587d80a8ab3a20e7de9411822c7a02499840868f4176e1f
    • Instruction Fuzzy Hash: 16438D32309AC886DB30EB25E4943EFB365F7C9B84F805516DA8E87B59DE39C585CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0092719C Relevance: 179.0, APIs: 142, Instructions: 1535stringCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$ClearVariantmemsetstrlen
    • String ID:
    • API String ID: 1009013457-0
    • Opcode ID: 906901fa837fee7a1c3e88cac0a5c7273b3e7f5eab10cd75f7f647a57c6768f4
    • Instruction ID: c22a72b6b34f03a19c9a352f02555d30b59dcc2b3a0576134c58abe9c8908930
    • Opcode Fuzzy Hash: 906901fa837fee7a1c3e88cac0a5c7273b3e7f5eab10cd75f7f647a57c6768f4
    • Instruction Fuzzy Hash: A1D2BE3220D6D486DB24EF29F4902BFA764F7D6B84F441416AB8A97B19DF7CC851CB01
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0092593C Relevance: 155.1, APIs: 123, Instructions: 1374COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$ExceptionThrow$mallocmemmove
    • String ID:
    • API String ID: 1702027931-0
    • Opcode ID: 1c72811ba73767c7c5c6e7f9e6cccebe483840772bd09af373d9b54e98937e36
    • Instruction ID: e0879dc7fcb0ccb075f0b0938739e192dce4cd06d5a5cc44f428f19cbb286989
    • Opcode Fuzzy Hash: 1c72811ba73767c7c5c6e7f9e6cccebe483840772bd09af373d9b54e98937e36
    • Instruction Fuzzy Hash: 94C28132219A9482DA24EF29F05077F6764FBD6F84F055522AB8E87B69CF3DC454CB01
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0091C8B0 Relevance: 111.1, APIs: 88, Instructions: 1120COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$ErrorExceptionLastThrow$mallocmemmove
    • String ID:
    • API String ID: 3993109705-0
    • Opcode ID: 8a13e51b57ebb199b229f99878f7ba418a3e7474f8f66d1e13a3b365d729aefe
    • Instruction ID: f5b8712bab825578caca55acf8229cd350509717be7c9088f3e1a453f34da337
    • Opcode Fuzzy Hash: 8a13e51b57ebb199b229f99878f7ba418a3e7474f8f66d1e13a3b365d729aefe
    • Instruction Fuzzy Hash: AE929072709AC886DA20EF25E4802EFA365F7D5B84F545422EB8D87B19DF7DC881CB01
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0091FB10 Relevance: 92.4, APIs: 59, Strings: 2, Instructions: 860COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$ErrorLastmemset
    • String ID: Cannot find archive file$The item is a directory
    • API String ID: 4217778428-1569138187
    • Opcode ID: 514ec68fcf1d5abcf98157e605c75e137a3c435f22b129a39a358bf6aa8fc0c2
    • Instruction ID: ce7b0b5622092d9bddb484bf5c516de13e4ef51a320b0bb0fec21108de3f18c4
    • Opcode Fuzzy Hash: 514ec68fcf1d5abcf98157e605c75e137a3c435f22b129a39a358bf6aa8fc0c2
    • Instruction Fuzzy Hash: 07726037209AC486DB30EB35F4946AEA365F7DAB84F155112DB8D83B2ADF38C595CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0091EE24 Relevance: 84.7, APIs: 55, Strings: 1, Instructions: 666COMMON
    Download Yara Rule
    APIs
    Strings
    • Cannot create output directory, xrefs: 0091F54E
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$ExceptionThrowmemmove$malloc
    • String ID: Cannot create output directory
    • API String ID: 159934335-1181934277
    • Opcode ID: 3b3e0471adeb4f64dacea3ae548bdfa5979841d96c87ef04d809d98ea415292f
    • Instruction ID: 43cf3f707cd625f40105510a26db2cdb2a294e40f07fb25f2c30e44d3886a1d5
    • Opcode Fuzzy Hash: 3b3e0471adeb4f64dacea3ae548bdfa5979841d96c87ef04d809d98ea415292f
    • Instruction Fuzzy Hash: 87429026309ACC86DA30EB35E4603AFA361F7D6784F545122DB8D83B59DE39C995CB01
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00904FDC Relevance: 79.1, APIs: 39, Strings: 6, Instructions: 311COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 3445 904fdc-90501d call 8f3994 call 8f2ac4 3450 905035-90505b call 8f2ac4 3445->3450 3451 90501f-905030 free 3445->3451 3455 905073-90508e call 8f38a4 3450->3455 3456 90505d-90506e free 3450->3456 3452 9054c9-9054d9 3451->3452 3459 905090-905099 3455->3459 3460 90509e-9050b7 call 904ca4 3455->3460 3456->3452 3459->3460 3463 905463-905486 OpenEventW 3460->3463 3464 9050bd-9050cc 3460->3464 3466 905493-90549b call 961c00 3463->3466 3467 905488-905491 GetLastError 3463->3467 3464->3463 3465 9050d2-9050d6 3464->3465 3465->3463 3468 9050dc-9050e0 3465->3468 3469 9054a0-9054c2 call 961a00 free * 2 3466->3469 3467->3466 3467->3469 3471 9050f0-905110 OpenFileMappingW 3468->3471 3472 9050e2-9050eb 3468->3472 3469->3452 3474 905112-90511b GetLastError 3471->3474 3475 905188-9051a4 MapViewOfFile 3471->3475 3472->3471 3474->3475 3479 90511d-905140 OpenEventW 3474->3479 3477 905220-905234 call 8f3838 3475->3477 3478 9051a6-9051a9 3475->3478 3492 9052c9-9052ce 3477->3492 3493 90523a-905252 free UnmapViewOfFile 3477->3493 3480 9051b5-9051d8 OpenEventW 3478->3480 3481 9051ab-9051b4 CloseHandle 3478->3481 3482 905142-90514b GetLastError 3479->3482 3483 90514d-905155 call 961c00 3479->3483 3485 9051e5-9051ed call 961c00 3480->3485 3486 9051da-9051e3 GetLastError 3480->3486 3481->3480 3482->3483 3487 90515a-905183 call 961a00 free * 2 3482->3487 3483->3487 3490 9051f2-90521b call 961a00 free * 2 3485->3490 3486->3485 3486->3490 3487->3452 3490->3452 3495 905340 3492->3495 3496 9052d0-9052d7 3492->3496 3498 905254-90525d CloseHandle 3493->3498 3499 90525e-905281 OpenEventW 3493->3499 3501 905344-905347 3495->3501 3502 9052db-9052e4 3496->3502 3498->3499 3504 905283-90528c GetLastError 3499->3504 3505 90528e-905296 call 961c00 3499->3505 3508 9053dc-9053f4 free UnmapViewOfFile 3501->3508 3509 90534d-905365 free UnmapViewOfFile 3501->3509 3510 9052e6-905308 call 904cfc 3502->3510 3511 90530a-90530e 3502->3511 3504->3505 3506 90529b-9052c4 call 961a00 free * 2 3504->3506 3505->3506 3506->3452 3518 905400-905423 OpenEventW 3508->3518 3519 9053f6-9053ff CloseHandle 3508->3519 3513 905371-905394 OpenEventW 3509->3513 3514 905367-905370 CloseHandle 3509->3514 3520 905335-90533c 3510->3520 3516 905310-90531a call 8f3554 3511->3516 3517 90531e-905331 3511->3517 3524 9053a1-9053a9 call 961c00 3513->3524 3525 905396-90539f GetLastError 3513->3525 3514->3513 3516->3517 3517->3520 3521 905430-905438 call 961c00 3518->3521 3522 905425-90542e GetLastError 3518->3522 3519->3518 3520->3502 3528 90533e 3520->3528 3529 90543d-905461 call 961a00 free * 2 3521->3529 3522->3521 3522->3529 3531 9053ae-9053d7 call 961a00 free * 2 3524->3531 3525->3524 3525->3531 3528->3501 3529->3452 3531->3452
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID: Cannot open mapping$Incorrect Map command$Map data error$MapViewOfFile error$Unsupported Map data$Unsupported Map data size
    • API String ID: 1294909896-1557438135
    • Opcode ID: 2684d578a03ea3f7d4f8160dc1a1044bb56ebc6e0c69d1ec24cd6c7019c7314b
    • Instruction ID: 4feb1f56de91ac438ffc7c4243a8b7d8f673b1b4f173f316de64b206d90e1681
    • Opcode Fuzzy Hash: 2684d578a03ea3f7d4f8160dc1a1044bb56ebc6e0c69d1ec24cd6c7019c7314b
    • Instruction Fuzzy Hash: D2C18432219A8086DB20EF65F8803AFB375F7D2781F514422E64E83669DF3DC985CB11
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00906F48 Relevance: 63.8, APIs: 22, Strings: 14, Instructions: 808COMMON
    Download Yara Rule
    APIs
    Strings
    • stdout mode and email mode cannot be combined, xrefs: 00907B3A
    • Archive name cannot by empty, xrefs: 009073E8
    • Incorrect number of benchmark iterations, xrefs: 00907C73
    • The command must be specified, xrefs: 00906F72
    • Unsupported -spm:, xrefs: 00907341
    • Cannot find archive name, xrefs: 009073A2
    • I won't write data and program's messages to same stream, xrefs: 009078B7, 00907BAC
    • I won't write compressed data to a terminal, xrefs: 00907B6B
    • Only one archive can be created with rename command, xrefs: 00907C0B
    • Unsupported -spf:, xrefs: 009070F3
    • Unsupported -snz:, xrefs: 00907767
    • -ai switch is not supported for this command, xrefs: 009079C8
    • Cannot use absolute pathnames for this command, xrefs: 009076FC
    • Unsupported command:, xrefs: 00906FD9
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: ExceptionThrow$wcscmp$free
    • String ID: -ai switch is not supported for this command$Archive name cannot by empty$Cannot find archive name$Cannot use absolute pathnames for this command$I won't write compressed data to a terminal$I won't write data and program's messages to same stream$Incorrect number of benchmark iterations$Only one archive can be created with rename command$The command must be specified$Unsupported -snz:$Unsupported -spf:$Unsupported -spm:$Unsupported command:$stdout mode and email mode cannot be combined
    • API String ID: 225321437-2319225105
    • Opcode ID: 1d2839744409929d7e2397f257e16b3b9221e43ad6261ef6aad4ed9a87b1fdd8
    • Instruction ID: 91ed7a53f45107a1c60997f89c6badd95897020684d5202ee74471bc3cdc7607
    • Opcode Fuzzy Hash: 1d2839744409929d7e2397f257e16b3b9221e43ad6261ef6aad4ed9a87b1fdd8
    • Instruction Fuzzy Hash: 9E82FF73708AC5AADB24CB78D0803EDFB61F395784F888016D799437A6DB39E5A8C701
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00923704 Relevance: 60.5, APIs: 36, Strings: 4, Instructions: 469COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 4313 923704-923758 call 904860 4317 923763-92376b 4313->4317 4318 92375a-92375e 4313->4318 4320 923771-923779 4317->4320 4321 923856-92385b 4317->4321 4319 92385e-923861 4318->4319 4323 923863-92386e free 4319->4323 4324 92387a 4319->4324 4320->4321 4322 92377f-9237a6 call 8f4698 4320->4322 4321->4319 4332 9237b7-9237de 4322->4332 4325 923e49-923e5b 4323->4325 4326 92387d-92388e 4324->4326 4328 923896-923899 4326->4328 4330 92389b-92389f 4328->4330 4331 9238b9-9238bf 4328->4331 4333 9238a1-9238aa 4330->4333 4334 9238ac-9238b7 4330->4334 4335 9238c1-9238cc 4331->4335 4336 923925-923928 4331->4336 4342 9237e0-9237e5 4332->4342 4343 9237e7-9237f4 4332->4343 4333->4331 4334->4328 4340 9238d4-9238d7 4335->4340 4338 923a37-923a75 call 8f2cb8 call 8f309c 4336->4338 4339 92392e-923950 4336->4339 4366 923a77-923a7c 4338->4366 4352 923956-92398c 4339->4352 4353 923a2c-923a2f 4339->4353 4340->4336 4344 9238d9-9238de 4340->4344 4342->4319 4346 9237f6-9237fc 4343->4346 4347 9237fe-92381b 4343->4347 4349 9238e0-9238e3 4344->4349 4350 9238e5-9238e7 4344->4350 4346->4323 4354 923873-923878 4347->4354 4355 92381d-923820 4347->4355 4349->4336 4356 923918-923923 4350->4356 4357 9238e9-9238f0 4350->4357 4370 92398e-9239a4 call 8fc5dc 4352->4370 4371 9239bd-9239c6 4352->4371 4353->4338 4361 923a31 4353->4361 4354->4326 4359 923822-92384a 4355->4359 4360 9237b4 4355->4360 4356->4340 4362 9238f2-9238f5 4357->4362 4363 9238f7-9238fc 4357->4363 4378 923850-923854 4359->4378 4379 9237a8-9237b2 4359->4379 4360->4332 4361->4338 4362->4336 4364 923903-923916 4363->4364 4365 9238fe-923901 4363->4365 4364->4340 4365->4336 4368 923a82-923aa9 call 9220b4 4366->4368 4369 923da6-923db7 4366->4369 4387 923ac5-923ad1 4368->4387 4388 923aab-923ac0 free * 2 4368->4388 4376 923dbb-923dbf 4369->4376 4394 9239a6-9239ac 4370->4394 4395 9239ad-9239b8 free 4370->4395 4373 923a17-923a29 call 8fc5dc 4371->4373 4374 9239c8-923a16 call 8f38a4 call 92183c call 8f3a84 free * 2 4371->4374 4373->4353 4374->4373 4383 923dc1-923dcf 4376->4383 4384 923e15-923e18 4376->4384 4378->4319 4379->4332 4392 923dd1-923dda 4383->4392 4393 923ddc-923deb 4383->4393 4389 923e26-923e42 free * 2 4384->4389 4390 923e1a-923e1d 4384->4390 4387->4366 4398 923ad3-923ae8 call 8f2bc0 4387->4398 4388->4325 4389->4325 4390->4389 4397 923e1f-923e23 4390->4397 4399 923df0-923df3 4392->4399 4393->4399 4394->4395 4395->4325 4397->4389 4411 923aea-923aed 4398->4411 4412 923b09-923b1e call 8f2bc0 4398->4412 4400 923df5 4399->4400 4401 923df8-923dfb 4399->4401 4400->4401 4405 923e0b-923e13 4401->4405 4406 923dfd-923e06 call 921d98 4401->4406 4405->4376 4406->4405 4417 923e08 4406->4417 4411->4366 4415 923aef-923b04 free * 2 4411->4415 4418 923c04-923c29 call 921c9c call 8f31b0 4412->4418 4419 923b24-923b27 4412->4419 4415->4325 4417->4405 4430 923ca1-923cb5 call 921e7c 4418->4430 4431 923c2b-923c3f call 921dd0 4418->4431 4419->4369 4420 923b2d-923b49 call 8f2bc0 4419->4420 4420->4366 4426 923b4f-923b52 4420->4426 4428 923b54-923b69 free * 2 4426->4428 4429 923b6e-923b93 call 9220b4 4426->4429 4428->4325 4438 923b95-923baa free * 2 4429->4438 4439 923baf-923bc2 call 8f2bc0 4429->4439 4440 923d13-923d33 call 8ff7bc call 8f4698 4430->4440 4442 923cb7-923d0e free * 7 4430->4442 4431->4440 4441 923c45-923c9c free * 7 4431->4441 4438->4325 4448 923bc4-923bd9 free * 2 4439->4448 4449 923bde-923bff strlen call 8f314c 4439->4449 4453 923d35-923d48 call 922380 4440->4453 4454 923d4a 4440->4454 4441->4325 4442->4325 4448->4325 4449->4366 4456 923d4d-923da1 free * 5 4453->4456 4454->4456 4456->4366
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID: -----$-----BEGIN PGP SIGNED MESSAGE$Hash: $cksum
    • API String ID: 1294909896-4104380264
    • Opcode ID: a528360ba5aa1d9011ab3e5b5a566f6634d8806c6ef6705504a504b9dfeef184
    • Instruction ID: 17e21050cd37cfc757290bcdf60b4a0e3d46c228df43f2c7736536860190a84a
    • Opcode Fuzzy Hash: a528360ba5aa1d9011ab3e5b5a566f6634d8806c6ef6705504a504b9dfeef184
    • Instruction Fuzzy Hash: 9C02B1222096D482DA20DF29F49027F6771F7E5B84F109422EB8A87B29DF7DCA59C701
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00914D10 Relevance: 56.7, APIs: 37, Instructions: 1174COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 5a8b345f2d80672bba4aa76d568ee4e0651ab16c631b3293ee977dbd7d46b627
    • Instruction ID: 3a453f4571997b0c40b35ee0aa32843b12611ee3d76a631d2b570c8ae609c9e6
    • Opcode Fuzzy Hash: 5a8b345f2d80672bba4aa76d568ee4e0651ab16c631b3293ee977dbd7d46b627
    • Instruction Fuzzy Hash: B4A29036319A89C6DB20DF65E4503EEB364FBC5B88F464426DA8E83768DF39C985C740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00960460 Relevance: 45.6, APIs: 25, Strings: 5, Instructions: 575COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$memmove$ExceptionThrow$strlen
    • String ID: .swf$It must be one command$No Update Engines$exe$swfc
    • API String ID: 1730065489-2107447918
    • Opcode ID: ec49276b36d9228ff4517977e66112475a3eeb69d5ac3aaf9efb3681d0d9fd7f
    • Instruction ID: b5560c8d686eabbec4a864f8f7e40966560cdc3a59331f08ee84f42f30dd64bc
    • Opcode Fuzzy Hash: ec49276b36d9228ff4517977e66112475a3eeb69d5ac3aaf9efb3681d0d9fd7f
    • Instruction Fuzzy Hash: 6232DE332186C496CB20EB29E4907AFB774F7D1784F444116EB8A43B6ADB39C9A5CB01
    Uniqueness

    Uniqueness Score: -1.00%

    Function 008F8108 Relevance: 40.7, APIs: 27, Instructions: 239COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 008F8E44: GetFileAttributesW.KERNEL32 ref: 008F8E66
      • Part of subcall function 008F8E44: GetFileAttributesW.KERNEL32 ref: 008F8E9D
      • Part of subcall function 008F8E44: free.MSVCRT ref: 008F8EAA
    • free.MSVCRT ref: 008F843C
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: AttributesFilefree
    • String ID:
    • API String ID: 1936811914-0
    • Opcode ID: 88e888e820215fcdb26d94ff43a6c68799776d78603199f8386a4f3bb346cd8f
    • Instruction ID: d6a03ec20c069ca1145f37d04b67edb07359409c907d7628e6d1328ca308c1c6
    • Opcode Fuzzy Hash: 88e888e820215fcdb26d94ff43a6c68799776d78603199f8386a4f3bb346cd8f
    • Instruction Fuzzy Hash: 2B816F2221858DC2DB20EF35E45167EA331FBE6B88F541122EB8AC3665DF3DC945CB42
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00913098 Relevance: 28.2, APIs: 22, Instructions: 661COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: b382f9abcd32d22c451009b03bd6279a82418b972491b26a4dfa1e11a8cc36e4
    • Instruction ID: 2bafe60c477e902cf3caa1d5f3955c544ff0ef3d51fec800d58294cebbac20b3
    • Opcode Fuzzy Hash: b382f9abcd32d22c451009b03bd6279a82418b972491b26a4dfa1e11a8cc36e4
    • Instruction Fuzzy Hash: 01428032309A8995DB25DF29E4503AAB375FBC5B84F548422EF4E87B58DF39CA85C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 008F8564 Relevance: 16.4, APIs: 13, Instructions: 156COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$ErrorLast
    • String ID:
    • API String ID: 408039514-0
    • Opcode ID: dddf6fa39b9682795a77707f3cc18afc55b5fd5f7a15c79b6474232d2fa4954a
    • Instruction ID: 0eb0fa49b4c94f315f739a19e2641546534db838bf53ccf8e22bfec1b96b57d6
    • Opcode Fuzzy Hash: dddf6fa39b9682795a77707f3cc18afc55b5fd5f7a15c79b6474232d2fa4954a
    • Instruction Fuzzy Hash: CE519122218648D2EB10EF38E59137EA360FBD57A4F501122FB9EC36B9DF69C945CB01
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00908650 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 56COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: CloseHandle$ProcessToken$AdjustCurrentErrorLastLookupOpenPrivilegePrivilegesValue
    • String ID: SeSecurityPrivilege
    • API String ID: 1313864721-2333288578
    • Opcode ID: c2183e020617a81674822c3bc698a064c2b12f263f47f49c8e646f95c17cc649
    • Instruction ID: 56f6ae1df81ab701460bcb4a8c764ca2a1a422f13f31bc0037f64109ccded0eb
    • Opcode Fuzzy Hash: c2183e020617a81674822c3bc698a064c2b12f263f47f49c8e646f95c17cc649
    • Instruction Fuzzy Hash: 11112132305B4486DB008B56FA5436AB3AAFBC5B81F951111EA8B42E99CF3ED449CB10
    Uniqueness

    Uniqueness Score: -1.00%

    Function 008FA454 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 139COMMON
    Download Yara Rule
    APIs
    • DeviceIoControl.KERNEL32 ref: 008FA4B6
    • DeviceIoControl.KERNEL32 ref: 008FA59A
    • DeviceIoControl.KERNEL32 ref: 008FA5F1
    • DeviceIoControl.KERNEL32 ref: 008FA632
      • Part of subcall function 008FC360: GetModuleHandleW.KERNEL32 ref: 008FC381
      • Part of subcall function 008FC360: GetProcAddress.KERNEL32 ref: 008FC391
      • Part of subcall function 008FC360: GetDiskFreeSpaceW.KERNEL32 ref: 008FC3E2
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: ControlDevice$AddressDiskFreeHandleModuleProcSpace
    • String ID: ($:
    • API String ID: 4250411929-4277925470
    • Opcode ID: 5e10a4239dfef1cd567989a64e250513217701ca1b582b9ac34c997eea17684d
    • Instruction ID: 37334b0d82cb2e45163f607a432fa2469512445745f2ab0988b7d1ba2d013b67
    • Opcode Fuzzy Hash: 5e10a4239dfef1cd567989a64e250513217701ca1b582b9ac34c997eea17684d
    • Instruction Fuzzy Hash: 0551DE72208BC889CB24CF64F05076EB764F798768F588115EB9E87B58EB3DC499CB41
    Uniqueness

    Uniqueness Score: -1.00%

    Function 008F9B98 Relevance: 10.6, APIs: 7, Instructions: 106COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$DriveLogicalStrings
    • String ID:
    • API String ID: 837055893-0
    • Opcode ID: bfb824cec0f05e23ee89df3bf7266ae92199b86eaeeb87933259b22fb79da102
    • Instruction ID: 577d04c49ea1ee75f6f807ffb30700282af31204694f6701d6b9b1a022056057
    • Opcode Fuzzy Hash: bfb824cec0f05e23ee89df3bf7266ae92199b86eaeeb87933259b22fb79da102
    • Instruction Fuzzy Hash: AA31B222301B4956DB20EF39E85137A67A1FB85BE8F489225EF9AC7384DF79C945C300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 008F6FEC Relevance: 9.1, APIs: 6, Instructions: 60clipboardCOMMON
    Download Yara Rule
    APIs
    • OpenClipboard.USER32 ref: 008F6FF8
    • EmptyClipboard.USER32 ref: 008F7011
      • Part of subcall function 008FC424: GlobalAlloc.KERNEL32(?,?,00000000,008F7041), ref: 008FC434
    • GlobalLock.KERNEL32 ref: 008F7054
    • memmove.MSVCRT ref: 008F7068
    • GlobalUnlock.KERNEL32 ref: 008F7070
    • SetClipboardData.USER32 ref: 008F7080
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: ClipboardGlobal$AllocDataEmptyLockOpenUnlockmemmove
    • String ID:
    • API String ID: 4116079359-0
    • Opcode ID: 0cd3c4f1fc85323ee18f2f88af441b4fbef67c7820f4faf4bc905f703762b831
    • Instruction ID: 860e7bfa0decab3fe70c6a33f588cf2e707241fd60b13aae45212bff03ad1fb5
    • Opcode Fuzzy Hash: 0cd3c4f1fc85323ee18f2f88af441b4fbef67c7820f4faf4bc905f703762b831
    • Instruction Fuzzy Hash: 41110432249B4986EA00AF71F95137D6762FBD2BC0F480025EF8587B55CF39D896C341
    Uniqueness

    Uniqueness Score: -1.00%

    Function 008FC47C Relevance: 9.0, APIs: 6, Instructions: 45COMMON
    Download Yara Rule
    APIs
    • GetCurrentProcess.KERNEL32 ref: 008FC48C
    • OpenProcessToken.ADVAPI32 ref: 008FC49D
    • LookupPrivilegeValueW.ADVAPI32 ref: 008FC4B1
    • AdjustTokenPrivileges.ADVAPI32(?,?,?,?,?,?,?,?,?,009057CD), ref: 008FC4E8
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,009057CD), ref: 008FC4F2
    • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,009057CD), ref: 008FC502
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: ProcessToken$AdjustCloseCurrentErrorHandleLastLookupOpenPrivilegePrivilegesValue
    • String ID:
    • API String ID: 3398352648-0
    • Opcode ID: 90e16ada9c03328b49b5fa21b3d0a5787511ae58e4a2e80dc678ec6d11952f01
    • Instruction ID: c8b34ab2a15e648ecb3df63384b5b8f6136dca817be8618219bb7b80fd720500
    • Opcode Fuzzy Hash: 90e16ada9c03328b49b5fa21b3d0a5787511ae58e4a2e80dc678ec6d11952f01
    • Instruction Fuzzy Hash: 6D019A7360468587EB208FB0F9807AA73A0F785B81F545135EB8A83658CF3CC84ECB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 008FC974 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 212timeCOMMON
    Download Yara Rule
    APIs
    • FileTimeToLocalFileTime.KERNEL32 ref: 008FC990
    • FileTimeToSystemTime.KERNEL32 ref: 008FC9A4
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: Time$File$LocalSystem
    • String ID: -$:$gfff
    • API String ID: 1748579591-3504236554
    • Opcode ID: 79a92f201f167cda30e0f992c48f3fc95707896c9692c473ca7df73967889b77
    • Instruction ID: e4c211c839808c35fd74f8c3e0f1cf8c3e62b672a00617cd726296b369c353f8
    • Opcode Fuzzy Hash: 79a92f201f167cda30e0f992c48f3fc95707896c9692c473ca7df73967889b77
    • Instruction Fuzzy Hash: 73616657F086C48BE31A8B3C9856BDE6FC1E3A6714F09C219DB91C7785E66C850AC721
    Uniqueness

    Uniqueness Score: -1.00%

    Function 008FC360 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 58libraryloaderCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: AddressDiskFreeHandleModuleProcSpace
    • String ID: GetDiskFreeSpaceExW$kernel32.dll
    • API String ID: 1197914913-1127948838
    • Opcode ID: 89f8f7b873a865bb98af47f3a10cefac0588000b4058fb6a2f7367fb8ca43042
    • Instruction ID: 65f6bf1a1a3f22f154245d6f9b9d7a1d867d7670b04b3e59b8d0699283fb955e
    • Opcode Fuzzy Hash: 89f8f7b873a865bb98af47f3a10cefac0588000b4058fb6a2f7367fb8ca43042
    • Instruction Fuzzy Hash: 4511673321AB4A96CA11CF55F490BAAB364F7A5B80F445022EB8E43728EF3DC559CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009619C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 15libraryloaderCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: AddressHandleModuleProcVersion
    • String ID: SetDefaultDllDirectories$kernel32.dll
    • API String ID: 3310240892-2102062458
    • Opcode ID: 94911ec6ee4540ad0809bacda96d2d7446e344bb06bf9b8dcc039790b33829d8
    • Instruction ID: 568f7333c6232cf985d7711fdf6d53ea0bb321003911df578d279aa0174dadd1
    • Opcode Fuzzy Hash: 94911ec6ee4540ad0809bacda96d2d7446e344bb06bf9b8dcc039790b33829d8
    • Instruction Fuzzy Hash: AAE05E14642902D2FE08ABD9F864358236ABB85701FD80125E54A023B1DE2E858AC305
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00949968 Relevance: 4.6, APIs: 3, Instructions: 127comCOMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00961C30: CreateEventW.KERNEL32 ref: 00961C56
    • _CxxThrowException.MSVCRT ref: 00949B34
    • _CxxThrowException.MSVCRT ref: 00949B61
    • CoCreateInstance.OLE32(?,?,?,?,?,?,?,?,?,00959ADC), ref: 00949B80
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: CreateExceptionThrow$EventInstance
    • String ID:
    • API String ID: 1025076039-0
    • Opcode ID: 74bd8f7ca05160b74259e1ae97b67089ffe42ffe3a62bdbffce1798975217684
    • Instruction ID: c2cbfd7c941663d427d276c3de85dc47a13e95b939676de4be06a33ff435781d
    • Opcode Fuzzy Hash: 74bd8f7ca05160b74259e1ae97b67089ffe42ffe3a62bdbffce1798975217684
    • Instruction Fuzzy Hash: D1514332302AC4B7D618DB38D640BEDB7A8F79A340F844121E7A983761CF35A5B9C302
    Uniqueness

    Uniqueness Score: -1.00%

    Function 008F8A94 Relevance: 4.6, APIs: 3, Instructions: 70fileCOMMON
    Download Yara Rule
    APIs
      • Part of subcall function 008F8A68: FindClose.KERNEL32 ref: 008F8A7A
    • FindFirstFileW.KERNEL32 ref: 008F8AD6
      • Part of subcall function 008F3A1C: free.MSVCRT ref: 008F3A56
      • Part of subcall function 008F3A1C: memmove.MSVCRT ref: 008F3A71
    • FindFirstFileW.KERNEL32 ref: 008F8B16
    • free.MSVCRT ref: 008F8B24
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: Find$FileFirstfree$Closememmove
    • String ID:
    • API String ID: 2921071498-0
    • Opcode ID: c2bfc23aeee8615ccb13ad9b745f7da2731a103704a6929615fb56d3fc3ffed7
    • Instruction ID: 844a96ef8677b3da33b268c976a445775818f7bc2ae8eb55b6909b43265a3bc2
    • Opcode Fuzzy Hash: c2bfc23aeee8615ccb13ad9b745f7da2731a103704a6929615fb56d3fc3ffed7
    • Instruction Fuzzy Hash: ED210872208A848ACB21DF39E85036E6364F78A7B8F544321EBA9877D9DF39C945C741
    Uniqueness

    Uniqueness Score: -1.00%

    Function 008FDA4C Relevance: 1.5, APIs: 1, Instructions: 24COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 008FDA24: GetCurrentProcess.KERNEL32(?,?,00000001,?,008FDA5A), ref: 008FDA2E
    • GetSystemInfo.KERNEL32 ref: 008FDA90
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: CurrentInfoProcessSystem
    • String ID:
    • API String ID: 1098911721-0
    • Opcode ID: b5bbd8707294b7410e28d6df7c4dcbf7bf815fd9b96b29e640c125021a1a524d
    • Instruction ID: bdcfd69e957856f805fa85b72f58be025c84266196ad2815d2a5e44a30122aab
    • Opcode Fuzzy Hash: b5bbd8707294b7410e28d6df7c4dcbf7bf815fd9b96b29e640c125021a1a524d
    • Instruction Fuzzy Hash: 2EE0D86223C56C83CB30D728E441B39B361F7A5745FC09211EB8AC2E18EA2DC754CF08
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009106DC Relevance: .2, Instructions: 150COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 51b87b423445c07e3ff9f805dcea364fc8add8783b730053b3f1e0467506e147
    • Instruction ID: 986c2482ebb233a035e23601edf5e84f01adcbad98cd69df2d2f6e8e883787a6
    • Opcode Fuzzy Hash: 51b87b423445c07e3ff9f805dcea364fc8add8783b730053b3f1e0467506e147
    • Instruction Fuzzy Hash: 1041A9A3B2542513EB1C8D2AAC24B784543F7C8384F5AD2399E274B7C5E9BF8CC1C680
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0090FD4C Relevance: .1, Instructions: 135COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: a1e193211b1377197a9ffed0db1a3082c11c6598efc29a2749b5744c5b9d6266
    • Instruction ID: c597bddcc3eac578b870bc905de4f249eb5720ac64521ace8ffb128fabdfdde7
    • Opcode Fuzzy Hash: a1e193211b1377197a9ffed0db1a3082c11c6598efc29a2749b5744c5b9d6266
    • Instruction Fuzzy Hash: CA3113902B10F407CB2C0AAECCB3333200603902041FC842E330785FD0EE0CC900010C
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0090FA80 Relevance: .1, Instructions: 90COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 2cd27a4dda1deeeaf334fe34166b18873a0706cf160d75d765b7e8183f0e3f57
    • Instruction ID: 08250e22857f92aff11507f1256702f2e317ff0911755c5a0af0c0bac9627190
    • Opcode Fuzzy Hash: 2cd27a4dda1deeeaf334fe34166b18873a0706cf160d75d765b7e8183f0e3f57
    • Instruction Fuzzy Hash: 15213A27701A081BEF2E8939A831BF855859B94B84F494039AD1F97FC4F96CDE438340
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00962810 Relevance: .0, Instructions: 20COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: f6339687a6fdb4eab0407dc930f4d57bd5f1756f2c0a70c0d0a1bd60a329c261
    • Instruction ID: 74129e3e7b1eef353dc25d550d12ec0071620ca876b77b1fbe2c8b03cb8075de
    • Opcode Fuzzy Hash: f6339687a6fdb4eab0407dc930f4d57bd5f1756f2c0a70c0d0a1bd60a329c261
    • Instruction Fuzzy Hash: 48D01275BA940343EB89313C3C0237911C14798325FA88A9DEC1EC7751D15DDEF2944C
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0091AC58 Relevance: 128.0, APIs: 102, Instructions: 474COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 2563 91ac58-91ac7c 2564 91b470 2563->2564 2565 91ac82 2563->2565 2566 91b472-91b481 2564->2566 2567 91ac85-91ac92 2565->2567 2568 91ac98-91aca0 2567->2568 2569 91ad8a-91ad91 2567->2569 2570 91b440-91b449 2568->2570 2571 91aca6-91acec call 91aa14 call 8f8a0c call 8f3838 call 8f8eec 2568->2571 2569->2570 2572 91ad97-91addf call 8f3838 * 2 call 8f309c call 8fa840 2569->2572 2570->2567 2575 91b44f 2570->2575 2592 91ad47-91ad64 GetLastError call 91a274 2571->2592 2593 91acee-91ad42 free * 2 2571->2593 2590 91ade1-91ae3a call 91aa14 call 91a274 free * 4 2572->2590 2591 91ae3f-91ae47 2572->2591 2575->2564 2590->2570 2596 91ae49-91ae67 free * 3 2591->2596 2597 91ae6c-91ae71 2591->2597 2604 91b451-91b46e free * 2 2592->2604 2605 91ad6a-91ad85 free * 2 2592->2605 2593->2570 2596->2570 2598 91ae73-91ae91 free * 3 2597->2598 2599 91ae96-91aeb2 call 8fa9cc call 8fb2f4 2597->2599 2598->2570 2610 91aee2-91af28 call 8f3838 call 91aa14 call 8f7cc0 free 2599->2610 2611 91aeb4-91aedd free * 4 2599->2611 2604->2566 2605->2570 2618 91af66-91af92 call 8f3994 call 91aa50 2610->2618 2619 91af2a-91af61 free * 5 2610->2619 2611->2570 2624 91af94-91afe1 free * 7 2618->2624 2625 91afe6-91b005 call 8f5374 2618->2625 2619->2570 2624->2570 2628 91b007-91b054 free * 7 2625->2628 2629 91b059-91b08b call 907d54 2625->2629 2628->2570 2632 91b0ed-91b0f7 call 8fb690 2629->2632 2633 91b08d-91b093 2629->2633 2637 91b159-91b164 2632->2637 2638 91b0f9-91b154 free * 8 2632->2638 2633->2632 2634 91b095-91b0e8 free * 8 2633->2634 2634->2570 2639 91b1c6-91b1cb 2637->2639 2640 91b166-91b1c1 free * 8 2637->2640 2638->2570 2641 91b22d-91b263 call 907d54 call 8f5374 free 2639->2641 2642 91b1cd-91b228 free * 8 2639->2642 2640->2570 2647 91b2c5-91b339 call 907d54 call 8f3c44 call 8fab08 2641->2647 2648 91b265-91b2c0 free * 8 2641->2648 2642->2570 2655 91b3b7-91b43b call 91a828 free * 10 2647->2655 2656 91b33b-91b3b2 free * 10 2647->2656 2648->2570 2655->2570 2656->2570
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$ErrorLast
    • String ID:
    • API String ID: 408039514-0
    • Opcode ID: 43ca270f87d7777ea20fdabc169f4ab63355cd9036ff1aef8c3641760f469160
    • Instruction ID: e4f983e6f00a495e446fdb2f16a8954cdd3713386227beefa29245668dba7227
    • Opcode Fuzzy Hash: 43ca270f87d7777ea20fdabc169f4ab63355cd9036ff1aef8c3641760f469160
    • Instruction Fuzzy Hash: 2802C62225D58882EA20EF35F45177FA331FBE6784F006413AB8ED7A29CE6DC555CB42
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0090A01C Relevance: 64.8, APIs: 35, Strings: 8, Instructions: 291COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 3944 90a01c-90a050 3945 90a052-90a055 3944->3945 3946 90a05e-90a06d call 8f3838 3944->3946 3945->3946 3947 90a057-90a059 3945->3947 3951 90a09f-90a0bd call 8f3c98 call 909fe4 3946->3951 3952 90a06f-90a09a call 9080e0 call 8f3a84 free 3946->3952 3949 90a496-90a4a7 3947->3949 3961 90a0e3-90a0f1 call 8f3838 3951->3961 3962 90a0bf-90a0de call 908da0 3951->3962 3952->3951 3968 90a0f3-90a0f7 3961->3968 3969 90a108-90a121 call 8fc08c 3961->3969 3967 90a43f-90a44b free 3962->3967 3967->3949 3968->3969 3970 90a0f9-90a106 call 8f3a84 3968->3970 3975 90a150-90a155 3969->3975 3976 90a123-90a13c call 908c20 3969->3976 3970->3975 3978 90a157-90a176 call 908c20 free 3975->3978 3979 90a17b-90a17e 3975->3979 3976->3975 3984 90a13e-90a14b free 3976->3984 3978->3967 3982 90a180-90a185 3979->3982 3983 90a1e5-90a1e9 3979->3983 3988 90a189 call 8f79dc 3982->3988 3985 90a1eb-90a1f2 3983->3985 3986 90a24d-90a275 call 8fab08 3983->3986 3984->3967 3985->3986 3989 90a1f4-90a1f8 3985->3989 3998 90a277-90a2a5 call 908c20 free * 2 3986->3998 3999 90a2aa-90a2ef call 8f3838 * 2 call 8f309c call 8fa840 3986->3999 3990 90a18e-90a191 3988->3990 3989->3986 3992 90a1fa-90a212 call 909e9c 3989->3992 3993 90a193-90a1bb call 8f9d64 call 908da0 3990->3993 3994 90a1cd-90a1e0 free 3990->3994 4006 90a214-90a21c 3992->4006 4007 90a21e-90a248 call 908da0 free 3992->4007 3993->3994 4012 90a1bd-90a1c8 free 3993->4012 3994->3967 3998->3967 4019 90a2f5-90a310 call 908c20 3999->4019 4020 90a38f-90a3ab call 8fb064 3999->4020 4006->3986 4006->4007 4007->3967 4012->3967 4027 90a312-90a34a free * 5 4019->4027 4028 90a34f-90a38a free * 5 4019->4028 4025 90a3b1-90a3c8 call 908ca8 4020->4025 4026 90a44d-90a494 free * 6 4020->4026 4031 90a404-90a43c free * 5 4025->4031 4032 90a3ca-90a402 free * 5 4025->4032 4026->3949 4027->3967 4028->3967 4031->3967 4032->3967
    APIs
    Strings
    • Cannot create symbolic link, xrefs: 0090A3B4
    • Internal error for symbolic link file, xrefs: 0090A2FC
    • Empty link, xrefs: 0090A15A
    • Dangerous symbolic link path was ignored, xrefs: 0090A22A
    • Cannot create hard link, xrefs: 0090A1A5
    • Incorrect path, xrefs: 0090A128
    • Dangerous link path was ignored, xrefs: 0090A0CB
    • Cannot fill link data, xrefs: 0090A27E
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID: Cannot create hard link$Cannot create symbolic link$Cannot fill link data$Dangerous link path was ignored$Dangerous symbolic link path was ignored$Empty link$Incorrect path$Internal error for symbolic link file
    • API String ID: 1294909896-553938736
    • Opcode ID: 768d8521470efff5bb92bd63eeeee6aef9a78691607ca6b99a85bfa607c719e2
    • Instruction ID: a37258728487320209904d0d91a4bbdc4af00fae41ed001b728c2c0818a9aad2
    • Opcode Fuzzy Hash: 768d8521470efff5bb92bd63eeeee6aef9a78691607ca6b99a85bfa607c719e2
    • Instruction Fuzzy Hash: E6B1C522219A8496EB10EF35E44067F6730FBE6B84F401022FB8ED7666CE7DC955C742
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0092A9C8 Relevance: 51.1, APIs: 25, Strings: 4, Instructions: 367libraryloaderCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: AddressProc
    • String ID: GetHandlerProperty$GetHandlerProperty2$GetIsArc$GetNumberOfFormats
    • API String ID: 190572456-3984264347
    • Opcode ID: e869bf0a6a127539f963073649a15d329ba561c9b3f5cadce0629ddef99b6eca
    • Instruction ID: 1b898b8e7680e750256078abaf140bca98c3c8d5aeb0b5a4e44d8cc132fb7af0
    • Opcode Fuzzy Hash: e869bf0a6a127539f963073649a15d329ba561c9b3f5cadce0629ddef99b6eca
    • Instruction Fuzzy Hash: E9E17072219AD496DA20EB25F8407AEB3A4F7D5B80F405922EB8E87B1DDF3CC545CB05
    Uniqueness

    Uniqueness Score: -1.00%

    Function 008FB9A8 Relevance: 40.8, APIs: 22, Strings: 5, Instructions: 338COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID:
    • String ID: .$/$\$\\?\$\\?\UNC\
    • API String ID: 0-3055514900
    • Opcode ID: 6f0e6db45f8e05aad706159796fe854dbe4909ed6d10700254d26a9f88fc51a9
    • Instruction ID: b1c8972cf4219840221a06b4f33aba685831e5d76b0e93d2314f139c0408a906
    • Opcode Fuzzy Hash: 6f0e6db45f8e05aad706159796fe854dbe4909ed6d10700254d26a9f88fc51a9
    • Instruction Fuzzy Hash: 8AC1402220964C91DE20FF39D5516BFA730FBA27D8F905012FB4AC766ADF69C54AC702
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00906868 Relevance: 40.7, APIs: 25, Strings: 2, Instructions: 211COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$memmove$ExceptionThrow
    • String ID: incorrect update switch command$pqrxyzw
    • API String ID: 3957182552-3922825594
    • Opcode ID: 0bb9e465b3e90d1c43559cf99aa4d823f0563a991f13520be30a8144dfb68724
    • Instruction ID: 1ec62de28a2f86b7a8ddcd453b0f8a6839a3dffa4072b34b4d2f02289c117264
    • Opcode Fuzzy Hash: 0bb9e465b3e90d1c43559cf99aa4d823f0563a991f13520be30a8144dfb68724
    • Instruction Fuzzy Hash: 0181922221898896DB20EF29E48176F7334F7D5B84F405123EB8EC76A9DF39C955CB41
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0091C1C8 Relevance: 40.4, APIs: 32, Instructions: 434COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$memmove$ExceptionThrowmalloc
    • String ID:
    • API String ID: 3216536937-0
    • Opcode ID: ecc86ab596bd4b0bf06f5942110360e8597106b25e14c85d649491944027f2cf
    • Instruction ID: ce8b4b09732d957e1ea74fb50beb4e14aa6bb5eac63ef6e4c247ac28c2428fba
    • Opcode Fuzzy Hash: ecc86ab596bd4b0bf06f5942110360e8597106b25e14c85d649491944027f2cf
    • Instruction Fuzzy Hash: ADE1F57334868887CA20EE29F4901EEA764F396BD4F491526EF9D9B754DE79C881CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00905574 Relevance: 38.8, APIs: 14, Strings: 8, Instructions: 264COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 008F1640: free.MSVCRT(?,?,?,?,?,?,?,?,?,?,009055B5), ref: 008F16B2
      • Part of subcall function 008F1640: free.MSVCRT(?,?,?,?,?,?,?,?,?,?,009055B5), ref: 008F16BA
      • Part of subcall function 008F1640: free.MSVCRT(?,?,?,?,?,?,?,?,?,?,009055B5), ref: 008F16F4
    • _CxxThrowException.MSVCRT ref: 009055D8
    • _isatty.MSVCRT ref: 009055E8
    • _isatty.MSVCRT ref: 00905601
    • _isatty.MSVCRT ref: 0090561A
    • free.MSVCRT ref: 009056A1
    • _CxxThrowException.MSVCRT ref: 00905789
    • wcscmp.MSVCRT ref: 00905817
    • _CxxThrowException.MSVCRT ref: 00905857
    • _CxxThrowException.MSVCRT ref: 00905927
    • GetCurrentProcess.KERNEL32 ref: 00905947
    • SetProcessAffinityMask.KERNEL32 ref: 00905953
    • GetLastError.KERNEL32 ref: 0090595E
    • free.MSVCRT ref: 00905993
    • free.MSVCRT ref: 009059A6
    Strings
    • SeLockMemoryPrivilege, xrefs: 00905874
    • Set process affinity mask: , xrefs: 009058C2
    • SeRestorePrivilege, xrefs: 009057C1
    • Unsupported switch postfix -bb, xrefs: 0090576C
    • SeCreateSymbolicLinkPrivilege, xrefs: 009057CF
    • Unsupported switch postfix -stm, xrefs: 0090590A
    • : ERROR : , xrefs: 00905966
    • Unsupported switch postfix for -slp, xrefs: 0090583A
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$ExceptionThrow$_isatty$Process$AffinityCurrentErrorLastMaskwcscmp
    • String ID: : ERROR : $SeCreateSymbolicLinkPrivilege$SeLockMemoryPrivilege$SeRestorePrivilege$Set process affinity mask: $Unsupported switch postfix -bb$Unsupported switch postfix -stm$Unsupported switch postfix for -slp
    • API String ID: 1978914637-1912842784
    • Opcode ID: 13a8d70bc6de4ae4f79de0de2cf91195d16ec51f15e1a5e48c5f431480fe1cf1
    • Instruction ID: 39d0932e955a8c982c9f1f82e17bf8c63e8c2368f92fe15f077ae469d7741c26
    • Opcode Fuzzy Hash: 13a8d70bc6de4ae4f79de0de2cf91195d16ec51f15e1a5e48c5f431480fe1cf1
    • Instruction Fuzzy Hash: 7CC19C73204AC49ADB20DF39E4803AD7B65F795B84F998022EB8D47766DF38C994CB01
    Uniqueness

    Uniqueness Score: -1.00%

    Function 008F9070 Relevance: 37.2, APIs: 18, Strings: 3, Instructions: 488COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 008F38A4: memmove.MSVCRT ref: 008F38DC
    • free.MSVCRT ref: 008F934E
    • free.MSVCRT ref: 008F937E
    • free.MSVCRT ref: 008F9389
    • free.MSVCRT ref: 008F939E
    • free.MSVCRT ref: 008F944B
      • Part of subcall function 008F9070: SetLastError.KERNEL32 ref: 008F93AE
      • Part of subcall function 008F9070: free.MSVCRT ref: 008F93BA
      • Part of subcall function 008F9070: free.MSVCRT ref: 008F93C5
      • Part of subcall function 008F9070: free.MSVCRT ref: 008F93DA
      • Part of subcall function 008F9070: free.MSVCRT ref: 008F945C
      • Part of subcall function 008F9070: free.MSVCRT ref: 008F9467
    • free.MSVCRT ref: 008F941E
    • free.MSVCRT ref: 008F9429
    • free.MSVCRT ref: 008F943E
    • wcscmp.MSVCRT ref: 008F96B8
    • free.MSVCRT ref: 008F96D8
    • free.MSVCRT ref: 008F9724
      • Part of subcall function 008F3A1C: free.MSVCRT ref: 008F3A56
      • Part of subcall function 008F3A1C: memmove.MSVCRT ref: 008F3A71
    • free.MSVCRT ref: 008F9762
      • Part of subcall function 008F8A68: FindClose.KERNEL32 ref: 008F8A7A
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$memmove$CloseErrorFindLastwcscmp
    • String ID: :$:$DATA$\
    • API String ID: 2757989841-1004618218
    • Opcode ID: 5bee2276aa1e2e1f6c1f187828e2f0446fc0be64e6adc5a63f985b402d4a9021
    • Instruction ID: 7e3cee7ff1e097ccd3c23e381660156acc8c6329e583443088c2fb21b7652f9e
    • Opcode Fuzzy Hash: 5bee2276aa1e2e1f6c1f187828e2f0446fc0be64e6adc5a63f985b402d4a9021
    • Instruction Fuzzy Hash: 6F12A13210968896CB20EF3AE49027DB770F795750F404116E7CEC7A68EF39C5A6CB06
    Uniqueness

    Uniqueness Score: -1.00%

    Function 008F6918 Relevance: 35.4, APIs: 19, Strings: 1, Instructions: 351COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$wcscmp$ExceptionThrowmemmove
    • String ID: Empty file path
    • API String ID: 3919112945-1562447899
    • Opcode ID: 54aa79ae91e240c1b5e1498017959fc2f070300b99cc1831538301becdd5f97f
    • Instruction ID: ddd438d8d1475d26758341a27644feda7c98712d9d42d4f0d42cf153e188c6b3
    • Opcode Fuzzy Hash: 54aa79ae91e240c1b5e1498017959fc2f070300b99cc1831538301becdd5f97f
    • Instruction Fuzzy Hash: 14D1B33620868886DB20DF35E44037EB761F795BD8F449212EF9AD7B19EB39C965C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009090AC Relevance: 31.8, APIs: 17, Strings: 4, Instructions: 276COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID: Cannot create file with auto name$Cannot delete output file$Cannot delete output folder$Cannot rename existing file
    • API String ID: 1294909896-3443351061
    • Opcode ID: bd3c4d11125fda68bbd343f365ab436f9b8d600fc4a0e1ebe96ae8d4e6009fb2
    • Instruction ID: a45343ef7e5e3df302058772bc268a1f01faab5a05fa647e7dec54b3e10c8fe7
    • Opcode Fuzzy Hash: bd3c4d11125fda68bbd343f365ab436f9b8d600fc4a0e1ebe96ae8d4e6009fb2
    • Instruction Fuzzy Hash: 95A196322085848ADB20EF65E4913BE7360F7D6780F505522EBDEC76AACE79C946CB01
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0095B6A4 Relevance: 31.4, APIs: 25, Instructions: 158COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: ad2c8f35ca1bc9707d439b27c8b2808c47e9594d9ccfbdab951fbb3e9d92f535
    • Instruction ID: 1148c0ab8a3d877d82e163feec77def948d530debd34eac5378324c9572eac2f
    • Opcode Fuzzy Hash: ad2c8f35ca1bc9707d439b27c8b2808c47e9594d9ccfbdab951fbb3e9d92f535
    • Instruction Fuzzy Hash: DB517927614A8886DB20EE36E85127E2334FBE6F99F181133EF1D9B719DF25C8058311
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0092B650 Relevance: 30.1, APIs: 13, Strings: 4, Instructions: 306libraryloaderCOMMON
    Download Yara Rule
    APIs
    • free.MSVCRT ref: 0092B6AB
    • free.MSVCRT ref: 0092B6E1
    • free.MSVCRT ref: 0092B6E9
    • free.MSVCRT ref: 0092B6F1
    • free.MSVCRT ref: 0092B822
    • free.MSVCRT ref: 0092B82D
    • free.MSVCRT(?), ref: 0092B8E7
    • memmove.MSVCRT(?), ref: 0092B91D
    • free.MSVCRT(?), ref: 0092B9D2
    • free.MSVCRT ref: 0092BAF8
      • Part of subcall function 00923504: free.MSVCRT ref: 00923537
      • Part of subcall function 00923504: free.MSVCRT ref: 0092353F
      • Part of subcall function 00923504: free.MSVCRT ref: 0092354C
      • Part of subcall function 00923504: free.MSVCRT ref: 00923578
      • Part of subcall function 00923504: free.MSVCRT ref: 00923581
      • Part of subcall function 00923504: free.MSVCRT ref: 00923589
      • Part of subcall function 00923504: free.MSVCRT ref: 00923596
    • free.MSVCRT ref: 0092BA24
      • Part of subcall function 008F3A1C: free.MSVCRT ref: 008F3A56
      • Part of subcall function 008F3A1C: memmove.MSVCRT ref: 008F3A71
    • free.MSVCRT ref: 0092BA5C
    • GetProcAddress.KERNEL32 ref: 0092BAB2
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$memmove$AddressProc
    • String ID: 7z.dll$Codecs$Formats$SetCodecs
    • API String ID: 4053071709-3422688593
    • Opcode ID: 642de856b909e9505264459b22989c0dba8b8d2d70529ac67a6d3f33c8363729
    • Instruction ID: d6af69d62262af34f8b12b547c5274fbd263fe4a4b0d29eb4a5eb93887dbac81
    • Opcode Fuzzy Hash: 642de856b909e9505264459b22989c0dba8b8d2d70529ac67a6d3f33c8363729
    • Instruction Fuzzy Hash: 81C1A066205AD496DB20EF25F4803AFB7A4F385788F544112DB8E87B29DF3DC969C701
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00950220 Relevance: 29.8, APIs: 15, Strings: 2, Instructions: 72windowCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$CriticalSection$DeleteErrorLastObject$CloseEnterHandleLeaveMessageSingleWait
    • String ID: 7-Zip$The flaw in benchmark thread code
    • API String ID: 2345663701-3330149223
    • Opcode ID: e4e0e42cfd89d51a9286e73ac39ba08e37da77f4ab00b2c6d9740c65688a8ba0
    • Instruction ID: ae4591fa44964d36681e42266ac15415de939365ae22ad6afc550a2557e098da
    • Opcode Fuzzy Hash: e4e0e42cfd89d51a9286e73ac39ba08e37da77f4ab00b2c6d9740c65688a8ba0
    • Instruction Fuzzy Hash: 37319332305A4992EA08EF76E9953EE6334FBA1B45F440122DB1DC7261DF65C4B6C341
    Uniqueness

    Uniqueness Score: -1.00%

    Function 008F25A8 Relevance: 29.0, APIs: 23, Instructions: 296COMMON
    Download Yara Rule
    APIs
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 008F25EF
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 008F2613
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: ErrorLast
    • String ID:
    • API String ID: 1452528299-0
    • Opcode ID: 501c5b932b2b1add642e07ede6af56f68e95751889dedc4847e0520a7104f793
    • Instruction ID: 35cd4fc6e8fd55ae2dbed1223d39e98c1b7975bee11cb70f64abdebece595be8
    • Opcode Fuzzy Hash: 501c5b932b2b1add642e07ede6af56f68e95751889dedc4847e0520a7104f793
    • Instruction Fuzzy Hash: 7BA1C22220868C86DB20EF79E45067EB730F7E5794F941122EBDAC3659DE6DC945CB01
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0091BD8C Relevance: 29.0, APIs: 23, Instructions: 213COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$ErrorLast
    • String ID:
    • API String ID: 408039514-0
    • Opcode ID: 758a4fe82d69083a279fb0ec433c0c44116bbc046c6634353654594fb37c8a89
    • Instruction ID: 819836816dc49d1cf413738022b1f9ad96d062f1ba780b1fa35413c493afa3ba
    • Opcode Fuzzy Hash: 758a4fe82d69083a279fb0ec433c0c44116bbc046c6634353654594fb37c8a89
    • Instruction Fuzzy Hash: 03719722319A8882DA20EF29F8503AFA721F7D67D4F441112FF9D97769DF29C545C701
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0091DE54 Relevance: 28.8, APIs: 17, Strings: 2, Instructions: 309COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 0091DCA8: free.MSVCRT ref: 0091DD67
    • memmove.MSVCRT ref: 0091DEDB
    • free.MSVCRT ref: 0091DEF2
    • free.MSVCRT ref: 0091DF93
    • _CxxThrowException.MSVCRT ref: 0091DFDC
    • free.MSVCRT ref: 0091E065
      • Part of subcall function 0091DDD0: free.MSVCRT ref: 0091DDE3
      • Part of subcall function 0091DDD0: free.MSVCRT ref: 0091DDFE
      • Part of subcall function 0091DDD0: free.MSVCRT ref: 0091DE07
      • Part of subcall function 0091DDD0: free.MSVCRT ref: 0091DE32
      • Part of subcall function 0091DDD0: free.MSVCRT ref: 0091DE3A
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$ExceptionThrowmemmove
    • String ID: Cannot find archive$Duplicate archive path:
    • API String ID: 3934437811-2067063536
    • Opcode ID: 8bd6f2fa2d723cc32cb533845d59ea0ed721ab0c917bcf893a01747202f2586e
    • Instruction ID: 1c398e3a464cb801b01de9f4bbdfaff131eed9ed5ee9c2622d89bd34cb4c463b
    • Opcode Fuzzy Hash: 8bd6f2fa2d723cc32cb533845d59ea0ed721ab0c917bcf893a01747202f2586e
    • Instruction Fuzzy Hash: 05B1C472315A8882DA10EF25E4906AEB3A5F7C5BD4F444912EF9E47B28DF7CC981CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0090EE14 Relevance: 28.8, APIs: 18, Strings: 1, Instructions: 300COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID: \\?\
    • API String ID: 1294909896-4282027825
    • Opcode ID: b3cd5437d8f9dfed64496b373d2137fb8cb08684ba30f31cf6a2fabf61ff8bfc
    • Instruction ID: ca11c1392681e76f00bd611faf476e5aa0ef14f1523ce6862fa70dbd330560ad
    • Opcode Fuzzy Hash: b3cd5437d8f9dfed64496b373d2137fb8cb08684ba30f31cf6a2fabf61ff8bfc
    • Instruction Fuzzy Hash: DEC1BF32205A4486DB24EF39E46036E7770FBD9B98F041122EB5E87BA5DF39C556C701
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00928E2C Relevance: 27.2, APIs: 13, Strings: 5, Instructions: 152COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID: 7z.dll$Codecs$Formats$Path$Path64
    • API String ID: 1294909896-3804457719
    • Opcode ID: 7d04405bedf7f1297f348ae7281b27cdfafb9145c93ecc16b839865e845a2279
    • Instruction ID: f95eacd6c51d8440224260e14a9d0aa488d037c716017975efacbeae688fb8b2
    • Opcode Fuzzy Hash: 7d04405bedf7f1297f348ae7281b27cdfafb9145c93ecc16b839865e845a2279
    • Instruction Fuzzy Hash: B551C36224964840DA20EF29F4513BB5721FBD67E8F542212BA8E876BACF7DC646C701
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0090B644 Relevance: 25.2, APIs: 20, Instructions: 169COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: 2a02dfe0104e9e18e8bf52846362ef46ba6e0a3e29c7788ee4fea2cb2e2dbe8b
    • Instruction ID: 1356be08edf2dd27663cbb8ea31362f5ca193aedbc4aee989d61c348c2de08e2
    • Opcode Fuzzy Hash: 2a02dfe0104e9e18e8bf52846362ef46ba6e0a3e29c7788ee4fea2cb2e2dbe8b
    • Instruction Fuzzy Hash: 0F513C26302A888ADB14EE36D4906BE2324FBE2F98F1D5132DF1E8B764CF25C8058311
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0095AF04 Relevance: 23.8, APIs: 19, Instructions: 79COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: 0ee37d0de87c118dc314c7650b46173f2c9b6c71de8c99621e613edc5af626f2
    • Instruction ID: 8ac3fce67911a0ee23315e335717bab84beff3678d62df90b7d6b75fe0bf54d1
    • Opcode Fuzzy Hash: 0ee37d0de87c118dc314c7650b46173f2c9b6c71de8c99621e613edc5af626f2
    • Instruction Fuzzy Hash: 8C31FE2261594C82DA11FF3AE8512BF2330FBA5F99F1811339F1DCF259DE66C8518351
    Uniqueness

    Uniqueness Score: -1.00%

    Function 008F7F30 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 131threadCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$CountCurrentErrorLastTick$CreateDirectoryProcessThread
    • String ID: .tmp$d
    • API String ID: 503816515-2797371523
    • Opcode ID: 9e8f877786d186f91d47dda333f91a0d42906bcb736f0f1cfcca021007d22814
    • Instruction ID: 82ee25acb17bf5841f68e65b2802c6f2a60c97eeee4e0a2050961b5daff14d5a
    • Opcode Fuzzy Hash: 9e8f877786d186f91d47dda333f91a0d42906bcb736f0f1cfcca021007d22814
    • Instruction Fuzzy Hash: E741F423204948C6DB30AB3AE85077EA760F7D5BE8F841212EF5AC7765CE79C586C702
    Uniqueness

    Uniqueness Score: -1.00%

    Function 008F1F70 Relevance: 22.7, APIs: 13, Strings: 2, Instructions: 237COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID: 7-Zip$;!@Lang2@!UTF-8!
    • API String ID: 1294909896-2808261504
    • Opcode ID: d2aa84bba052d5d33c47033f9a5e9d359647875338df3eb5f871f7a00db1c597
    • Instruction ID: 3433cb3c6dd23b8be048cdc20e4511b76b9269739206fc773c97fb450fa5eb0d
    • Opcode Fuzzy Hash: d2aa84bba052d5d33c47033f9a5e9d359647875338df3eb5f871f7a00db1c597
    • Instruction Fuzzy Hash: C4810522215A8C86CF20EF39E49167E7370F7D6B88F146112EB8AC3655DF79C842C741
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0090C750 Relevance: 22.7, APIs: 18, Instructions: 156COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$memmove
    • String ID:
    • API String ID: 1534225298-0
    • Opcode ID: 5a64cb8b025ce9cbe47016656368c3300efbe308f94039438391c0f2bff60373
    • Instruction ID: 0ce10a3b895ac33948e67f1f9864dd96a20d6e2ee3973c5e3a49732dc5aa9e54
    • Opcode Fuzzy Hash: 5a64cb8b025ce9cbe47016656368c3300efbe308f94039438391c0f2bff60373
    • Instruction Fuzzy Hash: 4B51C862708A8486EA20EF25F49027FA720FBA1BD4F485222FF8D87769CF2CC555C701
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00906C60 Relevance: 22.7, APIs: 13, Strings: 2, Instructions: 156COMMON
    Download Yara Rule
    APIs
    • memmove.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,009079FF), ref: 00906C9A
    • memmove.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,009079FF), ref: 00906CB3
    • memmove.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,009079FF), ref: 00906CCC
    • _CxxThrowException.MSVCRT ref: 00906E6D
    • _CxxThrowException.MSVCRT ref: 00906E93
    • free.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,009079FF), ref: 00906EA1
    • free.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,009079FF), ref: 00906EAE
    • free.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,009079FF), ref: 00906EBB
    • free.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,009079FF), ref: 00906EC8
    • free.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,009079FF), ref: 00906ED5
    • free.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,009079FF), ref: 00906EDF
    • free.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,009079FF), ref: 00906EE9
    • free.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,009079FF), ref: 00906EF3
    Strings
    • Incorrect volume size:, xrefs: 00906E50
    • zero size last volume is not allowed, xrefs: 00906E76
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$memmove$ExceptionThrow
    • String ID: Incorrect volume size:$zero size last volume is not allowed
    • API String ID: 3957182552-998621408
    • Opcode ID: 5a6d8f90cae069e373a02852b887d6c899fb7bde732bb2c1a23a22f3bcaed9db
    • Instruction ID: cd33c5d348f07d140a1fd9d513924520fc85afb70254ba51bbe82f13613002ed
    • Opcode Fuzzy Hash: 5a6d8f90cae069e373a02852b887d6c899fb7bde732bb2c1a23a22f3bcaed9db
    • Instruction Fuzzy Hash: 4861BF72304A8896DB24EF29E8903EEB320F7D5784F448112EB9E877A5DF78C5A4C701
    Uniqueness

    Uniqueness Score: -1.00%

    Function 008FFDDC Relevance: 21.6, APIs: 17, Instructions: 348COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$ClearVariant
    • String ID:
    • API String ID: 1677346816-0
    • Opcode ID: 9542eb667aaa7420ddddbe31d3af765830529117e27002447caa3da8c5b3769b
    • Instruction ID: 54644bcc451144ba9b1b170db4e5dcac743e6c979a250e6cafa2b079ad32c97a
    • Opcode Fuzzy Hash: 9542eb667aaa7420ddddbe31d3af765830529117e27002447caa3da8c5b3769b
    • Instruction Fuzzy Hash: 61C19322318688C6CA20EF39E48067E6770FBD9B84F504522EB4DE7B65CF39C955CB01
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0095F850 Relevance: 20.1, APIs: 16, Instructions: 74COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: 6ef4307eeca47555ae394ead19c95686df2f1a2ad5413b40c6dffdff018b8a26
    • Instruction ID: 693aa36b0deb3758a065f95262ac3ef8d91995d55a4cba3e8a27bfcf156f6940
    • Opcode Fuzzy Hash: 6ef4307eeca47555ae394ead19c95686df2f1a2ad5413b40c6dffdff018b8a26
    • Instruction Fuzzy Hash: 87213E2271498882DB10FE3AE8612BE2334FBA1F98F4811339F1DDF259CF65C8518351
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0092B0C4 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 186libraryloaderCOMMON
    Download Yara Rule
    APIs
    • GetProcAddress.KERNEL32 ref: 0092B24F
    • GetProcAddress.KERNEL32 ref: 0092B270
    • GetProcAddress.KERNEL32 ref: 0092B293
    • free.MSVCRT ref: 0092B350
    • GetLastError.KERNEL32 ref: 0092B11D
      • Part of subcall function 008F7304: FreeLibrary.KERNEL32(?,?,?,008F7387), ref: 008F7315
      • Part of subcall function 008FF7BC: _CxxThrowException.MSVCRT ref: 008FF7EC
      • Part of subcall function 008FF7BC: memmove.MSVCRT ref: 008FF825
      • Part of subcall function 008FF7BC: free.MSVCRT ref: 008FF82D
      • Part of subcall function 008F4698: malloc.MSVCRT(?,?,?,?,008F34FD), ref: 008F46A8
    • free.MSVCRT ref: 0092B361
    Strings
    • CreateObject, xrefs: 0092B288
    • the module is not compatible with program, xrefs: 0092B21D
    • SetCaseSensitive, xrefs: 0092B265
    • cannot load file as datafile library, xrefs: 0092B147
    • SetLargePageMode, xrefs: 0092B244
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: AddressProcfree$ErrorExceptionFreeLastLibraryThrowmallocmemmove
    • String ID: CreateObject$SetCaseSensitive$SetLargePageMode$cannot load file as datafile library$the module is not compatible with program
    • API String ID: 3693867649-1792956296
    • Opcode ID: 981badb3af0232553e06598b2dc5d8355d180a9ac9d89f0cb75a41e6b3bb6e3c
    • Instruction ID: acf6df91aaa0837e79dcb869316d814f98b800d77243c855436d3d5ae33e25b9
    • Opcode Fuzzy Hash: 981badb3af0232553e06598b2dc5d8355d180a9ac9d89f0cb75a41e6b3bb6e3c
    • Instruction Fuzzy Hash: 5161F022300B6096EF18EF26E5643AD33A4FB85B84F444125DF5E8775AEF38C865C340
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0092A374 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 149libraryloaderCOMMON
    Download Yara Rule
    APIs
    • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,FFFFFFFF,00000000), ref: 0092A3A5
    • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,FFFFFFFF,00000000), ref: 0092A3BA
    • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,FFFFFFFF,00000000), ref: 0092A3CF
    • GetProcAddress.KERNEL32 ref: 0092A3FA
    • memmove.MSVCRT ref: 0092A51D
    • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,FFFFFFFF,00000000), ref: 0092A550
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: AddressProc$memmove
    • String ID: CreateDecoder$CreateEncoder$GetHashers$GetMethodProperty$GetNumberOfMethods
    • API String ID: 2879976980-73314117
    • Opcode ID: b823427ccf7fe37f7a91378e0a3eb44b700fe43c64822c16b4aaa901a0ddd727
    • Instruction ID: 27d6e5d6585070c306c1e82c1d80a1c7c31e138737012cadef4d69dc87ad5f83
    • Opcode Fuzzy Hash: b823427ccf7fe37f7a91378e0a3eb44b700fe43c64822c16b4aaa901a0ddd727
    • Instruction Fuzzy Hash: E1517D33258A908ACB21DF64F88475EB365F7C4794F540222FA9E83B68DF79C945CB41
    Uniqueness

    Uniqueness Score: -1.00%

    Function 008FE508 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 85libraryloaderCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$AddressHandleModuleProc
    • String ID: : $ SP:$RtlGetVersion$Windows$ntdll.dll
    • API String ID: 399046674-586651410
    • Opcode ID: 73b6c613b08eccfbdc997bc7d1bfb8db6301db1b95f7660a6045e0eaf9e87c5c
    • Instruction ID: a82479e1849d6547c266e0311a9c3587df4a7a9160b70695745af5ba94eac3c8
    • Opcode Fuzzy Hash: 73b6c613b08eccfbdc997bc7d1bfb8db6301db1b95f7660a6045e0eaf9e87c5c
    • Instruction Fuzzy Hash: 1031FF2221998992DA20EB34F8557BEA330F7D4714F905212A39E836B9DF7DC648CB41
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0095A0B4 Relevance: 15.2, APIs: 9, Strings: 1, Instructions: 217COMMON
    Download Yara Rule
    APIs
    • free.MSVCRT ref: 0095A1AA
    • free.MSVCRT ref: 0095A1C0
      • Part of subcall function 008F7CE0: GetCurrentDirectoryW.KERNEL32 ref: 008F7D16
      • Part of subcall function 008F3A84: free.MSVCRT ref: 008F3AB0
      • Part of subcall function 008F3A84: memmove.MSVCRT ref: 008F3ACB
    • free.MSVCRT ref: 0095A283
    • free.MSVCRT ref: 0095A299
    • free.MSVCRT ref: 0095A312
      • Part of subcall function 00959CE8: free.MSVCRT ref: 00959CFB
      • Part of subcall function 00959CE8: free.MSVCRT ref: 00959D04
      • Part of subcall function 00959CE8: free.MSVCRT ref: 00959D0D
      • Part of subcall function 00959CE8: free.MSVCRT ref: 00959D39
      • Part of subcall function 00959CE8: free.MSVCRT ref: 00959D41
      • Part of subcall function 00959CE8: free.MSVCRT ref: 00959D4E
    • free.MSVCRT ref: 0095A34B
    • free.MSVCRT ref: 0095A36A
    • free.MSVCRT ref: 0095A450
    • free.MSVCRT ref: 0095A47E
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$CurrentDirectorymemmove
    • String ID: Incorrect output directory path
    • API String ID: 912233722-1709033701
    • Opcode ID: 74fb337046bdabe2a0bcb2d124acbc9593f27df588346cc817d96341e3042393
    • Instruction ID: dcfcd509f6c26f8454575dace6ed069ab0aec4403acca32779b5a8680758e681
    • Opcode Fuzzy Hash: 74fb337046bdabe2a0bcb2d124acbc9593f27df588346cc817d96341e3042393
    • Instruction Fuzzy Hash: 7A915A62219AC496DB30DF25E8803AEB360F7D5758F445116EBCE83A69DF7CCA48CB05
    Uniqueness

    Uniqueness Score: -1.00%

    Function 008F79DC Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 87libraryloaderCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$AddressHandleModuleProc
    • String ID: CreateHardLinkW$kernel32.dll
    • API String ID: 399046674-294928789
    • Opcode ID: 45c2770a10062c7b22876b004d4a22dd8c3611b4ef92a6a62b8b6ef57fd6f297
    • Instruction ID: 06af59d37168dac6a448fb36873e703c527c6a99f35b57270ed538e08fb40940
    • Opcode Fuzzy Hash: 45c2770a10062c7b22876b004d4a22dd8c3611b4ef92a6a62b8b6ef57fd6f297
    • Instruction Fuzzy Hash: C621F11221959841EE20EB3AF8517BF5320FBC27D0F452222FF5ACB364DE29C945C600
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009491DC Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 84windowCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: Cursor$LoadMessageMultipleObjectsWait
    • String ID: 7-Zip$Progress Error
    • API String ID: 2443195859-3559664798
    • Opcode ID: 50fcc75b2eb104271002965a644e87822f1341d764e62794eb007a0235d988b7
    • Instruction ID: dc2ef8c9125f78327f3afb4a4aaab3817839f0a52554352d1c81ef3c42a2c21c
    • Opcode Fuzzy Hash: 50fcc75b2eb104271002965a644e87822f1341d764e62794eb007a0235d988b7
    • Instruction Fuzzy Hash: 58313B32304B95A2DB64DB62F844B6B73A4F785BD8F144625DEAA07764DF3CC096C300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00902464 Relevance: 13.9, APIs: 11, Instructions: 177COMMON
    Download Yara Rule
    APIs
    • free.MSVCRT(?,?,?,?,?,00000000,00000000,00000000,?,?,00000000,00902B2F), ref: 009024A9
    • free.MSVCRT(?,?,?,?,?,00000000,00000000,00000000,?,?,00000000,00902B2F), ref: 009025C1
    • free.MSVCRT(?,?,?,?,?,00000000,00000000,00000000,?,?,00000000,00902B2F), ref: 0090261D
    • free.MSVCRT(?,?,?,?,?,00000000,00000000,00000000,?,?,00000000,00902B2F), ref: 00902628
    • free.MSVCRT(?,?,?,?,?,00000000,00000000,00000000,?,?,00000000,00902B2F), ref: 0090263E
    • free.MSVCRT(?,?,?,?,?,00000000,00000000,00000000,?,?,00000000,00902B2F), ref: 00902649
    • free.MSVCRT(?,?,?,?,?,00000000,00000000,00000000,?,?,00000000,00902B2F), ref: 0090266D
    • free.MSVCRT(?,?,?,?,?,00000000,00000000,00000000,?,?,00000000,00902B2F), ref: 00902675
    • free.MSVCRT(?,?,?,?,?,00000000,00000000,00000000,?,?,00000000,00902B2F), ref: 0090269E
    • free.MSVCRT(?,?,?,?,?,00000000,00000000,00000000,?,?,00000000,00902B2F), ref: 009026A6
    • free.MSVCRT(?,?,?,?,?,00000000,00000000,00000000,?,?,00000000,00902B2F), ref: 009026B5
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: c0dea3f547511bf97fbddc5126a90c7bd7873fba473b0417a9b9ab1b1ca7e564
    • Instruction ID: 33ed0d7377c2d0e5dadad481babde9db4764a6b32f779dc49083269f93ecd164
    • Opcode Fuzzy Hash: c0dea3f547511bf97fbddc5126a90c7bd7873fba473b0417a9b9ab1b1ca7e564
    • Instruction Fuzzy Hash: D651A123215A448ADB20EF29E85416B6770FBD5BD8F541226FF9E877A4EF39C941CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0090BFA0 Relevance: 13.8, APIs: 8, Strings: 1, Instructions: 267COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: ClearVariant
    • String ID: \??\
    • API String ID: 1473721057-3047946824
    • Opcode ID: e226542296ef1cc639412a067e153d3ae52c1f06e057cc8806ee2dc3916aca80
    • Instruction ID: 855cdefe24e4f844d83c3ada43872a52e8cbdca22aa5d31802fdb0835739a6c2
    • Opcode Fuzzy Hash: e226542296ef1cc639412a067e153d3ae52c1f06e057cc8806ee2dc3916aca80
    • Instruction Fuzzy Hash: 89B18F63209684CADB20DF39E4442AE7774F785B84F584232EB9D8B769CF39C986C711
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0092C644 Relevance: 13.6, APIs: 8, Strings: 1, Instructions: 145COMMON
    Download Yara Rule
    APIs
    • free.MSVCRT(?,?,?,?,?,?,00000001,?,?,00000000,00934AF1), ref: 0092C6B2
    • free.MSVCRT(?,?,?,?,?,?,00000001,?,?,00000000,00934AF1), ref: 0092C6E2
      • Part of subcall function 008F3A84: free.MSVCRT ref: 008F3AB0
      • Part of subcall function 008F3A84: memmove.MSVCRT ref: 008F3ACB
    • free.MSVCRT(?,?,?,?,?,?,00000001,?,?,00000000,00934AF1), ref: 0092C6FB
    • free.MSVCRT(?,?,?,?,?,?,00000001,?,?,00000000,00934AF1), ref: 0092C744
    • free.MSVCRT(?,?,?,?,?,?,?,?,?,?,00000001,?,?,00000000,00934AF1), ref: 0092C7FD
    • free.MSVCRT(?,?,?,?,?,?,?,?,?,?,00000001,?,?,00000000,00934AF1), ref: 0092C811
    • free.MSVCRT(?,?,?,?,?,?,?,?,?,?,00000001,?,?,00000000,00934AF1), ref: 0092C81F
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$memmove
    • String ID: hash
    • API String ID: 1534225298-3518522040
    • Opcode ID: 3607c2d76f69ca726ba90f35cbe91f07667d2e9a913c7babf0bd4743f3771f0d
    • Instruction ID: 8b63e25342d5499ae0b8b4fc4ae4e408f83213fe223ba52b076b0de055c29a99
    • Opcode Fuzzy Hash: 3607c2d76f69ca726ba90f35cbe91f07667d2e9a913c7babf0bd4743f3771f0d
    • Instruction Fuzzy Hash: 9C51376210869085DB21EF38F4102AD7774EB92B98F149102EB4B877ADDBBDC586CB42
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00906008 Relevance: 13.6, APIs: 7, Strings: 2, Instructions: 132COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 008F25A8: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 008F25EF
    • _CxxThrowException.MSVCRT ref: 00906102
      • Part of subcall function 008F3B94: free.MSVCRT ref: 008F3BCC
      • Part of subcall function 008F3C98: memmove.MSVCRT ref: 008F3CC5
    • free.MSVCRT ref: 009060B9
    • _CxxThrowException.MSVCRT ref: 009060DC
    • _CxxThrowException.MSVCRT ref: 00906136
    • free.MSVCRT ref: 009061CA
    • free.MSVCRT ref: 009061D2
    • free.MSVCRT ref: 009061E0
    Strings
    • Incorrect item in listfile.Check charset encoding and -scs switch., xrefs: 009060E5, 00906119
    • The file operation error for listfile, xrefs: 0090607C
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$ExceptionThrow$ErrorLastmemmove
    • String ID: Incorrect item in listfile.Check charset encoding and -scs switch.$The file operation error for listfile
    • API String ID: 2826704872-1487508633
    • Opcode ID: 87b0d628b4688e6f76d782bde04373bd312d08213fee4d950f7d2c18f24380fe
    • Instruction ID: 6c71e33ca789b965eaadb50d0a2559e42bbc1075bcb5c6b5a7b7d81faa21c249
    • Opcode Fuzzy Hash: 87b0d628b4688e6f76d782bde04373bd312d08213fee4d950f7d2c18f24380fe
    • Instruction Fuzzy Hash: 56410372318A8896DA10DF26E8807AEB321F7D1BD0F844112EF49577AACF7DC905CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0092A044 Relevance: 13.6, APIs: 9, Instructions: 104COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$memmovewcscmp
    • String ID:
    • API String ID: 3584677832-0
    • Opcode ID: ab276058bb4441bc86dcb375f2978514e034c25bf91dc1dd969732213978b099
    • Instruction ID: 6b29580a5eb2626b2b3cfeb387dfd45df8d30b91794ec11cc79c9a7163899a56
    • Opcode Fuzzy Hash: ab276058bb4441bc86dcb375f2978514e034c25bf91dc1dd969732213978b099
    • Instruction Fuzzy Hash: 32413023318A5482DB10DF69F49032EA720F7D5BE4F541122EB9D87B69DF7DC5458B01
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00908724 Relevance: 13.6, APIs: 8, Strings: 1, Instructions: 100COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 008F38A4: memmove.MSVCRT ref: 008F38DC
      • Part of subcall function 008F3C44: memmove.MSVCRT ref: 008F3C83
    • free.MSVCRT ref: 0090875E
    • free.MSVCRT ref: 009087A3
    • free.MSVCRT ref: 009087D0
    • free.MSVCRT ref: 00908806
    • free.MSVCRT ref: 00908870
      • Part of subcall function 008F9D90: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,7-Zip,?,?,?,?,00000003), ref: 008F9DA2
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$memmove$CloseHandle
    • String ID: :Zone.Identifier
    • API String ID: 1247544577-2436405130
    • Opcode ID: 18c0045b617c5eb670daca585d486ddee6cf4fea91e7685aa125b36954726ffe
    • Instruction ID: f7361f1fe924fc5a9a17d29faaffd24264a2d27870a66ba01d7f1d2ef95bae37
    • Opcode Fuzzy Hash: 18c0045b617c5eb670daca585d486ddee6cf4fea91e7685aa125b36954726ffe
    • Instruction Fuzzy Hash: ED413022204A4485EB10EF34E45036FA764FBD1BD8F949212FBDE876A9DF28C545CB41
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009417EC Relevance: 13.6, APIs: 5, Strings: 4, Instructions: 84COMMON
    Download Yara Rule
    APIs
    • EnterCriticalSection.KERNEL32 ref: 0094182D
      • Part of subcall function 009412A4: free.MSVCRT ref: 009412D6
    • LeaveCriticalSection.KERNEL32 ref: 00941860
    • LeaveCriticalSection.KERNEL32 ref: 00941893
      • Part of subcall function 008FCC64: RegCloseKey.KERNELBASE ref: 008FCC77
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: CriticalSection$Leave$CloseEnterfree
    • String ID: Options$TempRemovableOnly$WorkDirPath$WorkDirType
    • API String ID: 3436460439-1412470603
    • Opcode ID: f2093e485f06a31761b5b7f3c66851c77de436d4960d64bf441921210d49fca7
    • Instruction ID: ec3b476520cf43766d2ed94291a94cfb1cbbda65a97a8d98b4bc023caaaab982
    • Opcode Fuzzy Hash: f2093e485f06a31761b5b7f3c66851c77de436d4960d64bf441921210d49fca7
    • Instruction Fuzzy Hash: FA318432204A45D2EB10DF39E850BAE7760F791B98F905112EB4D872B5DF7DC68ACB41
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00931FC8 Relevance: 12.6, APIs: 10, Instructions: 65COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: ddd181f4e151be154aa9acd4a3c66bdf8b85f69e24f0c2405801cef4c0ebcb05
    • Instruction ID: f42787bab3f0788674c95ec2ee582dac36e6b272f312c745d07fe1057f256fd8
    • Opcode Fuzzy Hash: ddd181f4e151be154aa9acd4a3c66bdf8b85f69e24f0c2405801cef4c0ebcb05
    • Instruction Fuzzy Hash: 32111F2224954882EA14EB3AF45153F5324FFE7F85F046822AB1ED3725CE3DC5968705
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00931D6B Relevance: 12.6, APIs: 10, Instructions: 55COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: 56179f85c844f583dcb81a3ee6dc04c58dc9c9982ee4170b11accd65df3d115d
    • Instruction ID: 280368025cbcf33cca4eb8dfac01bd707b6f44ed4e84190a89a83cb052f62258
    • Opcode Fuzzy Hash: 56179f85c844f583dcb81a3ee6dc04c58dc9c9982ee4170b11accd65df3d115d
    • Instruction Fuzzy Hash: 97011E1228954843F905FF39F45157F5224FFE3B98F0028226B1AD3665CE3DC6968606
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00905D0C Relevance: 12.5, APIs: 10, Instructions: 44COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$memmove
    • String ID:
    • API String ID: 1534225298-0
    • Opcode ID: 3b7ace23c4f5c2c60c5d8008aa66cbce400479303956d9080f415b2395f675cc
    • Instruction ID: d434a00f676bccf30f83f25bfb3864524f2143e49a51de4a5aec07254ef1134d
    • Opcode Fuzzy Hash: 3b7ace23c4f5c2c60c5d8008aa66cbce400479303956d9080f415b2395f675cc
    • Instruction Fuzzy Hash: E101692331584C93EA04EF3AEA9107E2330FBA5B98B0451229B1ECBA61DF26D875C341
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00951594 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 222COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$wcscmp
    • String ID: 7-Zip 23.01 (x64)
    • API String ID: 4021281200-350364945
    • Opcode ID: 61dee450ef2cc8739944d9ab710c094fb7d39c363b48a80a39af935dc62903c2
    • Instruction ID: f157132c47ad6f23df1d0b994109801c7551302ebd93c307263425e28ade11ac
    • Opcode Fuzzy Hash: 61dee450ef2cc8739944d9ab710c094fb7d39c363b48a80a39af935dc62903c2
    • Instruction Fuzzy Hash: 919180722196C496CB30EF29E4903AEB3A4F7C5754F405512EB8E87A69DF38CA49CB41
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00922ED0 Relevance: 12.1, APIs: 5, Strings: 3, Instructions: 119COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$memmove
    • String ID: crc$flags$memuse
    • API String ID: 1534225298-339511674
    • Opcode ID: 6a065d02c4ca6801c8b0aba3a4ec1a2db4775189ba8819fd5db7cf23eaa60bb4
    • Instruction ID: 0c2a79b634f81e7825c9f12df90c8b98e8278c2ae42a2ac483ae2d95d4bd3ef3
    • Opcode Fuzzy Hash: 6a065d02c4ca6801c8b0aba3a4ec1a2db4775189ba8819fd5db7cf23eaa60bb4
    • Instruction Fuzzy Hash: D141612224455991DE20EB38F4403BE6731F7D47D8F848222A79E87669DE6DCA8AD701
    Uniqueness

    Uniqueness Score: -1.00%

    Function 008F6054 Relevance: 11.4, APIs: 9, Instructions: 112COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$memmove
    • String ID:
    • API String ID: 1534225298-0
    • Opcode ID: df416160e82a3a23da1794474047057bb009651b8b0b80a6a32d60b308887806
    • Instruction ID: 04ca6d6a1e1ab4be511872a4612c9984c193b6d495488991d9535132d7dec2e4
    • Opcode Fuzzy Hash: df416160e82a3a23da1794474047057bb009651b8b0b80a6a32d60b308887806
    • Instruction Fuzzy Hash: AC41A622718AC886DA10DF36E85017E7720F792FE4F185321EF9A9BB5ADF29C465C701
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0095A9CC Relevance: 11.3, APIs: 9, Instructions: 44COMMON
    Download Yara Rule
    APIs
    • free.MSVCRT(?,?,?,?,0095AFF5), ref: 0095A9FE
    • free.MSVCRT(?,?,?,?,0095AFF5), ref: 0095AA07
    • free.MSVCRT(?,?,?,?,0095AFF5), ref: 0095AA10
    • free.MSVCRT(?,?,?,?,0095AFF5), ref: 0095AA19
    • free.MSVCRT(?,?,?,?,0095AFF5), ref: 0095AA22
    • free.MSVCRT(?,?,?,?,0095AFF5), ref: 0095AA2B
    • free.MSVCRT(?,?,?,?,0095AFF5), ref: 0095AA34
    • free.MSVCRT(?,?,?,?,0095AFF5), ref: 0095AA3D
    • free.MSVCRT(?,?,?,?,0095AFF5), ref: 0095AA45
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: 242c9c056e9176fab1a0b0ca9fdb30cd2cc7ab7ff53bfc81cdbc1b46aff07164
    • Instruction ID: bf48b96b010274f144663d6d29e686397f8d97ba5d11c750e702975f904dfa8b
    • Opcode Fuzzy Hash: 242c9c056e9176fab1a0b0ca9fdb30cd2cc7ab7ff53bfc81cdbc1b46aff07164
    • Instruction Fuzzy Hash: B5011E2271598C8AEA10EE3AEC9107A1334FBB6B9DB185132BF0DCF615DE65C8618341
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00904EF0 Relevance: 11.3, APIs: 9, Instructions: 44COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: 5869bb4eb82b254ccaae0b7b030ebef8be3869493b4fd528e087d978f2bcc010
    • Instruction ID: e95af753f6a63216b20658282e0fcec2ad69f9c138017985b129693d5c1b0188
    • Opcode Fuzzy Hash: 5869bb4eb82b254ccaae0b7b030ebef8be3869493b4fd528e087d978f2bcc010
    • Instruction Fuzzy Hash: 7F011E636159888AEB10AE3AEC9117E2334FBB5B9CF185132BF0DCF655DE69C8618341
    Uniqueness

    Uniqueness Score: -1.00%

    Function 008FAB08 Relevance: 10.7, APIs: 6, Strings: 1, Instructions: 228COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$memmove
    • String ID: ??\
    • API String ID: 1534225298-3933555804
    • Opcode ID: 842aebdf0c24c9ae7af01d4aaec246bfdc299cf9027b8322a7ece8aed289e38b
    • Instruction ID: bb945a40c62f1edb4b9bb679244aacf07f9a10609f75c4814a88e560ad3ea4dd
    • Opcode Fuzzy Hash: 842aebdf0c24c9ae7af01d4aaec246bfdc299cf9027b8322a7ece8aed289e38b
    • Instruction Fuzzy Hash: 2F718DB3315A8886CB28EF31D45017D7720FB557A8B449026EB9EC7724EB3DC9A2D302
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00906438 Relevance: 10.7, APIs: 4, Strings: 3, Instructions: 199COMMON
    Download Yara Rule
    APIs
    • free.MSVCRT ref: 00906686
      • Part of subcall function 00906008: free.MSVCRT ref: 009060B9
      • Part of subcall function 00906008: _CxxThrowException.MSVCRT ref: 009060DC
      • Part of subcall function 00906008: _CxxThrowException.MSVCRT ref: 00906102
      • Part of subcall function 00906008: _CxxThrowException.MSVCRT ref: 00906136
    • free.MSVCRT ref: 009066CF
    • _CxxThrowException.MSVCRT ref: 00906711
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: ExceptionThrow$free
    • String ID: Incorrect wildcard type marker$Too short switch$inorrect switch
    • API String ID: 3129652135-3392774464
    • Opcode ID: 707a31e15b7060657841bed56df4fcc6b88c1f0741fb1e1fa90930ba937e523b
    • Instruction ID: aec957d74ea219e2f24562b06ce8932738620b59142338df1110cef84dabe1d5
    • Opcode Fuzzy Hash: 707a31e15b7060657841bed56df4fcc6b88c1f0741fb1e1fa90930ba937e523b
    • Instruction Fuzzy Hash: E271A4222086C4DDDB20DF25E4407AEBB75F391798F505126FA8A47BA9DB7EC8A5C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 008FAE30 Relevance: 10.6, APIs: 7, Instructions: 89COMMON
    Download Yara Rule
    APIs
    • free.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,FFFFFFFF,?), ref: 008FAE55
    • GetFileInformationByHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,FFFFFFFF,?), ref: 008FAEAC
    • DeviceIoControl.KERNEL32 ref: 008FAEF5
    • free.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,FFFFFFFF,?), ref: 008FAF02
    • free.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,FFFFFFFF,?), ref: 008FAF1F
    • memmove.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,FFFFFFFF,?), ref: 008FAF4D
    • free.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,FFFFFFFF,?), ref: 008FAF56
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$ControlDeviceFileHandleInformationmemmove
    • String ID:
    • API String ID: 2572579059-0
    • Opcode ID: 3de2dcb83a4d036d6c04a5662d2f84ac1c5c2d5cdaa99279ec6513e1d1d462b6
    • Instruction ID: 5fae965060cf79abced95fb558ac7e6aef9ba47a95b5c46f9f45b47c4556167b
    • Opcode Fuzzy Hash: 3de2dcb83a4d036d6c04a5662d2f84ac1c5c2d5cdaa99279ec6513e1d1d462b6
    • Instruction Fuzzy Hash: 5231A472205A448AD6309F25F85037AB364F392BE0F584221EBED8BB95DE3EC4908701
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00922D74 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 69COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID: crc32$crc64$md5$sha1$sha256
    • API String ID: 1294909896-3826973078
    • Opcode ID: f91a78d3f9aa9a1522716219515dcdb24505cb75ed34b4c22b0eb8239d3a9693
    • Instruction ID: fa42fb620727c88aa5383210f64c1b98af7fc35678a80c982b635680a04f755b
    • Opcode Fuzzy Hash: f91a78d3f9aa9a1522716219515dcdb24505cb75ed34b4c22b0eb8239d3a9693
    • Instruction Fuzzy Hash: 4221C532705A54A9DA30EB25F9403BD6325E39A7E4F548221DF5D977ADDE3CC585C300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00903B74 Relevance: 10.2, APIs: 8, Instructions: 177COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: 1ff85bd3225236d126b35c03d9cc3978145fcf25c6b0a0fdeb3c249881b10c04
    • Instruction ID: 5fae17d2d48fe72336e53ffb056abcf47442111c28eee858e32ec34e15fdac12
    • Opcode Fuzzy Hash: 1ff85bd3225236d126b35c03d9cc3978145fcf25c6b0a0fdeb3c249881b10c04
    • Instruction Fuzzy Hash: BD713C32205B448BDB14DF29D09032D77B4FB89B94F108626DB9E87BA4DF39C5658B01
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00908308 Relevance: 10.1, APIs: 8, Instructions: 132COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$memmove
    • String ID:
    • API String ID: 1534225298-0
    • Opcode ID: 2299e6488c381ade1c984f81c7bc31a4c40fa07e8dc66d2d9ac401b469a29286
    • Instruction ID: 460def4b7a29e5cd56ba07e15bb52e3bb77b90cda8a7e5987ecf3607f7c9ce89
    • Opcode Fuzzy Hash: 2299e6488c381ade1c984f81c7bc31a4c40fa07e8dc66d2d9ac401b469a29286
    • Instruction Fuzzy Hash: 4F41D4232496C499D620DF3DE45026FBB20F7E2794F445122E7C9876A5DF6DC54AC701
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0091AA8C Relevance: 10.1, APIs: 8, Instructions: 90COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: freememmove$malloc
    • String ID:
    • API String ID: 531908557-0
    • Opcode ID: bf4a606af4809693945ec4c5e8206f666f5d59593c67272c72d7009a80179d5d
    • Instruction ID: faa54cd6fcd2538d67a443671598ebe9595eb31aea739fbda212b0fea3f83b3d
    • Opcode Fuzzy Hash: bf4a606af4809693945ec4c5e8206f666f5d59593c67272c72d7009a80179d5d
    • Instruction Fuzzy Hash: 3B318CB27022988B8B60DF3AD08202D73A9F794FD83189426EF19DB708DB34DC81CB41
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0095ABF0 Relevance: 10.1, APIs: 8, Instructions: 71COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: 3cba10c5fccd85a3304fa9d3d2d2ac71a8d60ef7c25b588cdc9e80881cf323cb
    • Instruction ID: fa55f25a39317bf513bdd3e800e05b8c36af87cd3ade8bd5ff3bc0ca5b52736d
    • Opcode Fuzzy Hash: 3cba10c5fccd85a3304fa9d3d2d2ac71a8d60ef7c25b588cdc9e80881cf323cb
    • Instruction Fuzzy Hash: 0811D52370684886DB11EE3BE85117A5335EBA6FE9B1C5232DF1D8B354DE29C8518341
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00931B30 Relevance: 10.0, APIs: 8, Instructions: 49COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: 24d584acccf377b10f977ea95dc8a3a16909e58eb7a057aa20add5fe4354bd2b
    • Instruction ID: e92fbb0b8a2431519d235b8295f122f7fe4b49331b13a2310ca95147a026b3a2
    • Opcode Fuzzy Hash: 24d584acccf377b10f977ea95dc8a3a16909e58eb7a057aa20add5fe4354bd2b
    • Instruction Fuzzy Hash: 03F01D1228954843E915FE3AF45163F5220FBE3F99F0028226E0AD3325CE3DC6968606
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00920E24 Relevance: 9.2, APIs: 6, Instructions: 235COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$memmovewcscmp
    • String ID:
    • API String ID: 3584677832-0
    • Opcode ID: 08a61f3ff0445f779520c513b18f158a8c57b9f2daa74312d937948b51d78b94
    • Instruction ID: 11fc9973afd9b8f70773024c1918e92bb53e9a55de38bbe854a4e911afe1e39f
    • Opcode Fuzzy Hash: 08a61f3ff0445f779520c513b18f158a8c57b9f2daa74312d937948b51d78b94
    • Instruction Fuzzy Hash: BE8114336416A9C6CF30EF25E6912BD7370F390B98B848126EB294736ADB74C8E5C701
    Uniqueness

    Uniqueness Score: -1.00%

    Function 008F1384 Relevance: 9.2, APIs: 1, Strings: 5, Instructions: 175COMMON
    Download Yara Rule
    APIs
    • free.MSVCRT(?,?,?,?,?,00000000,008F17A3,?,?,?,?,?,?,?,?,?), ref: 008F158B
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID: Incorrect switch postfix:$Multiple instances for switch:$Too long switch:$Too short switch:$Unknown switch:
    • API String ID: 1294909896-2104980125
    • Opcode ID: 173d6429f0317f80d4a1aab16d43d23968a9d1b48859d4a24e41f13610939d32
    • Instruction ID: 36c1cbcd20b4115221919c4cf599923ac28337fd4e8111dc2cb26e9e8db51988
    • Opcode Fuzzy Hash: 173d6429f0317f80d4a1aab16d43d23968a9d1b48859d4a24e41f13610939d32
    • Instruction Fuzzy Hash: F961CF726146C8E6CF20EF38D4896BD7761F396798F809212E78ACB746DB39C585C701
    Uniqueness

    Uniqueness Score: -1.00%

    Function 008F70B8 Relevance: 9.1, APIs: 6, Instructions: 148COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$FileName$OpenSavememset
    • String ID:
    • API String ID: 585641699-0
    • Opcode ID: 2cc4214e954911904ad053be42a5e96a5c140bd99d321ae71239e169d1120651
    • Instruction ID: c925ad74c3f92b497f0ad918bd273e332567a483f5c84e7972f997176aba81dd
    • Opcode Fuzzy Hash: 2cc4214e954911904ad053be42a5e96a5c140bd99d321ae71239e169d1120651
    • Instruction Fuzzy Hash: D051E073608A8886DB31DF25E8406BFB764F799BC4F458122EB9A87714DB38C985CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00921A2C Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 104COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID: -bit$DIRS$PGP$TAG$ZERO
    • API String ID: 1294909896-2593822073
    • Opcode ID: 6d980f27f9a5b0eab1ac57ed57aeb21f2d9658fe1e4a1fabaaba6ba5c4899f88
    • Instruction ID: 2746b8f405fcc9db9b0b07b0e310232381442a96bc9f20f35edb65b14666ba9d
    • Opcode Fuzzy Hash: 6d980f27f9a5b0eab1ac57ed57aeb21f2d9658fe1e4a1fabaaba6ba5c4899f88
    • Instruction Fuzzy Hash: 2441426321859991DF30EB38F59126E6331F7A4784F845263F78D8296DEF28C74AC741
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00923FD0 Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 102COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 008F3B94: free.MSVCRT ref: 008F3BCC
      • Part of subcall function 0092A044: wcscmp.MSVCRT ref: 0092A106
      • Part of subcall function 0092A044: free.MSVCRT ref: 0092A132
      • Part of subcall function 0092A044: free.MSVCRT ref: 0092A13C
      • Part of subcall function 0092A044: free.MSVCRT ref: 0092A179
      • Part of subcall function 0092A044: free.MSVCRT ref: 0092A181
      • Part of subcall function 0092A044: free.MSVCRT ref: 0092A18F
      • Part of subcall function 0092A044: free.MSVCRT ref: 0092A1BD
      • Part of subcall function 0092A044: free.MSVCRT ref: 0092A1C5
      • Part of subcall function 0092A044: free.MSVCRT ref: 0092A1D3
    • free.MSVCRT ref: 009240B1
    • free.MSVCRT ref: 009240BF
      • Part of subcall function 008FF7BC: _CxxThrowException.MSVCRT ref: 008FF7EC
      • Part of subcall function 008FF7BC: memmove.MSVCRT ref: 008FF825
      • Part of subcall function 008FF7BC: free.MSVCRT ref: 008FF82D
      • Part of subcall function 008F4698: malloc.MSVCRT(?,?,?,?,008F34FD), ref: 008F46A8
    • free.MSVCRT(?), ref: 00924121
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$ExceptionThrowmallocmemmovewcscmp
    • String ID: A0$Hash$sha256 sha512 sha224 sha384 sha1 sha md5 crc32 crc64 asc cksum
    • API String ID: 2334504132-3656212537
    • Opcode ID: 6d135d3368a9f8377a6645becf5f32e7d5c622a96b44033880a4acf23b324f00
    • Instruction ID: 3e4334c716b438fb48e06bd8934e756ee18dd748c9a1d9a58c078103941112b5
    • Opcode Fuzzy Hash: 6d135d3368a9f8377a6645becf5f32e7d5c622a96b44033880a4acf23b324f00
    • Instruction Fuzzy Hash: F0413532209B8486C620EF29F55039EF7E8FBE5794F404226E79983BA9DB7CC554CB01
    Uniqueness

    Uniqueness Score: -1.00%

    Function 008FE9F0 Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 79stringCOMMON
    Download Yara Rule
    APIs
      • Part of subcall function 008FE508: GetModuleHandleW.KERNEL32 ref: 008FE544
      • Part of subcall function 008FE508: GetProcAddress.KERNEL32 ref: 008FE55D
      • Part of subcall function 008FE508: free.MSVCRT ref: 008FE67F
      • Part of subcall function 008FE508: free.MSVCRT ref: 008FE68A
      • Part of subcall function 008FDED8: GetSystemInfo.KERNEL32 ref: 008FDEF8
    • strcmp.MSVCRT ref: 008FEA72
    • free.MSVCRT ref: 008FEAD1
    • free.MSVCRT ref: 008FEADC
    • free.MSVCRT ref: 008FEAE7
    • free.MSVCRT ref: 008FEB23
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$AddressHandleInfoModuleProcSystemstrcmp
    • String ID: -
    • API String ID: 3961349729-3695764949
    • Opcode ID: 06dbb2bf8d54c16b413d10a08933634bafe3cb3c08767d3a9b971c30647c0ff5
    • Instruction ID: a5b63fd29e0b81c4239d803f382a2f6ed6fa112a79edd4da41e5f68f61039531
    • Opcode Fuzzy Hash: 06dbb2bf8d54c16b413d10a08933634bafe3cb3c08767d3a9b971c30647c0ff5
    • Instruction Fuzzy Hash: 7231142221894991DA20EF38E45127FB731F7D1794F542122B78BC6A79DF78CA85CB01
    Uniqueness

    Uniqueness Score: -1.00%

    Function 008F78B4 Relevance: 9.1, APIs: 6, Instructions: 74fileCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$FileMove
    • String ID:
    • API String ID: 288606353-0
    • Opcode ID: 6f5bbbee521d398787dcb7cf46a34de7e1415db019d94da0839a2780fabf9bf6
    • Instruction ID: bcfdcabe8710c75352735a7bba6061ed31cfa8034793959f6d437ec7962c407e
    • Opcode Fuzzy Hash: 6f5bbbee521d398787dcb7cf46a34de7e1415db019d94da0839a2780fabf9bf6
    • Instruction Fuzzy Hash: 6711D51235D58C41EA60AE39E45067E5B20FBD2BD0F582226FFAAC7365DE6DC886C600
    Uniqueness

    Uniqueness Score: -1.00%

    Function 008F8C8C Relevance: 9.1, APIs: 6, Instructions: 74COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 008F8A68: FindClose.KERNEL32 ref: 008F8A7A
    • SetLastError.KERNEL32 ref: 008F8CC6
    • SetLastError.KERNEL32 ref: 008F8CD5
    • FindFirstStreamW.KERNELBASE ref: 008F8CF7
    • GetLastError.KERNEL32 ref: 008F8D06
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: ErrorLast$Find$CloseFirstStream
    • String ID:
    • API String ID: 4071060300-0
    • Opcode ID: 0b5d5460382073431874f448234507ef553e3de097aca755a9c7139cbe6c6adf
    • Instruction ID: 9ae50a2028d93e2893df1f892f28bb01b6be30f789e771dc4372ac7f2932a70e
    • Opcode Fuzzy Hash: 0b5d5460382073431874f448234507ef553e3de097aca755a9c7139cbe6c6adf
    • Instruction Fuzzy Hash: F121B022604A88D2DB20AB35E4103792360FF9A7B4F244321EBBA877E5DF3DC949C701
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00935A54 Relevance: 8.9, APIs: 7, Instructions: 138COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$malloc
    • String ID:
    • API String ID: 2190258309-0
    • Opcode ID: d35a64dae523b0321a284612f6f3bada390ae915afe8e33f348f2af1e140b162
    • Instruction ID: 91ea48d903ceb5b9354e8ccf16b18148dd5c8817d2b24c0bb26fcc51252cc77a
    • Opcode Fuzzy Hash: d35a64dae523b0321a284612f6f3bada390ae915afe8e33f348f2af1e140b162
    • Instruction Fuzzy Hash: 01419222205F8896DB20EF39E45026E6774FB8ABD8F451522EF8E87768DF38C955C740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0092B404 Relevance: 8.9, APIs: 7, Instructions: 107COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: 48afdebec621e613779825a31a3524e6c294409a482448699ce511c74e56e0fd
    • Instruction ID: ea96530e91c72211ba9e18fafd68880b8f2b03e14229691ad35376f1671b0d08
    • Opcode Fuzzy Hash: 48afdebec621e613779825a31a3524e6c294409a482448699ce511c74e56e0fd
    • Instruction Fuzzy Hash: DB41552221858492DB20EB38F4516AFA360FBD5794F505222F79DC76B9DF2DC606CB01
    Uniqueness

    Uniqueness Score: -1.00%

    Function 008F11B8 Relevance: 8.8, APIs: 7, Instructions: 89COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$memmove
    • String ID:
    • API String ID: 1534225298-0
    • Opcode ID: 809ad8cec66477705e303612ba6ada7c31e28aa46cc56dd55c96d7e6b58cdce4
    • Instruction ID: f987c8c3c16327ef4e9a7a49980612248fcc86e51fd11b9c01a24a6f95dbd292
    • Opcode Fuzzy Hash: 809ad8cec66477705e303612ba6ada7c31e28aa46cc56dd55c96d7e6b58cdce4
    • Instruction Fuzzy Hash: 1231C22221598891DE20EF38E45117EA720FBD6BD8F445222BB5EC77B9DF38CA45C701
    Uniqueness

    Uniqueness Score: -1.00%

    Function 008FD788 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 68libraryloaderCOMMON
    Download Yara Rule
    APIs
    • SHGetPathFromIDListW.SHELL32 ref: 008FD7C2
    • GetModuleHandleW.KERNEL32 ref: 008FD7DA
    • GetProcAddress.KERNEL32 ref: 008FD7EA
      • Part of subcall function 008F34C4: _CxxThrowException.MSVCRT ref: 008F34ED
      • Part of subcall function 008F34C4: free.MSVCRT ref: 008F3508
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: AddressExceptionFromHandleListModulePathProcThrowfree
    • String ID: SHGetPathFromIDListEx$shell32.dll
    • API String ID: 2603054668-628232997
    • Opcode ID: bc758e97d16a92219d239edd4f8be36a35d3260758a395db923275bf149db3ff
    • Instruction ID: 9b9f5e383c8b12d97c3585a84f83cb6787ddb8a58262c11376ec87853df8404c
    • Opcode Fuzzy Hash: bc758e97d16a92219d239edd4f8be36a35d3260758a395db923275bf149db3ff
    • Instruction Fuzzy Hash: 96119052B0164885EB259F3AE850339A362FB99FC9F18D022DF0A87364DA79C881C350
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0091ECBC Relevance: 8.8, APIs: 7, Instructions: 61COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: 6323ff4b5145d78894e022327b471be20e5be06a775f7f49609e8fddaadf8f39
    • Instruction ID: 0f60340ae774d4b739e89183457f2791584f02f0625fb8c8dfd014b6c713f147
    • Opcode Fuzzy Hash: 6323ff4b5145d78894e022327b471be20e5be06a775f7f49609e8fddaadf8f39
    • Instruction Fuzzy Hash: 67119426754A4C87AA20BE36F55117E6324FBA2BB4B0C5232DF29977D4DF64D9B18300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00923504 Relevance: 8.8, APIs: 7, Instructions: 53COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: 7dd023df5c7ce94f4261cea98ea0db6d74f5b44dc716d65fb8114468875745d8
    • Instruction ID: 1984356cbe2a462c8d62143533975394d342b3df35252b4cbf39e4b5edafa90b
    • Opcode Fuzzy Hash: 7dd023df5c7ce94f4261cea98ea0db6d74f5b44dc716d65fb8114468875745d8
    • Instruction Fuzzy Hash: 0A01E5237059988ADB21EE3AE81003A5335FBA5FE8B195222EF1D8F348DE29CC51C340
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0091E840 Relevance: 8.8, APIs: 7, Instructions: 45COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: 0841ce606f7fd433cb349b47c40581be50c7a15f13ef2ee67d44202d4a0ce3f6
    • Instruction ID: 8dacba8af322161acaba16c28133e285d35b5a9d65f5ce7f32ebfece91fc471e
    • Opcode Fuzzy Hash: 0841ce606f7fd433cb349b47c40581be50c7a15f13ef2ee67d44202d4a0ce3f6
    • Instruction Fuzzy Hash: A9110922305A4882DF14EF39D4A127E6330FBD1F98B0456229F2E8B664CF29C8998341
    Uniqueness

    Uniqueness Score: -1.00%

    Function 008FEF60 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: InfoMonitor$FromParametersSystemWindowmemset
    • String ID: (
    • API String ID: 2706034216-3887548279
    • Opcode ID: 746fd5b3dc2272b807fda03b23a0dacbd2b816275ff423f18b6205622f80aa1e
    • Instruction ID: 802bb859e5100238c8a2adcdfd8124113d3d795339a833b9e660964fe0290055
    • Opcode Fuzzy Hash: 746fd5b3dc2272b807fda03b23a0dacbd2b816275ff423f18b6205622f80aa1e
    • Instruction Fuzzy Hash: 2B01F972B0128483EB24CF65E9457696362F7C8B88F548130DF4986B94DF3CDAA9C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00959BF8 Relevance: 8.8, APIs: 7, Instructions: 40COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: d9d733835976225e6f68d6ffa79dcad41f717b83a5c647373e4d7a18e164445a
    • Instruction ID: a1eed86e0bfc62296a9358daee356692fdba4e5e032d541af5bc6b4712203fcb
    • Opcode Fuzzy Hash: d9d733835976225e6f68d6ffa79dcad41f717b83a5c647373e4d7a18e164445a
    • Instruction Fuzzy Hash: 1DF06D1274598C82EA10BF3AE9551BE2324EBA5FE9F0811329F0DCF255DE69C8928351
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00904C4C Relevance: 8.8, APIs: 7, Instructions: 21COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: 94b48b803727924d91a5c423d7243b2ef670a54623dbc08da251ac40d8fb35c9
    • Instruction ID: 11fafaedbf6a00fafe5c0b6e1cfe8867f0f4c10c99044fcebdd7a94779ca51b3
    • Opcode Fuzzy Hash: 94b48b803727924d91a5c423d7243b2ef670a54623dbc08da251ac40d8fb35c9
    • Instruction Fuzzy Hash: 54E0C81261840C82EB14AF7AE89113A1334F7B5F4CB1420139B1DCF225CD5AC8618381
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00935F64 Relevance: 7.7, APIs: 6, Instructions: 209COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: c9fc333d2ea711ac57642f5d049515c98966b0370e7f701abeae3984c527903f
    • Instruction ID: 2d9fbbdb80f5b1900f7991e9b679b1bfd40e47ac415e384320d03f44b2136a6a
    • Opcode Fuzzy Hash: c9fc333d2ea711ac57642f5d049515c98966b0370e7f701abeae3984c527903f
    • Instruction Fuzzy Hash: 3D71E473329A8496CB10DF29E48056FB7B5F785B94F509512EF9A87B68CF78C990CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0092132C Relevance: 7.7, APIs: 4, Strings: 1, Instructions: 202stringCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: strcmp
    • String ID: =
    • API String ID: 1004003707-2525689732
    • Opcode ID: 81bbb207f67e1e3ab3723f20da23bc16dee4fa3c7c842cd0a496d09b3013f20b
    • Instruction ID: 908bec2f1577767fe348f8632c4e0639ffacd691f1569675e7cdfd1c240ecd5e
    • Opcode Fuzzy Hash: 81bbb207f67e1e3ab3723f20da23bc16dee4fa3c7c842cd0a496d09b3013f20b
    • Instruction Fuzzy Hash: 4661C62221958585DB21EF2AF49052FBB61F7E5BD4F486122FB8F87729DA3CC442CB41
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0090BA74 Relevance: 7.7, APIs: 6, Instructions: 189COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: 20ae0a1bc22976bd7312c4d8a15bd3ccda05cad4dde39d6b0f334ac80ad57d78
    • Instruction ID: 41509b6cc40deedff8e66038a7b322d8261ff5a99bd08bbb8f4dfe6de71cd810
    • Opcode Fuzzy Hash: 20ae0a1bc22976bd7312c4d8a15bd3ccda05cad4dde39d6b0f334ac80ad57d78
    • Instruction Fuzzy Hash: 11811573305AD48ACB10AF3AE4903AD77A6F395F98F184522DE594BB69CF39C885C311
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0092EF2C Relevance: 7.7, APIs: 4, Strings: 1, Instructions: 172COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID:
    • String ID: Q
    • API String ID: 0-3463352047
    • Opcode ID: 4e1eb16b43c6eeed20ee3a8c12787bbde8141639bf8c87ce5c0bdf5dd96839d4
    • Instruction ID: 079cf9692b4724095957714f6c46f276b2e767f68bc1f299ebc9a6b51b32bb1f
    • Opcode Fuzzy Hash: 4e1eb16b43c6eeed20ee3a8c12787bbde8141639bf8c87ce5c0bdf5dd96839d4
    • Instruction Fuzzy Hash: 0561A072318A94C2CB20DF29E49016EB775F788BA4F545232EB9A97769DF3CC855CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0095FE70 Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 166COMMON
    Download Yara Rule
    APIs
    • free.MSVCRT ref: 0095FF3B
    • free.MSVCRT ref: 00960084
      • Part of subcall function 0095FC48: free.MSVCRT(?,?,?,?,?,?,?,?,009600FB), ref: 0095FC92
    • free.MSVCRT ref: 0095FF9A
      • Part of subcall function 0095FBD0: free.MSVCRT(?,?,?,?,?,00000000,?,00960116), ref: 0095FC17
      • Part of subcall function 0095FB18: free.MSVCRT(?,?,?,?,?,?,?,?,?,0095FC11,?,?,?,?,?,00000000), ref: 0095FB75
      • Part of subcall function 0095FB18: free.MSVCRT(?,?,?,?,?,?,?,?,?,0095FC11,?,?,?,?,?,00000000), ref: 0095FB7F
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID: mem$memuse
    • API String ID: 1294909896-3867104646
    • Opcode ID: 020d34589c16c308e328e0530b056501ea77ba7f5fe78039441f307ab1abdb13
    • Instruction ID: 4107ac051cab17f67777852e2a231ecaa7e13ac26c9276c8516e2993131cd824
    • Opcode Fuzzy Hash: 020d34589c16c308e328e0530b056501ea77ba7f5fe78039441f307ab1abdb13
    • Instruction Fuzzy Hash: AC61F86320468590DB20EF36E49036E7775F786BE9F881222EE4D47A6ADF35C989C701
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009344A0 Relevance: 7.7, APIs: 6, Instructions: 160COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: 404b25deed10f1408be9ea4989b0ca5e6ef147b7ce484be6b980d6b25ba77631
    • Instruction ID: 19febc6e723dc842afdc337699046eaa6b7adae247c0a40f62c8675b06e42700
    • Opcode Fuzzy Hash: 404b25deed10f1408be9ea4989b0ca5e6ef147b7ce484be6b980d6b25ba77631
    • Instruction Fuzzy Hash: 1F518E66201A4491CF20EF35E4916AE2371F7C9F88F914123EB0E93728CF38CA99C781
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009349BC Relevance: 7.6, APIs: 6, Instructions: 133COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$memmove
    • String ID:
    • API String ID: 1534225298-0
    • Opcode ID: b8d7d1e240b54d6e21b3efd97d672b0d64077b1dd36636a971ddfcf1ad86dbff
    • Instruction ID: 083c9defc7ef1c046dcb923abf0ff23eeab707db166fe64891206b0d80ebc65b
    • Opcode Fuzzy Hash: b8d7d1e240b54d6e21b3efd97d672b0d64077b1dd36636a971ddfcf1ad86dbff
    • Instruction Fuzzy Hash: 3B41C22220D2C09ACA21DE39E48016FBFF5F3967A4F180626BBD657B69CA3DC051DF11
    Uniqueness

    Uniqueness Score: -1.00%

    Function 008FDCB0 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 132COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID: act:$ cpus:$ gran:$ page:
    • API String ID: 1294909896-454015223
    • Opcode ID: d96e68ad62965162f20c5f829d8376fa5d85c0e01f31b342b580b459ac7c8d2f
    • Instruction ID: 245add4d1c3b6d7c5beb388d23f52a78db11702bfc1d86eb865c07ad5d95e1d4
    • Opcode Fuzzy Hash: d96e68ad62965162f20c5f829d8376fa5d85c0e01f31b342b580b459ac7c8d2f
    • Instruction Fuzzy Hash: A2419F62341B0D92DE24FF39E9553792362F785BD0F48A231AF0A8BA59DF78C551C341
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00960F38 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 128COMMON
    Download Yara Rule
    APIs
    • free.MSVCRT ref: 00960FEB
    • free.MSVCRT ref: 009610C4
    • free.MSVCRT ref: 00961103
      • Part of subcall function 00960460: _CxxThrowException.MSVCRT ref: 009604AC
      • Part of subcall function 00960460: free.MSVCRT ref: 00960591
      • Part of subcall function 00960460: free.MSVCRT ref: 00960599
      • Part of subcall function 00960460: free.MSVCRT ref: 009605AB
    • free.MSVCRT ref: 00961131
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$ExceptionThrow
    • String ID: 7z.sfx
    • API String ID: 4001284683-1627149811
    • Opcode ID: 0d5fd49ca71a9734cb7e3255313c41435748770ce0d768f9c3f848f746039fc8
    • Instruction ID: 8236e27aec12dbc479015852795add12cf1152c5d800ec0148223220d2f0661f
    • Opcode Fuzzy Hash: 0d5fd49ca71a9734cb7e3255313c41435748770ce0d768f9c3f848f746039fc8
    • Instruction Fuzzy Hash: F6518C36219BC496DB21DB26F84079FB368F3C6788F444116EB8983A59DF39CA55CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00906250 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 117COMMON
    Download Yara Rule
    APIs
    • free.MSVCRT ref: 009062D9
    • _CxxThrowException.MSVCRT ref: 009063CD
      • Part of subcall function 00905F00: _CxxThrowException.MSVCRT ref: 00905FE0
    • _CxxThrowException.MSVCRT ref: 00906402
    Strings
    • There is no second file name for rename pair:, xrefs: 009063E5
    • Empty file path, xrefs: 009063B0
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: ExceptionThrow$free
    • String ID: Empty file path$There is no second file name for rename pair:
    • API String ID: 3129652135-1725603831
    • Opcode ID: c78dc81460144eb7d6cc979a9abf07c35c412e900ca47248b1108b5a9f79165f
    • Instruction ID: 3b8d3aff5fb406ca5048747b62495bee5fa1f7c53335000ceae8456c7b371bf0
    • Opcode Fuzzy Hash: c78dc81460144eb7d6cc979a9abf07c35c412e900ca47248b1108b5a9f79165f
    • Instruction Fuzzy Hash: 2C41F663205AC48DDB20DF1AD8407AA6720F786BB4F409712EEBA077E5DB7DC495CB41
    Uniqueness

    Uniqueness Score: -1.00%

    Function 008FD210 Relevance: 7.6, APIs: 5, Instructions: 97registryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$Enum
    • String ID:
    • API String ID: 490459249-0
    • Opcode ID: dd3454bee4e62bd1741e299906a5fd19432103fcaf95762de9a09527d3a25a3b
    • Instruction ID: 2d4ebfcf3d37f1a2e29b44d6570bd80b367bc6bee78a82351a60bb7dd438720c
    • Opcode Fuzzy Hash: dd3454bee4e62bd1741e299906a5fd19432103fcaf95762de9a09527d3a25a3b
    • Instruction Fuzzy Hash: 8E319F32614B8886D720DF35E48037AB360F795BA4F148126EF9E87794EF79C895C741
    Uniqueness

    Uniqueness Score: -1.00%

    Function 008F47B0 Relevance: 7.6, APIs: 5, Instructions: 94COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: ByteCharExceptionMultiThrowWide$ErrorLast
    • String ID:
    • API String ID: 2296236218-0
    • Opcode ID: 3cf0de70039a9415aef09a04df75ee7f990b311198c49c382a2b8753e6244852
    • Instruction ID: 0d4f9e2baad1ca96f88269ca46ae163464f14636b556788c2715bf79b2c7177a
    • Opcode Fuzzy Hash: 3cf0de70039a9415aef09a04df75ee7f990b311198c49c382a2b8753e6244852
    • Instruction Fuzzy Hash: D8319E73704AC98ADB20CF25E48476FBBA5F785B94F558122EB89A3724DB38C856C701
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0091A5D4 Relevance: 7.6, APIs: 5, Instructions: 91COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: ErrorFileLastSecurity$free
    • String ID:
    • API String ID: 3917221116-0
    • Opcode ID: d6a33a1665b8049345a7b23444b00be207c96534f2c49901b03151c1a4efb2bb
    • Instruction ID: ae38c111750ebf4d833e53019166b9bf77352cef2fdbadd8e2697cfbfc7745f7
    • Opcode Fuzzy Hash: d6a33a1665b8049345a7b23444b00be207c96534f2c49901b03151c1a4efb2bb
    • Instruction Fuzzy Hash: 42316C337027848ADB10CF25E4047AA73A9F785B98F194136DE4A8B764DF38CD86C752
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00909E9C Relevance: 7.6, APIs: 5, Instructions: 86COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$wcscmp
    • String ID:
    • API String ID: 4021281200-0
    • Opcode ID: 4631210c29167a3b9cb556e3991e127adc0cebc83a69852075a14cc3170b0e80
    • Instruction ID: 88de5de95776aaf20b1a9b678fc6c712f9416c63fb45863ebb2f8fb79b743886
    • Opcode Fuzzy Hash: 4631210c29167a3b9cb556e3991e127adc0cebc83a69852075a14cc3170b0e80
    • Instruction Fuzzy Hash: ED31B0722147468BD720DF16E58432AB768F794BA4F048226FF9AC76A6DB78C941CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0095AD38 Relevance: 7.6, APIs: 6, Instructions: 76COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: 4951dd728067efaabd50be141eab7c93c4277dab637cce3a68fb4f12a631a952
    • Instruction ID: ab1e864a3b9f90d6503a701ab21c65e68b9b010ac2d6ef20dcb1fbee8a5e65bd
    • Opcode Fuzzy Hash: 4951dd728067efaabd50be141eab7c93c4277dab637cce3a68fb4f12a631a952
    • Instruction Fuzzy Hash: 05216D67701A4486DB25EF3AD4503296330FB95FAAF294322DF2D5BB98CF39C8058311
    Uniqueness

    Uniqueness Score: -1.00%

    Function 008F7628 Relevance: 7.6, APIs: 5, Instructions: 74filetimeCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: File$Create$CloseHandleTimefree
    • String ID:
    • API String ID: 234454789-0
    • Opcode ID: fc542913b6e8bb235ecf6d2b03c57f8070bebaccf5e70bc945ab05d2ad4042b7
    • Instruction ID: 0bfe290450be9e7432fea22e3b80d72e5008bf4134f445fc94831f309ab27d80
    • Opcode Fuzzy Hash: fc542913b6e8bb235ecf6d2b03c57f8070bebaccf5e70bc945ab05d2ad4042b7
    • Instruction Fuzzy Hash: E521A43220468446E6209F3AFA54B6A7620F3967F4F544321EF7583BD8DB39C98ADB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 008F7CE0 Relevance: 7.6, APIs: 5, Instructions: 71COMMON
    Download Yara Rule
    APIs
    • GetCurrentDirectoryW.KERNEL32 ref: 008F7D16
    • GetCurrentDirectoryW.KERNEL32 ref: 008F7D70
    • free.MSVCRT ref: 008F7D82
      • Part of subcall function 008F3A1C: free.MSVCRT ref: 008F3A56
      • Part of subcall function 008F3A1C: memmove.MSVCRT ref: 008F3A71
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: CurrentDirectoryfree$memmove
    • String ID:
    • API String ID: 4010226229-0
    • Opcode ID: fac3dd16cb51725fddfa6260b83fd7d746bd2fdf79055a14e4441ef7241b1bec
    • Instruction ID: 6ce753c981af08c913d01e7e23cc2c712835646e91f0c3fe3659d616e27b8a4f
    • Opcode Fuzzy Hash: fac3dd16cb51725fddfa6260b83fd7d746bd2fdf79055a14e4441ef7241b1bec
    • Instruction Fuzzy Hash: 3321C72221C64882EB30AF34E48437E6371FB95798F605222E79AC77A9DF7DC545C701
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0090B4E0 Relevance: 7.6, APIs: 6, Instructions: 70COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: memcmp
    • String ID:
    • API String ID: 1475443563-0
    • Opcode ID: faaf47283e61755547559c482ddd215af6d6a2979d470fb801c6d662b44c0556
    • Instruction ID: d7c32f6956e89ebaac71eb13125d83aaabc48ce8d538faa6693686ae5c79211f
    • Opcode Fuzzy Hash: faaf47283e61755547559c482ddd215af6d6a2979d470fb801c6d662b44c0556
    • Instruction Fuzzy Hash: F61186A2315B4299EF08DF26DC913B82365AB59FD4FC85461EE194738AFF6CCA49C304
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009006C0 Relevance: 7.6, APIs: 6, Instructions: 70COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: memcmp
    • String ID:
    • API String ID: 1475443563-0
    • Opcode ID: 07f142886800d06e1990b6f72cee7966f0f9d5512e8c73e1b5998d3b38180024
    • Instruction ID: 53713d582463e149845d6fcd2c20bbccbc326cd7108d21a2f8135b5946d6d5d8
    • Opcode Fuzzy Hash: 07f142886800d06e1990b6f72cee7966f0f9d5512e8c73e1b5998d3b38180024
    • Instruction Fuzzy Hash: D611E6A6351B4299EB089F369D913B8336AAB95FD4FC84420CE1987389FF2CD649C304
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0092CA84 Relevance: 7.6, APIs: 6, Instructions: 70COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: memcmp
    • String ID:
    • API String ID: 1475443563-0
    • Opcode ID: 87761bca0f662909a4f093b39be90bd9423753d49c270d1fa9273b3bc6be8ee7
    • Instruction ID: 0cf5908b98af55cd1d8372f98d093a139c6ce6a8265326cedaa277027b05f2f9
    • Opcode Fuzzy Hash: 87761bca0f662909a4f093b39be90bd9423753d49c270d1fa9273b3bc6be8ee7
    • Instruction Fuzzy Hash: 4E11E9E2305B5251EB08DF26A8613BC2315AB55FC4FC84861CE194B70DFF6CC649C344
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00910384 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 62COMMON
    Download Yara Rule
    APIs
    • free.MSVCRT ref: 0091041D
      • Part of subcall function 0090FFB0: memset.MSVCRT ref: 0090FFD3
      • Part of subcall function 0090FFB0: strlen.MSVCRT ref: 0090FFF2
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: freememsetstrlen
    • String ID: ?$ MB$, # $RAM
    • API String ID: 2062123303-3586855483
    • Opcode ID: 64c864365661d393c404a273a905840a5be6bbeab85b80cad095f8660d61ea9a
    • Instruction ID: cac63832e9adf4814e5a43b9d518ed60455f0e70fb0e747252346219d138135c
    • Opcode Fuzzy Hash: 64c864365661d393c404a273a905840a5be6bbeab85b80cad095f8660d61ea9a
    • Instruction Fuzzy Hash: 72116066308A0586DA30DF26E85435DA721F789FE8F458221DFAE47798DF6EC646C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00928CF4 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 55COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 008FCF54: RegOpenKeyExW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 008FCF7F
      • Part of subcall function 008FCDD4: RegQueryValueExW.KERNELBASE ref: 008FCE22
      • Part of subcall function 008FCDD4: RegQueryValueExW.ADVAPI32 ref: 008FCE70
    • free.MSVCRT(?,?,?,?,?,?,?,?,00000001,?,00928F50), ref: 00928DA7
      • Part of subcall function 008F3A84: free.MSVCRT ref: 008F3AB0
      • Part of subcall function 008F3A84: memmove.MSVCRT ref: 008F3ACB
      • Part of subcall function 008F98E8: free.MSVCRT(?,?,?,?,?,?,?,?,?,?,Path64,00928D88), ref: 008F9970
    • free.MSVCRT(?,?,?,?,?,?,?,?,00000001,?,00928F50), ref: 00928D8F
    • free.MSVCRT(?,?,?,?,?,?,?,?,00000001,?,00928F50), ref: 00928D9A
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$QueryValue$Openmemmove
    • String ID: 7z.dll$Software\7-zip
    • API String ID: 2771487249-1558686312
    • Opcode ID: 4240e8d67ce297bd71e873af935b26dbbc0a379bfab42a344b2b59ff2a39dff3
    • Instruction ID: 01e977e5b85531a0ae333f1d06ffae20ec20260134f006edcacc01b60bd8a7fb
    • Opcode Fuzzy Hash: 4240e8d67ce297bd71e873af935b26dbbc0a379bfab42a344b2b59ff2a39dff3
    • Instruction Fuzzy Hash: 9A11E712204A4850DA20FB36E9513FF6325FBE5BE4F801222AE5DC77A5DF2CC649C701
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009316BF Relevance: 7.5, APIs: 6, Instructions: 47COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: fc0ee3cc44c90b3dbd738d0d6c9bc99b90a025eb93b29a2fb35c74f33ef0e803
    • Instruction ID: cebae7d4ef700703bfb3154b36d4e0499dbb95de21be03e479da1ba9f7394fb1
    • Opcode Fuzzy Hash: fc0ee3cc44c90b3dbd738d0d6c9bc99b90a025eb93b29a2fb35c74f33ef0e803
    • Instruction Fuzzy Hash: 5EF0A45324955843E615FB39F45123F1720FBE7F99F0928225F1A83311DD3DC5968201
    Uniqueness

    Uniqueness Score: -1.00%

    Function 008F7B34 Relevance: 7.5, APIs: 5, Instructions: 47COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: CreateDirectoryfree$ErrorLast
    • String ID:
    • API String ID: 3252411863-0
    • Opcode ID: dd251b03643955acd1ebd737d76ae3a04511b0d497b495b9922ec834b5b3b62c
    • Instruction ID: cb7e26a4ae3b5a25465bbbe7bebae792cd4c84eb40679c167d661b54bce8df28
    • Opcode Fuzzy Hash: dd251b03643955acd1ebd737d76ae3a04511b0d497b495b9922ec834b5b3b62c
    • Instruction Fuzzy Hash: 4701A72220C64882EA30AB35E95473D5325FBC77F8F584221EB69C77E5DF19CA468701
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0093158C Relevance: 7.5, APIs: 6, Instructions: 43COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: c73ca365ab77b199090889c67ab035144b5c177e5ae799fb2f82355476eb5453
    • Instruction ID: d378722fa500cee8254052e068869bf887bc735e0ca200af8b9536f4cf485a0f
    • Opcode Fuzzy Hash: c73ca365ab77b199090889c67ab035144b5c177e5ae799fb2f82355476eb5453
    • Instruction Fuzzy Hash: 0BF0901328951843EA05FB39F41523F5324FBE7F95F0028226F0A83311DE3DC6978206
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009315EB Relevance: 7.5, APIs: 6, Instructions: 42COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: 0140bc7f597eabbe93ccfc0b06703247dc0df4996606aa96fae413f7ffaa1056
    • Instruction ID: 016177bcfd183b355f7dfd0588b3b77024873e7bbd013bb65529edf10a93e2aa
    • Opcode Fuzzy Hash: 0140bc7f597eabbe93ccfc0b06703247dc0df4996606aa96fae413f7ffaa1056
    • Instruction Fuzzy Hash: 25F0301324951843EA15FB39F42527F5224FBA7F99F0528225F1A93311DE3DC6968605
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0093165B Relevance: 7.5, APIs: 6, Instructions: 42COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: 0140bc7f597eabbe93ccfc0b06703247dc0df4996606aa96fae413f7ffaa1056
    • Instruction ID: 7977fe537fd05f76a9b6103c4e32bdcd989f6e9d202064d9d462737da59d2577
    • Opcode Fuzzy Hash: 0140bc7f597eabbe93ccfc0b06703247dc0df4996606aa96fae413f7ffaa1056
    • Instruction Fuzzy Hash: 95F0301324951843EA15FB39F42527F5224FBA7F99F0528225F1A93311DE3DC6968605
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0093173C Relevance: 7.5, APIs: 6, Instructions: 42COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: 6f76419948d0296711687ec52edebda54863d11d62ba5b07afbfb4737b6cc648
    • Instruction ID: 69251cc6db48832e48767cbcdf15a665c5f1c396365416d2dba125f9641b1c4d
    • Opcode Fuzzy Hash: 6f76419948d0296711687ec52edebda54863d11d62ba5b07afbfb4737b6cc648
    • Instruction Fuzzy Hash: 95F03A1328A51843EA15FB39F45163F5224FBA7F9AF0528225F1AD3311DE3DC6968605
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00930CB3 Relevance: 7.5, APIs: 6, Instructions: 42COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: 88c7b8e0f9e4fcc787c269e8082e085398202ec78d67843f69d62c34eaaf006a
    • Instruction ID: 9c1ffaea0194017e373e199ed59a5d00a4e34978e3e6c8e53d07a620c0b32327
    • Opcode Fuzzy Hash: 88c7b8e0f9e4fcc787c269e8082e085398202ec78d67843f69d62c34eaaf006a
    • Instruction Fuzzy Hash: 80F0301324950843E905FB39F46163F5324FBE7F95F0028229F1AD3311CE3DC6968605
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009317E2 Relevance: 7.5, APIs: 6, Instructions: 41COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: 115da9ab31385e1049fb0b596d1fe87e044c731fe5f40bf54cd33ffa6241f1e6
    • Instruction ID: 4a1f6904cace6ae50756738e5525d563e984bb5c03cc91b0e4dbf27bca926319
    • Opcode Fuzzy Hash: 115da9ab31385e1049fb0b596d1fe87e044c731fe5f40bf54cd33ffa6241f1e6
    • Instruction Fuzzy Hash: 14F03A1328951843EA15EB39F46127F5224FBA7F9AF0528229F1A83321CE3DC69A8605
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009318D7 Relevance: 7.5, APIs: 6, Instructions: 41COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: 36f4ff2179a18eb3dc0713e8c4fc4c22ce68f1dd47558e7db6e7f74f63677af7
    • Instruction ID: 83c6aa83dbaf7ec7775d183d4fe0374a9a832f9428e8f19a32624d0ccf3e32b5
    • Opcode Fuzzy Hash: 36f4ff2179a18eb3dc0713e8c4fc4c22ce68f1dd47558e7db6e7f74f63677af7
    • Instruction Fuzzy Hash: 6AF03A1328951843EA15EB39F45123F5324FBA7F9AF0528229F1A83321CE3DC6AA8605
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0093197C Relevance: 7.5, APIs: 6, Instructions: 41COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: 47435550c620d13956854843cab04698d6375ff2f667807b1eb81397cfec0c95
    • Instruction ID: 4ddcc10db018f785d530dcfd00f860b91db7d8979fbf414392c5dbd97f128a62
    • Opcode Fuzzy Hash: 47435550c620d13956854843cab04698d6375ff2f667807b1eb81397cfec0c95
    • Instruction Fuzzy Hash: 04F05E1768951843EA15FF39F46123F5324FBE7F9AF0528225F1A83311CE3DC69A8602
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00959CE8 Relevance: 7.5, APIs: 6, Instructions: 39COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: f869258d6e48b38a4fd37b112e75f01f1466d228fd4ae440c26e5e16f4665e2c
    • Instruction ID: 3a8a3aeecd845f8784f27396ce87f224ad16669716b2566665d9a406f39aacaa
    • Opcode Fuzzy Hash: f869258d6e48b38a4fd37b112e75f01f1466d228fd4ae440c26e5e16f4665e2c
    • Instruction Fuzzy Hash: 3FF0872371688886EB11EE3AE85127E2335FBA6F99F585122EF0DCF355DE69C8518301
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0095F71C Relevance: 7.5, APIs: 6, Instructions: 38COMMON
    Download Yara Rule
    APIs
    • free.MSVCRT(?,00000000,?,?,0095F7FD,?,00000000,?,?,0095F911), ref: 0095F74E
    • free.MSVCRT(?,00000000,?,?,0095F7FD,?,00000000,?,?,0095F911), ref: 0095F757
    • free.MSVCRT(?,00000000,?,?,0095F7FD,?,00000000,?,?,0095F911), ref: 0095F760
    • free.MSVCRT(?,00000000,?,?,0095F7FD,?,00000000,?,?,0095F911), ref: 0095F769
    • free.MSVCRT(?,00000000,?,?,0095F7FD,?,00000000,?,?,0095F911), ref: 0095F772
    • free.MSVCRT(?,00000000,?,?,0095F7FD,?,00000000,?,?,0095F911), ref: 0095F77A
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: 1c6a1483767c9c5a796face3de33d5c53eda4e76b9d2551abce6c19e1401e479
    • Instruction ID: 2f28f656c212e89a7c81ad76ebcbab87a10e35cdd41b907b8cabec491f9cb070
    • Opcode Fuzzy Hash: 1c6a1483767c9c5a796face3de33d5c53eda4e76b9d2551abce6c19e1401e479
    • Instruction Fuzzy Hash: 24F0442371558C8ADA10EE3BEC9117A1334FBB5BADB181132AF0DCB754DE55C8658300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00922AA4 Relevance: 7.5, APIs: 6, Instructions: 38COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: 711e9a5a8ecf66bafe99e8acc74e0f442521568da8d4caa396b1caa06e9da126
    • Instruction ID: 16ffefaa10b2d1bc67a869e7d81dea102059c296ccfc55938f3a9d1abdca34e5
    • Opcode Fuzzy Hash: 711e9a5a8ecf66bafe99e8acc74e0f442521568da8d4caa396b1caa06e9da126
    • Instruction Fuzzy Hash: B6F081537015984ADA10AE3AE88116A1324EB76BACF0C5132AF0D8BB44DE65C8A18340
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00922A2C Relevance: 7.5, APIs: 6, Instructions: 38COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: 12a5d71d6dad2beb84c94c9cc4e4c47b866b0bc9c4c51e61803a1545f3a63548
    • Instruction ID: f1712a55c5538496b3ccf5a15964b46761738c553d751a8fee676787f46e0c04
    • Opcode Fuzzy Hash: 12a5d71d6dad2beb84c94c9cc4e4c47b866b0bc9c4c51e61803a1545f3a63548
    • Instruction Fuzzy Hash: D8F031137055988A9A10AE3AE89117A1334EBA5BECB185132AF0DCB755DE65C8618341
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0092FCF5 Relevance: 7.5, APIs: 6, Instructions: 31COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: a3115e7c2990acae16b1f116d5948c23adbdfa0988ab48e05560c8acb19368f3
    • Instruction ID: 0aae4e65c688ebf298baeec449f766188110bea3bbe44aae62b6863e228abac7
    • Opcode Fuzzy Hash: a3115e7c2990acae16b1f116d5948c23adbdfa0988ab48e05560c8acb19368f3
    • Instruction Fuzzy Hash: 92E01A1368E00943F516FA39B41267B5224FFB37ADF4038232F16D72118D3E86A24A06
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0092FF14 Relevance: 7.5, APIs: 6, Instructions: 31COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: a3115e7c2990acae16b1f116d5948c23adbdfa0988ab48e05560c8acb19368f3
    • Instruction ID: 0aae4e65c688ebf298baeec449f766188110bea3bbe44aae62b6863e228abac7
    • Opcode Fuzzy Hash: a3115e7c2990acae16b1f116d5948c23adbdfa0988ab48e05560c8acb19368f3
    • Instruction Fuzzy Hash: 92E01A1368E00943F516FA39B41267B5224FFB37ADF4038232F16D72118D3E86A24A06
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00904C00 Relevance: 7.5, APIs: 6, Instructions: 19COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: 50183e623d9f6556b622cc4bf47fb56b073dc9393ca60283ea0d5912cd8a44ce
    • Instruction ID: 6e0d8ef4d9730e74b813dc5a8c22867e50313ab6b48091fc6dda7a89da7e6eb1
    • Opcode Fuzzy Hash: 50183e623d9f6556b622cc4bf47fb56b073dc9393ca60283ea0d5912cd8a44ce
    • Instruction Fuzzy Hash: C8E0726261844C82EB54AF7AE8A203A1335FBB5F8CB1424129B5ECF265DD6AC8619781
    Uniqueness

    Uniqueness Score: -1.00%

    Function 008F74B8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 78windowCOMMON
    Download Yara Rule
    APIs
    • FormatMessageW.KERNEL32 ref: 008F752F
    • LocalFree.KERNEL32 ref: 008F7551
      • Part of subcall function 008F3B94: free.MSVCRT ref: 008F3BCC
    Strings
    • Internal Error: The failure in hardware (RAM or CPU), OS or program, xrefs: 008F74F3
    • Error #, xrefs: 008F75CD
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: FormatFreeLocalMessagefree
    • String ID: Error #$Internal Error: The failure in hardware (RAM or CPU), OS or program
    • API String ID: 1548054572-2710258398
    • Opcode ID: 7fadcebdb2541543758955906e653f0efcf00712d2b899c32960a67e0ec08f1a
    • Instruction ID: 5eb95ac12edfe33b5f2fc78f601cdb6e578d3d75a86acbdb2e352953e6f6b2f4
    • Opcode Fuzzy Hash: 7fadcebdb2541543758955906e653f0efcf00712d2b899c32960a67e0ec08f1a
    • Instruction Fuzzy Hash: 7531363220868986DB20CF3AE4417AD7371F7D97A0F944226EB99C7754DB7DC148CB01
    Uniqueness

    Uniqueness Score: -1.00%

    Function 008FA218 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74fileCOMMON
    Download Yara Rule
    APIs
      • Part of subcall function 008F9D90: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,7-Zip,?,?,?,?,00000003), ref: 008F9DA2
    • CreateFileW.KERNEL32 ref: 008FA28D
    • CreateFileW.KERNEL32 ref: 008FA2E0
    • free.MSVCRT ref: 008FA2EE
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: CreateFile$CloseHandlefree
    • String ID: 7-Zip
    • API String ID: 210839660-40562396
    • Opcode ID: c6abd320dd7c0476229617a7bee54d45907a0909edb235768bf5ea34ecf01746
    • Instruction ID: a156252b701e9d340dfc5dde270345626c925710402397d36f449c76febc5dbf
    • Opcode Fuzzy Hash: c6abd320dd7c0476229617a7bee54d45907a0909edb235768bf5ea34ecf01746
    • Instruction Fuzzy Hash: 8B2186722046C49AC7209F69B94166A6760F3867F4F544321EFB987BD8DB39C4A6CB01
    Uniqueness

    Uniqueness Score: -1.00%

    Function 008F2E74 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 55COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: CharUpper
    • String ID: a$z
    • API String ID: 9403516-4151050625
    • Opcode ID: dd94112cb73f545a4158ecd7542937d0b33efbe90c644bccfebcd5bd0bcb6a9d
    • Instruction ID: 09e257043fc8cf3991868ca4f76f173aa6d01fc0f6286eabafdc7d86ecbc2053
    • Opcode Fuzzy Hash: dd94112cb73f545a4158ecd7542937d0b33efbe90c644bccfebcd5bd0bcb6a9d
    • Instruction Fuzzy Hash: C101A202B544AC85EB30B672AC047F52151F318BFAFBE0132AF46C3793E6294DD1E222
    Uniqueness

    Uniqueness Score: -1.00%

    Function 008F2DE8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 50COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID:
    • String ID: a$z
    • API String ID: 0-4151050625
    • Opcode ID: 16e450e9ee1e2372127204908ee3c0149c669ec61efdc828a25a51269f3be136
    • Instruction ID: e731f2c27962be4b18f9078c805db1854d51741c44747db959a34d4be6039d13
    • Opcode Fuzzy Hash: 16e450e9ee1e2372127204908ee3c0149c669ec61efdc828a25a51269f3be136
    • Instruction Fuzzy Hash: 4F01FF86F2106C85EF307B35A8453F85292F721F95FAD40328F4AC7353E21999E6E312
    Uniqueness

    Uniqueness Score: -1.00%

    Function 008FC514 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 31libraryloaderCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: AddressHandleModuleProc
    • String ID: RtlGetVersion$ntdll.dll
    • API String ID: 1646373207-1489217083
    • Opcode ID: 46789a40cb208cafd35035167eef8eb578e42337cbb22a8d4333b22a2e8a0472
    • Instruction ID: b88aaec324aa233596158a77e1e52ed2bd78f301e797e2322210504d52f84798
    • Opcode Fuzzy Hash: 46789a40cb208cafd35035167eef8eb578e42337cbb22a8d4333b22a2e8a0472
    • Instruction Fuzzy Hash: EBF06231A0460D86EF30AB71E55433923A0FBDC314FA80524E66EC2294DB3CEB45CE44
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00961810 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: AddressHandleModuleProc
    • String ID: GetLargePageMinimum$kernel32.dll
    • API String ID: 1646373207-2515562745
    • Opcode ID: 005831e7a93e50a9352d8076ec455468afbbe3fc010948027a026947c0023b6a
    • Instruction ID: 2b8adc63d0fc23147b152e0c426b41cfa0fa912185d30cdcb9be31dede579357
    • Opcode Fuzzy Hash: 005831e7a93e50a9352d8076ec455468afbbe3fc010948027a026947c0023b6a
    • Instruction Fuzzy Hash: 91E0B624752B41C1EE49EB91FCA536823A4BB99B00FD84529D44E433A1EF3DE109C314
    Uniqueness

    Uniqueness Score: -1.00%

    Function 008FC08C Relevance: 6.4, APIs: 5, Instructions: 140COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$memmove
    • String ID:
    • API String ID: 1534225298-0
    • Opcode ID: 207c38bf0612d867b1263b6cb9e36b26158095384d21d21f2841f70a692b4e18
    • Instruction ID: 660a4dda18e2f893797479f8c118c0c094ccf41350078162e92595192329d925
    • Opcode Fuzzy Hash: 207c38bf0612d867b1263b6cb9e36b26158095384d21d21f2841f70a692b4e18
    • Instruction Fuzzy Hash: FF41622321854C958A20EF39E49007EB721FBD57D4B541122FB9EC7729DF29CA85CB41
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0090BD78 Relevance: 6.4, APIs: 5, Instructions: 132COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: a15065e234d07fb02154a9cf6a988a64710658374418ab688e291c6b7b98d8d3
    • Instruction ID: 66966486bca69639ccd6b6ded2360334983f84391654b17abd40e37aad2f54b6
    • Opcode Fuzzy Hash: a15065e234d07fb02154a9cf6a988a64710658374418ab688e291c6b7b98d8d3
    • Instruction Fuzzy Hash: A54103273156848BDB20EF36E4502BEA760F795BE4F485221EF9987B89DF38C955CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 008FB064 Relevance: 6.3, APIs: 5, Instructions: 98COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: ErrorLastfree
    • String ID:
    • API String ID: 2167247754-0
    • Opcode ID: 7ec7faefc5275c3e698d003ac3ccd1266ea2fc7849db025095fbd77348eb44ce
    • Instruction ID: 0fd8dd03ce620607a7dba382e8834c232f54c94e43d32d8a84aae51b602e299b
    • Opcode Fuzzy Hash: 7ec7faefc5275c3e698d003ac3ccd1266ea2fc7849db025095fbd77348eb44ce
    • Instruction Fuzzy Hash: 8A319B1221454C55DA30BB39E86177A7721F7D23F4F501312BBAAC76A5DF28C986C702
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0091BAFC Relevance: 6.3, APIs: 5, Instructions: 83COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$ErrorLastmemmove
    • String ID:
    • API String ID: 3561842085-0
    • Opcode ID: f8c1944d5408e9a34cc7399f72216af8e005653716194d651d0c65e5caa2e899
    • Instruction ID: 6c03c2ac316ab466eeee52a3bd0b10cded5bf151f5c80be6baff99544cd72dfb
    • Opcode Fuzzy Hash: f8c1944d5408e9a34cc7399f72216af8e005653716194d651d0c65e5caa2e899
    • Instruction Fuzzy Hash: 0321B62230954991DB20EB39E8417FA5321FBD57E4F440222FBA9C39E9DF2DC989C741
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009232C8 Relevance: 6.3, APIs: 5, Instructions: 62COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: memcmp
    • String ID:
    • API String ID: 1475443563-0
    • Opcode ID: 16e7b70883bf9f75fbe71a9d6c967bf5ee2419e85eef215ed37af5c2d24feb2c
    • Instruction ID: 637ffccc73866359327547a4b4903530f63be2a8b4fcba8aa04c8b2e0e13eed8
    • Opcode Fuzzy Hash: 16e7b70883bf9f75fbe71a9d6c967bf5ee2419e85eef215ed37af5c2d24feb2c
    • Instruction Fuzzy Hash: 8E1182A2711B6295EB08DF26AD913B82365AB55FD4FC8C8209E158B30DFF6CC74AC304
    Uniqueness

    Uniqueness Score: -1.00%

    Function 008F46D8 Relevance: 6.3, APIs: 5, Instructions: 61COMMON
    Download Yara Rule
    APIs
    • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 008F471E
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 008F472A
    • _CxxThrowException.MSVCRT ref: 008F4748
    • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 008F4774
    • _CxxThrowException.MSVCRT ref: 008F4792
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: ByteCharExceptionMultiThrowWide$ErrorLast
    • String ID:
    • API String ID: 2296236218-0
    • Opcode ID: 8a5a4a600f8ad0281861b6d34e509b98cd4acd45fbfc6381167893e75ddd070a
    • Instruction ID: 98b60c7da2f7924ecbf0e01e3e7297f9ecad2f1e66cc467bcdf043a051a0d34a
    • Opcode Fuzzy Hash: 8a5a4a600f8ad0281861b6d34e509b98cd4acd45fbfc6381167893e75ddd070a
    • Instruction Fuzzy Hash: 6721AF76700B4986DB10DF66E85072EB7A1FB89F88F188125DB8887724EF78C845C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 008FE858 Relevance: 6.3, APIs: 5, Instructions: 58COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: 75ac880001657c72aabdd3782d176abcd060bdee3a6014fe331d59d97af04cbf
    • Instruction ID: 8af28f72b61d90ccab665f46aea5d4cc725e777db7af4811205f9bd56c17ae93
    • Opcode Fuzzy Hash: 75ac880001657c72aabdd3782d176abcd060bdee3a6014fe331d59d97af04cbf
    • Instruction Fuzzy Hash: 8E11122221994892CA10EB39F85137FA330F7D5764F542222B79EC7AA9DF6CC645CB01
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0095F350 Relevance: 6.3, APIs: 5, Instructions: 56stringCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$memmovestrlen
    • String ID:
    • API String ID: 500058495-0
    • Opcode ID: 9ec88666d72f946b66f8d4a4fc91bec99c866a2b1e8ab1f3ca3831882c99a0ff
    • Instruction ID: 9b31285ee521145844fa8e191b9e83445cfe04ce175563982dd11499e383a158
    • Opcode Fuzzy Hash: 9ec88666d72f946b66f8d4a4fc91bec99c866a2b1e8ab1f3ca3831882c99a0ff
    • Instruction Fuzzy Hash: 7F119F2320968481DB20EF35E45026E6730FBD57E4F445222BF9EC76A9DF6DC64AC701
    Uniqueness

    Uniqueness Score: -1.00%

    Function 008FE6D0 Relevance: 6.3, APIs: 5, Instructions: 54COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: 434f983db26ab1513960414e8739cd70737a96e79ab897b42bc6ba0878c32db8
    • Instruction ID: 507b1a65c14feebe0cc035afeb9f67f4dd857a97e8c1799042ea6a8d67e6f13c
    • Opcode Fuzzy Hash: 434f983db26ab1513960414e8739cd70737a96e79ab897b42bc6ba0878c32db8
    • Instruction Fuzzy Hash: E5113322219948A2CA10EB39F85126FA330F7D5764F542223B79DC76A9DF6CC605CB01
    Uniqueness

    Uniqueness Score: -1.00%

    Function 008F186C Relevance: 6.3, APIs: 5, Instructions: 48COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: 931cfe5e1a60d50e4ce7de3533443cd257083c38d70bf5a12223cf93f64fd27f
    • Instruction ID: dd9ec2fc96fd09d0c33cdadd982ffa16b42b13dfe9f5c60bc063e527d0c134b4
    • Opcode Fuzzy Hash: 931cfe5e1a60d50e4ce7de3533443cd257083c38d70bf5a12223cf93f64fd27f
    • Instruction Fuzzy Hash: 59018423715A5C97EE14EF35E91417A2320FB92FE8F1853229F6997790CF29C9618300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00959FD4 Relevance: 6.3, APIs: 5, Instructions: 43COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: 6eeb031e753ccd701e118072c3708fb49cd3651d87b7e6d7d76765d1a7f3b1b1
    • Instruction ID: 86780032a52c837d681107637c09863365f26237a8b16747c6c069c73c6d4065
    • Opcode Fuzzy Hash: 6eeb031e753ccd701e118072c3708fb49cd3651d87b7e6d7d76765d1a7f3b1b1
    • Instruction Fuzzy Hash: F8019223611A8486DA11EE36E85016A1324F792FA9F180332AF2D4B794CE29C9058300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0091DDD0 Relevance: 6.3, APIs: 5, Instructions: 40COMMON
    Download Yara Rule
    APIs
    • free.MSVCRT ref: 0091DDE3
      • Part of subcall function 0091ABF0: free.MSVCRT ref: 0091AC00
      • Part of subcall function 0091ABF0: free.MSVCRT ref: 0091AC09
      • Part of subcall function 0091ABF0: free.MSVCRT ref: 0091AC34
      • Part of subcall function 0091ABF0: free.MSVCRT ref: 0091AC3C
      • Part of subcall function 0091B6BC: free.MSVCRT ref: 0091B6EE
      • Part of subcall function 0091B6BC: free.MSVCRT ref: 0091B6F7
      • Part of subcall function 0091B6BC: free.MSVCRT ref: 0091B700
      • Part of subcall function 0091B6BC: free.MSVCRT ref: 0091B708
    • free.MSVCRT ref: 0091DDFE
    • free.MSVCRT ref: 0091DE07
    • free.MSVCRT ref: 0091DE32
    • free.MSVCRT ref: 0091DE3A
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: c27b0cbde9bdac32e7a802afa58a7524bb792b6ef1400a946c0026947c0dd15d
    • Instruction ID: 2ac98174e1e2570844bc0a0c236eac9fd2418e93dcab2669807de3e5655efe21
    • Opcode Fuzzy Hash: c27b0cbde9bdac32e7a802afa58a7524bb792b6ef1400a946c0026947c0dd15d
    • Instruction Fuzzy Hash: 42F0D12371685C97DA11FE3AE9911BD1334FBA2FA8B080122AF0DCF650DF25C8B28340
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0095B048 Relevance: 6.3, APIs: 5, Instructions: 36COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: aa385e2dd13098c9c987626c07da87cf2ae435401d6f15d0d2add55ad26187f2
    • Instruction ID: 822523757aaa042106e033d82e60a2d8f1c1ac617f3041f547c5721e352ee1c6
    • Opcode Fuzzy Hash: aa385e2dd13098c9c987626c07da87cf2ae435401d6f15d0d2add55ad26187f2
    • Instruction Fuzzy Hash: B4F062237059888A9A11EE3FE85107F1335FBA5FADB181122AF1D8B359DE65C8518340
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009233E0 Relevance: 6.3, APIs: 5, Instructions: 36COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: e780f9a1a3b6a7e606232c0fa8ecc4d3a5f19754261770240f7fa3caa39e1937
    • Instruction ID: cc47b40a01ed405ca0e613c44bd8544eb33427817a23ec5cbd2d0652810f1168
    • Opcode Fuzzy Hash: e780f9a1a3b6a7e606232c0fa8ecc4d3a5f19754261770240f7fa3caa39e1937
    • Instruction Fuzzy Hash: C6F0CD2371289886DA12EE3EF85117A1334FBA1FA8F185122DF0D9B369EE29C8418300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0095E474 Relevance: 6.3, APIs: 5, Instructions: 36COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: fe90003d1faed665d29603f076983c021016a7a1d6e56e2f2eae755c8c12f0e3
    • Instruction ID: 1b7d324025bed0671833fae3ed90cb68559617a4d46e8fc9ff22bfa836432241
    • Opcode Fuzzy Hash: fe90003d1faed665d29603f076983c021016a7a1d6e56e2f2eae755c8c12f0e3
    • Instruction Fuzzy Hash: F4F0C213B0198886D616EE3BE8511BA1324EBA2FA9F1C1132AF1D9F364DE2AC9418300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0092D5B0 Relevance: 6.3, APIs: 5, Instructions: 36COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: 476527568467571c64978b355148823fdd84cd49a30009d84de5d920889eb00c
    • Instruction ID: 501f94d07796f0f7dd752a105a0b4a9dd049995c220ad6e80d927104bd91827b
    • Opcode Fuzzy Hash: 476527568467571c64978b355148823fdd84cd49a30009d84de5d920889eb00c
    • Instruction Fuzzy Hash: EFF096537029984ADB10AE3AF89116A1324FF65BEDF1C5132FF0D8B759DF65C8A28340
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0092D540 Relevance: 6.3, APIs: 5, Instructions: 36COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: 717ef7d5d74a091cdd05011043747c64c3be4b554fc1e8b78e49a4345964fc12
    • Instruction ID: f73ec60c15db770417fb32762c87d4fa657401935bfff251ff3101ee91814385
    • Opcode Fuzzy Hash: 717ef7d5d74a091cdd05011043747c64c3be4b554fc1e8b78e49a4345964fc12
    • Instruction Fuzzy Hash: 32F062137069988A9A10AE3AF89117A1334EF66BACB1C5132FF0D8B758DE65C8628340
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00909CCC Relevance: 6.3, APIs: 5, Instructions: 36COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: 4b0d416e0443228c49d04d86c140f30cc1942ac7d13c8811c41dd14f07085751
    • Instruction ID: 8b54230f16572c6619eb880ea15a170163fa3e891aa12b33fa351f32ff4b24e3
    • Opcode Fuzzy Hash: 4b0d416e0443228c49d04d86c140f30cc1942ac7d13c8811c41dd14f07085751
    • Instruction Fuzzy Hash: 30F06D2375588C8ADA15AE3AE85113A5334FBB6F9CB291122AF1DCB395DE25C8618300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009309C7 Relevance: 6.3, APIs: 5, Instructions: 33COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: 78fc29516d794ee513fe0eb2e90ce037da3c2203829824c2ddd346719b6f1980
    • Instruction ID: 64c678a28a0a092fc376e4685363a08f8af5bb45d4e7bc739bc0e2fe4b16353f
    • Opcode Fuzzy Hash: 78fc29516d794ee513fe0eb2e90ce037da3c2203829824c2ddd346719b6f1980
    • Instruction Fuzzy Hash: 7AE0A01368D09403F202EA39B45127F1610EFB3B98F5428626F16C3201CD3EC2E78602
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00930A8D Relevance: 6.3, APIs: 5, Instructions: 32COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: 4df0d4eaeec824b864275067f3528669dfcbe2cf071f9e403fd4f4ae44eda0b3
    • Instruction ID: 5eca78ba29185350df44a939b15ab3e2d6d662f8abee745f6b86bde18293f8df
    • Opcode Fuzzy Hash: 4df0d4eaeec824b864275067f3528669dfcbe2cf071f9e403fd4f4ae44eda0b3
    • Instruction Fuzzy Hash: 6FE0920368E40407F616EA39B45227B0210FFB37ADF1028136F06D7202DD3D87E34642
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0092D620 Relevance: 6.3, APIs: 5, Instructions: 24COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: 0145e3bbdb314b0ee65776eb6a2387c12b69b8226ba49a1f90423a267bbcfe6f
    • Instruction ID: 0cb053b367c9b093fdb9d915eff6d6399607e546438b8575dd653474c9f1eecc
    • Opcode Fuzzy Hash: 0145e3bbdb314b0ee65776eb6a2387c12b69b8226ba49a1f90423a267bbcfe6f
    • Instruction Fuzzy Hash: 65E0302230594C83DA04AF3AEA9103E2330F7A5FA8B1452129F1DCB751DF25D8B18341
    Uniqueness

    Uniqueness Score: -1.00%

    Function 008FF29C Relevance: 6.1, APIs: 4, Instructions: 125COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 008FEF60: MonitorFromWindow.USER32 ref: 008FEF7B
      • Part of subcall function 008FEF60: memset.MSVCRT ref: 008FEF94
      • Part of subcall function 008FEF60: GetMonitorInfoA.USER32 ref: 008FEFA9
    • GetParent.USER32 ref: 008FF2D2
    • GetWindowRect.USER32 ref: 008FF326
    • GetWindowRect.USER32 ref: 008FF365
    • MoveWindow.USER32 ref: 008FF43D
      • Part of subcall function 008FEF60: SystemParametersInfoW.USER32 ref: 008FEFCC
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: Window$InfoMonitorRect$FromMoveParametersParentSystemmemset
    • String ID:
    • API String ID: 2657265584-0
    • Opcode ID: b497c9f66a523c4fc395545eb7b182048e9f7ebf7017acd5f9f7cd82ccb4ec0e
    • Instruction ID: c7bc46ee97b3dbb83e188f33306e1a80feced2bcb65d22abca980c83c14445a0
    • Opcode Fuzzy Hash: b497c9f66a523c4fc395545eb7b182048e9f7ebf7017acd5f9f7cd82ccb4ec0e
    • Instruction Fuzzy Hash: 9D4179332286898BC7208B39E44163EB761FBD4B85F585125FB86D6A19DB78EC81CF01
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0090A584 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 119COMMON
    Download Yara Rule
    APIs
    • free.MSVCRT ref: 0090A72B
      • Part of subcall function 00908308: free.MSVCRT ref: 009083E5
      • Part of subcall function 00908CA8: GetLastError.KERNEL32 ref: 00908CC3
      • Part of subcall function 00908CA8: free.MSVCRT ref: 00908D14
      • Part of subcall function 00908CA8: free.MSVCRT ref: 00908D4D
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$ErrorLast
    • String ID: Incorrect reparse stream$Unknown reparse stream$can't delete file
    • API String ID: 408039514-394804653
    • Opcode ID: 4b20893e84dbe5a25b80a69513725189338e22e6932fed64ed43ba4962b8bd2d
    • Instruction ID: 56b4bcbb210c505cf9f9c5d6ed3b5563944a90bfe9b9ec08f686e94ee32d3f3c
    • Opcode Fuzzy Hash: 4b20893e84dbe5a25b80a69513725189338e22e6932fed64ed43ba4962b8bd2d
    • Instruction Fuzzy Hash: A4419D272067859DDB219E39A8103EE2774E7C6BD8F4C4132CF8A4B395DE38C549C3A1
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009096D8 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 108COMMON
    Download Yara Rule
    APIs
    Strings
    • Cannot set length for output file, xrefs: 00909733
    • doc dot wbk docx docm dotx dotm docb wll wwl xls xlt xlm xlsx xlsm xltx xltm xlsb xla xlam ppt pot pps ppa ppam pptx pptm potx potm ppam ppsx ppsm sldx sldm , xrefs: 0090977A
    • :Zone.Identifier, xrefs: 00909791
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID: doc dot wbk docx docm dotx dotm docb wll wwl xls xlt xlm xlsx xlsm xltx xltm xlsb xla xlam ppt pot pps ppa ppam pptx pptm potx potm ppam ppsx ppsm sldx sldm $:Zone.Identifier$Cannot set length for output file
    • API String ID: 1294909896-1552544479
    • Opcode ID: 68008b3b5bd74574b8ab1e9ff77c4ed6469133e9efa09f86c390aa286f758984
    • Instruction ID: fa3784f4ac05c609af711b59c98219d64b1d05bbdd2413c8ad995f6ad7afe5fb
    • Opcode Fuzzy Hash: 68008b3b5bd74574b8ab1e9ff77c4ed6469133e9efa09f86c390aa286f758984
    • Instruction Fuzzy Hash: F841837320478498DF519F38E4943EE6760F782BA8F585232EA9D4B6EADF25C44AC710
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00936FBC Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 85COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID: exe
    • API String ID: 1294909896-1801697008
    • Opcode ID: 5cbc4d299d1688d3a1258c3b7fd765b7cd6f135406678a1f1768c3d63ebc8227
    • Instruction ID: 86566e6265c73ee487686707cff6ab5f1aee16306dd147ac85e860f32529623b
    • Opcode Fuzzy Hash: 5cbc4d299d1688d3a1258c3b7fd765b7cd6f135406678a1f1768c3d63ebc8227
    • Instruction Fuzzy Hash: C331A463304A0596CE30EF25E4411AEB731F7D57E4F845222EB9E47669DF29C68ACB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0090DDF8 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 81COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID: Cannot open input file
    • API String ID: 1294909896-2161566465
    • Opcode ID: 0a59009fd07833585dc3ba88083ec5b9ded331b536d123730a75d4f29311796d
    • Instruction ID: ce6525129fbf8cda36b8dff71e4068f77f74b94edce48724cac117ace9d8f8f9
    • Opcode Fuzzy Hash: 0a59009fd07833585dc3ba88083ec5b9ded331b536d123730a75d4f29311796d
    • Instruction Fuzzy Hash: 9821E423306A4589CB219F75E85076E2764F7AABE4F485631AB9E8B3E5DF38C445C310
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00929974 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$ByteStringmemmove
    • String ID:
    • API String ID: 400576877-0
    • Opcode ID: b9fcae31a59a884e8da1a1f93eff657e830e97a793d09a2cd8a93426aeff4fba
    • Instruction ID: 007e26b707a845b5c678543ab6f7f1addc81b8697876aa3d8729b9a9f97b86be
    • Opcode Fuzzy Hash: b9fcae31a59a884e8da1a1f93eff657e830e97a793d09a2cd8a93426aeff4fba
    • Instruction Fuzzy Hash: 3321C723305B5082EF249F51F55037A6364FB88BA4F084626EF5A4B788DF7CC995C300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0092A668 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$wcscmp
    • String ID:
    • API String ID: 4021281200-0
    • Opcode ID: c1754c48ef87ca1a798b9f98fa39aaca9fb2874d56703a95dc3e826b007f22be
    • Instruction ID: 5956205b589bb1269dc70183925a649aa88a3071295e4d68838e9cb9f8b0ea12
    • Opcode Fuzzy Hash: c1754c48ef87ca1a798b9f98fa39aaca9fb2874d56703a95dc3e826b007f22be
    • Instruction Fuzzy Hash: 7821057760465897DB20EF26F84026D7774F799BE8F048221EF2987798DB38C945CB41
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00905A34 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 65COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID: Unsupported charset:
    • API String ID: 1294909896-616772432
    • Opcode ID: 473fcd9893a7f6966b6ed67e9bed6a48fece553daf39974ebb86c2ad543c451e
    • Instruction ID: f309742bbe3726402ce4f95d3f620a09d3dc27dac3d49deac4958b43b45eb12a
    • Opcode Fuzzy Hash: 473fcd9893a7f6966b6ed67e9bed6a48fece553daf39974ebb86c2ad543c451e
    • Instruction Fuzzy Hash: EC213262304A0496DA20DB28E4C43AA6721F7D57E8F555312EB9E477B9CB69C986CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 008F7BF8 Relevance: 6.1, APIs: 4, Instructions: 56fileCOMMON
    Download Yara Rule
    APIs
      • Part of subcall function 008F8E44: GetFileAttributesW.KERNEL32 ref: 008F8E66
      • Part of subcall function 008F8E44: GetFileAttributesW.KERNEL32 ref: 008F8E9D
      • Part of subcall function 008F8E44: free.MSVCRT ref: 008F8EAA
    • DeleteFileW.KERNEL32 ref: 008F7C40
    • DeleteFileW.KERNEL32 ref: 008F7C7A
    • free.MSVCRT ref: 008F7C8A
    • free.MSVCRT ref: 008F7C98
      • Part of subcall function 008F7750: SetFileAttributesW.KERNEL32 ref: 008F7777
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: File$Attributesfree$Delete
    • String ID:
    • API String ID: 324319583-0
    • Opcode ID: bfda9b2558b7c1f7af72546783d3b06801516cf54012808cb8727d50f792b03a
    • Instruction ID: 3935b0e1a3d935d64041082f57fa2f4d45f34cf135316c529ff794e471fa9311
    • Opcode Fuzzy Hash: bfda9b2558b7c1f7af72546783d3b06801516cf54012808cb8727d50f792b03a
    • Instruction Fuzzy Hash: B501C43220864D81E930AF38A8152391321FBD67F4F2C1321AF7ACB3E5DF29C956D600
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00908CA8 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 51COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$ErrorLastmemmove
    • String ID: :
    • API String ID: 3561842085-3653984579
    • Opcode ID: 871a755086bf90aae783a8ed11b1152f8bbea2482c0b6a2287b951fba05d462b
    • Instruction ID: eff6e547819dc33a3e1a5deefe78c2b2c70a2ed321e8d826bd59f0acad3f36d8
    • Opcode Fuzzy Hash: 871a755086bf90aae783a8ed11b1152f8bbea2482c0b6a2287b951fba05d462b
    • Instruction Fuzzy Hash: DA11826330594895DA20EB39E84426A7731FBD9BE4F454221BF5DC77B9DE28CA86C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 009007A4 Relevance: 6.0, APIs: 4, Instructions: 49fileCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: ErrorLast$FileHandleRead
    • String ID:
    • API String ID: 2244327787-0
    • Opcode ID: 9977af11553a19de39f0226510e629150dfd94ad3193aff2420e74d7f044ac89
    • Instruction ID: e281bbdd9427c4bfe4b5b96ae040d93d79c377dd78551c0b19366bd867b389c0
    • Opcode Fuzzy Hash: 9977af11553a19de39f0226510e629150dfd94ad3193aff2420e74d7f044ac89
    • Instruction Fuzzy Hash: 5101D6217214A08FD7219B3DAD0476563D8B799BD1F958131FE4ACB7A0DA2ECC858B81
    Uniqueness

    Uniqueness Score: -1.00%

    Function 008F7750 Relevance: 6.0, APIs: 4, Instructions: 47COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: AttributesFilefree
    • String ID:
    • API String ID: 1936811914-0
    • Opcode ID: bcb45d07f87cb8370ecf84b7ee6795c6b7713855c8e59c701bfed50867f1d09d
    • Instruction ID: 579793a50034b4ef74632d330718fc7f60454ed6dbf2f023fd16ff936d477160
    • Opcode Fuzzy Hash: bcb45d07f87cb8370ecf84b7ee6795c6b7713855c8e59c701bfed50867f1d09d
    • Instruction Fuzzy Hash: 2601A22231864842EA30AB39E58067E5365FBC9BF4F180321AF69C77A5DF19CD86D701
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00942C14 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 46COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 008F3A84: free.MSVCRT ref: 008F3AB0
      • Part of subcall function 008F3A84: memmove.MSVCRT ref: 008F3ACB
    • free.MSVCRT ref: 00942C4B
    • free.MSVCRT ref: 00942C75
    • free.MSVCRT ref: 00942C9F
      • Part of subcall function 008F3B94: free.MSVCRT ref: 008F3BCC
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$memmove
    • String ID: Reading
    • API String ID: 1534225298-245876189
    • Opcode ID: a735224f177e9d8648017731da8283da224e3a904fc7831863e5980ba6aa3be9
    • Instruction ID: 0c33abb3046852b95ecd3c700cde0706a5c05136da348617f66bd31e6b0014fd
    • Opcode Fuzzy Hash: a735224f177e9d8648017731da8283da224e3a904fc7831863e5980ba6aa3be9
    • Instruction Fuzzy Hash: 5811EC22105A8442DB20EF30E4513AF6330F7D57A4F444231AF9D9B3A9DF34CA55C711
    Uniqueness

    Uniqueness Score: -1.00%

    Function 008F780C Relevance: 6.0, APIs: 4, Instructions: 42COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: DirectoryRemovefree
    • String ID:
    • API String ID: 736856642-0
    • Opcode ID: 78cf672d9724340f7f90083de772ac7bf8b975014a094089ddecf20c0adfe0fb
    • Instruction ID: a054ae7681ac1798e4416179223c9b83fe86e608034b6dfd22526b264646f27d
    • Opcode Fuzzy Hash: 78cf672d9724340f7f90083de772ac7bf8b975014a094089ddecf20c0adfe0fb
    • Instruction Fuzzy Hash: BFF0812261C64881E930AF35E99523D2324FB9A7F4F580331AF6AC77A5DF19C986C705
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00961B60 Relevance: 6.0, APIs: 4, Instructions: 40threadCOMMON
    Download Yara Rule
    APIs
    • _beginthreadex.MSVCRT ref: 00961B95
    • SetThreadAffinityMask.KERNEL32 ref: 00961BB1
    • ResumeThread.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00911E3E), ref: 00961BBA
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00911E3E), ref: 00961BC5
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: Thread$AffinityErrorLastMaskResume_beginthreadex
    • String ID:
    • API String ID: 3268521904-0
    • Opcode ID: 4fc0de43ea0b2e399969aa5fdd5da033387cecd4d6be1a0725d069e2e49aec47
    • Instruction ID: cc7ba5270311ed695cd90f367ec4d4cfa543b344fdc0d8ed886cb4574d884b64
    • Opcode Fuzzy Hash: 4fc0de43ea0b2e399969aa5fdd5da033387cecd4d6be1a0725d069e2e49aec47
    • Instruction Fuzzy Hash: A0017C31708B8086DB048BA2B80431AB3E5F789BE0F480025EE8D93B68EF3CD451CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 008F8E44 Relevance: 6.0, APIs: 4, Instructions: 39COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: AttributesFilefree
    • String ID:
    • API String ID: 1936811914-0
    • Opcode ID: b073cec7a251868189112658d0b38de6a204898df5f33a14e2167961743c4203
    • Instruction ID: b369723e5a32965f7022a655fb1a7772fea477c511a9d0c2a04a0146293559e1
    • Opcode Fuzzy Hash: b073cec7a251868189112658d0b38de6a204898df5f33a14e2167961743c4203
    • Instruction Fuzzy Hash: 2BF0312270864886CA30AB79E99123D1220FB9A7F4F580321FB79CB7E5DF69C995C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 008FF0D0 Relevance: 6.0, APIs: 4, Instructions: 36COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: ClientScreen$ItemRectWindow
    • String ID:
    • API String ID: 1770875447-0
    • Opcode ID: 7c1fe16ded6df6fc9ef1ffe905e7f88029e9e72b64edb6d9036615b43465455c
    • Instruction ID: 593507ec44757f16b0406d80bf5760823be110fb43ce9c67c472ed662f197f26
    • Opcode Fuzzy Hash: 7c1fe16ded6df6fc9ef1ffe905e7f88029e9e72b64edb6d9036615b43465455c
    • Instruction Fuzzy Hash: FA0193BA605684DBCB04CF6AE684719F7B0F789B95F108025EF5987B18DB79D864CF00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00961A80 Relevance: 6.0, APIs: 4, Instructions: 36synchronizationCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: ErrorLast$CloseHandleObjectSingleWait
    • String ID:
    • API String ID: 1796208289-0
    • Opcode ID: 0d63f6bf740e80ec6311dec0c1bc31ba28fcf874ba3d16ffe7b59276408bfcec
    • Instruction ID: f4e7d0763b02482df65cc3306e8ebe16cb494f2f0dad16ad801eb0797e9f165a
    • Opcode Fuzzy Hash: 0d63f6bf740e80ec6311dec0c1bc31ba28fcf874ba3d16ffe7b59276408bfcec
    • Instruction Fuzzy Hash: BF014436706F4086D7105FD6B88031AB2BAFBC9BD1F684125EB9A83755DF39CC458700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 008F59E8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID:
    • String ID: UNC
    • API String ID: 0-337201128
    • Opcode ID: 4c10c5fb07c0227879e6fb9a4deaaf6d32442a32bd343428f7beedf53d138be6
    • Instruction ID: 0084bd1af9cb816fd5651017c7f0cdc74ee896f307c894d430ba222a9793bdcc
    • Opcode Fuzzy Hash: 4c10c5fb07c0227879e6fb9a4deaaf6d32442a32bd343428f7beedf53d138be6
    • Instruction Fuzzy Hash: 35215836300E6CC6DB20CBAAD4C47782320F785B88F549126CF49DB721DA3AC895CB41
    Uniqueness

    Uniqueness Score: -1.00%

    Function 008FC7F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25memoryCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: AllocExceptionStringThrow
    • String ID: out of memory
    • API String ID: 3773818493-2599737071
    • Opcode ID: 652f4829384787a58c6d5de283d8406cb0570cae2d0e9de181f3c7b54c067941
    • Instruction ID: 69a5aa0241a7efab318690f0fa82e727acba13d2a9d9719982f0d9d6bcdb9848
    • Opcode Fuzzy Hash: 652f4829384787a58c6d5de283d8406cb0570cae2d0e9de181f3c7b54c067941
    • Instruction Fuzzy Hash: 7DF03022301B8996DB04DB15EA8571C63B4FB85B84FA4C025CB4D47729EF7AD5A8C740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0095A678 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13windowCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: Messagefree
    • String ID: 7-Zip
    • API String ID: 2951535881-40562396
    • Opcode ID: 25d210485b23549b078d9b99a47c6356f53112bd2cff01a41bc55538e821fe5e
    • Instruction ID: 7fbfd07cdc52896ab5dfb74c2297979bb5e42cc5527e18e86f456d657fe01d4f
    • Opcode Fuzzy Hash: 25d210485b23549b078d9b99a47c6356f53112bd2cff01a41bc55538e821fe5e
    • Instruction Fuzzy Hash: 38D05E3670098082E720AB20E81239A2330F3D9748FC00012994E83776DE2DC60AC700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0092F1F4 Relevance: 5.3, APIs: 4, Instructions: 260COMMON
    Download Yara Rule
    APIs
    • free.MSVCRT ref: 0092F286
    • free.MSVCRT ref: 0092F28E
    • free.MSVCRT ref: 0092F578
    • free.MSVCRT ref: 0092F580
      • Part of subcall function 008F5E88: free.MSVCRT ref: 008F5ECC
      • Part of subcall function 008F5E88: free.MSVCRT ref: 008F5ED4
      • Part of subcall function 008F5E88: free.MSVCRT ref: 008F5FD8
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: 1cd273cdcc248369275afd3dc10ecbde322123b85714a9ee141b971b24d49a08
    • Instruction ID: a235353b5c2102a24d747019e838c8ac58d5744352c1ce5f47035d6b1fe9ebe3
    • Opcode Fuzzy Hash: 1cd273cdcc248369275afd3dc10ecbde322123b85714a9ee141b971b24d49a08
    • Instruction Fuzzy Hash: 81A10132304B9596DB24EF26E0A47AE3774F798B84F544136EF8A877A8EB78C454C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0091E420 Relevance: 5.1, APIs: 4, Instructions: 142COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$memmove
    • String ID:
    • API String ID: 1534225298-0
    • Opcode ID: 30c8af5c3db3b8395cb2ec87c1dd8468e95f1f89fd0a2c6dab070c764e49a5fa
    • Instruction ID: df070168674733c86d6ce310110fe0ed62924f9f4c7a42e3f5ace939adedd9a5
    • Opcode Fuzzy Hash: 30c8af5c3db3b8395cb2ec87c1dd8468e95f1f89fd0a2c6dab070c764e49a5fa
    • Instruction Fuzzy Hash: 53517F72705A8887CA30DB2AE48029D7365F7C9BD4F404216EF9D87B59DF38D4A5CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 008F2318 Relevance: 5.1, APIs: 4, Instructions: 116COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: 95311d1cf37b5a985b195b8225f76318c62beee7c7ebef6838330a4eace00ec8
    • Instruction ID: bfd41581c9ff1b8947fa4f7ccfc9082c67a533ab17ee1d232d5b145b31f08c89
    • Opcode Fuzzy Hash: 95311d1cf37b5a985b195b8225f76318c62beee7c7ebef6838330a4eace00ec8
    • Instruction Fuzzy Hash: 2131F91236858C86CE30EA39E4415BEB721F7E2B94F941212FBEAC7759DE6CC845C706
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00901890 Relevance: 5.1, APIs: 4, Instructions: 116COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$memmove
    • String ID:
    • API String ID: 1534225298-0
    • Opcode ID: fcf206c90fd706ee2e5cfffdcab0ed1a1f09c41521ab341c39519fab583fe7a2
    • Instruction ID: 2f53fc59091d057cb70fcf2aecd5f0c524ec87fa092768fb48c47439cb5f01db
    • Opcode Fuzzy Hash: fcf206c90fd706ee2e5cfffdcab0ed1a1f09c41521ab341c39519fab583fe7a2
    • Instruction Fuzzy Hash: E4412723608281CEC730EB25E56037A6765F3943E4F14C212EBE98B798EB68C992C701
    Uniqueness

    Uniqueness Score: -1.00%

    Function 008FD3BC Relevance: 5.1, APIs: 4, Instructions: 100COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: 191cbcb54481d1d3dc8a7abc74460c9ccc57bccebc34ddef787fbe18b2ca8f56
    • Instruction ID: aabbba13938c895ea6ebc09d5aec7a365dd376b84881fa253d37cb904f82e017
    • Opcode Fuzzy Hash: 191cbcb54481d1d3dc8a7abc74460c9ccc57bccebc34ddef787fbe18b2ca8f56
    • Instruction Fuzzy Hash: D1310322304B8C96DB20EF35E4507BA6761F795BA8F484225EF8A8B788DB78C945C701
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0092A25C Relevance: 5.1, APIs: 4, Instructions: 85COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$memmove
    • String ID:
    • API String ID: 1534225298-0
    • Opcode ID: f630b3185ca15d954b0ace12bdfd40828b9503bd7063f6a962ee6bf0b576eb5d
    • Instruction ID: 3c77f698d2093f23eb51290ee3814c95dd36069e3b232cc118a38a75bab6401a
    • Opcode Fuzzy Hash: f630b3185ca15d954b0ace12bdfd40828b9503bd7063f6a962ee6bf0b576eb5d
    • Instruction Fuzzy Hash: EB21E533201AA48BDB15AF2AF85472A7758FB95B94F1D8125AF6947344DF788841C312
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0095F1F8 Relevance: 5.1, APIs: 4, Instructions: 73COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$memmove
    • String ID:
    • API String ID: 1534225298-0
    • Opcode ID: fce9afd38fbf4467c8b70eb9d04366f4bffc6faf15a0f88b52a78d94722b5e45
    • Instruction ID: 552daf0e8be3046bdaeaa65fa765d25b40d96d327ef7e845462edd0199b24d15
    • Opcode Fuzzy Hash: fce9afd38fbf4467c8b70eb9d04366f4bffc6faf15a0f88b52a78d94722b5e45
    • Instruction Fuzzy Hash: 4421A467705A4886EA20EF26E45076A7320F795BF8F144225DF6D87798EF78C946C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00910984 Relevance: 5.1, APIs: 4, Instructions: 66COMMON
    Download Yara Rule
    APIs
    • EnterCriticalSection.KERNEL32 ref: 0091099F
    • LeaveCriticalSection.KERNEL32 ref: 009109AB
    • EnterCriticalSection.KERNEL32 ref: 00910A3F
    • LeaveCriticalSection.KERNEL32 ref: 00910A4B
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: CriticalSection$EnterLeave
    • String ID:
    • API String ID: 3168844106-0
    • Opcode ID: 63bc06290a77667d1120800eabcf8ba9bee79bfc02e57d5fc0095c995e098661
    • Instruction ID: 27c62efad73126542f280f2f6e3a4842fd12c1d762eb6a8b3d8d84839e7d4bf8
    • Opcode Fuzzy Hash: 63bc06290a77667d1120800eabcf8ba9bee79bfc02e57d5fc0095c995e098661
    • Instruction Fuzzy Hash: 5C214577704B4897DB209F2AE88426933A0FB8AB98F595121DF8D47B11DF39D8E5C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0092EDB4 Relevance: 5.1, APIs: 4, Instructions: 61COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 008FF7BC: _CxxThrowException.MSVCRT ref: 008FF7EC
      • Part of subcall function 008FF7BC: memmove.MSVCRT ref: 008FF825
      • Part of subcall function 008FF7BC: free.MSVCRT ref: 008FF82D
      • Part of subcall function 008F4698: malloc.MSVCRT(?,?,?,?,008F34FD), ref: 008F46A8
    • free.MSVCRT(?,?,?,?,?,00000140,009344C2), ref: 0092EE42
    • free.MSVCRT(?,?,?,?,?,00000140,009344C2), ref: 0092EE4C
    • free.MSVCRT(?,?,?,?,?,00000140,009344C2), ref: 0092EE56
    • free.MSVCRT(?,?,?,?,?,00000140,009344C2), ref: 0092EE60
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free$ExceptionThrowmallocmemmove
    • String ID:
    • API String ID: 3352498445-0
    • Opcode ID: 701e902cd6bfaf292f36396a438e74fee1aa9bf28ab987f9b639e672c20006f1
    • Instruction ID: efa34ab9c2edf3df874f2eb96017941d7dfba57144928e57d849413252db29da
    • Opcode Fuzzy Hash: 701e902cd6bfaf292f36396a438e74fee1aa9bf28ab987f9b639e672c20006f1
    • Instruction Fuzzy Hash: B021B3B2215B8482CB60DF39F48022D33B4F7D9B94F2182269B9D87768DF38C851C741
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0091A390 Relevance: 5.1, APIs: 4, Instructions: 60COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: ab5c6b3d1c7122698e944baaa05ee772550a73c0b455333c7b91d8ef7b04068c
    • Instruction ID: 0fa0a3bea65fe955fd2a1c562bca04eef4497673802aafd16fe8371251f68a37
    • Opcode Fuzzy Hash: ab5c6b3d1c7122698e944baaa05ee772550a73c0b455333c7b91d8ef7b04068c
    • Instruction Fuzzy Hash: 3311B412305A4C81CA20EB36E4451BE9331FBD1BE8F849222AB4D836F5DFACC9C5C702
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0091A740 Relevance: 5.1, APIs: 4, Instructions: 58COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: 06430f33e8494ca679f271a95e49d86e72d8f82660503ff523e95e1000041ff5
    • Instruction ID: 725d294cc17ebcd740d89671286219113629443228d46dc4f1d87b80a21a78a5
    • Opcode Fuzzy Hash: 06430f33e8494ca679f271a95e49d86e72d8f82660503ff523e95e1000041ff5
    • Instruction Fuzzy Hash: 4711E66270564886DB209B79E5403AA63A0F7997E4F041221DB5F87BA1DF6DCD86C302
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0092D45C Relevance: 5.1, APIs: 4, Instructions: 54COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: memcmp
    • String ID:
    • API String ID: 1475443563-0
    • Opcode ID: a92e84ee27c6e80fae308b0ffb20f16ba6dc85b5cdd4cea830cb935d0c2cb4d1
    • Instruction ID: 21fd997af643727f22926fcf75063d8480bfec6c2e48e0a2395518bc55835fcf
    • Opcode Fuzzy Hash: a92e84ee27c6e80fae308b0ffb20f16ba6dc85b5cdd4cea830cb935d0c2cb4d1
    • Instruction Fuzzy Hash: 9F01D8A2312B5255EB08AF27AC903B82329AB55FD4F884820CE094B3ADEF7CD555C314
    Uniqueness

    Uniqueness Score: -1.00%

    Function 008F63EC Relevance: 5.1, APIs: 4, Instructions: 53COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: fa6caa238ba6118e79aa386621922b6c90eef385a8c110188e7d4eb00bf3ee7c
    • Instruction ID: a02229f1517620a22da961af2648026919d676b5a4b6cb6b3a5cbcdb52a4d1e9
    • Opcode Fuzzy Hash: fa6caa238ba6118e79aa386621922b6c90eef385a8c110188e7d4eb00bf3ee7c
    • Instruction Fuzzy Hash: 4101B5A231499C81A521BDBBB89053B6624FB21FA8B1D4216EF288B740FF65C862C300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0091B6BC Relevance: 5.0, APIs: 4, Instructions: 34COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: 9e68f41346632e1b99810ae9f06ce4c46100826fca4cdec53ebfa7f4b062d19e
    • Instruction ID: 7cf791de33b1a277b613c882e04c817435957bc77a3fe59a19e50d286441174c
    • Opcode Fuzzy Hash: 9e68f41346632e1b99810ae9f06ce4c46100826fca4cdec53ebfa7f4b062d19e
    • Instruction Fuzzy Hash: F9F05B1370558C4ADA10AE7BE89117A1324EF65BECF1C5132EF0D8B744DF55C8918340
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0091ABF0 Relevance: 5.0, APIs: 4, Instructions: 34COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: 4cb9bc71a01853ebffd85506672c1aabda2bbb43ff2e79aa0c38f303a8a41167
    • Instruction ID: 247dd257a0a1ad8e0518e6e5cf7fbfe9018df7429703b469d8ac379ba523ba6d
    • Opcode Fuzzy Hash: 4cb9bc71a01853ebffd85506672c1aabda2bbb43ff2e79aa0c38f303a8a41167
    • Instruction Fuzzy Hash: C1F0B42370688C8AD612AE3AE84017A5335EBB5FD8B1C51229F1D8F354DE25CC918341
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0092FBBF Relevance: 5.0, APIs: 4, Instructions: 25COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: bd91d06a423de08bf6219987d572a0a821f3b39f93a9554eb2fdefe87c1f3600
    • Instruction ID: f77d8e9004354beee510fa94f8ecabe587782a3bc8df95b5edf53f8d9c8acb84
    • Opcode Fuzzy Hash: bd91d06a423de08bf6219987d572a0a821f3b39f93a9554eb2fdefe87c1f3600
    • Instruction Fuzzy Hash: 07E0EC1368E40843F516EA39B55177B4114FBB27A9F5028232F16DB6118D3EC6E74606
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0092FC0A Relevance: 5.0, APIs: 4, Instructions: 25COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: 67788ef1744c110d227d56f1bf6aca0167d76513f2acff17a8ee8249bf66c6b1
    • Instruction ID: c9ec7dfcbbdc366b087904c0309126c1d68b2f8a4d4e871a2779fb240fad923b
    • Opcode Fuzzy Hash: 67788ef1744c110d227d56f1bf6aca0167d76513f2acff17a8ee8249bf66c6b1
    • Instruction Fuzzy Hash: 06E0EC0368E04843E516EA79B55137B4124EBF27A9F5028636E1AC6211CD3D86E74A01
    Uniqueness

    Uniqueness Score: -1.00%

    Function 0092214C Relevance: 5.0, APIs: 4, Instructions: 15COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1664554440.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
    • Associated: 00000000.00000002.1664538686.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664598511.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664625330.000000000098C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1664642543.0000000000990000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_8f0000_7zG.jbxd
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: e6f1d521872a07e67d110457bcae3d95d9a91a749a4cf6961b7bcd5310554b7d
    • Instruction ID: d1297b4d64f9dbb45df1f5fdf36bd0b3c49e4c8216863d7bd304ca22759c5344
    • Opcode Fuzzy Hash: e6f1d521872a07e67d110457bcae3d95d9a91a749a4cf6961b7bcd5310554b7d
    • Instruction Fuzzy Hash: EED0AC5261840C81EB54AF7AE89203A5334E7B9F9CB1420129B1ECF255DD5AC8A29781
    Uniqueness

    Uniqueness Score: -1.00%